Current Terms and Conditions (standard customers) (from 1 April 2022-)
In these terms and conditions of business the following words shall have the following meanings:
1.1 “Agreement” means the Quotation, the Conditions, Product Terms (to the extent applicable to the Services being supplied), the Domain Terms (to the extent applicable), the AUP and the SLA;
1.2 “AUP” means the Acceptable Use Policy of the Company, a copy of which may be found on the Company’s website and as may be updated from time to time;
1.3 “Auditors” means collectively the internal and external auditors and audit personnel of the Customer, details of whom are added to the Customer support portal by the Customer prior to any proposed audit of the Company;
1.4 “Change Recommendation” means the change(s) which may be recommended by the Company at any time in writing in accordance with the mechanism set out in Clause 3.2;
1.5 “Change Request” means the change(s) which may be requested by the Customer at any time in writing in accordance with the mechanism set out in Clause 3.2;
1.6 “Change Response” means the written response provided by the Company to the Customer in accordance with Clause 3.2 following an investigation into the effect(s) of the proposed change(s);
1.7 “Company” or “ANS” means ANS Group Limited (Company Registration Number 03176761) whose registered office is situated at1 Archway, Birley Fields, Manchester M15 5QJ;
1.8 “Company’s Network” means the network owned and operated by the Company for the purpose of connecting the Customer to the Internet;
1.9 “Conditions” means these terms and conditions, including any appendices;
1.10 “Customer” means any person or organisation with whom the Company enters into the Agreement and as stated on the Quotation;
1.11 “Customer Data” means any and all data input into and through the Services by the Customer and the Customer’s clients;
1.12 “Domain Terms” means the domain terms applicable to the Customer, a copy of which may be found on the Company’s website;
1.13 “Encrypted VMs” means the VMWare Virtual Machine encryption product which is available for purchase with certain eCloud® solutions;
1.14 “End of Life Date” means the date on which software or hardware procured by the Customer under the Services is deemed to have reached end of life (and in the case of hardware no longer under warranty) as set out here: www.ukfast.co.uk/eol or the successor webpage on the Company’s website;
1.15 “Initial Term” means the minimum term stated on the Quotation commencing from the date upon which the Services are made available to the Customer as notified by the Company to the Customer in writing (being when the order is completed and the first billing date has been notified by the Company) and comprising the total number of payments stated on the Quotation;
1.16 “Internet” means the global data network comprising interconnected networks to which the Company is connected and provides access to its Customer(s);
1.17 “Internet Protocol Address” means such sequence of alphanumeric or numeric only characters as assigned by the Company to the Customer;
1.18 “IPv4/IPv6” means Internet Protocol Version 4 or Version 6 (as the case may be);
1.19 “Quotation” means the quotation issued by the Company (which is electronically signed with these Conditions appended thereto by the Customer) relating to the Services to be provided by the Company to the Customer;
1.20 “Parties” means the Customer and the Company and “Party” shall mean such of them as the context requires;
1.21 “Password” means the alphanumeric characters chosen and used exclusively by the Customer at its own risk for the purpose of securing and maintaining the exclusivity of its access to the Company’s Services;
1.22 “PLQ” means the launch questionnaire agreed by the parties outlining various configuration instructions and Customer requirements on the solution build;
1.23 “Product Terms” means the terms outlined in the product terms and conditions page of the Company’s website /terms/products.html;
1.24 “Sanctions” means any trade, economic or financial sanctions laws, regulations or restrictive measures administered, enacted or enforced by the Security Council of the United Nations and/or the governments and official institutions of any of the United States of America, the European Union and/or the United Kingdom from time to time;
1.25 “Securely Delete” means using any and all means (including shredding or incineration in compliance with the Information Security Standard No. 5 (IS5) of deleting all data and information to ensure that the data and information deletion is permanent and cannot be retrieved, in whole or in part, by any data or information retrieval tools or similar means in accordance with the Customer’s prior written instructions.
1.26 “Services” means the services to be provided by the Company described in the Quotation, and the applicable SLA to be provided by the Company to the Customer;
1.27 “SLA” means the applicable Service Level Agreement of the Company (being either the standard SLA or SLA+ (as the case may be)) as set out on the Quotation), a copy of which is at Appendix 2;
1.28 “Term” means the Initial Term and thereafter unless and until terminated in accordance with clause 11.2;
1.29 “Termination Assistance Period” means the period of time between the effective date of the termination notice and 90 days after the effective date of the termination of the Agreement;
1.30 “Termination Assistance Services” means the Services to the extent the Customer requests the Services during the Termination Assistance Period;
1.31 “Two Factor Authentication” means the additional security service which is available for purchase with the FastDesk product;
1.32 “User” means any person, organisation or other entity that employs the Services provided by the Company and is in most cases the Customer; and
1.33 “Username” means a sequence of alphanumeric characters as are used by the Customer to identify itself.
2. Acceptance of Agreement
2.1 The Customer acknowledges that the Conditions prevail over any of the Customer’s own standard terms and conditions whether set out on the Customer’s own standard order form or otherwise. In the event of any conflict between the Conditions and the SLA, then the SLA shall prevail to the extent of any conflict. In the event of any conflict between the SLA and any product specific SLA set out in the Product Terms, the product specific SLA in the Product Terms shall prevail over the SLA in relation to that part of the Services.
