Down­load and print the con­tent on this page

 

1. Scope

  • The mon­i­tor­ing, record­ing, hold­ing and pro­cess­ing of images of dis­tin­guish­able indi­vid­u­als con­sti­tutes per­son­al data as defined by the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (“GDPR”) com­ing into force on 25 May 2018. This Agree­ment is intend­ed to ensure that in the use of iCon­nect it is com­pli­ant with the require­ments of GDPR, with relat­ed leg­is­la­tion and with the CCTV Code of Prac­tice pub­lished by the Office of the Infor­ma­tion Commissioner.
  • Out­lines the respon­si­bil­i­ty for man­ag­ing iCon­nect with­in the Organisation 
  • Mon­i­tor­ing imple­men­ta­tion of this Agree­ment rests with nom­i­nat­ed Organ­i­sa­tion Administrators/Data Pro­tec­tion Offi­cer (DPO).
  • For the pur­pose of the GDPR, Orga­ni­za­tion Admin­is­tra­tors are nom­i­nat­ed as Data Pro­tec­tion Offi­cer (if no DPO has been required to be nom­i­nat­ed under GDPR).

2. Definitions

2.1. Cap­i­talised terms 

Cap­i­talised terms used but not defined in this Agree­ment have the mean­ings giv­en else­where in the applic­a­ble Agree­ment. In this Agree­ment, unless stat­ed otherwise:

  • Addi­tion­al Prod­ucts” means prod­ucts, ser­vices, and appli­ca­tions that are not part of the Ser­vices but that may be acces­si­ble, via the Admin Con­sole or oth­er­wise, for use with the Services.
  • Addi­tion­al Secu­ri­ty Con­trols” means secu­ri­ty resources, fea­tures, func­tion­al­i­ty and/or con­trols that a Cus­tomer may use at its option and/or as it deter­mines. “Addi­tion­al Secu­ri­ty Con­trols” may include the Admin Con­sole and oth­er fea­tures and func­tion­al­i­ty of the Ser­vices such as two-fac­tor authen­ti­ca­tion, secu­ri­ty key enforce­ment, and mon­i­tor­ing capabilities.
  • Adver­tis­ing” means online adver­tise­ments dis­played by iCon­nect to End Users, exclud­ing any adver­tise­ments Cus­tomer express­ly choos­es to have iCon­nect or any of its Affil­i­ates dis­play in con­nec­tion with the Ser­vices under a sep­a­rate agreement.
  • Affil­i­ate” means any enti­ty con­trol­ling, con­trolled by, or under com­mon con­trol with a par­ty, where “con­trol” is defined as: (a) the own­er­ship of at least fifty per­cent (50%) of the equi­ty or ben­e­fi­cial inter­ests of the enti­ty; (b) the right to vote for or appoint a major­i­ty of the board of direc­tors or oth­er gov­ern­ing body of the enti­ty; or © the pow­er to exer­cise a con­trol­ling influ­ence over the man­age­ment or poli­cies of the entity.
  • Agreed Lia­bil­i­ty Cap” means the max­i­mum mon­e­tary or pay­ment-based amount at which a party’s lia­bil­i­ty is capped under the applic­a­ble Agree­ment, either per annu­al peri­od or event giv­ing rise to lia­bil­i­ty, as applicable.
  • Agree­ment Effec­tive Date” means, as applicable:
    • (a) 25 May 2018, if Cus­tomer clicked to accept or the par­ties oth­er­wise agreed to this Agree­ment in respect of the applic­a­ble Agree­ment pri­or to or on such date; or
    • (b) the date on which Cus­tomer clicked to accept or the par­ties oth­er­wise agreed to this Agree­ment in respect of the applic­a­ble Agree­ment, if such date is after 25 May 2018.
  • Audit­ed Ser­vices” means the Ser­vices list­ed as audit­ed in the iCon­nect Ser­vice Summary.
  • “Approved Part­ner” means the those approved by iCon­nect to rep­re­sent them in spe­cif­ic regions. A full list can be found in the iCon­nect web­site Pri­va­cy Policy
  • “Basic/Content Licence” is a fea­ture restrict­ed account on the iCon­nect Web Plat­form. Users are able to con­sume con­tent but not upload.
  • “Closed Account” means when an Organisation’s access to their iCon­nect Accounts is terminated.
  • Com­ple­men­tary Prod­uct Agree­ment” means: any oth­er agree­ment under which iCon­nect agrees to pro­vide iden­ti­ty ser­vices as such to Cus­tomer; or any oth­er agree­ment that incor­po­rates this Agree­ment by ref­er­ence or states that it will apply if accept­ed by Customer.
  • Com­ple­men­tary Prod­uct Ser­vices Sum­ma­ry” means the then-cur­rent descrip­tion of the ser­vices pro­vid­ed under a Com­ple­men­tary Prod­uct Agree­ment, as set out in the applic­a­ble Agreement.
  • Cus­tomer Data” means data sub­mit­ted, stored, sent or received via the Ser­vices by Cus­tomer, its Affil­i­ates or End Users.
  • Cus­tomer Per­son­al Data” means per­son­al data con­tained with­in the Cus­tomer Data.
  • Data Inci­dent” means a breach of iConnect’s secu­ri­ty lead­ing to the acci­den­tal or unlaw­ful destruc­tion, loss, alter­ation, unau­tho­rized dis­clo­sure of, or access to, Cus­tomer Data on sys­tems man­aged by or oth­er­wise con­trolled by iCon­nect. “Data Inci­dents” will not include unsuc­cess­ful attempts or activ­i­ties that do not com­pro­mise the secu­ri­ty of Cus­tomer Data, includ­ing unsuc­cess­ful log-in attempts, pings, port scans, denial of ser­vice attacks, and oth­er net­work attacks on fire­walls or net­worked systems.
  • EEA” means the Euro­pean Eco­nom­ic Area.
  • Euro­pean Data Pro­tec­tion Leg­is­la­tion” means, as applic­a­ble: (a) the GDPR; and/or (b) the Fed­er­al Data Pro­tec­tion Act of 19 June 1992 (Switzer­land).
  • Full Acti­va­tion Date” means: (a) if this Agree­ment is incor­po­rat­ed into the applic­a­ble Agree­ment by ref­er­ence, the Agree­ment Effec­tive Date; or (b) if the par­ties oth­er­wise agreed to this Agree­ment, the eighth day after the Agree­ment Effec­tive Date.
  • “Full Licence” means full access to the iCon­nect Web Platform’s features.
  • GDPR” means Reg­u­la­tion (EU) 2016/679 of the Euro­pean Par­lia­ment and of the Coun­cil of 27 April 2016 on the pro­tec­tion of nat­ur­al per­sons with regard to the pro­cess­ing of per­son­al data and on the free move­ment of such data, and repeal­ing Direc­tive 95/46/EC.
  • “Hard­ware (Cam­era)” includes any prod­ucts pur­chased from iCon­nect includ­ing the Live­View Sys­tem, Upload­Box, Dis­cov­ery Kit, Dis­cov­ery Kite Lite
  • iCon­nect Sys­tem” means the Core Ser­vices for iCon­nect, as described in the iCon­nect Ser­vices Summary. 
  • iConnect’s Third Par­ty Audi­tor means an iCon­nect-appoint­ed, qual­i­fied and inde­pen­dent third par­ty audi­tor, whose then-cur­rent iden­ti­ty iCon­nect will dis­close to Customer.
  • iCon­nect Ser­vices Sum­ma­ry” means the then-cur­rent descrip­tion of the Core Ser­vices for iCon­nect, (as may be updat­ed by iCon­nect from time to time in accor­dance with the Agreement).
  • Non-Euro­pean Data Pro­tec­tion Leg­is­la­tion” means data pro­tec­tion or pri­va­cy leg­is­la­tion oth­er than the Euro­pean Data Pro­tec­tion Legislation.
  • Noti­fi­ca­tion Email Address” means the email address(es) des­ig­nat­ed by Cus­tomer in the Admin Con­sole or the Order Form to receive cer­tain noti­fi­ca­tions from iConnect.
  • “Organ­i­sa­tion Admin­is­tra­tor”: Data Pro­tec­tion Offi­cer or Senior Per­son with­in the Cus­tomer organ­i­sa­tion who is respon­si­ble for over­see­ing the man­age­ment of iCon­nect with­in the organisation.
  • Secu­ri­ty Doc­u­men­ta­tion” means all doc­u­ments and infor­ma­tion made avail­able by iCon­nect under Sec­tion 13 and on our web­site
  • Secu­ri­ty Mea­sures” has the mean­ing giv­en by iConnect’s Secu­ri­ty Mea­sures and Con­trols document.
  • Ser­vices” means the fol­low­ing ser­vices, as described in the iCon­nect Ser­vice Summary
  • SOC 2 Report” means a con­fi­den­tial Ser­vice Organ­i­sa­tion Con­trol (SOC) 2 Report (or a com­pa­ra­ble report) on iConnect’s sys­tems exam­in­ing log­i­cal secu­ri­ty con­trols, phys­i­cal secu­ri­ty con­trols, and sys­tem avail­abil­i­ty, as pro­duced by iConnect’s Third Par­ty Audi­tor in rela­tion to the Audit­ed Services.
  • Sub­proces­sors” means third par­ties autho­rised under this Agree­ment to have log­i­cal access to and process Cus­tomer Data in order to pro­vide parts of the Ser­vices and relat­ed tech­ni­cal support.
  • Term” means the peri­od from the Agree­ment Effec­tive Date until the end of iConnect’s pro­vi­sion of the Ser­vices under the Agree­ment, includ­ing, if applic­a­ble, any peri­od dur­ing which pro­vi­sion of the Ser­vices may be sus­pend­ed and any post-ter­mi­na­tion peri­od dur­ing which iCon­nect may con­tin­ue pro­vid­ing the Ser­vices for tran­si­tion­al purposes.
  • “User Con­tent” is any user-cre­at­ed con­tent uploaded to the iCon­nect Web Plat­form includ­ing video, images, attach­ments, com­ments and Groups. 

