Terms and Conditions (Platform)



1.1 The following definitions and rules of interpretation shall apply in this Agreement.
(a) "Applicable Law" means any and all:
(i) statutes, legislation, statutory instruments, regulations, by-laws, rules, ordinances, guidance or subordinate legislation from time to time made or issued to which a Party is subject;
(ii) common law and the law of equity as applicable to the Parties;
(iii) binding court order, judgment or decree;
(iv) applicable industry code of practice, official guidance, generally accepted policy or standard which, in each case, is enforceable by law; or
(v) any instruction, policy, rule or order that is legally binding,
(vi) in each case in so far as such law relates to a Party, the performance of that Party’s obligations under this Agreement or which apply to, concern or otherwise affect the receipt or provision (whichever is relevant) of the Software and/or Services under this Agreement;
(b) “Client Data” means the data inputted by the Client, Permitted Users, or APOMATIX on the Client’s behalf for the purpose of using the Software or facilitating the Client’s use of the Software;
(c) “Client Materials” means any documents or other materials uploaded or transmitted to the Software and / or Services by the Client;
(d) "Confidential Information" means all confidential information, whether or not marked as confidential, (however and whenever recorded, preserved or disclosed) relating to the Disclosing Party provided by the Disclosing Party to the Receiving Party, including any information that would be regarded as confidential by a reasonable business person relating to the business, affairs, financial dealings, operations, processes, commercial strategies, technical information, product information, clients, employee and supplier information, goodwill and reputation, know-how, proprietary rights, designs, trade secrets, software and market opportunities; but excludes information which:
(i) the Receiving Party already controlled, lawfully possessed or developed independently, prior to receipt from the Disclosing Party; or
(ii) is or becomes generally available to the public other than as a result of its disclosure in breach of this Agreement or any other undertaking of confidentiality; or
(iii) the Receiving Party lawfully receives without any confidentiality obligations, from a third party who is not bound by confidentiality or otherwise prohibited from disclosing such information;
(e) "Data Protection Legislation" the Data Protection Act 2018 and the General Data Protection Regulation ((EG) 2016/679) (“GDPR”) and any successor legislation to these.
(f) "Disclosing Party" means the Party which discloses or makes available, directly or indirectly, the Confidential Information;
(g) “Domain” means www.apomatix.com;
(h) "Effective Date" means the date of this Agreement;
(i) "Fees" means the fees, as set out on the website at the Domain from time to time or set out in the Software, payable by the Client to APOMATIX for the agreed package of Software and Services as selected by the Client from the website or the Software; and any additional Fees for additional Services or different Fees for additional packages as accepted in writing by the Client;
(j) "Import/Export Legislation" means any Applicable Laws in force from time to time regarding import/export regulations, tax and/or customs and duties;
(k) "Intellectual Property Rights" means all patents, trademarks and service marks, design rights and copyright, moral rights, rights in databases and other protectable lists of information, rights in Confidential Information, trade secrets, inventions and know-how, processes and logic relating to the Software developed by APOMATIX, trade and business names, domain names, getups, logos and trade dress (including all extensions, revivals and renewals, where relevant) in each case whether registered or unregistered and applications for any of them and the goodwill attaching to any of them and any rights or forms of protection of a similar nature and having equivalent or similar effect to any of them which may subsist anywhere in the world;
(l) "Objective" means evaluation of the Software and Services by the Client to determine whether the Software and Services meets the requirements of the Client;
(m) "Permitted User" means employees, consultants, contractors, suppliers of the Client or assigned third parties which will be assessed, take part in assessments or risk management for the Client, but solely to the extent that such persons require access to the Software for the purposes of fulfilling obligations under this Agreement;
(n) "Receiving Party" means the Party which receives or obtains directly or indirectly the Confidential Information;
(o) "Services" means the services provided by APOMATIX to Client as further described in Schedule 1;
(p) “Special Offers” means any trial periods, discounted rates or other offers (including, but not limited to, ‘freemium’) which APOMATIX may, in its sole discretion, provide;
(q) “Special Offer Term” means the duration that APOMATIX, in its sole discretion, provides any Special Offer to the Client, from time to time;
(r) "Software" means the online software applications provided by APOMATIX, in all its forms including any mobile application, as set out at on the website appearing at the Domain, from time to time;
(s) "Software Improvements" means upgrades and/or enhancements to the Software made by APOMATIX;
(t) "Subscription Initial Term" has the meaning given in Clause 2.2;
(u) "Subscription Renewal Term" has the meaning given in Clause 2.4;
(v) "Templates" means template risk controls, compliance and information security frameworks, questions, questionnaires, recommendations, treatments or advised treatments for risk, due dates, risk scores and re-scores, recommended solutions, or any other templates provided by APOMATIX to Client; and
(w) "Term" has the meaning given in Clause 2.2 below.