3.1 The Company shall provide the Services to the Customer in accordance with the Agreement. The Customer warrants that the signatory to the Quotation has all requisite and due authority to bind the Company to the Agreement.
3.2 Without prejudice to Clause 28, changes to the Services can only be effected in accordance with the following change control mechanism:
(a) either the Company may recommend, or the Customer may request, at any time in writing changes to the Services or other provisions of the Agreement; the Customer shall make such request by raising a support ticket or notifying its ANS account manager;
(b) the Company will notify the Customer in writing not later than 10 working days from either the Company making a change recommendation (known as “a Change Recommendation”) or receiving a written request for changes from the Customer (known as “a Change Request”) of the time needed to investigate the implication(s) of the proposed change(s);
(c) assuming the investigation proceeds (since it is for the Customer to give the Company a written instruction to investigate the implication(s) of the proposed change(s) within the timescales provided) the Company will give a written response (known as “a Change Response”) showing the effect(s) of the proposed change(s) including:
(i) a project timeline;
(ii) any additional expenses and/or charges that will be incurred;
(iii) any effect(s) on other contractual provisions of the Agreement should the proposed change(s) be implemented and in so doing the Company shall use all reasonable endeavours to ensure that the Change Response is given within 10 working days (or such longer period as may be reasonably agreed between the Parties) of receipt by the Company of a written instruction to investigate the implication(s) of the proposed change(s);
(d) should the Customer wish to proceed with the proposed change(s), it will instruct the Company in writing of its wish as soon as reasonably practicable after receipt of the Change Response but in any event not later than 10 working days of receipt of the Change Response (or such longer period as may be reasonably agreed between the Parties) and in such a case those parts of the Agreement affected by the proposed change(s)once implemented will then be deemed to be varied in accordance with the details set out in the Change Response which will then form part of the Agreement; and
(e) until any change is agreed in writing and implemented the Parties shall continue to perform their respective obligations under the Agreement as if the change had not been proposed. The Company shall use reasonable endeavours to implement the proposed change(s) in accordance with any agreed project timeline.
3.3 For operational changes, requests can be submitted by raising a support ticket or by notifying the Customer’s ANS account manager and response times shall be in accordance with the applicable SLA to the relevant Services.
3.4 All key personnel and subcontractors provided by the Company to perform the Services pursuant to the Agreement shall have the appropriate technical and application skills to enable them to adequately perform their duties. The Company will use reasonable endeavours to ensure continuity in staffing of its key personnel. The Services shall be performed in a good and workmanlike manner and in accordance with all applicable laws.
3.5 The Customer agrees to procure the agreement and understanding of the Customer’s own customers where the Services are to be sold to third parties and procure in writing the agreement of such customers that they agree to terms and conditions no less onerous than those contained in the Agreement.
3.6 Total data sent and received within the Company’s network is calculated monthly per customer and measured in Gigabytes rounded up to the next 1 Gigabyte. The allowable bandwidth per month is 1 TB per individual server. The total bandwidth for the solution is stated on the Quotation and the Company reserves the right to charge the Customer, at the Company’s then prevailing rate, for additional bandwidth in excess of the stated bandwidth per month.
3.7 The Company does not warrant that the Company’s technology or the Services will be compatible with any equipment, software or other technology not furnished by the Company.
3.8 The Company and the Customer record their intention that the Company shall not access in any way Customer Data and that the Customer controls the security of the application environment within which the Customer Data is stored.
3.9 By way of evidence that information security is implemented and operated in accordance with the Company’s information security policy from time to time, copies of which are provided by request, the Company shall provide the Customer upon written request (via the Customer support portal) as soon as reasonably practicable with copies of certifications maintained by it and reasonable evidence of operation in accordance with its information security policies.
Upon the Customer’s written request (via the Customer support portal) with reasonable notice within normal working hours, once per annum the Company will permit a data protection audit in respect of the Company, and its subcontractors, including locations at or from which the Services are provided by Auditors. Any audit shall be chargeable by the Company at a rate of £1250 plus VAT per day. In the case of any visit to a Company data centre such visit shall have to be accompanied by a Company representative. The parties acknowledge that the Auditors will have to follow strict security procedures in relation to such audits and that access will be limited to such parts of the premises as the Customer shall reasonably require and for such persons as are notified via the Customer support portal in advance by the Customer. If the Customer’s server is to be removed from its location and moved to a work area, this would require a Company engineer to be present and the Customer shall pay a rate of £75 (plus VAT) per hour for the services of such engineer. During each audit, the Company will grant the Auditors reasonable access to relevant books, records, systems, facilities, controls, processes and procedures to the extent related to a reasonable assessment of the Company’s data protection procedures and without compromising the confidentiality of itself or any other customer. The Company will, in a timely manner, cooperate so far as is reasonable with the Auditors. The Customer shall use reasonable endeavours to procure that Auditors will seek to avoid disrupting the Company’s normal business operations during any audit. The Auditors shall not seek access to information or data belonging or relating to any other customer of the Company or which does not relate to the Services.
3.10 The Company will return to the Customer all Customer Data within 30 days of written request, such request made via secure ticket of the Customer, in accordance with the Company’s procedure. The Customer shall provide a disk onto which such Customer Data is to be transferred and shall be responsible for arranging for secure courier collection of the same.