2.2.   GDPR Terms

The terms “per­son­al data”, “data sub­ject”, “pro­cess­ing”, “con­troller”, “proces­sor” and “super­vi­so­ry author­i­ty” as used in this Agree­ment have the mean­ings giv­en in the GDPR in each case irre­spec­tive of whether the Euro­pean Data Pro­tec­tion Leg­is­la­tion or Non-Euro­pean Data Pro­tec­tion Leg­is­la­tion applies.

 

3. Organisation Administrator Account

A nom­i­nat­ed Data Pro­tec­tion Officer/Organisation Admin­is­tra­tor (who must be a senior mem­ber of staff) agrees to adopt that role in the sys­tem and to man­age the Organisation’s com­pli­ance with this Agreement. 

By using the Organ­i­sa­tion Admin­is­tra­tor Account, the Organ­i­sa­tion Admin­is­tra­tor agrees that it is autho­rised and sub­ject to the fol­low­ing oblig­a­tions on behalf of the Organisation(s):-

3.1 User Man­age­ment at your Organisation

a) You will be respon­si­ble for the creation/amendment/deletion/suspension & man­age­ment of the user accounts at your Organisation.

b) You are required to mon­i­tor the usage of the sys­tem and ensure that usage com­plies with the iCon­nect End-User Licence Agree­ment (EULA).

c) If a leav­ing user choos­es to trans­fer any data that they are man­ag­ing to the Organ­i­sa­tion Admin­is­tra­tor – you will be bound by the EULA as if that data was your own.

d) If you use your Organ­i­sa­tion Admin­is­tra­tor Account to cre­ate addi­tion­al Organ­i­sa­tion Admin­is­tra­tor Accounts then you con­firm that:

(i) you under­stand that the user for that account will be required to accept these same terms;

(ii)  that any addi­tion­al Organ­i­sa­tion Admin­is­tra­tor Accounts will only be cre­at­ed for indi­vid­u­als that you war­rant are enti­tled to and in a posi­tion to sign up to such terms;

(iii) you are respon­si­ble for the actions of any user using an Organ­i­sa­tion Admin­is­tra­tor Account that you have issued them, any breach of the Organ­i­sa­tion EULA by that user will be deemed as a breach of the Organ­i­sa­tion EULA by yourself;

3.2 Accept­able Use

a) The iCon­nect sys­tem is for the pur­pose of con­tin­u­ing pro­fes­sion­al devel­op­ment / reflec­tive prac­tice. As the ICO ‘Infor­ma­tion Com­mis­sion­ers Office’ stat­ed, organ­i­sa­tions need to be absolute­ly clear on when and how the sys­tem can be used. Con­stant mon­i­tor­ing by video cam­era does not make it a pro­por­tion­ate use of per­son­al data. 

b) The Organ­i­sa­tion must use the sched­ul­ing tool when con­duct­ing live obser­va­tions, which allows users to request reflec­tions. It is vital that users fol­low this process as it ensures that the observed professional: 

  • has agreed to the reflection 
  • knows when the reflec­tion is happening 
  • knows the pur­pose of the reflection 
  • knows if a record­ing will be made 
  • knows how long the record­ing will be stored and who will have access to it

c) Ensure that your local legal frame­work allows your organ­i­sa­tion to use video for pro­fes­sion­al devel­op­ment pur­pos­es. This means appro­pri­ate legal per­mis­sions from trainees/ clients/customers/end users of your ser­vice should be obtained (if their image is like­ly to be record­ed by the iCon­nect sys­tem). Rel­e­vant par­ties should be advised that iCon­nect will be in use with­in the Organ­i­sa­tion and agree­ments should be amend­ed accord­ing­ly if they do not ade­quate­ly cov­er its use. 

d) If reflec­tions are like­ly to involve minors a check should also be com­plet­ed as to whether any parents/guardians have opt­ed their child out of activ­i­ties involv­ing video, it is good prac­tice to make alter­na­tive pro­vi­sion for those chil­dren who have been opt­ed out of video activities. 

e) You should ensure that your reg­is­tra­tion with the Infor­ma­tion Commissioner’s Office is up to date and includes the “use” of video and audio data for train­ing and pro­fes­sion­al devel­op­ment purposes. 

f) Every­one involved in a reflec­tion should be informed that the cam­era is in use and that the video is being record­ed for train­ing and pro­fes­sion­al devel­op­ment purposes. 

g) Ensure that observed par­ties are empow­ered to turn off the cam­era sys­tem at any time dur­ing a reflec­tion and know how to do this.

3.3 Respon­si­ble for ter­mi­nat­ing this Agreement:

Even though iCon­nect or an Approved Part­ner will be in con­tact pri­or to the expiry of your licence (See sec­tion 7.3). It is your respon­si­bil­i­ty to ter­mi­nate this agree­ment and pro­vide instruc­tions regard­ing sec­tion 7.3.5 so that your data can be processed as per your instructions.

 

4. Managing Sharing of Video

4.1 Man­ag­ing of content

You will be respon­si­ble for the man­age­ment and mon­i­tor­ing of videos owned by your Organ­i­sa­tion. If a user at your Organ­i­sa­tion flags an issue with a video, you agree that Organ­i­sa­tion Admin­is­tra­tors are respon­si­ble for inves­ti­gat­ing the issue and that any inap­pro­pri­ate con­tent is removed. 

4.2 Copy­right

The Organ­i­sa­tion holds the copy­right of the record­ed video and is the data con­troller for the pur­pos­es of the GDPR.

4.3 Data Processor

The Organ­i­sa­tion here­by agrees to des­ig­nate iCon­nect Ltd as your nom­i­nat­ed Data Proces­sor for the pur­pos­es of man­ag­ing the over­all data man­age­ment archi­tec­ture and the stor­age of off­site data on our secure server. 

4.4 Del­e­ga­tion of rights

The Organ­i­sa­tion agrees to del­e­gate cer­tain data pro­cess­ing rights to users at your Organ­i­sa­tion. The observed pro­fes­sion­al has the right to decide which videos to upload, how long they will be stored for when they will be delet­ed and which oth­er users will have access to them. 

4.5 Dis­clo­sures

You agree that 3rd par­ty dis­clo­sures will not nor­mal­ly be allowed but that s29 DPA98 would allow you to release footage for pur­pos­es such as crime pre­ven­tion or the inves­ti­ga­tion of a seri­ous inci­dent. A Data Sub­ject Request can be made in writ­ing to the data con­troller (Organ­i­sa­tion Admin­is­tra­tor) for access to video, unless dic­tat­ed by law, access to video will only be made avail­able in a super­vised fash­ion on the Organ­i­sa­tion site.

 

5. iConnect: Best Practice

5.1 Accept­able use

iCon­nect is not a sur­veil­lance device, but a sys­tem installed exclu­sive­ly for edu­ca­tion­al pur­pos­es. GDPR requires that per­son­al data col­lect­ed for one pur­pose can­not be fur­ther processed for anoth­er, incom­pat­i­ble pur­pose. If the sound and images record­ed for pro­fes­sion­al devel­op­ment are sub­se­quent­ly used to inves­ti­gate a seri­ous inci­dent, Organ­i­sa­tions should seek advice to be absolute­ly cer­tain that the cir­cum­stances war­rant using sound and images for this new purpose. 

Clear­ly, as a sys­tem for pro­fes­sion­al devel­op­ment, there is a need to record sound as well as images. In these cas­es, all data sub­ject whose images and con­ver­sa­tions could be cap­tured should be made aware that this is the case. 

5.2 Image qual­i­ty and loca­tion of cameras

iCon­nect uses high-qual­i­ty video, audio and may have PTZ (pan, tilt, zoom) capa­bil­i­ties. As such, all users of the sys­tem must be aware that this has the poten­tial to be inva­sive if not used appro­pri­ate­ly. It is the respon­si­bil­i­ty of Organ­i­sa­tion Admin­is­tra­tors to ensure that iCon­nect is used appro­pri­ate­ly. Fur­ther­more, the place­ment of iCon­nect cam­eras is an impor­tant con­sid­er­a­tion. Cam­eras should be placed and wires con­nect­ed in accor­dance with appro­pri­ate health and safe­ty guidelines. 

