Contact


Terms of use

1. Definitions

1.1 For the purpose of these Terms and Conditions, the following capitalized terms shall have the meaning assigned to them below:

Agreement

Means the entire contractual relationship between the Service Provider and the Customer for the provision of the Services, consisting of these Terms and Conditions, its Annexes and any Quote, as well as any amendments made thereto from time to time in accordance with its terms.

Annex(es)

Means an(y) annex to these Terms and Conditions, which will be an integral part of it.

Applicable Data Protection Law

Means (as applicable based on Customer’s use of the Service) (i) The Data Protection (Jersey) Law 2018, Data Protection Authority (Jersey) Law 2018 and / or the Data Protection (Bailiwick of Guernsey) Law 2017. (ii) the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), as well as any applicable subsequent or implementing (national) legislation concerning the GDPR, and/or (iii) the UK Data Protection Act 2018 and the UK Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019.

Business days

Means a normal working day of Provider from Monday to Friday, excluding public holidays with the United Kingdom and the Channel Islands.

Business hours

Means normal business hours from 8:00 a.m. to 6.00 p.m. on Business Days.

Change of Circumstances

Means any unforeseen change of circumstances occurring after the conclusion of the Agreement that makes performance excessively onerous for Service Provider, such that performance can no longer reasonably be requested.

Confidential information

Means any information disclosed, whether in writing or verbally, between the parties (and/or any of their Representatives) in the framework of and/or pursuant to this Agreement, in whichever format, which by explicit reference is marked “Confidential” or which by nature or through the circumstances under which it is disclosed must be reasonably deemed confidential. Confidential Information shall include (but is not limited to) the following: knowhow, ideas, and other technical, business, financial, client and product development plans, forecasts, strategies, techniques and information, computer programs, object and/or computer code, modules, scripts, algorithms, features and modes of operation, inventions (whether or not patentable), techniques, processes, schematics, testing procedures, software design and architecture, design and function specifications, analysis (whether or not related to a specific (future) product) and performance information, user documentation including Documentation as defined below, internal documentation, designs, ideas, concepts, metaphors and content for sites on the World Wide Web, the Internet and other computer networks, research, development, trade secrets, analyses, memoranda, materials, trade or commercial names, trademarks, commercial terms and conditions, financial or business results, other documents or information which contain or reflect or are generated from such information.

Comtech Solutions Limited

Means the Private Limited company that developed and markets both CookieScan™ and YourDataSafe™ which are compliance/accountability software tools, developed and owned by Provider, for privacy, security, data management and related services. These shall include software tools, published specifications and Documentation, as well as any future, updated, improved or otherwise modified version(s) of CookieScan™ or YourDataSafe™ delivered by the Provider (in its sole discretion) to Customer.
Reference to Comtech Solutions Limited will mean either CookieScan™ or YourDataSafe™ depending on what platform you are on.

Data Processing Agreement

Means the data processing agreement included in Annex 1 of these Terms and Conditions.

Documentation

Includes, but is not limited to, (where applicable) guides, manuals, materials, and any information appropriate or necessary for the proper use of Comtech Solutions Limited.

End User

Means any natural person or legal entity (incl. subcontractors) that has been authorized by the Customer to use Comtech Solutions Limited under the latter’s responsibility.

Effective Date

Means the effective date as stated in the Quote or, in the absence thereof, the day of activation of Customer’s access to Comtech Solutions Limited.

Force Majeure

Means any unforeseeable event which is beyond the reasonable control of the Parties, and which arises after the date of signature of this Agreement, and which prevents performance of this agreement, in whole or in part, by either Party.

IP Rights

Means any and all (future) intellectual property rights pertaining to Comtech Solutions Limited, in any country or jurisdiction, including but not limited to any patents, copyrights and neighbouring rights, trademarks, trade names and domain names, goodwill, design rights, rights related to software, database rights, know-how, trade secrets, all renewals or extensions of such rights and all similar or equivalent rights or forms of protection which are developed or will be developed, either registered, deposited, filed or not and including any and all applications for such rights.

License Fee

Means the yearly license fee payable by the Customer to allow its End Users to access and use Comtech Solutions Limited as specified on the Quote.

Party / Parties

Means the Provider and/or the Customer.

Provider

Means the private limited company “Comtech Solutions Limited” with registered office at 6 Vine Street, St Helier, Jersey, JE2 4WB, registered with the Jersey Financial Services Commission (“JFSC”) under number 131521.

Quote

Means the ordering document made by and between the Provider and the Customer for the provision of the Services, which forms an integral part of the Agreement. This Quote is obtained from the Comtech Solutions Limited website (CookieScan™ pricing guide and YourDataSafe™ calculator)

Representatives

Means, in respect of a Party, its shareholders, directors, managers, proxy holders, consultants, contractors, counsel, advisors, employees, agents and any such persons acting within the framework of this Agreement in the name and on behalf of the Parties, regardless the status under which such representative is acting.

Services

Means the access to the CookieScan or YourDataSafe™ platform and, if applicable, any additional services provided to the Customer by the Provider, as set forth on the Quote.

Services Fee

Means the services fee payable by the Customer for the additional services provided to the Customer by the Provider, as specified on the Quote (if applicable).

Terms and Conditions

means the present general terms and conditions applicable to all Quotes agreed upon between the Provider and the Customer, unless expressly stipulated otherwise in writing.

Terms of Use

The terms of use of CookieScan™ or YourDataSafe™ by the Customer and its End Users as set forth in article 4.2.1 of these Terms and Conditions.

User account

Means an account enabling an End User to access and use the Comtech Solutions Limited applications. A user account within Comtech Solutions Limited can be appointed with different access rights. These access rights can both be administrative rights (Access to all modules), rights to specific modules/sub-modules or rights to sets of modules within CookieScan™ or YourDataSafe™.

2. General

2.1. Unless expressly agreed otherwise in writing by the Parties, all offers, Quotes, sales and provision of Services by the Provider shall be subject to these Terms and Conditions and its Annex(es).
2.2. A Quote submitted by the Provider to the Customer is only valid for the duration as stated on that Quote. If the Quote does not specify a period of validity, it shall be limited to sixty (60) calendar days from the issue date of the Quote.
2.3. The Agreement between the Provider and the Customer for the provision of the Services is only concluded after the Customer (digitally) signs the Quote without any reservation or modification. By signing the Quote, the Customer declares to have read these Terms and Conditions and its Annex(es) and accepts their applicability to the Services provided by the Provider. Deviations, additions or amendments to these Terms and Conditions, its Annex(es) or the Quote made by the Customer shall not be effective unless expressly agreed in writing between the Parties.