1.2 In this Agreement:
1.2.1 headings are for reference only and shall not affect the interpretation or construction of this Agreement;
1.2.2 words importing a particular gender include other genders;
1.2.3 use of the singular includes the plural and vice versa;
1.2.4 APOMATIX and the Client may be referred to individually as a "Party" or collectively as the "Parties;"
1.2.5 reference to a Party includes reference to its successors and permitted assigns;
1.2.6 a “Person” includes a natural person, corporate or unincorporated body (whether or not having a separate legal personality);
1.2.7 any reference to a statute, statutory provision or statutory instrument or regulation includes a reference to that statute, statutory provision or statutory instrument or regulation together with all rules and regulations made under it as from time to time amended, consolidated or re-enacted;
1.2.8 the Schedules form part of this Agreement and will have effect as if set out in full in the body of this Agreement; and
1.2.9 "including" means including without limitation, “include” shall have a corresponding meaning.
2.1 Upon execution of this Agreement, the terms of this Agreement shall take precedence and supersede any previous agreement between the Parties in relation to the Software.
2.2 This Agreement shall commence on the Effective Date and continue in force until expiry of the last surviving Subscription Initial Term or Subscription Renewal Term, or earlier termination of this Agreement in accordance with the provisions of Clause 18 below ("Term").
2.3 Subject to Clause 2.5, a subscription shall come into force upon the date of first use of or access to the Software, and shall remain in force for a period of one (1) year (the "Subscription Initial Term").
2.4 Subject to Clause 2.5, at the end of the Subscription Initial Term, the relevant subscription shall automatically renew for successive one (1) year term (each a "Subscription Renewal Term") unless (a) either Party provides notice to the other of its intent not to renew such subscription prior to the expiration of the relevant Subscription Initial Term; or (b) either Party provides notice to the other Party at any time after the Subscription Initial Term. For the avoidance of doubt, such notice can be either provided in writing, email or selected by the Client using a delegated page in the Software (if APOMATIX makes this function available at its sole discretion).
2.5 If the Client has elected to purchase a fully managed service which includes a consulting service as detailed in a separate written agreement between the Parties, the Client acknowledges that the consulting element of that agreed service will not roll-over automatically pursuant to Clause 2.4 above unless specified in the written agreement between the Parties.
3.1 The Client wishes to engage APOMATIX to provide a licence to its Software to be used by the Client or Client’s contractors, consultants, employees or other Permitted Users.
4.1 In consideration of, and subject to payment in full of the Fees by the Client, APOMATIX hereby grants the Client a personal, non-transferable, non-exclusive licence for Permitted Users to use the Software in accordance with the terms of this Agreement.
4.2 The licence granted in Clause 4.1 shall be limited to Permitted Users only, who shall be entitled to log in and use the Software and access any associated documentation. The Client shall procure that all Permitted Users are made aware of the confidential nature of the Software and shall, ensure that all Permitted Users are under a written duty of confidentiality to the Client on terms equivalent to the Client’s obligations under this Agreement in relation to use of the Software. The Client agrees to monitor the use of the Software by all Permitted Users and to enforce their obligations of confidence at the request of APOMATIX.
4.3 The Client shall ensure that appropriate measures are in place to limit access to the Software to Permitted Users only and shall ensure that each Permitted User does not share its right to access the Software or any corresponding user names, passwords or other login information with any third party, or make available, directly or indirectly, by any technical means, the Software and any associated documentation.
4.4 The Client shall at all times be responsible for the failure of any Permitted User to comply with the terms of this Agreement.
4.5 The licence granted in Clause 4.1 shall include where possible, updates, bug fixes, and improvements to the Software and/or documentation as and when available and required in APOMATIX’s absolute discretion or generally released to APOMATIX’s licensees.
4.6 Where APOMATIX releases any updates or new versions of the Software, Client may be required to accept additional terms and conditions applicable to such update or new version of the Software before these are made available to the Client.
5.1 From time to time, APOMATIX may make Special Offers available to the Client in connection with the Software and the Services.
5.2 Any Special Offer of the Software and Services made available to the Client by APOMATIX shall be solely for the Objective.
5.3 Where the Software and Services are made available to the Client, the licence granted under Clause 4.1, shall not apply and the following shall apply during the Special Offer Term:
5.3.1 in consideration of the payment of the sum of £1 by the Client (receipt of which APOMATIX expressly acknowledges), APOMATIX hereby grants the Client a personal, non-transferable, non-exclusive licence to use the Software during the Special Offer Term solely for the purpose of the Objective.
5.3.2 all other terms of this Agreement shall apply with full force and effect.