5.3 Dis­sem­i­na­tion of images for train­ing purposes

The iCon­nect Wed Plat­form (https://app.irisconnect.com) is a secure serv­er for the selec­tive shar­ing of train­ing videos. Role based log in and encrypt­ed com­mu­ni­ca­tions ensure that the videos are secure and only shared with those who have a direct and expressed enti­tle­ment to see them. If the Organ­i­sa­tion choos­es to man­age and store their videos local­ly either on their own net­work or on a portable media device you agree to indem­ni­fy iCon­nect and asso­ci­at­ed busi­ness part­ners from any claim aris­ing from the loss or mis­use of that video data.

 

6. Subscription Fees & Payment Terms

6.1 Sub­scrip­tion Fees and Pay­ment Terms 

Upon receipt of a pur­chase order from either an iCon­nect Part­ner or direct­ly, iCon­nect will issue an invoice for the hard­ware and soft­ware licence. Terms of pay­ment are with­in 30 days of deliv­ery of the hardware.

6.2 Hard­ware (Cam­era)

1. If pay­ment is made in full upon the start of the con­tract, own­er­ship of the cam­era hard­ware is trans­ferred to the Organisation. 

2. If pay­ment is made via financ­ing then the cam­era hard­ware is owned by the financ­ing com­pa­ny. Pay­ment can be made at the end of the con­tract­ing peri­od to own the hardware. 

6.3 Licence Term (Ini­tial Purchase)

The Licence Term is defined by the length of ser­vice stat­ed in the pur­chase order for the prod­uct ordered that was sub­mit­ted to either an iCon­nect Part­ner or direct­ly to iCon­nect, start­ing from the time of deliv­ery of the hard­ware or cre­ation of the Organ­i­sa­tion Admin­is­tra­tor Account on the iCon­nect Plat­form, whichev­er, is later. 

6.4 Licence Renewal

The Organ­i­sa­tion Admin­is­tra­tor will be con­tact­ed pri­or to the end of the licence term to dis­cuss renew­ing the sub­scrip­tion by iCon­nect or an Approved Part­ner. If a renew­al licence is pur­chased this Agree­ment will be extend­ed by the peri­od stat­ed in the renew­al licence product.

 

7. Termination and/or Suspension of Account

If an event occurs under Sec­tion 7, you will be able to access the sys­tem for a peri­od of 60 days fol­low­ing the ter­mi­na­tion to down­load any video the Organ­i­sa­tion wish­es to retain. 

7.1. By iCon­nect: Ter­mi­na­tion of the System

iCon­nect does not guar­an­tee that it will con­tin­ue to offer access to the Sys­tem or sup­port the sys­tem. iCon­nect may cease to pro­vide any or all of the ser­vices offered in con­nec­tion with iCon­nect (includ­ing access to the Sys­tem and any or all fea­tures or com­po­nents of the sys­tem), ter­mi­nate the Agree­ment, close all Accounts and can­cel all of the rights grant­ed to you under the Agree­ment. iCon­nect may com­mu­ni­cate such ter­mi­na­tion to you upon 30 days notice in any of the fol­low­ing manners: 

(a) when you log into your Account; 

(b) in a notice on iCon­nec­t’s website; 

© via elec­tron­ic mail; or 

(d) in anoth­er man­ner that iCon­nect deems suit­able to inform you of the termination. 

If iCon­nect ter­mi­nates the Agree­ment pur­suant to this sec­tion, iCon­nect will prompt­ly reim­burse the sub­scrip­tion on a pro-rata basis and the cost of hard­ware less 33% depre­ci­a­tion per annum. 

7.2. By iCon­nect for Breach or Misconduct

7.2.1 Suspension of Account

With­out lim­it­ing iCon­nec­t’s rights or reme­dies, iCon­nect may inform the Organ­i­sa­tion of its inten­tion to dis­con­tin­ue or sus­pend access to the Sys­tem through the Organisation’s Account in the event of:

(i) a breach of this Agree­ment by the Organ­i­sa­tion or any user under the Account; or 

(ii) unau­tho­rised access to the Sys­tem or use of the sys­tem by the Organ­i­sa­tion or any user under the Account. iCon­nect has no oblig­a­tion to reim­burse the Organ­i­sa­tion on a pro rata basis for a sus­pend­ed account. The Organ­i­sa­tion will have 30 days to sat­is­fac­to­ri­ly rem­e­dy the breach. 

7.2.2 Termination of this Agreement

iCon­nect may ter­mi­nate this Agree­ment, close your Account, and can­cel all rights grant­ed to you under the Agree­ment if: 

(a) your Orga­ni­za­tion fails to pay the sub­scrip­tion fee when due; 

(b) iCon­nect is unable to ver­i­fy or authen­ti­cate any infor­ma­tion you provide; 

© you or any­one using any of your Account mate­ri­al­ly breach­es this Agree­ment makes any unau­tho­rised use of the Sys­tem or Soft­ware or infringes the rights of iCon­nect or any third party; 

(d) iCon­nect becomes aware of uses under your Account that is deemed, at iCon­nec­t’s dis­cre­tion, inap­pro­pri­ate or in vio­la­tion of the Rules of Con­duct. Such ter­mi­na­tion shall be effec­tive upon notice trans­mit­ted via elec­tron­ic mail, or any oth­er means rea­son­ably cal­cu­lat­ed to reach you. 

Such ter­mi­na­tion shall be effec­tive upon notice trans­mit­ted via elec­tron­ic mail (read receipt to be pro­vid­ed evi­dence), or any oth­er means rea­son­ably cal­cu­lat­ed to reach the Organ­i­sa­tion which may be evi­denced by a signed for deliv­ery receipt. The Organ­i­sa­tion will have 30 days to sat­is­fac­to­ri­ly rem­e­dy the breach pri­or to termination. 

iCon­nect reserves the right to ter­mi­nate any Accounts that share the name, phone num­ber, e‑mail address or inter­net pro­to­col address with the Closed Account. Ter­mi­na­tion by iCon­nect under this sec­tion shall be with­out prej­u­dice to or waiv­er of any and all of iCon­nec­t’s oth­er rights or reme­dies, all of which are express­ly reserved, sur­vive ter­mi­na­tion, and are cumu­la­tive. You will not receive a refund of pre­paid sub­scrip­tion fees for a ter­mi­na­tion pur­suant to this section. 

7.3 By You: Customer

7.3.1 Any time

You may ter­mi­nate this Agree­ment with regard to your Account at any time, upon notice to iCon­nect via elec­tron­ic mail. You will not receive a refund of pre­paid sub­scrip­tion fees in the event of such termination. 

7.3.2    A Change in the Organisation EULA

If an amend­ment alters a mate­r­i­al com­mer­cial term of this Agree­ment (not amend­ments required by changes to the Law) that is unac­cept­able to you, you may, as your sole and exclu­sive rem­e­dy, ter­mi­nate this Agree­ment and close your Account by: click­ing the “Sign Out” but­ton when you are prompt­ed to review and agree to the amend­ed Agree­ment and noti­fy­ing iCon­nect via elec­tron­ic mail with­in thir­ty (30) days after the amend­ed Agree­ment was com­mu­ni­cat­ed to you, pro­vid­ed that you have not clicked the “Accept” but­ton or accessed the Sys­tem dur­ing that period.

Your notice must state: that you do not agree to the amend­ed Agree­ment, specif­i­cal­ly describ­ing the amendment(s) with which you dis­agree, and request iCon­nect to close your Account. If you click “Accept” or oth­er­wise con­tin­ue to access the Sys­tem, you shall be deemed to have accept­ed the amend­ed Agree­ment and waive your rights to ter­mi­nate under this sec­tion. iCon­nect will reim­burse the sub­scrip­tion fees on a pro-rata basis and the cost of hard­ware less 33% depre­ci­a­tion per annum. 

7.3.3    System Unavailable 30 Days

The Orga­ni­za­tion may ter­mi­nate this Agree­ment if the iCon­nect Plat­form is not avail­able for 30 days con­tin­u­ous­ly. iCon­nect will reim­burse the sub­scrip­tion fees on a pro-rata basis and the cost of hard­ware less 33% depre­ci­a­tion per annum. 

7.3.4    Termination due to iConnect Breach

Organ­i­sa­tion may ter­mi­nate this Agree­ment, and close the Account if iCon­nect Ltd mate­ri­al­ly breach­es this Agree­ment, breach­es the GDPR or any rel­e­vant leg­is­la­tion or infringes the rights of any third party. 

Such ter­mi­na­tion shall be effec­tive upon notice trans­mit­ted via elec­tron­ic mail (read receipt to be pro­vid­ed as evi­dence), or any oth­er means rea­son­ably cal­cu­lat­ed to reach iCon­nect Ltd which may be evi­denced by a signed for deliv­ery receipt. 

7.3.5    Termination due to Non-Renewal of Subscription/Licence

If the Organ­i­sa­tion does not renew the sub­scrip­tion agree­ment then the fol­low­ing pro­ce­dure occurs: 

i. iCon­nect will com­mu­ni­cate to you via email to advise & seek a response to the fol­low­ing options :- 

1.Confirm all data and users be deleted 

2.Request all or some video’s be pro­vid­ed for download. 

ii. Option to down­grade to a free Basic/Content user licence account 

If no response is received your Organ­i­sa­tion and Users will be down­grad­ed to a Basic/Content user account (this will have reduced func­tion­al­i­ty as spec­i­fied by iCon­nect at its discretion). 

i) Data will be held for 12 months from the last activ­i­ty on the Basic/Content Account. 

ii) If no activ­i­ty is record­ed on the Plat­form dur­ing that 12 month peri­od. Then the data & users accounts will be deemed a Closed Account (see sec­tion 7.4) with­out fur­ther notice.