3. License and scope

3.1. Subject to the terms and conditions of this Agreement and timely payment of the License Fee, the Provider hereby grants to the Customer, as of the Effective Date, a personal, restricted, non-transferable, non-exclusive, non-assignable worldwide license, without the right to sublicense, to allow its End User(s) to access and use of CookieScan™ or YourDataSafe™ and the IP Rights contained therein (hereinafter referred to as the “License”).
The scope of this License is limited to internal compliancy/accountability management with respect to privacy, security & data management within the normal course of Customer’s business (hereinafter referred to as the “Scope”). When using Comtech Solutions Limited, Customer and its End Users shall respect this Agreement, the Terms of Use and all applicable laws and regulations including but not limited to the Applicable Data Protection Law.
Except to the extent expressly permitted in this Agreement or required by law on a non-excludable basis, the License granted by the Provider to the Customer under Section 3.1. is subject to the following prohibitions:

  • a) The Customer shall not be entitled to sublicense its right to access and use Comtech Solutions Limited;
  • b) Comtech Solutions Limited may only be used by the End Users in accordance with the Terms of Use;
  • c) Comtech Solutions Limited must not be used at any point in time by more than the number of End Users specified in the Quote, providing that the Customer may add or remove concurrent End Users upon request;
  • d) The License shall not extend to companies related to or associated with the Customer. Any extension of the License to companies belonging to the same group as the Customer, shall be subject of an extension of the License at financial terms to be agreed upon between the Parties. Further, any expanded use of Comtech Solutions Limited over and above the use as agreed pursuant to this License and as defined in the Quote, shall be subject to a specific agreement with the Provider;
  • e) The License does not include the right for Customer to incorporate the software into other software, applications, systems, websites and other products or to link the software to other products;
  • f) Except for the prior written approval of the Provider, the Customer shall not use Comtech Solutions Limited and – where applicable – the IP Rights outside the Scope. Activities falling outside the Scope include, but are not limited to, any form of commercial exploitation of Comtech Solutions Limited, mentioning Comtech Solutions Limited in marketing materials and/or any other use of Comtech Solutions Limited on behalf of, or, for third parties. Likewise, Customer shall not provide its Comtech Solutions Limited User Account information (including but not limited to authorized username(s), password(s) or other relevant information for access by End Users) to another, external or any other not-authorized user for any reason including, without limitation, in order for such other user to access any features of Comtech Solutions Limited;
  • g) The Customer is explicitly prohibited to alter, remove, or obscure any copyright, trademark or other proprietary rights notice contained in Comtech Solutions Limited.

3.2. The Customer shall use reasonable endeavours, including reasonable security measures relating to User Account access details, to ensure that no unauthorized person may gain access to Comtech Solutions Limited using a User Account;
3.3. Nothing in this License Agreement nor any commercial relationship between the Parties is intended or shall be deemed to constitute a partnership, agency, franchise or a joint venture relationship between the Parties.

4. Specific obligations and warranties

4.1 On the part of the Provider
4.1.1. The License under this Agreement and Comtech Solutions Limited are delivered to the Customer without any express, explicit or implicit warranty except as explicitly provided in this Agreement or as may be required by applicable law.
In particular, the Provider does not provide any warranty relating to Comtech Solutions Limited being fit for a particular use or being sufficient or adequate to address the purpose of Comtech Solutions Limited for Customer’s business, or to the economic profitability of the exploitation by Customer of Comtech Solutions Limited.
4.1.2. The Provider shall make available Comtech Solutions Limited to the Customer in the most recent and workable version and will, throughout the life of the License, use all reasonable endeavours to maintain the availability of Comtech Solutions Limited to the Customer, but does not guarantee 100% availability and will not guarantee a higher level of availability than what is provided by its hosting partners. Maintenance, updates/upgrades, improvements, or modifications may be required to be implemented by the Provider from time to time and may reasonably require a certain downtime or limitation of use.
The Provider warrants that it will spend all reasonable efforts to solve any technical or other errors that would impact the due functioning of the tool, as soon as reasonably possible. In case of a detected issue or outage, report can be made to Helpdesk@Yourdatesafe.com. If an outage is detected or reported, the Provider will take reasonable efforts to contact the Customer of this outage if the outage would exceed a duration of one (1) hour. The Provider shall be free to determine the method to correct or bypass any potential errors. Any downtime or limitation of use resulting from the need for Provider to correct any technical errors, shall never entitle the Customer to a claim for damage or loss.
4.1.3. The Provider is released from any warranty in relation to Comtech Solutions Limited to the extent that an error is attributable to circumstances for which it is not responsible, such as in particular, but not limited to (i) unauthorised interventions into the tool by the Customer, (ii) operating errors by the Customer or its End Users, or (iii) influences of systems or programs not supplied by the Provider.
4.1.4. The Provider warrants that, to the best of its knowledge, it owns all rights, titles and interests to Comtech Solutions Limited (including the IP Rights). Should it appear that certain IP Rights that have been or are being used for the development and/or operation of Comtech Solutions Limited belong to third parties, the Provider shall undertake its best efforts to acquire sufficient rights in such (underlying) intellectual property rights in connection with Comtech Solutions Limited for the purpose of providing a valid License under this Agreement. In the event that, despite all efforts made, the Provider is not able to obtain sufficient rights on any relevant third-party intellectual property in the framework of Comtech Solutions Limited, the Provider shall use all reasonable endeavours to amend or otherwise modify Comtech Solutions Limited so as to allow the use of the tool without infringement on third party intellectual property rights. If such attempt is not successful, each Party shall be entitled to terminate the Agreement with immediate effect without any termination compensation or indemnification being due to the other Party, as set out in Section 11.5 (ii).
If legal action is taken by third parties against the Customer on the grounds of breach or alleged breach by the Provider on third party intellectual property rights, then the Customer shall inform the Provider without undue delay and shall enable the Provider to intervene in the legal proceedings as an interested party and/or to take the lead in conducting defence. In this respect, the Provider and the Customer shall communicate in good faith any information which may be useful or necessary for conducting the defence. Should any liability of the Provider be established in the framework of these legal proceedings, the Provider shall compensate the Customer for the damages suffered, including reasonable legal fees, subject always, however, to the limitations set out in Section 4.1.5.
4.1.5. The entire liability of the Provider under or in connection with this Agreement whether in contract, tort or otherwise, shall, except in case of wilful misconduct, gross negligence or serious failure, be limited in aggregate to an amount equal to the insurance cover provided, or if no insurance cover is provided, to an amount equal to 50% of all License Fees and Service Fees paid by the Customer to the Provider prior to the occurrence of the damage.
In no event shall the Provider be liable to the Customer, except as explicitly stated otherwise in this Agreement, for:

  • a) Defects that are caused directly or indirectly by an act of the Customer its End Users or a third party (e.g. hosting provider);
  • b) Damages resulting from incorrect or inadequate use of the Services by the Customer or its End Users;
  • c) Damages resulting from non-compliance by the Customer or its End Users with any applicable legislation and/or regulations;
  • d) Damage resulting from the defaults in network communications, devices or infrastructure belonging to the Customer;
  • e) Damages caused by the further use or application of the Services after a defect or problem has been found by the Customer or notified to it by the Provider;
  • f) Damages caused by a Force Majeure or a Change of Circumstances;
  • g) Any incidental, indirect or consequential damage, loss of profit, goodwill, data, business opportunity or anticipated savings.
    Nothing in this Agreement shall operate to exclude or restrict the liability of the Provider in the event of wilful misconduct or fraud.