3.11 Upon the Customer’s written instruction made via secure ticket of the Customer, the Company will either: (i) Securely Delete electronic Customer Data from all media within 30 days of that direction (or such within such sooner period as the Parties may agree in writing) ; this shall include back ups which shall be deleted in accordance with the Company’s decommissioning policy or (ii) to the extent that Customer Data is in a form or media other than electronic, comply as soon as reasonably practicable with the Customer’s written instruction made via secure ticket of the Customer to Securely Delete that Customer Data. The Company will certify in writing that the Company has complied with its obligations under (i) and (ii), as the case may be, including in compliance with the Customer’s instructions. To the extent that Customer Data cannot be so Securely Deleted due to lawful reasons and to the extent that the Customer expressly agrees in writing, the Company shall promptly provide a written description of measures to be taken that will ensure, for as long as any Customer Data remains under the Company’s control, the continued protection of such Customer Data, in compliance with the requirements of the Agreement.
4. Third Party Software And Hardware/ Licences
4.1 All third party software and hardware shall be sold subject to the Customer’s acceptance of the relevant suppliers’ software licence(s) for such third party software and the Customer confirms acceptance of such terms by entering into this Agreement. The Company aims, wherever possible, to pass onto the Customer the benefit of any and all representations and warranties it receives from third party software suppliers but is under no obligation to do so given that such matters lie outside the Company’s control.
4.2 The Customer shall inform the Company as soon as practicable of any new Users who at any time during this Agreement have access to any Microsoft® product under a subscriber access licence. The Customer warrants to the Company that it shall notify the Company promptly if at any time during the Agreement it installs any non-Company Microsoft® provided software on its system. The Customer shall not at any time amend the ANS.support credentials on its system without the prior consent of the Company or transfer images of the Company’s Windows Servers outside of the Company’s Network. If a Customer wishes to use “License Mobility”, the Customer shall notify Microsoft® by submission of a “License Mobility” form within 10 days of deployment thereof. The Customer agrees that the Company shall be entitled to disclose details of its identity to Microsoft® and other third party software vendors where the Company is contractually obligated to do so for licencing purposes.
4.3 If the Customer uses any non-Company provided software on its system the Customer warrants to the Company that it is duly licensed to use the software, that the licence grants sufficient rights to the Company to enable the Company to provide the Services in accordance with the Agreement and is a party to an appropriate written licence agreement with the software vendor. As the Company acts as a reseller for various third party software vendors, the Customer agrees to provide evidence of such licence(s) and/or compliance with such non-Company provided licence(s) upon the Company’s reasonable request. If the Customer fails to provide reasonable evidence of licencing, the Company, at its discretion, may terminate the Agreement, suspend the Services pursuant to clause 10 or charge the Customer the standard fee and any related penalty which the Company is liable for under its licensing agreement with the relevant software vendor. The Customer shall indemnify the Company for any costs, claims, losses, damages, liabilities, demands and/or expenses including legal costs incurred and/or suffered as a result of any failure by the Customer to be appropriately licenced in respect of non-Company provided software.
4.4 The Company is subject to rights of audit where it acts as a reseller for third party software. Accordingly the Customer acknowledges and agrees that the Company may regularly run a series of scripts on the Customer’s server(s) to determine what software is held on the server, how many Users have access to each piece of software and assess any additional fees that may be payable and shall provide reasonable and prompt assistance in relation to any information or audits requested by such third party software suppliers.
4.5 The Customer’s non-Company licensed software may not be compatible with the Company’s standard process for deploying the Services. The Customer agrees that the Company will not be in breach of any SLA or other obligation under this Agreement that would not have occurred but for the Customer’s use of non-Company licensed software.
4.6 The pricing set out on the Quotation for third party software may vary during the Term based upon a number of variables including (but not limited to) the Customer’s specific requirements, changes to the number of Users, changes to functionality, changes in exchange rates and changes in pricing by the third party software vendors on or after the date on which the software is ordered all of which said matters lie outside the control of the Company.
4.7 To the extent that third party software is supplied by the Company, the Customer may procure support services in accordance with the details set out in the Company’s supported application list (which shall be available on the Company’s website and may be updated from time to time), but where the Company’s offer to provide these support services is contingent upon the Company’s ability to obtain such support from the appropriate third party software supplier, the Company cannot and does not warrant that such third party software is or will be supported by the Company because such matters lie outside the control of the Company.
4.8 The Company has no obligation to provide the support and maintenance services after the End of Life Date.
After the End of Life Date, the Company may elect to continue to provide the support and maintenance services, subject to:
4.8.1 The Customer having purchased a dedicated firewall (at the Company’s then prevailing rate) at the front end of the Customer’s solution;
4.8.2 The Customer acknowledges that any support and maintenance services are provided on an “As Is” basis. Software suppliers may not release security patches and/or updates for relevant Services after the End of Life Date, which could increase the risk of cyber-attacks and/or unauthorised access on the solution; The Company makes no representation and gives no warranties regarding the Services past the End of Life Date;
4.8.3 The Customer’s SLA including response timescales and associated service credits shall not apply to the Services after the End of Life Date;
4.8.4 The Company’s support and maintenance services may be available during limited hours only and not during all operating hours;
4.8.5 For hardware, the Company may not have relevant replacement parts after the End of Life Date and may not be able to repair or replace any failed parts. The Customer agrees that the Company shall have no liability for downtime or loss of data resulting from the Customer’s use of the hardware past the End of Life Date
4.8.6 The Company may not be able to provide support personnel with training and experience in the relevant technology.
4.8.7 The Company will not be able to prioritise the diagnosing and fixing of any issues associated with software or hardware that has gone past its End of Life Date.