7.4  Closed Accounts

If for any rea­son this Agree­ment is ter­mi­nat­ed with regard to your Account, that Account will be closed, upon which all rights grant­ed to you under this Agree­ment shall ter­mi­nate with regard to the Closed Account, and you must dis­con­tin­ue your use of the Soft­ware, and you may not access the Sys­tem or any Closed Account, and all the attrib­ut­es of the Accounts. 

7.4.1 Account Access

Cus­tomers whose Accounts have been closed may not access the Sys­tem in any man­ner or for any rea­son, includ­ing through any oth­er Account, with­out the express writ­ten per­mis­sion of iCon­nect. Users of active accounts may not know­ing­ly allow for­mer users whose Accounts have been closed to use the active user’s Account.

7.4.2 Deletion of Data

All Cus­tomer Data will be delet­ed from our sys­tems as per sec­tion 11.2. (Dele­tion on Term Expiry)

 

8. Licences

8.1 Soft­ware License

Sub­ject to the terms of this Agree­ment, iCon­nect grants you a lim­it­ed, non-exclu­sive, revo­ca­ble license to use the Soft­ware and its accom­pa­ny­ing doc­u­men­ta­tion sole­ly in con­nec­tion with access­ing the System. 

8.2 License to Access the System

Upon estab­lish­ing a valid Account, and sub­ject to your con­tin­ued com­pli­ance with this Agree­ment, iCon­nect grants you a lim­it­ed, non-exclu­sive, revo­ca­ble license to access the System. 

8.3 Spe­cif­ic Restrictions

Any and all rights not express­ly grant­ed by iCon­nect and iCon­nect here­in are reserved, and no license, per­mis­sion or right of access or use not grant­ed express­ly here­in shall be implied. 

You may not inter­cept, for any pur­pose, infor­ma­tion acces­si­ble through the Sys­tem. You may not access the Sys­tem or upload, down­load or use infor­ma­tion acces­si­ble through the Sys­tem, oth­er than as per­mit­ted by this Agreement. 

You may not copy (except as set forth above), dis­trib­ute, rent, lease, loan, mod­i­fy or cre­ate deriv­a­tive works of, adapt, trans­late, per­form, dis­play, sub­li­cense or trans­fer the Soft­ware or any doc­u­men­ta­tion accom­pa­ny­ing the Software. 

You may not reverse engi­neer, dis­as­sem­ble or decom­pile, or attempt to reverse engi­neer or derive source code from, all or any por­tion of the Soft­ware, or from any infor­ma­tion acces­si­ble through the Sys­tem (includ­ing, with­out lim­i­ta­tion, data pack­ets trans­mit­ted to and from the Sys­tem over the Inter­net), or any­thing incor­po­rat­ed there­in, or analyse, deci­pher, “sniff” or derive code (or attempt to do any of the fore­go­ing) from any pack­et stream trans­mit­ted to or from the Sys­tem, whether encrypt­ed or not, or per­mit any third par­ty to do any of the same, and you here­by express­ly waive any legal rights you may have to do so. If the Soft­ware and/or the Sys­tem con­tains license man­age­ment tech­nol­o­gy, you may not cir­cum­vent or dis­able that technology.

 

9. Proprietary Rights

9.1 Own­er­ship of Soft­ware & System

As between you and iCon­nect, iCon­nect is the sole and exclu­sive own­er of the Soft­ware & Sys­tem. The Soft­ware & Sys­tem are pro­tect­ed by law gov­ern­ing copy­rights, trade­marks and oth­er pro­pri­etary rights. iCon­nect reserves all rights not express­ly grant­ed here­in. The Sys­tem is com­prised of, with­out lim­i­ta­tion, soft­ware code, pro­grams, rou­tines, sub­rou­tines, objects, files, data, video, text, con­tent, lay­out, design and oth­er infor­ma­tion down­loaded from and acces­si­ble through the Sys­tem (col­lec­tive­ly, “RIS Con­nect ”). iCon­nect, its affil­i­ates, licen­sors and/or sup­pli­ers retain all of their right, title and inter­est (includ­ing with­out lim­i­ta­tion all intel­lec­tu­al prop­er­ty rights) in and to the Soft­ware & Sys­tem, and no rights there­to are trans­ferred to you, except for the lim­it­ed license grant­ed above. iCon­nect reserves the right to change ser­vice provider and/or soft­ware as long as the ser­vice pro­vi­sion is the same or better. 

9.2 Rights to Cer­tain Content

All videos cre­at­ed through your account, are the sole and exclu­sive prop­er­ty of your Organ­i­sa­tion, includ­ing any and all copy­rights and intel­lec­tu­al prop­er­ty rights in or to any and all of the same, all of which are here­by express­ly reserved. 

9.3 User Content

The Sys­tem may allow you to com­mu­ni­cate infor­ma­tion, such as by shar­ing video & com­ments text, audio & video to group libraries (col­lec­tive­ly, User Content). 

User Con­tent that you cause to be com­mu­ni­cat­ed to the Sys­tem may not:

(i) vio­late any statute, rule, reg­u­la­tion or law; 

(ii) infringe or vio­late the intel­lec­tu­al prop­er­ty, pro­pri­etary, pri­va­cy or pub­lic­i­ty rights of any third party; 

(iii) be defam­a­to­ry, inde­cent, obscene, child porno­graph­ic or harm­ful to minors; or 

(iv) con­tain any virus­es, Tro­jan hors­es, dis­abling code, worms, time bombs, “clear GIFs,” can­cel­bots or oth­er com­put­er pro­gram­ming or rou­tines that are intend­ed to, or which in fact, dam­age, detri­men­tal­ly inter­fere with, mon­i­tor, inter­cept or expro­pri­ate any data, infor­ma­tion, pack­ets or per­son­al information. 

iCon­nect may take any action it deems appro­pri­ate regard­ing any User Con­tent, if iCon­nect believes, in its sole dis­cre­tion, that such User Con­tent vio­lates this Agree­ment or may expose iCon­nect, its licen­sors and/or its sup­pli­ers to lia­bil­i­ty, dam­age iConnect’s rela­tion­ship with any of its sup­pli­ers, licen­sors, ISPs or oth­er users of iCon­nect, harm any­one or iCon­nec­t’s rep­u­ta­tion or goodwill. 

Vio­la­tion of iCon­nec­t’s pro­pri­etary rights is a mate­r­i­al breach of this Agree­ment, in the event of which iCon­nect may sus­pend your Account, ter­mi­nate this Agree­ment and take what­ev­er addi­tion­al action iCon­nect and deems appro­pri­ate under the cir­cum­stance. The fore­go­ing is with­out prej­u­dice to or waiv­er of any and all of iCon­nec­t’s oth­er rights and reme­dies, all of which are express­ly reserved, sur­vive ter­mi­na­tion, and are cumulative.

 

10. Data Processing Agreement — GDPR

10.1.    Dura­tion of Data Pro­cess­ing Agreement. 

This Agree­ment will take effect on the effec­tive Date and, notwith­stand­ing expiry of the Term, remain in effect until, and auto­mat­i­cal­ly expire upon, dele­tion of all Cus­tomer Data by iCon­nect as described in this Agreement.

10.2 Scope of Data Pro­tec­tion Legislation.

10.2.1 Application of European Legislation. 

The par­ties acknowl­edge and agree that the Euro­pean Data Pro­tec­tion Leg­is­la­tion will apply to the pro­cess­ing of Cus­tomer Per­son­al Data if, for example:

(a) the pro­cess­ing is car­ried out in the con­text of the activ­i­ties of an estab­lish­ment of Cus­tomer in the ter­ri­to­ry of the EEA; and/or

(b) the Cus­tomer Per­son­al Data is per­son­al data relat­ing to data sub­jects who are in the EEA and the pro­cess­ing relates to the offer­ing to them of goods or ser­vices in the EEA or the mon­i­tor­ing of their behav­iour in the EEA.

10.2.2 Application of Non-European Legislation. 

The par­ties acknowl­edge and agree that Non-Euro­pean Data Pro­tec­tion Leg­is­la­tion may also apply to the pro­cess­ing of Cus­tomer Per­son­al Data.

10.3.    Pro­cess­ing of Data.

10.3.1 Processor and Controller Responsibilities.

If the Euro­pean Data Pro­tec­tion Leg­is­la­tion applies to the pro­cess­ing of Cus­tomer Per­son­al Data, the par­ties acknowl­edge and agree that:

(a) the sub­ject mat­ter and details of the pro­cess­ing are described in Appen­dix 1;

(b) iCon­nect is a proces­sor of that Cus­tomer Per­son­al Data under the Euro­pean Data Pro­tec­tion Legislation;

© The Cus­tomer is a con­troller or proces­sor, as applic­a­ble, of that Cus­tomer Per­son­al Data under the Euro­pean Data Pro­tec­tion Leg­is­la­tion; and

(d) each par­ty will com­ply with the oblig­a­tions applic­a­ble to it under the Euro­pean Data Pro­tec­tion Leg­is­la­tion with respect to the pro­cess­ing of that Cus­tomer Per­son­al Data.