4.2 On the part of the Customer

4.2.1 Terms of Use

  • a) As of the Effective Date, the Customer and its End Users shall only use Comtech Solutions Limited according to the terms and conditions as set out in this Agreement, including but not limited to the Terms of Use set out in this section. When using Comtech Solutions Limited, the Customer and its End Users shall respect any applicable rights of third parties and is fully and solely liable for any infringements made by the Customer (including any of its Representatives) and its End Users on such third-party rights.
  • b) The Customer and its End Users shall not use Comtech Solutions Limited as a data repository/directory. All files uploaded to the system are to be considered as a secondary source of data. The Customer remains responsible for management of the data in its systems and thus for the provision of an authentic source of its data.
  • c) The Customer and its End Users shall not use Comtech Solutions Limited in any way that is unlawful, illegal, fraudulent or harmful or in connection with any unlawful, illegal, fraudulent or harmful purpose or activity.
  • d) The Customer and its End Users shall not use Comtech Solutions Limited and shall not create Customer applications, for the purpose of spamming.
  • e) The Provider does not provide for an interface, if the Customer wishes to make use of links within Comtech Solutions Limited, the Customer remains responsible for updating those links.
  • f) The Customer and its End Users shall not use the licensed materials in any manner that does or could potentially undermine or harm the security or operating of Comtech Solutions Limited or any other services of the Provider, or that could in any way be detrimental to the image, reputation or any other material or non-material interests of the Provider. In addition, Customer and its End Users shall not interfere with, modify or disable any features, functionality or security controls of Comtech Solutions Limited or any other services of the Provider. The Customer and its End Users should also not try to defeat, avoid, bypass, remove, deactivate or otherwise circumvent any protection mechanisms for Comtech Solutions Limited or any other services or materials of the Provider, or reverse engineer, decompile, disassemble or derive source code, underlying ideas, algorithms, structure or organizational form from Provider’s services, products or any parts or components thereof.
  • g) Customer and its End Users will immediately report to the Provider (i) any technical errors experienced while using Comtech Solutions Limited via helpdesk@yourdatasafe.com and (ii) any security flaws discovered in Comtech Solutions Limited or in any other Provider’s services or materials. The Customer and its End Users will also immediately report any actual or suspected unauthorized access to Comtech Solutions Limited using Customer’s User Account credentials. Failure to report such flaws or unauthorized access, particularly prior to public disclosure, will be considered a material breach of this Agreement. The Customer will provide appropriate and reasonable support to the Provider in analysing the causes and conditions of any program or functional error and/or of any security.
  • h) The Customer and its End Users will comply with any other limitations reasonably imposed by the Provider on the use of Comtech Solutions Limited and will at all times uphold a general due care standard. The Customer will respect the letter and the spirit of the programmatic limitations of Comtech Solutions Limited and the restrictions of this Agreement. For example, the Customer and End Users shall refrain from working around or circumventing any explicit or implicit Comtech Solutions Limited limitations.
  • i) The Provider holds the right to temporarily block the Customer’s and/or certain End User’s access to Comtech Solutions Limited in case of abuse.
  • j) The Customer acknowledges that Comtech Solutions Limited is purely a software tool, but may contain advice and recommendations. The Customer bears full responsibility for the proper assessment and implementation of these recommendations.

4.2.2. Specific terms regarding phishing simulations (only applicable when indicated on the Quote)

  • a) The Customer gives the Provider the approval to carry out phishing simulations against all email addresses and mobile phone numbers as inserted by the Customer (User Accounts) in Comtech Solutions Limited, for the duration of the License in accordance with this Agreement. The Provider agrees that all the inserted domains are fully under the Customer’s control and ownership. The Customer confirms that he has got sufficient authority to approve phishing simulations and that he is authorized to and will safeguard the Provider against any accusations that would condemn this approval. The Customer acknowledges that every specific simulation will be presented first for validation and that the Customer will test and approve every phishing scenario before it is being executed. To the greatest extent permitted by applicable law, the Provider can never be held responsible for direct or indirect damage of the Customer or third parties as a consequence of this phishing simulation. The Customer will safeguard the Provider against all types of Customer or third-party claims, whether direct or indirect claims, as a consequence of an executed phishing simulation via Comtech Solutions Limited.
  • b) The Customer warrants to respect all third-party rights and is solely responsible for the opted phishing The Customer acknowledges that only logo’s and images of fictitious companies can be used in the phishing scenario or template and is solely responsible for including logo’s, images or any other references (directly or indirectly) to existing companies or companies reasonably known to be established in the near future.

4.2.3. Audit, insurance and liability
The Provider shall have the right to perform an audit in relation to whether or not the Customer uses Comtech Solutions Limited and (if applicable) the applicable IP Rights according to the terms and conditions as set out in this Agreement, including but not limited to the Terms of Use as set out above. The Customer shall actively cooperate with such audit and shall provide the Provider with the requested information in this regard, at its own expense. If the information is deemed insufficient and/or incorrect by the Provider, the Customer shall grant the Provider access to its office for an audit on site during normal business hours and subject to reasonable advance notice. In performing such an audit, the Provider shall observe the strictest confidentiality of any information or data consulted in the framework of the audit and shall procure that its Representative shall comply with same confidentiality obligation. Each Party shall bear its own costs of such audit, unless the audit reveals the non-compliant use of Comtech Solutions Limited and (if applicable) the IP Rights by the Customer, in which case the Customer shall bear all costs for the audit.
4.2.4. The Customer shall take out sufficient insurances to cover any risks associated with the use of Comtech Solutions Limited.
4.2.5. The Provider cannot be held liable in any way with regard to any and all damages, suits or proceedings, losses, expenses or (legal) costs incurred or suffered by the Customer as a result of the use of Comtech Solutions Limited by the Customer (except in relation to an alleged breach by Comtech Solutions Limited on third party intellectual property rights, as set out in Section 4.1.4). The Customer shall compensate and hold harmless the Provider in respect of any and all damages, suits or proceedings, losses, expenses or (legal) costs incurred or suffered by the Provider as a result of use of Comtech Solutions Limited and (if applicable) the IP Rights by Customer or any security flaws in the Customer’s environment.