6.1 Save as provided for in this Agreement, the Client shall not:
6.1.1 part with possession of, license, market, sell, resell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit the Software or any part of it in any way or form or combine it with any other software or system;
6.1.2 attempt to copy, duplicate, create derivative works from, frame, mirror or republish the whole or any part of the Software, templates, frameworks, risk controls, templated treatments or other data, including any embedded processes in the Software;
6.1.3 attempt to adapt, modify or alter in any way the whole or any part of the Software;
6.1.4 attempt to disassemble, decompile, reverse engineer, convert or otherwise reduce to human-perceivable form, the whole or any part of the software forming part of the Software from object code into source code;
6.1.5 upload or otherwise disseminate any virus, adware, spyware, worm, or other malicious code through or into the Software;
6.1.6 develop any solution or software which is substantially similar in its function or expression to any part of the Software;
6.1.7 distribute any licence keys, access or certification codes or login details; or
6.1.8 remove, modify or cover up any proprietary notices in or on the Software.
6.2 Client shall ensure that the Software and any other products, software or technology received from APOMATIX under this Agreement, will not be exported, diverted, transferred or otherwise disposed of in violation of the Import/Export Legislation, either in their original form or after being incorporated into other items.
7.1 APOMATIX reserves the right, in its sole discretion, to amend the terms of this Agreement from time to time. The Client shall be notified of any amendments [by posting an updated version of this Agreement on www.apomatix.com and/or the Apomatix platform sign-up / log-in page. Any such new post will require acceptance of such changes or posts when Logging into the Apomatix platform. APOMATIX may also communicate such accepted changes by email to the email address provided to APOMATIX by the Client. Material changes to the terms of this Agreement will be effective upon the earlier of (i) the Client’s first use of the Software after being notified of the change and certain cases request to accept such changes if material, or (ii) 30 days from publishing the amended Agreement on www.apomatix.com and/or the Apomatix platform sign-up / log-in page. The Client’s continued use of the Software after notification of any changes to this Agreement constitutes the Client’s irrevocable acceptance of the amended terms of this Agreement.
8.1 APOMATIX shall use reasonable endeavours to provide the Services in accordance with the terms of this Agreement in all material respects.
8.2 This Agreement does not entitle the Client to assistance, consulting, support, services or training beyond that set out in this Agreement and in Schedule 1. The Parties may enter into a separate written agreement for any additional services and/or support.
8.3 The Client may purchase additional services from APOMATIX which may be provided by third party suppliers. Where Client elects to purchase such services from APOMATIX the Client agrees that APOMATIX may share relevant information and data with such third-party suppliers necessary for the provision of such services.
8.4 The Software may automatically deactivate and become non-operational at the end of the Subscription Initial Term and / or the Subscription Renewal Term, and Customer shall not be entitled to access the Software unless the Subscription Initial Term or the Subscription Renewal Term is renewed.
8.5 Except as expressly stated in this Agreement, no part of the Software may be copied, reproduced, distributed, republished, downloaded, displayed, posted or transmitted in any form or by any means to, including but not limited to electronic, mechanical, photocopying, recording, or other means. Client shall make every reasonable effort to prevent unauthorised third parties from accessing the Software and notify APOMATIX promptly of any such unauthorised access or use.
8.6 APOMATIX shall have a royalty-free, worldwide, transferable, sub-licenseable, irrevocable, perpetual license to use or incorporate into the Software any suggestions, enhancement requests, recommendations or other feedback provided by Client, including Permitted Users, relating to the operation of the Software.
9.1 The Client shall:
9.1.1 provide APOMATIX with: all necessary co-operation in relation to this Agreement; and all necessary access to such information as may reasonably be required by APOMATIX in order to perform its obligations under this Agreement.
9.1.2 in order to provide the Services; obtain and shall maintain all necessary licences, consents, and permissions necessary for APOMATIX, its contractors and agents to perform their obligations under this Agreement; comply with all Applicable Laws with respect to its activities under this Agreement; carry out all other Client responsibilities set out in this Agreement in a timely and efficient manner. In the event of any delays in the Client’s provision of such assistance as agreed by the Parties, APOMATIX shall notify Client and may adjust any agreed timetable or delivery schedule as reasonably necessary.
9.2 Client shall not: (i) sell, rent, lease, transfer, assign, distribute, display, host, outsource, disclose or otherwise commercially exploit or make the Software available to any third party other than the Permitted Users; (ii) modify, make derivative works of, disassemble, reverse compile, reverse engineer, or subvert the intrinsic security of any part of the Software for any purpose; (iii) disclose any review of the Software to any third party without APOMATIX prior written approval; (iv) use any e-mail addresses and other customer contact information provided on the Software for marketing or advertising purposes; or (v) post, transmit, link to, or otherwise distribute any inappropriate, profane, defamatory, obscene, indecent or unlawful material or information.