10.3.2 Authorization by Third Party Controller.

If the Euro­pean Data Pro­tec­tion Leg­is­la­tion applies to the pro­cess­ing of Cus­tomer Per­son­al Data and the Cus­tomer is a proces­sor, the Cus­tomer war­rants to iCon­nect that the Customer’s instruc­tions and actions with respect to that Cus­tomer Per­son­al Data, includ­ing its appoint­ment of iCon­nect as anoth­er proces­sor, have been autho­rized by the rel­e­vant controller.

10.3.3  Responsibilities under Non-European Legislation.

If Non-Euro­pean Data Pro­tec­tion Leg­is­la­tion applies to either party’s pro­cess­ing of Cus­tomer Per­son­al Data, the par­ties acknowl­edge and agree that the rel­e­vant par­ty will com­ply with any oblig­a­tions applic­a­ble to it under that leg­is­la­tion with respect to the pro­cess­ing of that Cus­tomer Per­son­al Data.

10.4 Scope of Processing.

10.4.1 Customer’s Instructions.

By enter­ing into this Data Pro­cess­ing Agree­ment, the Cus­tomer instructs iCon­nect to process Cus­tomer Per­son­al Data only in accor­dance with applic­a­ble law: 

(a) to pro­vide the Ser­vices and relat­ed tech­ni­cal support; 

(b) as fur­ther spec­i­fied via Customer’s use of the Ser­vices (includ­ing the Admin Con­sole and oth­er func­tion­al­i­ty of the Ser­vices) and relat­ed tech­ni­cal support; 

© as fur­ther doc­u­ment­ed in any oth­er writ­ten instruc­tions giv­en by Cus­tomer and acknowl­edged by iCon­nect as con­sti­tut­ing instruc­tions for pur­pos­es of this Data Pro­cess­ing Agreement.

10.4.2 iConnect’s Compliance with Instructions.

As from the Full Acti­va­tion Date, iCon­nect will com­ply with the instruc­tions described in Sec­tion 10.4.1 (Customer’s Instruc­tions) (includ­ing with regard to data trans­fers) unless EU or EU Mem­ber State law to which iCon­nect is sub­ject requires oth­er pro­cess­ing of Cus­tomer Per­son­al Data by iCon­nect, in which case iCon­nect will inform Cus­tomer (unless that law pro­hibits iCon­nect from doing so on impor­tant grounds of pub­lic inter­est) via the Noti­fi­ca­tion Email Address. For clar­i­ty, iCon­nect will not process Cus­tomer Per­son­al Data for Adver­tis­ing pur­pos­es or serve Adver­tis­ing in the Services.

10.4.3 Additional Products.

If iCon­nect at its option makes any Addi­tion­al Prod­ucts avail­able to Cus­tomer in accor­dance with the Addi­tion­al Prod­uct Terms (if applic­a­ble), and if Cus­tomer opts to install or use those Addi­tion­al Prod­ucts, the Ser­vices may allow those Addi­tion­al Prod­ucts to access Cus­tomer Per­son­al Data as required for the inter­op­er­a­tion of the Addi­tion­al Prod­ucts with the Ser­vices. For clar­i­ty, this Data Pro­cess­ing Agree­ment does not apply to the pro­cess­ing of per­son­al data in con­nec­tion with the pro­vi­sion of any Addi­tion­al Prod­ucts installed or used by Cus­tomer, includ­ing per­son­al data trans­mit­ted to or from such Addi­tion­al Prod­ucts. Cus­tomer may use the func­tion­al­i­ty of the Ser­vices to enable or dis­able Addi­tion­al Prod­ucts, and is not required to use Addi­tion­al Prod­ucts in order to use the Services.

 

11.    Data Deletion

11.1.    Dele­tion Dur­ing Term.

iCon­nect will enable the Cus­tomer and/or End Users to delete Cus­tomer Data dur­ing the applic­a­ble Term in a man­ner con­sis­tent with the func­tion­al­i­ty of the Ser­vices. If the Cus­tomer or an End User uses the Ser­vices to delete any Cus­tomer Data dur­ing the applic­a­ble Term, this use will con­sti­tute an instruc­tion to iCon­nect to delete the rel­e­vant Cus­tomer Data from iConnect’s sys­tems in accor­dance with applic­a­ble law. iCon­nect will com­ply with this instruc­tion as soon as rea­son­ably prac­ti­ca­ble and with­in a max­i­mum peri­od of 180 days, unless EU or EU Mem­ber State law requires storage.

11.2.    Dele­tion on Term Expiry.

Sub­ject to Sec­tion 11.3 (Deferred Dele­tion Instruc­tion), on expiry of the applic­a­ble Term Cus­tomer instructs iCon­nect to delete all Cus­tomer Data (includ­ing exist­ing copies) from iConnect’s sys­tems in accor­dance with applic­a­ble law. iCon­nect will com­ply with this instruc­tion as soon as rea­son­ably prac­ti­ca­ble and with­in a max­i­mum peri­od of 180 days, unless EU or EU Mem­ber State law requires stor­age. With­out prej­u­dice to Sec­tion 17.1 (Access; Rec­ti­fi­ca­tion; Restrict­ed Pro­cess­ing; Porta­bil­i­ty), Cus­tomer acknowl­edges and agrees that Cus­tomer will be respon­si­ble for export­ing before the applic­a­ble Term expires, any Cus­tomer Data it wish­es to retain afterward.

11.3.    Deferred Dele­tion Instruc­tion.

To the extent any Cus­tomer Data cov­ered by the dele­tion instruc­tion described in Sec­tion 11.2 (Dele­tion on Term Expiry) is also processed, when the applic­a­ble Term under Sec­tion 11.2 expires, in rela­tion to an Agree­ment with a con­tin­u­ing Term, such dele­tion instruc­tion will only take effect with respect to such Cus­tomer Data when the con­tin­u­ing Term expires. For clar­i­ty, this Data Pro­cess­ing Agree­ment will con­tin­ue to apply to such Cus­tomer Data until its dele­tion by iConnect.

 

12.    Data Security

12.1 iConnect’s Secu­ri­ty Mea­sures, Con­trols, and Assistance.

12.1.1 iConnect’s Security Measures.

iCon­nect will imple­ment and main­tain tech­ni­cal and organ­i­sa­tion­al mea­sures to pro­tect Cus­tomer Data against acci­den­tal or unlaw­ful destruc­tion, loss, alter­ation, unau­tho­rised dis­clo­sure or access as described in the Secu­ri­ty Con­trols and Mea­sures doc­u­ment. The Secu­ri­ty Con­trols and Mea­sures doc­u­ment includes mea­sures to encrypt per­son­al data; to help ensure ongo­ing con­fi­den­tial­i­ty, integri­ty, avail­abil­i­ty and resilience of iConnect’s sys­tems and ser­vices; to help restore time­ly access to per­son­al data fol­low­ing an inci­dent; for reg­u­lar test­ing of effec­tive­ness. iCon­nect may update or mod­i­fy the Secu­ri­ty Mea­sures from time to time pro­vid­ed that such updates and mod­i­fi­ca­tions do not result in the degra­da­tion of the over­all secu­ri­ty of the Services.

12.1.2  Security Compliance by iConnect Staff.

iCon­nect will take appro­pri­ate steps to ensure com­pli­ance with the Secu­ri­ty Mea­sures by its employ­ees, con­trac­tors, and Sub­proces­sors to the extent applic­a­ble to their scope of per­for­mance, includ­ing ensur­ing that all per­sons autho­rised to process Cus­tomer Per­son­al Data have com­mit­ted them­selves to con­fi­den­tial­i­ty or are under an appro­pri­ate statu­to­ry oblig­a­tion of confidentiality.

12.1.3  Additional Security Controls

In addi­tion to the Secu­ri­ty Mea­sures, iCon­nect will make the Addi­tion­al Secu­ri­ty Con­trols avail­able to: 

(a) allow Cus­tomer to take steps to secure Cus­tomer Data; and 

(b) pro­vide Cus­tomer with infor­ma­tion about secur­ing, access­ing and using Cus­tomer Data.

The Addi­tion­al Secu­ri­ty Con­trols are out­lined in the Secu­ri­ty Mea­sures and Con­trols Document

12.1.4  iConnect’s Security Assistance.

Cus­tomer agrees that iCon­nect will (tak­ing into account the nature of the pro­cess­ing of Cus­tomer Per­son­al Data and the infor­ma­tion avail­able to iCon­nect) assist Cus­tomer in ensur­ing com­pli­ance with any of Customer’s oblig­a­tions in respect of secu­ri­ty of per­son­al data and per­son­al data breach­es, includ­ing if applic­a­ble Customer’s oblig­a­tions pur­suant to Arti­cles 32 to 34 (inclu­sive) of the GDPR, by:

(a)     imple­ment­ing and main­tain­ing the Secu­ri­ty Mea­sures in accor­dance with Sec­tion 12.1.1 (iConnect’s Secu­ri­ty Measures);

(b)     mak­ing the Addi­tion­al Secu­ri­ty Con­trols avail­able to Cus­tomer in accor­dance with Sec­tion 12.1.3 (Addi­tion­al Secu­ri­ty Controls);

©     com­ply­ing with the terms of Sec­tion 13.2 (Data Inci­dents); and

(d)     pro­vid­ing Cus­tomer with the Secu­ri­ty Doc­u­men­ta­tion in accor­dance with Sec­tion 15.1 (Reviews of Secu­ri­ty Doc­u­men­ta­tion) and the infor­ma­tion con­tained in the applic­a­ble Agreement.