5. Modifications & alterations

5.1. The Customer acknowledges and agrees that the Provider may amend or modify these Terms and Conditions and/or the Comtech Solutions Limited application from time to time, based on objective circumstances and insights gained during the term of this Agreement, to reflect the continuous improvement of the Services, such as the addition of better features to Comtech Solutions Limited (each a “Modification”).
5.2. Modifications consisting of “updates” to Comtech Solutions Limited may include qualitative textual modifications to Comtech Solutions Limited, e.g. wording of the questions or certain items within Comtech Solutions Limited, qualitative functional updates to Comtech Solutions Limited applications which may impact usability, as well as quantitative adaptions. Updates to Comtech Solutions Limited are at the exclusive authority and privilege of the Provider.
5.3. The Provider will not make use of the Customer’s data in the Comtech Solutions Limited system for other purposes than providing the Services mentioned under this Agreement.
5.4. The Customer will be notified of a Modification through notifications or posts on the Provider website or through a form of direct communication from Provider to Customer.
5.5. If the Customer does not accept a Modification to the Terms and Conditions, it shall notify the Provider within fifteen (15) calendar days. The Parties shall try to reach an agreement in good faith. In case of failure to reach an agreement on the Modification to the Terms and Conditions proposed, the Customer shall be entitled to terminate the Agreement by respecting a one-month notice period. Any License Fees already paid for the running license period shall, however, not be refunded.
5.6. The Customer acknowledges that a Modification of Comtech Solutions Limited may have an adverse effect on its functionality. The Provider shall have no liability of any kind to the Customer or any user of Comtech Solutions Limited with respect to such Modifications or any adverse effects resulting from such Modifications to the extent that they do not materially affect the basic functionality as defined under this Agreement. Customer’s continued access to or use of Comtech Solutions Limited shall constitute a binding acceptance of the Modification(s).

6. Ownership

6.1. The Provider and its third party subcontractors/licensors own and retain all IP Rights in and to the Comtech Solutions Limited applications and other related Services, this includes but is not limited to the frameworks it has been built on, and/or any corrections, bug fixes, enhancements, updates, improvements, or modifications thereto. The Provider and its third-party subcontractor/licensor shall have the exclusive right to apply for or register any patents, trade mark rights, copyrights, and such other proprietary protections with respect thereto. The Customer acknowledges that the License granted under this Agreement does not provide it with any title or ownership to Comtech Solutions Limited or the frameworks it has been built on, but only a right of limited use under the terms and conditions of this Agreement

7. Fees

7.1. As consideration for the Services provided by the Provider, the Customer agrees to pay to the Provider the yearly License Fee upfront and (if applicable) the Services Fee as determined in the Quote. All fee amounts mentioned in the Quote, unless otherwise stated, do not include any value added tax or other taxes, which, if required by law, shall be added to the amount due and which shall be payable by the Customer to the Provider. Where applicable, the Customer shall be responsible for payment of all federal, state or local import, usage, value added, withholding or other taxes or duties associated with the provision of the Services, or which may be levied or based on the use of Comtech Solutions Limited. If the Provider is required to pay any such taxes or fees related to the License Fee and/or the Services Fee, the Customer agrees to promptly reimburse the Provider for any such taxes or duties payable by the Provider.
7.2. Details of the current License subscription and invoices are to be found on the Quote and can be viewed in the Comtech Solutions Limited applications.
7.3 The payment of all License subscription fees will be carried out during the onboarding process using the payment gateway on the Comtech Solutions Limited website. Stripe is the payment gateway used on the applications website and most major credit and debit cards are accepted, as well as PayPal. Once your card is used, Stripe retains your details, not Comtech Solutions Limited for an easy renewal process the following year.
7.4 Please read the Privacy Notice published by Stripe – accessible here – Privacy Policy (stripe.com)

8. Payment of the fees

8.1. All payments must be made in GBP as the primary currency accepted. Comtech Solutions Limited applications also accept all other major currencies, although the exchange rate cannot be guaranteed to be at market rate.
8.2. Unless otherwise provided in a Quote, all payments must be made during the onboarding process, unless special arrangements have been made to issue an invoice. Any fees paid upfront shall not be refundable. If an invoice is issued by Comtech Solutions Limited, any late payment by the Customer will be subject to a late payment interest by force of law and without the need for prior notice, calculated as from the day after the due date and at an interest rate of 10% per year. In the event that the Provider is compelled to start collection proceedings, an additional penalty equalling 10% on the principal amount outstanding, shall be payable by the Customer to the Provider.
8.3 All issued invoices for payment must be paid and have cleared the Comtech Solutions Limited Bank 21 days after the date shown on the issued invoice. An additional £35.00 administration fee will be added to the annual license fee for issuing invoices per Comtech Solutions Limited Account.
8.4. If the Customer is delinquent on a payment of fees for fifteen (15) days or more, the Provider may suspend its access to Comtech Solutions Limited. Complaints concerning invoices must be made in writing within thirty (30) days from the date of the invoice. Invoices will be sent by electronic delivery unless requested otherwise by the Customer.

9. Free trial, upgrading and downgrading terms

9.1. Subscriptions to the Services may begin with a free trial period during which the Customer can try out Comtech Solutions Limited applications for thirty (30) calendar days from the date of registration (“Free Trial Period”). When the Free Trial Period has ended, the Customer will only be able to continue using the Services by upgrading to a paid subscription plan. If the Customer does subscribe to a paid subscription plan, access to Comtech Solutions Limited will be blocked until an upgrade to a paid subscription plan is made.
9.2. Any upgrade or downgrade in plan level will result in the new rate being charged as from the next billing cycle. There will be no prorating for downgrades in between billing cycles.
9.3. Downgrading your subscription plan may cause the loss of features, loss of prior inputted information in certain parts of Comtech Solutions Limited applications or the number of End Users that have access to Comtech Solutions Limited (User Accounts). The Provider does not accept any liability for such loss.

10. Support

10.1. The Provider will provide the Customer with Documentation regarding Comtech Solutions Limited. This Documentation is to be considered by the Customer as its primary support tool.
10.2. In addition, the Provider will make available its email-based support services for Comtech Solutions Limited to assist in troubleshooting and answering questions of a specific nature regarding Comtech Solutions Limited. These support services will always be provided from within the UK or Jersey. For soliciting support from the Provider, the Customer shall appoint within its organisation one person of contact (and one replacement person of contact in the event that the primary person of contact is not available). All support queries and answers shall be channelled through the Customer’s person of contact. The Customer, in turn, represented by its appointed person of contact shall provide all support and/or technical assistance to its proper End Users regarding the use of Comtech Solutions Limited (including any issues related to the content of the tool). For the avoidance of doubt, The Provider shall not provide support and/or technical assistance directly to the Customer’s End Users.
10.3. Email support can be requested by the Customer via helpdesk@yourdatasafe.com. The Provider will use its best efforts to provide the Customer with the requested support within five (5) Business Days. Support shall be delivered during normal Business Hours. Any specific support and service levels beyond the standards set out above, may be the subject of specific terms and a support plan between the Parties, which shall then be added to this Agreement as a Quote.
In case of any issues with the system and only with the consent of the Customer, the Provider can make use of the Customer’s data in the system in order to reconstruct the problem and to be able to provide a suitable solution.

