Terms And Conditions

Policy Summary

1. For the purposes of this Agreement:
1.1. the terms “Data Controller”, “Data Processor”, “Data Subject”, “Personal Data” and “Processing” shall have the same meaning as in the Data Protection Act 1998, and “Process” and “Processed” shall be construed accordingly;
1.2. “Data Protection Laws” means the Data Protection Act 1998 and any ICO guidance relating thereto;
1.3. “Client Data” means the Personal Data of the Client, its staff and its customers; 
1.4. “ICO” means the Information Commissioner’s Office;

2. Where applicable, the parties agree that the Client is the Data Controller and DEVER SOFTWARE LTD is the Data Processor.

3. DEVER SOFTWARE LTD agrees to only process Personal Data for and on behalf of the Client for the purposes of performing the services under this Agreement and in accordance with any other reasonable and lawful instructions issued by the Client in writing from time to time.

4. Where the Client requires assistance from DEVER SOFTWARE LTD in order to respond to requests, queries and/or investigations in respect of the Client Data or requires that DEVER SOFTWARE LTD shall help the Client in safeguarding the Client Data, DEVER SOFTWARE LTD shall provide such assistance, so far as is reasonable but at the Client’s cost;

5. DEVER SOFTWARE LTD shall not be in breach of this Clause if it acts on the instructions of the Client. The Client retains all rights, title and interest in and to the Client Data.

6. DEVER SOFTWARE LTD will, at the Client’s written request deliver to the Client all documents and material which may be in DEVER SOFTWARE LTD’s possession which contain the Client Data. Digital Data will be made available for a period of seven (7) days, for download by Client via FTP or SFTP.

7. With the exception of a hosting provider who uses UK BASED data centers (details provided on request), DEVER SOFTWARE LTD will not use a sub-processor without the prior written authorization of the controller (ARTICLE 28,2 GDPR 2016/679)

8. DEVER SOFTWARE LTD will co-operate with supervisory authorities (such as ICO) in accordance with Article 31, GDPR 2016/679)

9. DEVER SOFTWARE LTD will ensure the security of its processing in accordance with Article 32 (GDPR 2016/679)

10. DEVER SOFTWARE LTD will keep records of its processing activities in accordance with Article 30.2 (GDPR 2016/679)

11. DEVER SOFTWARE LTD will notify any personal data breaches to the controller in accordance with Article 33 (GDPR 2016/679)

12. DEVER SOFTWARE LTD will employ a data protection officer if required in accordance with Article 37; and appoint (in writing) a representative within the European Union if required in accordance with Article 27. (GDPR 2016/679)

13. The processor must ensure that people processing the data are subject to a duty of confidence;

14. The processor must take appropriate measures to ensure the security of processing;

15. The processor must assist the data controller in providing subject access and allowing data subjects to exercise their rights under the GDPR;

16. The processor must assist the data controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments;

17. The processor must delete or return all personal data to the controller as requested at the end of the contract; and
the processor must submit to audits and inspections, provide the controller with whatever information it needs to ensure that they are both meeting their Article 28 obligations, and tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state.

18. As Data Controller, the Client shall:
18.1. comply at all times with the Data Protection Laws;
18.2. ensure it is not subject to any prohibition or restriction which would:
(a) prevent or restrict it from disclosing or transferring the Personal Data to DEVER SOFTWARE LTD, as required under this Agreement; 
(b) prevent or restrict it from granting DEVER SOFTWARE LTD access to the Personal Data, as required under this Agreement; or
(c) prevent or restrict DEVER SOFTWARE LTD from Processing the Client Data as envisaged under this Agreement; 
18.3. DEVER SOFTWARE LTD shall use appropriate technical and organisational methods to ensure the security of the Client Data.