9.3 The Client warrants that:
9.4 it shall not, without APOMATIX’s express prior written consent, access or use the Software if it is a competitor of APOMATIX; and
9.5 it shall not access or use the Software for any competitive purpose, including but not limited to:
9.5.1 monitoring, reviewing or tracking the availability of the Software;
9.5.2 monitoring, reviewing or tracking the performance or functionality of the Software; or
9.5.3 access or use the Software in connection with any other benchmarking manner.
9.6 The Client agrees that its purchases under this Agreement are neither contingent on the delivery of any future functionality or features nor dependent on any oral or written public comments made by APOMATIX regarding future functionality or features of the Software.

10.1 Subject to Clause 4.1, the Client shall pay the Fees during the term of this Agreement as selected by the Client when signing up to the Software or selected by the Client after their initial sign-up or Special Offer (as and when APOMATIX makes this function available at its sole discretion) or as agreed in writing between the parties and set out in a quote or invoice issued by APOMATIX to the Client.
10.2 Any Fees set out as additional or amended / bespoke Quotes from APOMATIX and accepted in writing by the Client shall form part of this Agreement.
10.3 Immediately following any Special Offer Term, the Client shall be responsible for payment of their selected Fees in order to continue use of the APOMATIX and applicable Services. The Client accepts that failure not to pay the selected and relevant Fees at the applicable time or once the Special Offer Term has expired, will result in immediate suspension of the Software and services until such payments are made to APOMATIX. Any additional accepted quotes will be payable within 30 days of receipt of an invoice from APOMATIX.
10.4 All fees or other sums payable under this Agreement are exclusive of any applicable value added tax or other applicable sales taxes or duties (unless specified) for which the Client shall be additionally liable. All sums payable under this Agreement shall be paid in cleared funds to such bank account or in such other manner as APOMATIX may specify from time to time without any set-off deduction or withholding.
10.5 If the Client fails to pay invoices (of additional Services as and when accepted in writing by both Parties) due to APOMATIX under this Agreement by the due date for payment, then, without limiting the remedies available to APOMATIX, APOMATIX may suspend performance of its obligations and/or charge interest on the overdue amount at the rate of 6% per annum above the base rate of the Bank of England from time to time in force. Such interest shall accrue on a daily basis and be compounded quarterly, from the due date until actual payment of the overdue amount, whether before or after judgment. The Client shall pay the interest together with the overdue amount.
11.1 The Receiving Party shall treat as confidential all Confidential Information of the Disclosing Party, shall not use such Confidential Information except as set out in this Agreement, and shall not disclose such Confidential Information to any third party. The Receiving Party shall use at least the same degree of care which it uses to prevent the disclosure of its own Confidential Information to prevent the disclosure of the Disclosing Party’s Confidential Information, provided, however, that in no event shall such degree of care be less than reasonable in light of general industry practice. Confidential Information shall only be disclosed to employees of the Receiving Party that have a need to know such information in connection with this Agreement and have agreed to protect such information in accordance with the terms of this Agreement. The Parties agree to hold each other's Confidential Information in confidence during the Term of this Agreement and for a period of three (3) years thereafter; provided, however, that with respect to security details, APOMATIX methodologies, reference manuals and other highly sensitive Confidential Information clearly identified as such at the time of disclosure by the Disclosing Party, the nondisclosure obligations set forth herein shall continue indefinitely.
11.2 In the event that any Confidential Information is required to be disclosed by Applicable Law, the responding Party shall, to the extent permitted by Applicable Law, first have given notice to the other Party and shall have made a reasonable effort to obtain a protective order requiring that the Confidential Information so disclosed be used only for the purposes for which the order was issued.
11.3 Each Party shall use all reasonable commercial efforts, including the execution of proprietary non-disclosure agreements with employees, to enforce compliance with the provisions of this Clause 11 by its directors, officers, employees, and any third party having access to the other Party’s Confidential Information.
11.4 The Parties agree to notify each other promptly in writing in the event that any unauthorised access, disclosure, distribution, possession, alteration, transfer, reproduction or use of the Confidential Information of the other Party, or any portions thereof, is found. Each Party shall have the right to take all legal action it deems necessary or advisable to minimise the consequences of such unauthorised use or disclosure of its Confidential Information.
11.5 Each Party acknowledges that damages alone would not be an adequate remedy for the breach of any of the provisions of this Agreement. Accordingly, without prejudice to any other rights and remedies it may have, each Party shall be entitled to the granting of equitable relief (including without limitation injunctive relief) concerning any threatened or actual breach of any of the provisions of this Clause 11.