4.9 The Company takes no responsibility and cannot be held responsible for any loss or damages arising directly or indirectly from the Customer’s continued use of the software and/or hardware on or after the End of Life Date.
5. Right to Change Username, Internet Protocol Address and Password
5.1 The Company shall have the right at any time to change the Username, Internet Protocol Address and/or Password allocated by the Company to the Customer for the purpose of essential network maintenance, enhancement modernisation or other work deemed necessary for the effective operation of the Company’s Network. The Customer acknowledges that the Company cannot guarantee the availability of Internet Protocol Addresses under IPv4 and in future it may be necessary for the Company to allocate additional Internet Protocol Addresses which are requested under IPv6.
5.2 The Company shall have the right at any time to make non-service affecting changes to the Company-managed infrastructure including hardware nodes and switches.
5.3 To protect ANSt’s Network, the Company shall be entitled to temporarily block network traffic when certain defined limits in bandwidth or PPS (Packets per Second) are exceeded by the Customer and this is deemed necessary for the operation of the ANS Network. Such limits shall be determined by the Company (acting reasonably).
6.1 All charges for the Services shall be detailed on the Quotation. Invoices shall be raised and be payable in sterling unless otherwise agreed in writing with the Company. Set up fees and any monthly fees which are agreed to be paid in advance as stated on the Quotation will be invoiced following signature of the Agreement. Invoicing of fees for subsequent months shall commence 30 days after the Services are made available to the Customer (monthly in advance) unless otherwise agreed and stated on the Quotation. All payments shall be due to the Company on presentation of invoice or as otherwise stated on the Quotation.
6.2 Third party licence charges may be varied under clause 4.6 with 30 days’ prior written notice given to the Customer at any time. The Company may only vary fees and charges (other than third party licencing) upon 30 days’ prior notice to the Customer not more than once per annum but any such variation shall only take effect on or after 1 January in any year during the Initial Term or at any time after expiry of the Initial Term. Any discount agreed at commencement of the Services (as specified on the Quotation) shall apply to the Initial Term only.
6.3 The Company reserves the right to charge interest on late payments at the rate of 5% above the Bank of England Base Rate in accordance with the provisions of the Late Payment of Commercial Debts (Interest) Act 1998 as amended by the Late Payment of Commercial Debts Regulations 2002.
6.4 All charges and tariffs are quoted exclusive of Value Added Tax.
6.5 The Company reserves the right to change payment terms and require deposits if the Customer is more than 30 days late in making payments during the term of the Agreement in addition to or in lieu of any other remedies set out in the Conditions or otherwise available at law or in equity.
The Customer hereby agrees to accept and abide by the AUP. The Customer shall indemnify the Company for any costs, claims, losses, damages, liabilities, demands and/or expenses including legal costs incurred and/or suffered by the Company as a result of any failure by the Customer to abide by the AUP.
8.1 Equipment leased from the Company shall at all times remain the property of the Company.
9. Liability – the Customer’s Attention is Particularly Drawn to this Clause
9.1 Nothing in the Agreement shall limit the Company’s liability to the Customer for
9.1.1 death or personal injury resulting from the Company’s negligence; or
9.1.2 any other act or omission of the Company for which liability may not be limited in law.
9.2 The Company’s maximum aggregate liability arising under or in connection with a breach of Clause 17 of the Agreement shall not exceed the greater of: (a) £10,000 (TEN THOUSAND POUNDS): and (b) the total amounts paid by the Customer under Clause 6.1 in the month when the event giving rise to the liability occurs (or the first event in any series of connected events) occurs.
9.3 Except for the Company’s liability to the Customer listed in Clause 9.1 (where no limit applies) and under Clause 9.2 above relating to a breach of Clause 17, the Company’s aggregate liability arising under or in connection with the Agreement for the provision of the Services whether in contract, tort, negligence, breach of statutory duty or otherwise howsoever arising shall not exceed the greater of: (a) £5,000 (FIVE THOUSAND POUNDS): and (b) the total amounts paid by the Customer under Clause 6.1 in the month when the event giving rise to the liability occurs (or the first event in any series of connected events) occurs.
9.4 Notwithstanding Clause 9.2 and Clause 9.3, in no case shall the Company be liable either to the Customer or to any third party for or in respect of any
9.4.1 indirect, consequential, special or economic loss; or
9.4.2 loss of profit, loss of business, loss of goodwill, loss of turnover, loss of reputation, loss of anticipated savings or loss of margin (in each case whether direct or indirect);
arising from its performance or non-performance of its obligations in connection with the Agreement whether arising from breach of contract, tort, breach of duty, negligence or any other cause of action even if the event was foreseeable by the Company or the possibility thereof is or had been brought to the attention of the Company.