11. Publicity

11.1. Comtech Solutions Limited may include the Customer in its client list. In addition, Comtech Solutions Limited may publish a brief description of the delivered services and use the name, brand and logo of the Customer for publicity, sales purposes and PR activities. In no event, however, may the brief description result in a breach of the confidentiality obligation as defined in section 13.
11. Term, renewal, and termination
11.1. The Agreement enters into force as of the Effective Date and will be in full force and effect for an initial period of one (1) year or any other term as set forth in the Quote (“Initial Term”).
11.2. After the expiration of the Initial Term, the Agreement shall be automatically renewed each time for a new period of one (1) year (“Renewal Term”), unless one of the Parties notifies the other Party in writing of its desire to terminate the Agreement at least one (1) month prior to the expiration date of the Initial Term or current Renewal Term Agreement.
11.3. Annually upon the anniversary of the Agreement, the Provider reserves the right to unilaterally change the License Fee based on objective causes, such as prices increases by Provider’s suppliers, increases in prices of raw and other materials, increases of wages, social security charges, government-imposed costs, taxes, insurance premiums and other objective causes necessitating a price increase.
To this end, the Provider shall notify the Customer of the new License Fee at least one (1) calendar month before the anniversary of the Agreement in writing, by email or through a clear notification on the Comtech Solutions Limited platform.
Notwithstanding the above, the Customer may terminate the Agreement by written notice:

  • (i) At any time and for any reason, as long as such termination takes place at least fifteen (15) calendar days before expiration of the Initial Term or current Renewal Term. For the avoidance of doubt, in case of early termination pursuant to this Section 11.4 (i), the Customer shall not be entitled to a pro rata refund of any fees that have been paid upfront;
  • (ii) In the event Section 9 of the Data Processing Agreement between the Customer and Provider regarding a change of sub-processor(s) enters into force and the conditions, as determined therein, are met.

11.5. A Party may terminate this Agreement at any time with immediate effect, upon written notice to the other Party in the event that:

  • (i) the other Party commits a material breach of any of its obligations under this Agreement which breach is not capable of remedy, or which, if capable of remedy, is not remedied within thirty (30) calendar days after receiving written notice thereof;
  • (ii) a competent court ruled that the IP Rights are infringing upon the intellectual property rights of a third party and no work-around or license with the third party could be obtained by the Provider;
  • (iii) the other Party files a petition for bankruptcy or is otherwise insolvent and unable to pay its debts, enters into voluntary or judicial winding up and liquidation (except in the context of group restructuring or reorganisation where the activity is continued), applies for a judicial reorganisation or enters into a global arrangement with its creditors;
  • (iv) Force Majeure invoked by a Party that has continued for a period exceeding one (1) month and the Parties have not been able to reach an equitable solution; or
  • (v) the other Party ceases or threatens to cease to carry on its business.
  • Nothing in this Article shall prevent the Provider from seeking compensation for damage from the Customer in the event of breach by the Customer.

11.6. The Provider may terminate this Agreement at any time with immediate effect, without any termination compensation being due and without prejudice to the right of compensation, upon written notice to the Customer in the event that:

  • (i) A change of control occurs with respect to the Customer, meaning the direct or indirect change of ownership, i.e. the acquisition by a company, partnership or any other (legal) entity or a person of the Customer, whether by merger, consolidation, sale or otherwise, in one transaction or any related series of transactions, of control of the Customer, whereby control is defined as the (beneficial) ownership of any shares or other equity interest that represents fifty percent or more of the voting power of all such outstanding shares or equity interest of such company, partnership or any other (legal) entity.
    If the Customer commits an act of dishonesty, disloyalty or fraud with respect to the Provider, its business or the Services;
    Upon termination of this Agreement the Provider will return Customer’s data in a machine-readable format. Customer considers this format being self-explanatory for people with a certain knowledge of the system. If additional explanation or support is required, this will be provided by the Provider at the rate determined in the Quote.
    Upon termination of this Agreement, and without prejudice to any rights and remedies of Provider under applicable law, and except as otherwise provided herein, the Customer and its End Users are no longer entitled to use Comtech Solutions Limited and agrees to return to the Provider any Confidential Information in the Customer’s possession and shall provide – upon the first request of Provider – evidence of the disposal.
    All terms of this Agreement which, by their nature, are intended to survive termination of this Agreement will survive termination, including confidentiality obligations, ownership terms, limitations of liability and privacy and data protection terms, notwithstanding the expiration or termination of this Agreement for whatsoever reason.

12. Data Protection & Privacy

12.1. In the execution of this Agreement, the Customer and the Provider will adhere to Applicable Data Protection Law.
12.2. Except for certain specific modules, Comtech Solutions Limited has not been designed for the processing of personal data. Consequently, Comtech Solutions Limited will not actively look for any personal data that might have been uploaded and the Customer will refrain from doing so. Nonetheless, Comtech Solutions Limited has been set up in a manner compliant to the Applicable Data Protection Law.
12.3. In case Comtech Solutions Limited has been installed on premise at the Customer, the Customer will be responsible for adhering to the Applicable Data Protection Law. Provider thus presumes that the measures taken to that end are considered by the Customer as being sufficient.
12.4. The Customer acknowledges to have read and understood the Privacy Statement of the Provider for the processing of the Customer’s personal data (including but not limited to processing for contract management or billing purposes) within the meaning of the Applicable Data Protection Law.
12.5. Parties agree that the Customer shall comply with all obligations under Applicable Data Protection Law for the processing of personal data in its capacity of controller and, as the case may be, processor. Parties agree that the Provider acts as a data processor for the Customer in the context of the Services provided under this Agreement (i.e. the processing of personal data on behalf of the Customer in the context of Comtech Solutions Limited); to this extent the Customer has entered into a Data Processing Agreement with the Provider as set forth in Annex 1.

13. Confidentiality

13.1. Each Party agrees to maintain secret and confidential all Confidential Information that it may acquire from the other Party in the course of this Agreement.
13.2. The Parties may disclose such Confidential Information only to those of their Representatives who need to know such information in order to enable the respective Parties to perform their obligations under this Agreement.
13.3. Each Party shall ensure that all its Representatives who have access to any information of the other Party shall be made aware of and be subject to the same obligation of confidentiality.
13.4. If there is any unauthorized access to, disclosure or loss of, or inability to account for, any Confidential Information of the disclosing Party, the receiving Party will promptly (i) notify the disclosing Party in writing; (ii) take such actions as may be necessary or reasonably requested by the disclosing Party to minimize the disclosure or loss; and (iii) cooperate in all reasonable respects with the disclosing Party to minimize the impact of the disclosure or loss and any damage resulting therefrom.
13.5. The Provider can disclose data stored in the system to the data protection authority or another judicial authority in context of an investigation. Data will only be disclosed upon the Customer’s consent, unless this is prevented by the secrecy of the investigation.
13.6. The provisions of this Section 13 shall survive after the termination of this Agreement and continue for a period of seven (7) years after its termination.