 

13. Data Incidents

13.1  Inci­dent Noti­fi­ca­tion.

If iCon­nect becomes aware of a Data Inci­dent, iCon­nect will: (a) noti­fy Cus­tomer of the Data Inci­dent prompt­ly and with­out undue delay; and (b) prompt­ly take rea­son­able steps to min­i­mize harm and secure Cus­tomer Data. Fur­ther infor­ma­tion about iConnect’s Data Breach Response and Noti­fi­ca­tion Pro­ce­dure can be found here.

13.2  Details of Data Inci­dent.

Noti­fi­ca­tions made pur­suant to this sec­tion will describe, to the extent pos­si­ble, details of the Data Inci­dent, includ­ing steps tak­en to mit­i­gate the poten­tial risks and steps iCon­nect rec­om­mends Cus­tomer take to address the Data Incident.

13.3  Deliv­ery of Noti­fi­ca­tion.

Notification(s) of any Data Incident(s) will be deliv­ered to the Noti­fi­ca­tion Email Address or, at iConnect’s dis­cre­tion, by direct com­mu­ni­ca­tion (for exam­ple, by phone call or an in-per­son meet­ing). Cus­tomer is sole­ly respon­si­ble for ensur­ing that the Noti­fi­ca­tion Email Address is cur­rent and valid.

13.4  No Assess­ment of Cus­tomer Data by iCon­nect.

iCon­nect will not assess the con­tents of Cus­tomer Data in order to iden­ti­fy infor­ma­tion sub­ject to any spe­cif­ic legal require­ments. Cus­tomer is sole­ly respon­si­ble for com­ply­ing with inci­dent noti­fi­ca­tion laws applic­a­ble to Cus­tomer and ful­fill­ing any third par­ty noti­fi­ca­tion oblig­a­tions relat­ed to any Data Incident(s).

13.5  No Acknowl­edg­ment of Fault by iCon­nect.

iConnect’s noti­fi­ca­tion of or response to a Data Inci­dent under this Sec­tion 13.2 (Data Inci­dents) will not be con­strued as an acknowl­edge­ment by iCon­nect of any fault or lia­bil­i­ty with respect to the Data Incident.

 

14  Customer’s Security Responsibilities and Assessment

14.1  Customer’s Secu­ri­ty Respon­si­bil­i­ties.

The Cus­tomer agrees that, with­out prej­u­dice to iConnect’s oblig­a­tions under Sec­tion 12.1 (iConnect’s Secu­ri­ty Mea­sures, Con­trols and Assis­tance) and Sec­tion 13 (Data Incidents):

(a) Cus­tomer is sole­ly respon­si­ble for its use of the Ser­vices, including:

(i)      mak­ing appro­pri­ate use of the Ser­vices and the Addi­tion­al Secu­ri­ty Con­trols to ensure a lev­el of secu­ri­ty appro­pri­ate to the risk in respect of the Cus­tomer Data;

(ii)     secur­ing the account authen­ti­ca­tion cre­den­tials, sys­tems and devices Cus­tomer uses to access the Ser­vices; and

(b) iCon­nect has no oblig­a­tion to pro­tect Cus­tomer Data that Cus­tomer elects to store or trans­fer out­side of iConnect’s and its Sub­proces­sors’ sys­tems (for exam­ple, offline or on-premise stor­age), or to pro­tect Cus­tomer Data by imple­ment­ing or main­tain­ing Addi­tion­al Secu­ri­ty Con­trols except to the extent Cus­tomer has opt­ed to use them.

14.2  Customer’s Secu­ri­ty Assess­ment.

(a) Cus­tomer is sole­ly respon­si­ble for review­ing the Secu­ri­ty Doc­u­men­ta­tion and eval­u­at­ing for itself whether the Ser­vices, the Secu­ri­ty Mea­sures, the Addi­tion­al Secu­ri­ty Con­trols and iConnect’s com­mit­ments under this Sec­tion 12 (Data Secu­ri­ty) will meet Customer’s needs, includ­ing with respect to any secu­ri­ty oblig­a­tions of Cus­tomer under the Euro­pean Data Pro­tec­tion Leg­is­la­tion and/or Non-Euro­pean Data Pro­tec­tion Leg­is­la­tion, as applicable.

(b) Cus­tomer acknowl­edges and agrees that (tak­ing into account the state of the art, the costs of imple­men­ta­tion and the nature, scope, con­text and pur­pos­es of the pro­cess­ing of Cus­tomer Per­son­al Data as well as the risks to indi­vid­u­als) the Secu­ri­ty Mea­sures imple­ment­ed and main­tained by iCon­nect as set out in Sec­tion 12.1.1 (iConnect’s Secu­ri­ty Mea­sures) pro­vide a lev­el of secu­ri­ty appro­pri­ate to the risk in respect of the Cus­tomer Data.

14.3 Secu­ri­ty Cer­ti­fi­ca­tions and Reports,

iCon­nect will do the fol­low­ing to eval­u­ate and help ensure the con­tin­ued effec­tive­ness of the Secu­ri­ty Measures:

14.3.1    Internal Certifications and Reports

(a) main­tain the DfE Cloud Ser­vice Providers self certification 

(b) main­tain Cyber Essen­tials (or high­er) certification

14.3.2    Amazon Certification and Reports

Review the fol­low­ing reports of and cer­ti­fi­ca­tions reports as they are updat­ed to ensure they main­tain or improve on their exist­ing secu­ri­ty standards:

(a) SOC 2

(b) SOC 3

(c ) ISO 9001

(d) ISO 27001

(e) ISO 27017

(f) ISO 27018

 

15. Reviews and Audits of Compliance

15.1  Reviews of Secu­ri­ty Documentation

15.1.1  Internal Security Documentation

In addi­tion to the infor­ma­tion con­tained in the applic­a­ble Agree­ment, iCon­nect will make avail­able for review by the Cus­tomer the fol­low­ing doc­u­ments and infor­ma­tion to demon­strate com­pli­ance by iCon­nect with its oblig­a­tions under this document:

1.The iCon­nect Secu­ri­ty Mea­sures and Con­trols document

2.DfE Cloud Ser­vice Providers cer­tifi­cate and inde­pen­dent audit

3.Cyber Essen­tials certificate

15.1.2  Amazon Security Documentation

Amazon’s secu­ri­ty doc­u­men­ta­tion can be found here: https://aws.amazon.com/compliance/programs/ and here: https://aws.amazon.com/security

15.2  Customer’s Audit Rights.

(a) If the Euro­pean Data Pro­tec­tion Leg­is­la­tion applies to the pro­cess­ing of Cus­tomer Per­son­al Data, iCon­nect will allow Cus­tomer or an inde­pen­dent audi­tor appoint­ed by Cus­tomer to con­duct audits (includ­ing inspec­tions) to ver­i­fy iConnect’s com­pli­ance with its oblig­a­tions under this Data Pro­cess­ing Agree­ment in accor­dance with Sec­tion 15.3 (Addi­tion­al Busi­ness Terms for Reviews and Audits). iCon­nect will con­tribute to such audits as described in Sec­tion 13.4 (Secu­ri­ty Cer­ti­fi­ca­tions and Reports) and this Sec­tion 15 (Reviews and Audits of Compliance).

(b) Cus­tomer may also con­duct an audit to ver­i­fy  iConnect’s com­pli­ance with its oblig­a­tions under this Data Pro­cess­ing Agree­ment by review­ing the Secu­ri­ty Doc­u­men­ta­tion (which reflects the out­come of audits con­duct­ed by iConnect’s Third Par­ty Auditor).

15.3  Addi­tion­al Busi­ness Terms for Reviews and Audits.

(a) Cus­tomer must send any requests for reviews of the Secu­ri­ty Mea­sures and Con­trols doc­u­ment or audits to iConnect’s Data Pro­tec­tion Team via the Sup­port Desk.

(b) Fol­low­ing receipt, by iCon­nect of a request iCon­nect and the Cus­tomer will dis­cuss and agree in advance on: 

(i)     the rea­son­able date(s) of and secu­ri­ty and con­fi­den­tial­i­ty con­trols applic­a­ble to any review of the Secu­ri­ty Mea­sures and Con­trols Document. 

(ii)    the rea­son­able start date, scope, and dura­tion of and secu­ri­ty and con­fi­den­tial­i­ty con­trols applic­a­ble to any audit.

© iCon­nect may charge a fee (based on iConnect’s rea­son­able costs) for any review of the Secu­ri­ty Mea­sures and Con­trols doc­u­ment and/or audit. iCon­nect will pro­vide Cus­tomer with fur­ther details of any applic­a­ble fee, and the basis of its cal­cu­la­tion, in advance of any such review or audit. The Cus­tomer will be respon­si­ble for any fees charged by any audi­tor appoint­ed by the Cus­tomer to exe­cute any such audit.