10.1 Subject always to the provisions of Clause 15, the Services may be suspended by the Company 5 days after a notification of suspension has been issued by email and without prejudice to the Company’s rights of termination under Clause 11 in the event of the Customer:
(a) failing to make any payment to the Company on the relevant due date for payment, the Customer having been given 14 days prior notice to remedy such non-payment;
(b) doing or allowing anything to be done which contravenes the AUP; or
(c) being in breach of clause 4.3, the Customer having been given 14 days prior notice to remedy the same; or
(d) being otherwise in breach of the Conditions, the Customer having been given 14 days prior notice to remedy such breach where this remediable.
Back-up services shall cease to be provided upon suspension of your Customer area which may take place before the server is switched off.
If, after 5 days from suspension, the Customer has failed to remedy the breaches listed in clause 10.1 (a), (c), (d) or for immaterial breaches of 10.1 (b), the Company may turn off the Customer’s server and permanently decommission the Services with data being deleted not later than 30 days thereafter.
10.2 Suspension shall not affect the liability of the Customer to pay charges and other amounts to the Company.
11. Term and Termination
11.1 Subject to clause 11.2 below, the Agreement shall come into effect on the signature of the Quotation and remain in force for the Term.
11.2 Termination of the Agreement can be effected:
(a) by the Customer giving the Company not less than 30 days’ prior written notice (in accordance with Clause 16.1) which notice shall expire on or after expiry of the Initial Term;
(b) by the Company at any time forthwith if the Customer commits any material breach of the Agreement including (but not limited to) non-payment of any fees due or a breach of the AUP;
(c) by the Company giving the Customer 30 days’ prior written notice at its sole discretion for any reason; or
(d) by either party upon an application being made to court or an order being made for the appointment of an administrator, the institution of insolvency, receivership, bankruptcy or any other proceedings for the settlement of the other party’s debts or the other party suspending or threatening to suspend payment of its debts or is business or upon the making of an arrangement for the benefit of the other party’s creditors or upon the dissolution of the other party.
11.3 The Company reserves the right to invalidate any or all of the Customer’s Username and Internet Protocol Address issued to the Customer following termination of the Agreement and to re-allocate it or them to another customer.
11.4 Domain name hosting and transfer requests for domain name server records may be submitted in writing with the authorised signature of the domain name owner or via the Customer support portal and whilst there is no charge for the transfer a small charge may nevertheless be made to cover the Company’s administration costs. Domain name transfers will not be made until the domain has been paid for by the Customer such that until this happens domain names remain the property of the Company.
11.5 The Customer shall return all equipment cables and literature belonging to the Company at the Customer’s own cost within 5 days of termination of the Agreement and shall ensure that it arrives in good working order otherwise an appropriate fee may be levied by the Company.
11.6 During the term of this Agreement and for 6 months thereafter, the Customer will not solicit to be hired or hire, as an employee or independent contractor, any individual (i) who is then an employee of the Company or was an employee of the Company during the previous 12 months (unless the Company terminated that individual’s employment or contract) and (ii) who during any part of the term of this Agreement was assigned by the Company to provide services to the Customer.
12. Rights On Termination
12.1 On termination of the Agreement the Company shall provide the Termination Assistance Services in accordance with the reasonable instructions of the Customer. Except as otherwise set forth in the Agreement, the Termination Assistance Services will be provided at the then applicable level of charges for the Services.
12.2 Termination of the Agreement shall not affect any pre-existing liability of the Customer or affect any right of the Company to recover damages or pursue any other remedy in respect of any breach of the Agreement by the Customer.
12.3 On termination of the Agreement the right to the use of the Internet Protocol Address allocated by the Company shall revert to the Company.
12.4 In the event of termination of the Agreement by the Company due to breach of the Conditions by the Customer, the Company shall be entitled to the balance of all payments which would but for such termination have accrued up to the earliest date upon which the Agreement could have been terminated by the Customer in accordance with the Conditions.
12.5 Unless otherwise agreed by the Company in writing, Services will be permanently decommissioned 7 days after the date of termination, in which case data will be permanently deleted within 30 days thereafter.
13. RELEASE OF INFORMATION
13.1 The Company shall not be required to release any domain name and may refuse to do so until the Agreement has been validly terminated and the Customer has complied with all of its obligations including (but not limited to) the payment of all sums due to the Company. Domain names remain the property of the Company until all sums due have been received.
14. Intellectual Property
14.1 The Company grants to the Customer a limited, non-exclusive licence to use the Services during the Term of the Agreement and subject to the restrictions set forth in the Agreement which licence does not entitle the Customer to any updates, modifications or new releases to any deliverables or software.
14.2 The Company reserves any and all of the Company’s copyright, trademarks, trade names, patents and all other intellectual property rights created, developed, subsisting or used in connection with any deliverables, software and/or the Services which are the sole property of the Company.
14.3 The Customer shall not transfer the Customer’s licence nor sublicense the deliverables or the software except where permitted to do so by the terms of the Agreement and in particular the Customer shall not (and shall not allow any third party to):
(a) remove any product identification, copyright, trademark or other notices;
(b) sell, pledge, lease, lend, distribute over the Internet;
(c) load or use portions of the software (whether or not modified or incorporated into or with other software) on or with any machine or system that is not physically kept at the facilities of the Customer or within third party facilities contracted by the Customer.