12.1 The Client grants to APOMATIX a worldwide, royalty-free, non-exclusive licence to display the Client’s name, logo, trademarks or testimonials and profile picture of person providing the testimonial on APOMATIX’s website and marketing presentations for marketing and case study purposes. Any such use shall be in accordance with Client's written branding guidelines if supplied by Client to APOMATIX, and as updated from time to time, setting out the rules governing such use. APOMATIX may list the Client as a customer on its website and include a hyperlink to the Client’s website. The Parties may refer to their collaboration in marketing slides.
12.2 All other media releases, public announcements and public disclosures by either Party relating to this Agreement or its subject matter shall be co-ordinated with and approved jointly in writing by both Parties prior to release.
13.1 The Software and all Intellectual Property Rights in the Software are and will remain the property of APOMATIX.
13.2 The Client acknowledges that any disclosure pursuant to this Agreement shall not confer on the Client any Intellectual Property Rights or other rights in relation to the Software other than its right to use in accordance with the terms of this Agreement.
13.3 Ownership of all complete or partial copies of the Software shall at all times remain with APOMATIX.
13.4 APOMATIX warrants that as far as it is aware, the Software does not infringe any third party’s Intellectual Property Rights. If any valid claim of breach of such warranty is brought to the attention of APOMATIX it may as Client’s sole remedy:
13.4.1 obtain a licence from the third party so that the Software does not infringe; or
13.4.2 modify or replace the Software without materially reducing its overall performance so it does not infringe; or
13.4.3 terminate this Agreement immediately.
13.5 APOMATIX shall defend the Client against any claim that the Client’s use of the Services or Software in accordance with this Agreement infringes any United Kingdom patent effective as of the Effective Date, copyright, trade mark, database right or right of confidentiality, and shall indemnify the Customer for any amounts awarded against the Customer in judgment or settlement of such claims, provided that the Client: (a) informs APOMATIX, immediately in writing, if the Client becomes aware of any claim that the use of the Software infringes any right of a third party or APOMATIX to inform the Client; (b) refrains from making any admissions in respect of such claim; (c) permits APOMATIX to control the defence and/or settlement of such claim; and (d) gives APOMATIX, at its reasonable cost, all reasonable assistance in relation to any claim. APOMATIX shall be under no obligation to indemnify Client pursuant to this clause to the extent that the relevant loss, damage or liability: (x) arises out of any unauthorised use or modification of the Software or Services by Client or any third party; (y) relates to software, content or materials provided by any third party; or (z) is otherwise caused or contributed to by Client.
13.6 The Client must inform APOMATIX, immediately in writing, if the Client becomes aware of any claim that the use of the Software infringes any right of a third party and permit APOMATIX to deal with any claim and give APOMATIX, at its reasonable cost its reasonable assistance in relation to any claim.
13.7 Ownership of all Client Data shall vest, upon creation, in the Client. The Client hereby grants APOMATIX an irrevocable, perpetual, non-exclusive, royalty-free and fully paid up right to use anonymised data in relation to Client’s use of the Software provided such data does not contain personal data as defined under Data Protection Legislation. Such data is solely used for the provision of APOMATIX features, tools and Services to the Client.
13.8 Where Client provides any data to APOMATIX from any third party, including but not limited to, its third-party suppliers, Client shall procure such third-party consents to the provision of such data to APOMATIX and shall procure APOMATIX’s right to use, aggregate and sub-license such data provided such data is anonymised and does not contain names, addresses or other standard widely available identifiers.
13.9 The Client acknowledges that APOMATIX may identify and implement certain Software Improvements, the Intellectual Property Rights in which will be and remain the property of APOMATIX. Any Intellectual Property Rights arising from improvements implemented based on input or recommendations from the Client will also remain the property of APOMATIX.
13.10 The Client shall be solely responsible for ensuring that the Client has obtained all necessary third-party consents and made all required disclosures in connection with the transfer of Client Data to APOMATIX under Clause 13.7. The Client acknowledges and agrees that Client Data may be transferred outside of the country or other jurisdiction where other customers or users are located. In addition, the Client shall have sole responsibility for the accuracy, quality, integrity, legality and reliability of all Client Data.
14.1 The Software provided by APOMATIX to the Client under this Agreement is provided “AS IS”. Accordingly, APOMATIX makes no express or implied warranty or representation concerning the Software, or its accuracy or completeness and therefore excludes all conditions, warranties and representations (express or implied), statutory or otherwise in respect of the Software provided under this Agreement.
14.2 APOMATIX does not warrant that the Software will meet the Client’s requirements or that the Software will be free of bugs, errors, viruses or other defects. APOMATIX shall have no liability of any kind in relation to the Client’s use of or inability to use the Software.