14. Data storage and hosting

14.1. Comtech Solutions Limited has adopted state of the art security controls and practices for the systems used for processing (personal) data, designed to protect the confidentiality, integrity, and availability of the Customer’s content. However, zero-day exploits are hard to detect. Therefore, the Customer has the obligation to report any potentially suspicious behaviour of the system to the Provider without undue delay after becoming aware of it. Such reports can be made at any time via helpdesk@yourdatasafe.com.
14.2. Comtech Solutions Limited servers are hosted in a data centre operated by a vendor located within the EEA. Comtech Solutions Limited maintains complete administrative control over the servers and no third parties have logical access to the Customer’s data. Only in the event of maintenance, updates and upgrades to the application or its dependencies, Customer data can be visible by third parties assisting in this process. With these third parties, agreements are in place to safeguard the confidentiality of any information that might be visible to this third party.

15. Force Majeure

15.1. Parties are not liable for any shortcomings in the performance of any obligation caused by Force Majeure.
15.2. If an event of Force Majeure occurs, performance of the Parties’ obligations under this Agreement which are affected by the Force Majeure shall be suspended for the duration of the event of Force Majeure and the period of performance shall be automatically extended, without penalty, for a period equal to the suspension.
15.3. The Party claiming Force Majeure shall promptly inform the other Party to this effect in writing, explaining its reasons for doing so.
15.4. If an event of Force Majeure occurs, the Parties shall immediately consult with one another with a view to finding an equitable solution and shall use all reasonable efforts to minimise the consequence of the occurrence. If the conditions of Force Majeure prevail for more than one (1) month and the Parties have been unable to reach an equitable solution, the other Party shall have the right, pursuant to Section 11.5 (iv) of these Terms and Conditions, to terminate the Agreement.

16. Change of Circumstances

16.1. In the event of a Change Of Circumstances the Provider is entitled, without giving rise to compensation, to suspend the performance of the Agreement and to request the Customer to renegotiate the conditions under which the performance of the Agreement will continue. If the Customer does not participate in good faith in these renegotiations or no agreement is reached within two (2) months from the start of negotiations, the Provider concerned may at its option (i) request the competent court to establish new contract terms or (ii) unilaterally and extrajudicially terminate the Agreement with immediate effect.

17. Full Agreement

This Agreement contains the entire agreement between the Parties in relation to its subject matter and replace and supersede all prior negotiations and agreements.

18. Assignment

The Customer may not assign its rights or obligations under this Agreement in whole or in part to any third party without the prior approval of the Provider.

19. No waiver

Failure to claim a right or impose a penalty by either Party shall not be construed as a waiver of that right.

20. Notifications

Notifications intended for the purposes of exercising rights and obligations arising from this Agreement shall be (i) in writing; (ii) delivered to the Parties at the address of their respective registered offices (unless changed by either Party upon written notice to the other Party), and (ii) effective upon receipt.

21. Conflict of terms

Except as otherwise explicitly provided in this Agreement or an Annex to this Agreement, in case of conflict or inconsistency between a provision in these Terms and Conditions and a provision in an Annex, the provision in the Annex shall prevail and control.

22. Severability

If any provision of this these Terms and Conditions is held by a court of competent jurisdiction to be invalid or unenforceable, that provision shall be modified by the Parties and interpreted so as to best accomplish the original provision to the fullest extent permitted by law, the other provisions will remain in full force.

23. Signature in counterparts

Counterpart signature pages to this Agreement transmitted by electronic mail in portable document format (“PDF”), or by any other electronic means intended to preserve the original graphic and pictorial appearance of a document, will have the same effect as physical delivery of the paper document bearing an original signature.

24. Governing Law and Jurisdiction

24.1. This Agreement will be governed by and construed in accordance with the laws of the England, Wales and Northern Ireland.
24.2. All disputes arising out of or in connection with this Agreement which cannot be solved amicably, shall be exclusively brought before the courts of England, Wales and Northern Ireland.

Annex 1: Data Processing Agreement

Considerations
Within the context of the performance of the Agreement, the Provider shall have access to Personal Data (as defined hereinafter) and/or will have to process these Personal Data, for which the Customer is responsible in accordance with the Applicable Data Protection Law. The Customer determines the purposes and means of the processing of Personal Data, while the Provider processes Personal Data on behalf of the Customer.
Through this Data Processing Agreement Parties wish to determine in writing their mutual agreements with regard to (i) managing, securing and/or processing of such personal data and (ii) Parties’ obligation to comply with the Applicable Data Protection Law.
In this Data Processing Agreement the Customer is considered as the Controller, and hereinafter referred to as “Controller”, whereas the Provider is considered as the Processor, hereinafter referred to as “Processor”, both within the meaning of the Applicable Data Protection Law. The Controller and the Processor will be referred together as the “Parties” and individually as a “Party” hereafter.

Article 1: Definitions

1.1. For the purpose of this Data Processing Agreement, the following definitions apply, next to those already defined in the Terms and Conditions,:

  • a) “Data Subject” shall mean an identified or identifiable natural person;
  • b) “Personal Data” shall mean all information relating to a Data Subject;
  • c) “Personal Data Breach” shall mean an unauthorized disclosure, access, abuse, loss, theft or accidental or unlawful destruction of Personal Data, which are Processed by the Processor on behalf of the Controller;
  • d) “Process/Processing” shall mean any operation or set of operations which is performed upon Personal Data or sets of Personal Data, whether or not by automated means, including, but not limited to: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data;
  • e) “Security Measures” shall mean the appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including measures aimed at protecting Personal Data against a Personal Data Breach;
  • f) “Services” shall mean all services performed by the Processor to the Controller in accordance with the Agreement implying the Processing of Personal Data by the Processor;
  • g) “Sub-processor” shall mean any processor engaged as a subcontractor by the Processor and who agrees to process Personal Data for and on behalf of the Controller in accordance with this Data Processing Agreement;
  • h) “Third Party” shall mean any party who is not: a Data Subject, Controller, Processor or Sub-processor under this Data Processing Agreement or a person who is authorised to process Personal Data under the direct authority of the Controller or Processor;

1.2. Any other terms used but not defined hereunder will have the same meaning as in the Agreement or Applicable Data Protection Law (as appropriate).

Article 2: Object of the Processing

2.1. As a consequence of making use of the Services of the Processor, the latter shall Process Personal Data as collected by the Controller.
2.2. The Processor shall Process the Personal Data in a proper and careful way and in accordance with the Applicable Data Protection Law, the Agreement and this Data Protection Agreement.
More specifically, the Processor shall – during the performance of the Agreement – provide all its know-how in order to perform the Services according to the rules of art, as it fits a specialized and ‘good’ processor.
2.3. Nonetheless, the Processor shall only Process the Personal Data upon request of the Controller and in accordance with its instructions, as described hereunder, unless any legislation states otherwise:

Processing Activities.