14.4 The Customer shall not disassemble, decompile or otherwise reverse engineer the Services provided under the Agreement.
15. Force Majeure
15.1 The Company shall not have any liability to the Customer for any delay, omission, failure or inadequate performance of the Agreement which is the result of circumstances beyond the reasonable control of the Company. Such circumstances shall include but not be limited to strikes, lock-outs, failure of a utility service or network, default of suppliers, act of god, war, riot, civil commotion, malicious damage, denial-of-service/distributed denial-of-service attacks, compliance with law or governmental order, rule, regulation, governmental guidance or direction, fire, flood, storm, earthquake, pandemic, epidemic and acts of terrorism. Where the Company is so affected in its performance of the Agreement it will notify the Customer in writing as soon as is reasonably possible.
15.2 Where the performance of the Agreement is affected by force majeure the Company shall use its reasonable endeavours to overcome the problem as soon as practicably possible.
16.1 Other than suspension notices served pursuant to Clause 10 and any notice served by the Customer under Clause 11.2(a), any notice given under or in connection with the Agreement shall be in writing and shall be duly delivered if sent by first class post to the relevant address given in the Agreement or to such other address as the recipient may have previously notified in writing to the other party for that purpose. Any termination notice served by the Customer under Clause 11.2(a) shall be submitted via a cancellation form issued by the Cancellations Department who can be contacted on + 44 (0) 161 215 7128 or via the cancellations portal within the Customer support portal.
16.2 Suspension notices served pursuant to Clause 10 shall be deemed as duly delivered and received when sent by email to such email address as the Customer may have previously notified in writing to the Company.
16.3 Other than suspension notices served pursuant to Clause 10 or maintenance notices served pursuant to Clause 16.4, any notice shall be deemed to be duly received at the expiration of 48 hours after the envelope containing the notice had been posted and in proving such service it shall be sufficient to show that the envelope containing such notice was properly addressed and posted as a first class letter.
16.4 The Company will provide 5 days’ notice (by email) for any maintenance the Company wishes to undertake but in the event of emergency maintenance the Company will provide as much notice as is reasonably possible.
17. Data Protection
17.1 In this Clause, the following terms shall have the following meanings:
(a) “controller”, “processor”, “data subject”, “personal data” and “processing” (and “process”) shall have the meanings given in Applicable Data Protection Law;
(b) “Applicable Data Protection Law” shall mean UK Data Protection Legislation and to the extent applicable to the Customer’s use of the Services to process Data the General Data Protection Regulation (EU) 2016/679);
(c) “Data” means the personal data (as defined by Applicable Data Protection Law) provided or made available to the Company by or behalf of the Customer and its customers and/or end users through any use or provision of the Services which may include for example information regarding customers and suppliers (for example, name, contact details, organisation details) and information regarding employees (for example, name, email address).;
(d) “UK Data Protection Legislation” means all applicable data protection legislation in force and as amended from time to time in the UK including the Data Protection Act 2018 and the DPPEC (Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit)) Regulations 2019.
17.2 The Customer (the controller) appoints the Company as a processor to process the Data. The processing shall continue for the Term.
17.3 The Company shall process the Data as a processor as necessary to perform its obligations under the Agreement, provide the Services and in accordance with the documented instructions of the Customer (the “Permitted Purpose”), except where otherwise required by any Applicable Data Protection Law. In no event shall the Company process the Data for its own purposes or those of any third party.
17.4 The Company shall not transfer the Data (nor permit the Data to be transferred) outside of the European Economic Area (“EEA”) unless (i) it has first obtained the Customer’s prior written consent; and (ii) it takes such measures as are necessary to ensure the transfer is in compliance with Applicable Data Protection Law.
17.5 The Company shall ensure that any person that it authorises to process the Data (including its staff, agents and subcontractors) (an “Authorised Person”) shall be subject to a strict duty of confidentiality (whether a contractual duty or a statutory duty), and shall not permit any person to process the Data who is not under such a duty of confidentiality. The Company shall ensure that all Authorised Persons process the Data only as necessary for the Permitted Purpose.
17.6 The Company shall, having regard to the nature of the Services and as more particularly set out in the Agreement, implement appropriate technical and organisational measures to protect the Data (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorised disclosure of, or access to the Data (a “Security Incident”).
17.7 The Company shall not subcontract any processing of the Data to a third party subcontractor without the prior written consent of the Customer. If the Customer refuses to consent to the Company’s appointment of a third party subcontractor on reasonable grounds relating to the protection of the Data, then the Company will not appoint the subcontractor. The Customer acknowledges that if Two Factor Authentication and/or Monitoring Services are comprised within the Services some subcontracting of processing to a third party will be required in order for the Company to provide the relevant Services.
17.8 The Company shall so far as technically practicable provide all reasonable and timely assistance to the Customer (at the Customer’s expense) to enable the Customer to respond to: (i) any request from a data subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure and data portability, as applicable); and (ii) any other correspondence, enquiry or complaint received from a data subject, regulator or other third party in connection with the processing of the Data. In the event that any such request, correspondence, enquiry or complaint is made directly to the Company, the Company shall inform the Customer as soon as reasonably practicable providing reasonable details of the same.