(d) iCon­nect may object in writ­ing to an audi­tor appoint­ed by the Cus­tomer to con­duct any audit if the audi­tor is, in iConnect’s rea­son­able opin­ion, not suit­ably qual­i­fied or inde­pen­dent, a com­peti­tor of iCon­nect, or oth­er­wise man­i­fest­ly unsuit­able. Any such objec­tion by iCon­nect will require the Cus­tomer to appoint anoth­er audi­tor or con­duct the audit itself.

 

16. Impact Assessments and Consultations

Cus­tomer agrees that iCon­nect will (tak­ing into account the nature of the pro­cess­ing and the infor­ma­tion avail­able to iCon­nect) assist Cus­tomer in ensur­ing com­pli­ance with any oblig­a­tions of Cus­tomer in respect of data pro­tec­tion impact assess­ments and pri­or con­sul­ta­tion, includ­ing if applic­a­ble Customer’s oblig­a­tions pur­suant to Arti­cles 35 and 36 of the GDPR, by:

(a) pro­vid­ing the Addi­tion­al Secu­ri­ty Con­trols in accor­dance with Sec­tion 12.1.3 (Addi­tion­al Secu­ri­ty Con­trols) and the Secu­ri­ty Doc­u­men­ta­tion in accor­dance with Sec­tion 15.1 (Reviews of Secu­ri­ty Doc­u­men­ta­tion); and

(b) pro­vid­ing the infor­ma­tion con­tained in the applic­a­ble Agreement

 

17.    Data Subject Rights; Data Export

17.1 Access; Rec­ti­fi­ca­tion; Restrict­ed Pro­cess­ing; Porta­bil­i­ty.

Dur­ing the applic­a­ble Term, iCon­nect will, in a man­ner con­sis­tent with the func­tion­al­i­ty of the Ser­vices, enable Cus­tomer to access, rec­ti­fy and restrict pro­cess­ing of Cus­tomer Data, includ­ing via the dele­tion func­tion­al­i­ty pro­vid­ed by iCon­nect as described in Sec­tion 11.1 (Dele­tion Dur­ing Term), and to export Cus­tomer Data.

17.2 Data Sub­ject Requests.

17.2.1  Customer’s Respon­si­bil­i­ty for Requests.

Dur­ing the applic­a­ble Term, if iCon­nect receives any request from a data sub­ject in rela­tion to Cus­tomer Per­son­al Data, iCon­nect will advise the data sub­ject to sub­mit his/her request to the Cus­tomer, and the Cus­tomer will be respon­si­ble for respond­ing to any such request includ­ing, where nec­es­sary, by using the func­tion­al­i­ty of the Services.

17.2.2  iConnect’s Data Sub­ject Request Assistance.

The Cus­tomer agrees that (tak­ing into account the nature of the pro­cess­ing of Cus­tomer Per­son­al Data) iCon­nect will assist the Cus­tomer in ful­fill­ing any oblig­a­tion to respond to requests by data sub­jects, includ­ing if applic­a­ble the Customer’s oblig­a­tion to respond to requests for exer­cis­ing the data subject’s rights laid down in Chap­ter III of the GDPR, by:

(a) pro­vid­ing the Addi­tion­al Secu­ri­ty Con­trols in accor­dance with Sec­tion 12.1.3 (Addi­tion­al Secu­ri­ty Con­trols); and

(b) com­ply­ing with the com­mit­ments set out in Sec­tion 17.1 (Access; Rec­ti­fi­ca­tion; Restrict­ed Pro­cess­ing; Porta­bil­i­ty) and Sec­tion 17.2.1 (Customer’s Respon­si­bil­i­ty for Requests).

 

18 Data Transfers

18.1 Data Stor­age and Pro­cess­ing Facil­i­ties.

The Cus­tomer agrees that iCon­nect may, store and process Cus­tomer Data in any mem­ber state of the EU in which iCon­nect or any of its Sub­proces­sors main­tains facilities.

18.2 Data Cen­tre Infor­ma­tion.

iCon­nect users Ama­zon AWS stor­age to store all of Cus­tomer Data. Detailed Infor­ma­tion about these data cen­tres is avail­able here.

18.3    Loca­tion of Cus­tomer Data

1.Customers using the Europe plat­form (https://europe.irisconnect.com) data will be stored in Dublin, Ireland

2.Customers using the US plat­form (https://us.irisconnect.com) data will be stored in North Vir­ginia, America

3.Customers using the Aus­tralia plat­form (https://aus.irisconnect.com) data will be stored in Syd­ney, Australia

19 Subprocessors

19.1 Con­sent to Sub­proces­sor Engage­ment.

Cus­tomer specif­i­cal­ly autho­ris­es the engage­ment of iConnect’s Affil­i­ates as Sub­proces­sors. In addi­tion, Cus­tomer gen­er­al­ly autho­rizes the engage­ment of any oth­er third par­ties as Sub­proces­sors (“Third Par­ty Subprocessors”).

19.2 Infor­ma­tion about Sub­proces­sors.

Infor­ma­tion about Ama­zon AWS ser­vices, includ­ing their func­tions and loca­tions, is avail­able at https://aws.amazon.com  

19.3 Require­ments for Sub­proces­sor Engage­ment.

When engag­ing any Sub­proces­sor, iCon­nect will:

(a) ensure via a writ­ten con­tract that:

(i)      the Sub­proces­sor only access­es and uses Cus­tomer Data to the extent required to per­form the oblig­a­tions sub­con­tract­ed to it, and does so in accor­dance with the applic­a­ble Agree­ment (includ­ing this Agree­ment); and

(ii)     if the GDPR applies to the pro­cess­ing of Cus­tomer Per­son­al Data, the data pro­tec­tion oblig­a­tions set out in Arti­cle 28(3) of the GDPR, as described in this Data Pro­cess­ing Agree­ment, are imposed on the Sub­proces­sor; and

(b) remain ful­ly liable for all oblig­a­tions sub­con­tract­ed to, and all acts and omis­sions of, the Subprocessor.

19.4 Oppor­tu­ni­ty to Object to Sub­proces­sor Changes

(a) When any new Third Par­ty Sub­proces­sor is engaged dur­ing the applic­a­ble Term, iCon­nect will, at least 30 days before the new Third Par­ty Sub­proces­sor process­es any Cus­tomer Data, inform Cus­tomer of the engage­ment (includ­ing the name and loca­tion of the rel­e­vant sub­proces­sor and the activ­i­ties it will per­form) either by send­ing an email to the Noti­fi­ca­tion Email Address or via the Admin Console.

(b) Cus­tomer may object to any new Third Par­ty Sub­proces­sor by ter­mi­nat­ing the applic­a­ble Agree­ment imme­di­ate­ly upon writ­ten notice to iCon­nect, on con­di­tion that Cus­tomer pro­vides such notice with­in 90 days of being informed of the engage­ment of the sub­proces­sor as described in Sec­tion 11.4(a). This ter­mi­na­tion right is Customer’s sole and exclu­sive rem­e­dy if Cus­tomer objects to any new Third Par­ty Subprocessor.

 

20 Data Protection Team; Processing Records.

20.1 iConnect’s Data Pro­tec­tion Team

iConnect’s Data Pro­tec­tion Team can be con­tact­ed via the Sup­port Desk.

20.2 iConnect’s Pro­cess­ing Records:

Cus­tomer acknowl­edges that iCon­nect is required under the GDPR to: (a) col­lect and main­tain records of cer­tain infor­ma­tion, includ­ing the name and con­tact details of each proces­sor and/or con­troller on behalf of which iCon­nect is act­ing and, where applic­a­ble, of such processor’s or con­troller’s local rep­re­sen­ta­tive and data pro­tec­tion offi­cer; and (b) make such infor­ma­tion avail­able to the super­vi­so­ry author­i­ties. Accord­ing­ly, if the GDPR applies to the pro­cess­ing of Cus­tomer Per­son­al Data, Cus­tomer will, where request­ed, pro­vide such infor­ma­tion to iCon­nect via the Admin Con­sole or oth­er means pro­vid­ed by iCon­nect, and will use the Admin Con­sole or such oth­er means to ensure that all infor­ma­tion pro­vid­ed is kept accu­rate and up-to-date.

21. Warranties

The Soft­ware and Sys­tem are pro­vid­ed “As Is,” with all faults, and with­out war­ran­ty of any kind. 

To the extent per­mit­ted by law and save as express­ly pro­vid­ed here­in, iCon­nect dis­claims all war­ranties, whether express or implied, includ­ing with­out lim­i­ta­tion the war­ranties of mer­chantabil­i­ty, fit­ness for par­tic­u­lar pur­pose and non-infringe­ment. iCon­nect does not war­rant that the oper­a­tion of the Sys­tem or access to the Sys­tem, or that use of the Soft­ware, will be unin­ter­rupt­ed or error-free, nor that the Sys­tem or Soft­ware will be com­pat­i­ble with the Organisation’s hard­ware and software. 