The Processing carried out by the Processor in the name and on behalf of the Controller relates to the Services performed by the Processor and consists amongst others of:
Registration, storage and management of End User names/profiles or groups for use of the Services;
Processing answers and reporting scores of End Users;
Sending emails/notifications (e.g. to End Users).
Categories of Personal Data and Data Subjects.
End Users (Users of the Comtech Solutions Limited application itself)
First Name
Last Name
Email Address
Active Department
Login credentials
User Logging (Last Sign In, role changes, Creation date…) (For accountability purposes and to show to Admins in Configuration – User Management)
User Role within Comtech Solutions Limited (Admin, Management Lead, Process Champion, CxO and/or Experience Center)
Specific permissions within Comtech Solutions Limited (Ex. Access as management lead to certain Sub-modules of Comtech Solutions Limited)
Responsibilities of a user within the Organization related to Privacy and Security Compliance (ex. Responsible to review Processing activities, Legal Advices…)
Details of the Data Subjects of the Controller (ex. Controllers’ Clients, Members, Employees…) (Specific for the “Data Subject Rights” Module)
Potentially a Full Name or (preferably) a pseudonymised identifier of the Controllers’ Data Subject the request originates from (Ex. Employee 1367 or Employee John Doe…)
Controller can upload files of all possible filetypes. These can potentially contain personal identifiers of the Controllers’ Data Subjects. (Full Name, Internal ID, Email address and/or Phone number)
Related Licensee contractors (not personal data)
Contact person details (ex. contact person within company that supplies software package…)
Name and location of the third-party contractor

Purpose of the Processing

Personal Data shall only be processed by the Provider in its capacity of Processor, in light of the purposes which are determined in this Data Processing Agreement and Agreement.
2.4. The Controller owns and retains full control concerning (i) the Processing of Personal Data, (ii), the types of Personal Data Processed, (iii), the purpose of Processing and (iv) the fact whether such Processing is proportionate (non-limitative).
2.5. Moreover, the Controller shall be solely responsible to comply with all (legal) obligations in its capacity as Controller (such as but not limited to the period) and shall have the sole responsibility for the accuracy, quality, and legality of the Personal Data, disclosed to the Processor in the performance of the Agreement, and the means by which it acquired such Personal Data.
2.6. The responsibility and control concerning the Personal Data, subject to this Data Processing Agreement, shall thus never be vested with the Processor.

Article 3: Duration of the processing

3.1. This Data Processing Agreement lasts as long as the Processor Processes Personal Data on behalf of the Controller as part of the Agreement. If the Agreement comes to an end, this Data Processing Agreement will also come automatically to an end.
3.2. In case of a serious violation of this Data Processing Agreement or the applicable provisions of the Applicable Data Protection Law, the Controller may order the Processor to stop the Processing of Personal Data with immediate effect. In such a case, Parties will discuss in good faith to either suspend or terminate the Data Processing Agreement.
3.3. In the event of termination of the Data Processing Agreement, for whatever cause, or if the Personal Data are no longer relevant for the provision of the Services, the Processor will, at the decision of the Controller, within a reasonable delay, delete all Personal Data or return it to the Controller and delete existing copies, unless any applicable law requires storage of the Personal Data.
3.4. The provisions of this Data Processing Agreement as intended by the Parties or those provisions which by their nature should survive termination of the Agreement shall hereafter remain in effect (such as but not limited to Sections 16 and 17).

Article 4: CONTROLLER’S instructions

4.1. The Processor processes the Personal Data only on the documented instructions of the Controller to perform the Services in accordance with the Agreement and the Data Processing Agreement. The Processor shall not further process the Personal Data subject to the Agreement in a manner which is incompatible with these instructions and the provisions laid down in the Agreement, unless required to do so by any law or regulation to which Processor is subject; in such a case, the Processor shall inform the Controller of that legal requirement before Processing, unless that law prohibits such notification on important grounds of public interest.
4.2. The Processor shall be consulted before any changes are made to the instructions. Changes in instructions affecting the Agreement and this Data Processing Agreement must be mutually agreed upon by both Parties.

Article 5: Information Obligations

5.1. The Processor shall provide the Controller, upon its written request, with the following information:
All relevant details regarding its own corporate structure, as well as accurate and up-to-date identifying information on all of Processor’s entities involved in the Processing of Personal Data, including the location of their main establishment;
A list of the current Sub-processors including the location of its main establishment as well as the aspects of the Processing for which the Processor relies on the Services of a Sub-processor.
Geographical details of processing locations, including back-up and redundancy facilities, and;
The physical, organisational, technical Security Measures that the Processor has implemented, as set out in Article 11 of this Data Processing Agreement.

Article 6: PROCESSOR’S obligations

6.1. To the extent required by Applicable Data Protection Law, the Processor shall handle all reasonable requests of the Controller concerning the processing of Personal Data related to this Data Processing Agreement, immediately or within a reasonable time (pursuant to the legal obligations defined in the GDPR) and in a proper manner.
6.2. The Processor guarantees that there are no obligations that arise from any applicable legislation that make it impossible to comply with the obligations of this Data Processing Agreement.
6.3. The Processor undertakes to not process Personal Data on behalf of the Controller for another purpose than the performance of the Services and the compliance with the responsibilities of this Data Processing Agreement in accordance with the documented instructions of the Controller; if the Processor, for any reason, cannot comply with this requirement, he shall notify the Controller without delay thereabout.
6.4. The Processor shall notify the Controller without delay if it is of the opinion that an instruction from the Controller violates Applicable Data Protection Law.
6.5. The Processor shall ensure that the Personal Data is only disclosed to the persons who needs it to perform the Services in accordance with the principle of proportionality and the ‘need-to-know’ principle (meaning data is only provided to those persons that need to have the Personal Data to execute the Services as determined in the Agreement and this Data Processing Agreement).
6.6. The Processor shall undertake to not disclose Personal Data to other persons than the staff or appointees of the Controller who need the Personal Data to comply with the obligations of this Data Processing Agreement and ensures that persons authorised to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

Article 7: CONTROLLER’S obligations

7.1. The Controller shall render all assistance needed and shall cooperate in good faith with the Processor in order to ensure that all Processing of Personal Data complies with the requirements of the Applicable Data Protection Law and particularly with the principles relating to Processing of Personal Data.
7.2. The Controller shall agree with the Processor on appropriate communication channels in order to ensure that instructions, directions and other communications regarding Personal Data that are processed by the Processor on behalf of the Controller is well received between the Parties. The Controller shall notify the Processor of the identity of the single point of contact at the Controller that the Processor is required to contact in application of this Article 8.2 of this Data Processing Agreement. Non-written instructions (e.g. oral instructions by phone or in person) always have to be confirmed in writing.
7.3. The Controller warrants that it shall not issue any instructions, directions or requests to the Processor, which do not comply with the provisions of applicable law, including but not limited to Applicable Data Protection Law.
7.4. The Controller shall render the assistance needed for the Processor and/or its Sub-processor(s) to comply with a request, order, inquiry or subpoena directed at the Processor or its Sub-processor(s) by a competent national governmental or judicial authority.
7.5. The Controller warrants that it shall not issue instructions, directions or requests to the Processor which would require the Processor and/or its Sub-processor(s) to violate any obligations imposed by applicable mandatory national law (including but not limited to Applicable Data Protection Law) to which the Processor and/or its Sub-processor(s) are subject.
7.6. The Controller warrants that it shall cooperate in good faith with the Processor in order to mitigate the adverse effects of a security incident impacting Personal Data processed by the Processor and/or its Sub-processor(s) on behalf of the Controller.