17.9 If the Company believes or becomes aware that its processing of the Data is likely to result in a high risk to the data protection rights and freedoms of data subjects, it shall inform the Customer as soon as reasonably practicable and provide the Customer with all such reasonable assistance at the Customer’s cost as the Customer may reasonably require in order to conduct a data protection impact assessment.
17.10 Upon becoming aware of a Security Incident, the Company shall inform the Customer without undue delay and shall provide all such timely information and cooperation as the Customer may reasonably require in order for the Customer to fulfil its data breach reporting obligations under (and in accordance with the timescales required by) Applicable Data Protection Law. The Company shall further take all such measures and actions as are technically practicable given the nature of the Services and within its control to remedy or mitigate the effects of the Security Incident and shall keep the Customer up-to-date about all developments in connection with the Security Incident.
17.11 The Company shall notify the Customer as soon as reasonably practical of any legally binding request it receives from law enforcement unless such disclosure is prohibited.
17.12 Upon termination or expiry of this Agreement, the Company shall (at the Customer’s election) destroy or return (in accordance with clause 3.10 or 3.11 (as the case may be)) to the Customer all Data (including all copies of the Data) in its possession or control (including any Data subcontracted to a third party for processing). This requirement shall not apply to the extent that the Company is required by any EU (or any EU Member State) law or by virtue of any other lawful grounds to retain some or all of the Data, in which event the Company shall isolate and protect the Data from any further processing except to the extent required by such law.
17.13 The Company shall not be in breach of this Clause 17 if it acts on the instructions of the Customer.
17.14 The Company acknowledges and agrees that the Customer retains all right, title and interest in and to the Data absolutely, including but not limited to any database rights and copyright.
17.15 In acting as the Data controller, the Customer shall:
17.15.1 make due notification to any relevant regulator and shall comply at all times with the Applicable Data Protection Law;
17.15.2 ensure it is not subject to any prohibition or restriction which would:
(a) prevent or restrict it from disclosing or transferring the Data to the Company, as required under this Agreement;
(b) prevent or restrict it from granting the Company access to the Data, as required under this Agreement; or
(c) prevent or restrict the Company from Processing the Data as envisaged under this Agreement;
(d) ensure that all fair processing notices have been given (and/or, as applicable, consents obtained) and are sufficient in scope to enable both parties to Process the Data as required in order to obtain the benefit of its rights and to fulfil its obligations under this Agreement in accordance with Applicable Data Protection Laws.
17.16 The Customer acknowledges and agrees that telephone calls to or from the Company to it may be recorded for business purposes, such as for quality control and training.
17.17 If an annual security audit is stated on the Quotation, this shall be performed on the Customer’s written request.
18.1 The Customer is solely responsible for determining the suitability of the Services in light of the nature of any data stored on the Services and for determining what steps are appropriate for maintaining security, protection and back up. The Customer shall inform the Company of brief details of the nature of any Data stored on the Services (and update the Company throughout the Term if the nature of the data changes) and an overview of any encryption methods in place.
18.2 The Company shall maintain appropriate physical security controls at its data centres and shall have responsibility for those aspects assigned to it at Appendix 1 but has no obligation to provide security or back-ups of data other than as stated in the Agreement.
18.3 The Company is not responsible for:
(a) application security;
(a) the encryption of any data at rest/in transit other than as set out in Appendix 1 and any relevant Product Terms;
(b) issues caused by or in respect of the Customer’s code;
(c) the administration / management of access and responsibilities for the Customer’s end users and for any layers above the Company’s infrastructure
The Company does not run any periodic checks on the integrity of Customer’s Data or backup data. The Company shall have no responsibility for or any other matters for which the Company’s liability is expressly excluded and agreed in writing between the Parties due to the nature of the Customer’s solution.
18.2 The Customer is not permitted to perform penetration testing on its environment without seeking prior written approval from the Company.
19. Expenses of The Company
19.1 The Customer shall pay to the Company all costs and expenses reasonably and properly incurred by the Company in enforcing any of the Conditions or in exercising any of the Company’s rights or remedies under the Agreement including (but not limited to) all costs incurred in tracing the Customer in the event that legal process cannot be effected at the last known address of the Customer.
20. Bribery and Corruption
20.1 Both parties shall and shall procure that persons associated with it shall comply with all applicable laws, statutes and regulations relating to anti-bribery and corruption. Each party shall have and maintain in place throughout the term of the Agreement its own policies and procedures under the Bribery Act 2010 to ensure compliance with the requirements under the Bribery Act 2010.
21. Sanctions/Export Controls
21.1 In entering into this Agreement the Customer confirms that neither it, nor any of its stakeholders, are currently the subject of any Sanctions.
21.2 The Services are subject to local export control laws and regulations and dependent on the software used to deliver the Services may be subject to the export control laws and regulations of the United States. The parties shall comply with such laws and regulations governing use, export and re-export of the Services.
22.1 Any allowance of time to pay or any other form of indulgence by the Company shall in no manner affect or prejudice the Company’s right to payment and interest pursuant to the Conditions or otherwise under this Agreement.
22.2 No failure, neglect or delay in enforcing any of the terms of the Agreement may be construed as a waiver of any of the Company’s rights in respect thereof nor such neglect, failure or delay a variation of the express terms of the Agreement.