14.3 The Client assumes sole responsibility for results obtained from the use of the Software and/or Services by the Client, and for conclusions drawn from, and any decisions taken on the basis of, such use, including but not limited to, the use of any Templates. APOMATIX shall have no liability for any damage caused by errors or omissions in any information, instructions or scripts provided to APOMATIX by the Client in connection with the Services, or any actions taken by APOMATIX at the Client’s direction.
15.1 Neither Party limits its liability (if any) to the other for: personal injury or death resulting from negligence; fraud; or any matter for which it would be illegal to exclude or to attempt to exclude its liability.
15.2 APOMATIX will not be under any liability to the other for any of the following types of losses (whether those losses arise directly in the normal course of business or otherwise): loss of data; pure economic loss; loss of profits; loss of business; loss of revenue; loss of contract; loss or depletion of goodwill and/or business opportunity; loss of anticipated earnings or savings or like loss; wasted management, operational or other time; or any special, indirect or consequential losses.
15.3 Subject to Clauses 15.1 and except in respect of any of the losses listed in Clause 15.2 incurred by APOMATIX under this Agreement and except in respect of Clause 16.1 below, each Party’s total aggregate liability to the other under or in connection with this Agreement (whether in contract, tort including negligence, breach of statutory duty, restitution or otherwise) in respect of all and any loss or damage howsoever caused will be limited to a sum equal to 100% of the Fees paid or payable under this Agreement.
15.4 The Software provided by APOMATIX is provided as a tool for the Client to assess and manage the risks of itself and third parties and in no event, shall APOMATIX be liable for:
15.4.1 any content generated, used and applied by the Client and its Permitted Users through use of the Software. Client shall rely on any information generated through use of the Software solely at its own risk; and
15.4.2 any cyber security breach or fine imposed on the Client as a result of any act or omission of the Client pursuant to its use of the Software.
16.1 The Client shall on demand indemnify and keep fully indemnified APOMATIX at all times against all liabilities, costs (including staff and legal costs on an indemnity basis), expenses, damages and losses including any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and other reasonable costs and expenses suffered or incurred by APOMATIX arising out of or in connection with the Client Materials, or the use of the Software not in accordance with the terms of this Agreement by the Client including but not limited to any theft or misuse of the Software and/or the Intellectual Property Rights of APOMATIX by the Client or any Permitted User.
17.1 Both parties will comply with all applicable requirements of the Data Protection Legislation.
17.2 The parties acknowledge that for the purposes of the Data Protection Legislation, the Client is the data controller and APOMATIX is the data processor (where Data Controller and Data Processor have the meanings as defined in the Data Protection Legislation). The scope, nature and purpose of processing by APOMATIX, the duration of the processing and the types of personal data (as defined in the Data Protection Legislation, Personal Data) and categories of Data Subject are set out below:
17.2.1 Scope: as part of the provision of the Services set out in this Agreement.
17.2.2 Nature and purpose of the processing: the personal data will be used for the administration of the contractual relationship formed by this Agreement, including enabling communication between the parties.
17.2.3 Duration of the processing: for the Term.
17.2.4 Types of personal data: names, email addresses, phone numbers, work address (optional).
17.2.5 Categories of data subject: Permitted Users.
17.3 Without prejudice to the generality of Clause 17.1 above, the Client will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to APOMATIX for the duration and purposes of this Agreement, in particular in connection with APOMATIX’s use of the data for the purposes set out in Clause 17.2 above.
17.4 Without prejudice to the generality of Clause 17.1 above, APOMATIX shall, in relation to any Personal Data processed on the Client's behalf in connection with the performance by APOMATIX of its obligations under this Agreement:
17.4.1 process that Personal Data only on the Client's written instructions, unless APOMATIX is required by the laws of any member of the European Union or by the laws of the European Union applicable to APOMATIX to process Personal Data. Where APOMATIX is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, APOMATIX shall promptly notify the Client of this before performing the processing required by the relevant Applicable Laws unless those Applicable Laws prohibit APOMATIX from making the relevant notification;
17.4.2 ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the Client, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);
17.4.3 ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and
17.4.4 the Client hereby consent to APOMATIX transferring the relevant Personal Data within the European Economic Area, provided that the following conditions are fulfilled: (a) the Client or APOMATIX has provided appropriate safeguards in relation to the transfer; (b) the data subject has enforceable rights and effective legal remedies; (c) APOMATIX complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and (d) APOMATIX complies with reasonable instructions notified to it in advance by the Client with respect to the processing of the Personal Data;
17.4.5 assist the Client, at the Client's cost, in responding to any request from a Data Subject and in ensuring compliance with the Client's obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
17.4.6 notify the Client without undue delay on becoming aware of a Personal Data breach;
17.4.7 at the Client's written direction, delete or return Personal Data and copies thereof to the Client on termination of the agreement unless required by Applicable Law to store the Personal Data; and
17.4.8 maintain complete and accurate records and information to demonstrate its compliance with this Clause 17 and allow for reasonable audits by the Customer or the Customer's designated auditor. The Client acknowledges that APOMATIX is free to use anonymised meta-data, statistics and such other information derived from the Personal Data it receives from the Client which cannot be identified as originating or deriving directly from such Personal Data and cannot be reverse-engineered by a third party such that it can be so identified, for any purpose whatsoever. Such data is solely used for the provision of APOMATIX features, tools and Services to the Client.