While iCon­nect attempts to have the Sys­tem avail­able at most times, iCon­nect does not guar­an­tee that the Sys­tem will always be avail­able, or that the Sys­tem will not become unavail­able dur­ing use. The Sys­tem may become unavail­able for a num­ber of rea­sons, includ­ing with­out lim­i­ta­tion dur­ing the per­for­mance of main­te­nance to the Sys­tem, for the imple­men­ta­tion of new soft­ware, for emer­gency sit­u­a­tions and due to equip­ment or telecom­mu­ni­ca­tions failures. 

iCon­nect war­rants and rep­re­sents that it shall com­ply with all applic­a­ble laws, statutes, reg­u­la­tions, direc­tives, codes of prac­tice and oth­er anal­o­gous guide­lines rel­e­vant to the Soft­ware and the Sys­tem, includ­ing but not lim­it­ed to those relat­ing to anti-bribery and anti-cor­rup­tion (such as the Bribery Act 2010). 

The Organ­i­sa­tion may ter­mi­nate this con­tract and take action to recov­er all its loss­es if iCon­nect com­mits an offence under the Bribery Act 2010 or Sec­tion 117(2) of the Local Gov­ern­ment Act 1972 (as amend­ed from time to time). Any clause lim­it­ing the iConnect’s lia­bil­i­ty does not apply to this anti-cor­rup­tion clause. 

Dur­ing the term of this agree­ment and for a peri­od of at least three years there­after, iCon­nect shall main­tain in force, with a rep­utable insur­ance com­pa­ny, appro­pri­ate insur­ances to cov­er its lia­bil­i­ties, includ­ing pub­lic lia­bil­i­ty insur­ance, employer’s lia­bil­i­ty insur­ance in an amount not less than £10,000,000 and pro­fes­sion­al indem­ni­ty insur­ance in an amount not less than £1,000,000 and shall, on the Organ­i­sa­tion’s request, pro­duce both the insur­ance cer­tifi­cate giv­ing details of cov­er and the receipt for the cur­rent year’s premium.

 

22. Disclaimer of Damages

In no event shall iCon­nect, its affil­i­ates, licen­sors or sup­pli­ers be liable to you or to any third par­ty for any spe­cial, indi­rect, inci­den­tal, con­se­quen­tial, puni­tive or exem­plary dam­ages (includ­ing with­out lim­i­ta­tion, lost prof­its or lost data), aris­ing out of or in con­nec­tion with your Account, the Sys­tem, Soft­ware, User Con­tent, ORGANISATION EULA, or any oth­er ser­vices or mate­ri­als pro­vid­ed in con­nec­tion there­with, whether based on war­ran­ty, con­tract, tort or any oth­er legal the­o­ry, and whether or not iCon­nect is advised of the pos­si­bil­i­ty of such dam­ages, and even if any stat­ed rem­e­dy fails of its essen­tial purpose.

 

23. Limitation of Liability

Except as set forth below, iCon­nect and iConnect’s max­i­mum lia­bil­i­ty for any and all claims aris­ing out of or in con­nec­tion with your Account, the Soft­ware, User Con­tent, ORGANISATION EULA, and any oth­er ser­vices or mate­ri­als pro­vid­ed in con­nec­tion there­with, shall not exceed an amount equal to the val­ue of your remain­ing sub­scrip­tion fees. 

In the event of a mate­r­i­al breach of iCon­nect and iConnect’s oblig­a­tions to pro­vide access to and use of your Account, the Sys­tem, or User Con­tent, your sole and exclu­sive rem­e­dy shall be a refund of any pre-paid sub­scrip­tion fees attrib­ut­able to the peri­od dur­ing which you were denied such access and use. 

If any of the fore­go­ing dis­claimers or lim­i­ta­tions of lia­bil­i­ty are declared to be void or unen­force­able, then iConnect’s lia­bil­i­ty shall be lim­it­ed to the max­i­mum extent per­mis­si­ble under applic­a­ble law. The reme­dies set forth here­in are exclu­sive and in lieu of all oth­er reme­dies, oral or writ­ten, express or implied.

 

24. Indemnity

The Organ­i­sa­tion shall defend, indem­ni­fy and hold harm­less iCon­nect and its respec­tive employ­ees, offi­cers, and direc­tors, from any and all claims, loss, dam­ages, and demands, includ­ing rea­son­able legal fees, aris­ing out of the Organisation’s (includ­ing its users) use or mis­use of the Soft­ware and/or System. 

iCon­nect shall defend, indem­ni­fy and hold harm­less this Agree­ment and its respec­tive employ­ees, gov­er­nors, agents and offi­cers from any and all claims, loss, dam­ages and demands, includ­ing rea­son­able legal fees, aris­ing out of iConnect’s breach of 

(a) any dam­age to any third par­ty prop­er­ty or for per­son­al injury caused by iConnect’s negligence;

(b) any applic­a­ble data pro­tec­tion legislation;

© any infringe­ment of third par­ty intel­lec­tu­al prop­er­ty rights; or (iv) any breach of the applic­a­ble war­ranties under clause 19.

 

25. Amendments to this agreement

iCon­nect may, at its sole dis­cre­tion, amend this Agree­ment from time to time. If this Agree­ment is amend­ed, you will be asked to review the amend­ed Agree­ment when you log into your Account, and to indi­cate and con­firm your accep­tance of the amend­ed Agree­ment by click­ing the “Accept” and/or “Con­firm” buttons. 

 

26. Governing Law & Exclusive Forum

This Agree­ment, and the rights and oblig­a­tions of the par­ties here­to, shall be gov­erned and con­strued by and in accor­dance with the laws of the Eng­land & Wales. The Agree­ment shall not be gov­erned by the Unit­ed Nations Con­ven­tion on Con­tracts for the Inter­na­tion­al Sale of Goods. 

The sole and exclu­sive forum for resolv­ing any con­tro­ver­sy, dis­pute or claim aris­ing out of or relat­ing to the Agree­ment, or oth­er­wise relat­ing to any rights in, access to or use of the Soft­ware, Sys­tem, User Con­tent and/or the rights and oblig­a­tions of the par­ties here­to, shall be the Eng­lish Court.

 

27. Miscellaneous

If any part of the Agree­ment is held invalid or unen­force­able, that por­tion shall be con­strued in a man­ner con­sis­tent with applic­a­ble law to reflect, as near­ly as pos­si­ble, the orig­i­nal inten­tions of the par­ties expressed in the Agree­ment, and the remain­ing por­tions shall remain in full force and effect. 

The Organ­i­sa­tion shall com­ply with all applic­a­ble laws regard­ing your access to and use of the Sys­tem, use of the Soft­ware, your access to your Account. With­out lim­it­ing the fore­go­ing, you may not down­load, use or oth­er­wise export or re-export any part of the infor­ma­tion acces­si­ble through the Sys­tem or the Soft­ware except in full com­pli­ance with all applic­a­ble laws and regulations. 

Except as oth­er­wise pro­vid­ed here­in, you may not assign or trans­fer the Agree­ment or your rights there­un­der, and any attempt to do so is void. The Agree­ment, includ­ing the Rules of Con­duct and the sub­scrip­tion fees and pay­ment terms as ref­er­enced there­in, as each may be amend­ed by iCon­nect and iCon­nect from time to time, sets forth the entire under­stand­ing and agree­ment between iCon­nect and you with respect to the sub­ject mat­ter here­of. Except as pro­vid­ed above, or in a writ­ing signed by both par­ties, the Agree­ment may not be mod­i­fied or amend­ed. No dis­trib­u­tor, agent or employ­ee of iCon­nect is autho­rised to make any mod­i­fi­ca­tions or addi­tions to the Agreement. 

All notices to iCon­nect required or per­mit­ted by the Agree­ment shall be by elec­tron­ic mail at support@irisconnect.co.uk, unless stat­ed oth­er­wise in the Agreement. 

Updat­ed: April 2018

 

Appendix 1: Subject Matter and Details of the Data Processing

Sub­ject Matter

iConnect’s pro­vi­sion of the Ser­vices and relat­ed tech­ni­cal sup­port to Customer.

Dura­tion of the Processing

The applic­a­ble Term plus the peri­od from the expiry of such Term until dele­tion of all Cus­tomer Data by iCon­nect in accor­dance with the Data Pro­cess­ing Agreement.

Nature and Pur­pose of the Processing

iCon­nect will process Cus­tomer Per­son­al Data sub­mit­ted, stored, sent or received by Cus­tomer, its Affil­i­ates or End Users via the Ser­vices for the pur­pos­es of pro­vid­ing the Ser­vices and relat­ed tech­ni­cal sup­port to Cus­tomer in accor­dance with the Data Pro­cess­ing Agreement.

Cat­e­gories of Data

Per­son­al data sub­mit­ted, stored, sent or received by Cus­tomer, its Affil­i­ates or End Users via the Ser­vices may include the fol­low­ing cat­e­gories of data: user IDs, email, doc­u­ments, pre­sen­ta­tions, images, cal­en­dar entries, tasks and oth­er data.

Data Sub­jects

Per­son­al data sub­mit­ted, stored, sent or received via the Ser­vices may con­cern the fol­low­ing cat­e­gories of data sub­jects: End Users includ­ing Customer’s employ­ees and con­trac­tors; the per­son­nel of Customer’s cus­tomers, sup­pli­ers and sub­con­trac­tors; and any oth­er per­son who trans­mits data via the Ser­vices, includ­ing indi­vid­u­als col­lab­o­rat­ing and com­mu­ni­cat­ing with End Users.

Updat­ed: 25th April 2018 Ver­sion 0.2