23.1 In the event that any part of the Agreement is found to be invalid or otherwise unenforceable then such provision shall be regarded and construed as severable from the Agreement so as not to affect the validity and enforceability of the remainder.
24.1 Each party undertakes to the other that it shall keep (and shall procure that its directors and employees shall keep) secret and confidential and shall not use or disclose to any other person any confidential information or material of a technical or business nature relating in any manner to the business, products or services of the other party which the receiving party may receive or obtain in connection with or incidental to the performance of the Agreement but subject to the remaining provisions of this Clause 24.
24.2 Notwithstanding Clause 24.1, the receiving party shall not be prevented from using any general knowledge, experience and skills not treated by the disclosing party as confidential or which do not properly belong to the disclosing party and which the receiving party may have acquired or developed at any time during the term of the Agreement.
24.3 Notwithstanding Clause 24.1, the receiving party shall not be prevented from using the information or material referred to in Clause 24.1 above to the extent such information or material comes into the public domain otherwise than through the default or negligence of the receiving party.
24.4 Notwithstanding Clause 24.1, either party shall have the right to communicate any information concerning the other party to any Government department, regulatory body or any other form of enforcement authority or as may be required by law.
24.5 In entering into this Agreement the Customer hereby gives its prior consent to the use of its corporate name and/or logo by the Company solely for the purposes of referring to the Customer as a customer for the Company’s marketing, advertising and promotional purposes and the Customer hereby gives its consent to its name appearing on the Company’s website and/or promotional materials in such capacity. The Customer may revoke this consent in writing at any time. The Customer gives its prior consent for the Company to use generic information regarding the Customer’s experience to create case studies.
25.1 The Customer shall not assign or transfer any of the Customer’s rights or obligations under the Agreement without the prior written consent of the Company.
26. Clause Headings
26.1 Clause headings are for ease of reference but do not form part of the Agreement and accordingly shall not affect its interpretation.
27. Entire Agreement
27.1 The Services are provided subject to the Conditions to the exclusion of any other terms and conditions such that and for the avoidance of doubt no terms and conditions contained in any document previously sent by the Customer to the Company prior (or subsequent to) the Quotation being signed by the Customer shall be of any effect with respect to the Agreement unless expressly agreed in writing by a director of the Company.
27.2 The Customer acknowledges that in entering into the Agreement the Customer has not relied on and shall not be entitled to rescind the Agreement or to claim damages or any other remedy on the basis of any representation, warranty, undertaking or other form of opinion or statement made by or on behalf of the Company save where expressly contained in the Agreement.
27.3 The Parties hereby agree that the Agreement together with any agreed requirements outlined in the PLQ constitutes the entire agreement between the Parties in respect of the Services.
28.1 The Company reserves the right to vary the Agreement as a result of changes required by its insurers, for operational or administrative reasons or in order to comply with changes in the law.
28.2 The Company will provide the Customer with 14 days’ notice of any significant changes to the Agreement.
28.3 The Customer will keep the Company promptly informed of any changes to the Customer’s address and such other information as may affect the payment of charges due.
29. Third Party Rights
29.1 The Parties agree that it is not hereby intended that any rights should be conferred upon or enforceable by any third party as defined in the Contracts (Rights of Third Parties) Act 1999 unless the context otherwise permits.
30. Law and Jurisdiction
30.1 The Agreement is governed by the laws of England and Wales and is subject to the exclusive jurisdiction of the Courts of England and Wales.
A tick in the column denotes the responsible party. For some line items, both parties share responsibility
|ANS (Data Processor)||Customer (Data Controller)|
Schedule of window OS patches agreed with Customer on launch and set up by ANS. Customer’s responsibility to monitor and patch on an ongoing basis.
Customers can request or implement custom changes to OS patching policies as per their individual requirements
|Application Patching/ Overall solution patching||
On request only for ANS installed application(s) or service(s) does not cover third party software
|Encryption – data at rest
(where Encrypted VMs are not part of the Services)
Although ANS will enact self-encrypting disks on SANs as part of the public sector service and see the box below for Encrypted VMs product)
Save where Encrypted VMs are within the Services purchased (as set out in the box below), encryption methods for data at rest are the responsibility of the Customer.
Customer shall advise ANS of encryption being in place as this can affect data recovery options and ANS’s ability to comply with its SLA.
ANS is not responsible for any decryption methods required to access data at rest.
|Encryption – data at rest on virtual machines – this is ONLY where the Services include Encrypted VMs||
|Encryption – data in transit||
Although ANS can provide a public key cryptography certificate as an additional service if required
|Network & Systems passwords||
|Anti-Virus – installation and updates||
ANS provided Anti-Virus only (McAfee VSE)
ANS penetration tests its own networks
Application penetration testing for Customer
For customers with PCI as a Service only/only ANS managed accounts
|Application security/ authentication||
Customer is responsible for application security and authentication methods.
|Authentication FastDesk® ONLY – where Two Factor Authentication is purchased along with FastDesk® as part of the Services||
|Monitoring for security breaches||
For customers selecting as a paid for option only.
|Report security breaches||
ANS would make a report to a customer on becoming aware
Customer responsibility to report to the Information Commissioners office & relevant regulators
|Data Breach response plan||