18.1 Either Party may end this Agreement by informing the other, in writing or by selecting so from the Software (as and when functionality made available to the Client by APOMATIX at its sole discretion) if the other Party:
18.1.1 commits any significant breach of this Agreement and (in the case of a breach which is not persistent and can be remedied) has failed, within 30 days after receipt of a request in writing to do so, to remedy the breach; or
18.1.2 has a receiver or administrative receiver appointed over it or over any part of its business or assets or pass a resolution for winding up (except for the purposes of a genuine scheme of solvent amalgamation or reconstruction) or a court of competent jurisdiction makes an order to that effect, or becomes subject to an administration order or enter into any voluntary arrangement with its creditors, or it ceases or threatens to cease to carry on business; Or
18.1.3 in accordance with Clause 20.1.
18.2 Client shall be entitled to terminate this Agreement for convenience at any time during the Term upon giving APOMATIX thirty (30) days written notice provided that: (a) Client will pay to APOMATIX all Fees and expenses which are due and payable under the Agreement up to and including the date of termination; and (b) APOMATIX shall not be liable to refund any prepaid Fees paid by Client to APOMATIX under this Agreement.
18.3 Following termination or expiry of this Agreement, any subscriptions to the Software set out in writing between the Parties shall be terminated and the Client shall immediately cease all activities authorised by this Agreement. The Client must immediately delete or remove the Software in its entirety from all hardware and immediately return or destroy all copies of any Confidential Information then in the Clients possession, custody or control together with all analyses, studies and other materials produced by the Client which contain, or could reveal, all or any part of any Confidential Information included any information downloaded by the Client through use of the Software, and any summaries (in whatever form) prepared by the Client of oral information disclosed by APOMATIX. The Client shall certify compliance with this Clause 18.1 to APOMATIX in writing within 7 days of termination or expiry of this Agreement.
18.4 Any provision of this Agreement which expressly or by implication is intended to come into or continue in force on or after termination of this Agreement including, but not limited to, Clauses 11, 13, 14, 18.3, 9, 19 and 21 shall remain in full force and effect.
19.1 The Client shall not knowingly solicit for employment or knowingly employ any employee of APOMATIX including any developers or consultants used by APOMATIX, during the lesser of: (a) the Term of this Agreement and for a period of two years after the termination or expiry of this Agreement; or (b) two years after the employee is no longer employed by APOMATIX..
20.1 Neither Party shall in any circumstances be in breach of this Agreement nor liable for delay in performing, or failure to perform, any of its obligations under this Agreement if such delay or failure results from events, circumstances or causes beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes (whether involving the workforce of the Client or any other party), failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or sub-contractors. In such circumstances the affected Party shall be entitled to a reasonable extension of the time for performing such obligations, provided that if the period of delay or non-performance continues for three months, the Party not affected may terminate this Agreement upon written notice to the other Party.
Capacity and authority
21.1 Each Party herby represents and warrants that persons executing this Agreement on its behalf have express authority to do so, and, in so doing, to bind such Party thereto.
21.2 Failure to exercise, or any delay in exercising, any right or remedy provided under this Agreement or by law shall not constitute a waiver of that or any other right or remedy, nor shall it preclude or restrict any further exercise of that or any other right or remedy.
21.3 No single or partial exercise of any right or remedy provided under this Agreement or by law shall preclude or restrict the further exercise of that or any other right or remedy.
21.4 Neither Party may assign or otherwise transfer this Agreement, any of its rights or obligations under this Agreement without the prior written consent of the other Party; except that either Party may assign this agreement without consent in connection with a merger, reorganisation, consolidation, change of control, or sale of all or substantially of the assets to which this agreement pertains, provided that the assigning Party provides prompt written notice to the other Party of any such permitted assignment.
21.5 Any notice or other communication given or made under this Agreement shall be in writing (which shall include email) and delivered to the other Party at its registered address (as shown at the start of this Agreement), or any replacement addresses for the purpose provided by one Party to the other from time to time;
21.6 Any notice so sent shall be deemed to have been duly given if sent by personal delivery or courier upon delivery at the address of the relevant Party, if sent by prepaid airmail post four (4) business days after the date of posting and if sent by email upon receipt of a ‘read receipt' or any acknowledgement from the Client.
Anti-bribery and anti-corruption
21.7 Each Party shall comply with all Applicable Laws relating to anti-bribery and anti-corruption including but not limited to the UK Bribery Act 2010 and promptly report to the other Party any request or demand for any undue financial or other advantage of any kind received by the reporting Party in connection with the performance of this Agreement.
No Partnership
21.8 Nothing in this Agreement is intended to, or shall be deemed to, establish any partnership or joint venture between any of the Parties, constitute any Party the agent of another Party, nor authorise any Party to make or enter into any commitments for or on behalf of any other Party.
Third Party Rights
21.9 This Agreement is made for the benefit of the Parties to it and their successors and permitted assigns and is not intended to benefit, or be enforceable by, anyone else.
21.10 The Parties may terminate, rescind or vary this Agreement without the consent of any person who is not a party to this Agreement.
21.11 This Agreement may be executed in any number of counterparts, each of which shall constitute an original, and all the counterparts shall together constitute one and the same agreement.
21.12 If any provision of this Agreement is held to be invalid or unenforceable by any judicial or other competent authority, all other provisions of this Agreement will remain in full force and effect and will not in any way be impaired.
21.13 If any provision of this Agreement is held to be invalid or unenforceable but would be valid or enforceable if some part of the provision were deleted, the provision in question will apply with the minimum modifications necessary to make it valid and enforceable.
Entire Agreement
21.14 This Agreement and any non-disclosure agreement entered into between the Parties constitutes the entire agreement between the Parties and supersedes and extinguishes all previous drafts, agreements, arrangements and understandings between them, whether written or oral, relating to its subject matter.
21.15 Each Party acknowledges that, in entering into this Agreement, it does not rely on any statement, representation (whether innocent or negligent), assurance or warranty of any person other than as expressly set out in this Agreement.
21.16 Nothing in the Agreement shall limit or exclude any liability for fraud.
Governing Law and Jurisdiction
21.17 This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England.
21.18 The Parties irrevocably agree that the courts of England shall have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims).

Subject to this agreement, APOMATIX will provide certain standard services (as defined below).
We will maintain the availability of the Apomatix platform for not less than 99.8% of the time taken as an average of the Term. Should the Apomatix platform become unavailable at any point for five (5) or more business days, Apomatix shall incur fees equal to one (1) month’s Service fees. If the Apomatix platform is unavailable for fifteen (15) business days, the Customer has the right to terminate the contract at no additional cost.
In calculating the unavailable period, the time that the Apomatix platform is unavailable due to maintenance and upgrades, will not be part of the calculation.
We reserve the right to make the service unavailable at any time for the purposes of maintenance and upgrades but, except in the case of emergency, we will give you reasonable notice of any maintenance or upgrades that we will be undertaking and as far as reasonably practicable ensure that these take place during the times of lowest usage of the Apomatix platform.
From time to time subject to availability standard technical support to be contacted via your designated account manager (if you have purchased the relevant package providing a designated account manager) or by emailing support@apomatix.com or other Contact Us tools made available on the Apomatix platform at the sole discretion of Apomatix. The service levels will be categorised in the following manner:
o Sev 1
 Platform is inaccessible preventing use
 Issue would be resolved within 4 hours

o Sev 2
 Break down of certain features limiting main process
 Issue would be resolved within 3 days

o Sev 3
 Breakdown of certain features but still able to perform main process
 Issue would be resolved within 14 days

Extended Services (subject to additional fees to be mutually agreed between the Parties) may be provided by APOMATIX. Mutually agreed Extended Services may include:
• Set-up and design of questionnaires, frameworks, templates
• Assessment or risk management services for scoring and providing treatments, advice, recommendations where appropriate on completed questionnaires and identified risks.
• Risk management, assessment, identification, scoring, recommendation of treatment of identified risks or gaps
• Remediation of identified risks or gaps
• Services requiring on-site visits whether assessment, training, testing or remediation outside the standard services listed above
• Additional services such as Cyber Insurance, vulnerability scanning, code review, penetration testing and other services provided via Apomatix or Apomatix Partners (third party suppliers).
• Unless otherwise agreed in writing, Services do not include clarification, elaboration of content or content related matters, which are the responsibility.
• Clarification, elaboration of content or content related matters

The Client acknowledges that the services listed in Schedule 1 and consequent results are highly dependent on the timely responses and co-operation of the Client. The Client also acknowledges that certain questionnaires, questions, identification of risks and treatments depend on the answers, response quality and response timing of the Client, its end users and associated third-party supplier users of the Client.