Article 8: The use of Sub-processors

8.1. The Processor has the right to engage another processor (Sub-processor) provided that this Sub-processor can ensure the implementation of similar technical and organisational measures as provided by the Processor under this Data Processing Agreement and within the limits of the Applicable Data Protection Law.
8.2. The same data protection obligations as set out in this Data Processing Agreement between the Controller and the Processor shall be imposed on that Sub-processor by way of a contract or other legal act, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Applicable Data Protection Law. Where that Sub-processor fails to fulfil its data protection obligations, the Processor shall remain fully liable to the Controller for the performance of the Sub- processor’s obligations.
8.3. The Processor undertakes to inform the Controller of intended changes concerning the addition or replacement of other Sub-processors, thereby giving the Controller the opportunity to object to such changes.
If the Controller wishes to exercise its right to object, the Controller shall notify the Processor in writing at latest in a reasoned and documented manner within fifteen (15) calendar days upon receipt of Processor’s notice. If the Controller does not object during this period, the new Sub-processor shall be deemed accepted. The Processor shall make reasonable efforts to address or resolve any reasonable Controller’s objection.
8.4. If the Processor is not able to address or resolve the Controller’s objection within a reasonable period (which shall not exceed thirty (30) calendar days following the objection of the Controller), the Controller may terminate the Agreement by providing written notice thereof within a reasonable time or choose to consent with the addition of the Sub-processor.
8.5. As part of this Data Processing Agreement the Processor makes use of, amongst others, the following Sub-processors in order to ensure the performance of the Services:

  • Critical Media – Support and .Net development of Comtech Solutions Limited Applications.
  • Propelfwd – Data Protection, ePrivacy and PECR guidance.
  • Azure – Platform and data hosting and storage solution.
  • Microsoft – Cloud storage solution.
  • Stripe – Payment gateway for applications.
  • Zendesk – support and helpdesk ticketing solution.
  • WordPress – website platform
    • The Processor has entered into a data processing agreement with these Sub-processors, containing at least the same obligations as set forth in this Data Processing Agreement.

      Article 9: Rights of the Data Subjects

      9.1. To the extent the Controller – in its use of the Services – does not have the ability to correct, amend, block or delete Personal Data, as required by the Applicable Data Protection Law, the Processor shall – to the extent it is legally permitted to do so – comply with any commercially reasonable request by the Controller to facilitate such actions.
      To the extent legally permitted, the Controller shall be responsible for any costs arising from the Processor’s provision of such assistance.
      9.2. The Processor shall, to the extent legally permitted, promptly notify the Controller if it receives a request from a Data Subject for access to, correction, amendment or deletion of that Data Subject’s Personal Data. The Processor shall, however, not respond to any such Data Subject request without Controller’s prior written consent except to confirm that the request relates to the Controller to which the Controller hereby agrees.
      The Processor shall provide the Controller with commercially reasonable cooperation and assistance in relation to the handling of a Data Subject’s request for access to that person’s Personal Data, to the extent legally permitted and to the extent the Controller does not have access to such Personal Data through its use of the Services.
      To the extent legally permitted, the Controller shall be responsible for any costs arising from the Processor’s provision of such assistance.

      Article 10: Security Measures

      10.1. Throughout the term of the Agreement, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Processor implements all reasonable measures required to ensure a level of security appropriate to the risk.
      10.2. In assessing the appropriate level of security, account was taken in particular of the risks that are presented by Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise Processed.
      10.3. The Processor has implemented, amongst others, but not limiting to, the following general (physical) technical and organisational security measures:

      • Comtech Solutions Limited employees and our third-party processors have been made aware of how to handle personal data in the event of providing support, troubleshooting potential issues, upgrading the application and any other activities that might require or allows them to have access to the personal data and company information that is being processed by Comtech Solutions Limited.
      • All builds that are deployed to the production environment have been front-end tested by internal Comtech Solutions Limited testers.
      • All environments (Development, Acceptance, Demo and production) are completely separated from one another (different server infrastructure, databases…). No data is at any point in time copied from the production environment to any other environment. For testing purposes, only generated data is used.
      • Each part of the Comtech Solutions Limited application that is open to the public (available via the internet) is protected by a separate VPS that acts as Firewall, Load balancer and is in charge of providing a secure SSL connection to the Comtech Solutions Limited Application. (Edge Gateway)
      • Direct server (VPS) access is done over SSH and is protected by using personal certificates. This level of “root” access is also strictly limited to users of our staff that requires this access.
      • Continuity on the production environment of Comtech Solutions Limited is guaranteed by a constant warm back-up solution that can take over from independent (failing) servers (Clustering). This solution is kept in sync constantly with minimal downtime and data loss. Additionally, full application snapshots are created and stored for 7 days.
      • The following resources have a failover warm back-up component:
        o Application server (Additional full Application snapshot two times daily)
        o Database (Additional full back-ups two times daily with a retention of 7 days)
        o Authentication server (Additional full Application snapshot two times daily)
      • Comtech Solutions Limited is a multi-tenant environment (One application, one login page, multiple customers) with “Tenants” that are logically separated from one another (based on the user that signs-in to the application)
      • User Accounts are managed in a by Comtech Solutions Limited maintained open-source identity and access management solution. For all user accounts, a strict default password policy is enforced:
        o Password length: between 10 and 20 characters
        o b) Capitals: At least 1
        o c) Numbers: At least 1
        o d) Special Character: At least 1
      • New user account temporary details are provided via email, but the user is forced to set a personal password upon first login to Comtech Solutions Limited.
      • Two-factor authentication by use of any standard authenticator apps can be enabled for your own user account and can be enforced (as admin) for other user accounts.
      • Back-end administrator portals for management are available on uncommon URL’s and have brute force prevention enabled. 5 failed login attempts in 2 minutes will block the admin account for 2 minutes.

      Article 11: Audit

      11.1. The Processor makes available to the Controller all information necessary to demonstrate compliance with the obligations laid down in this Data Processing Agreement, and allows for and contributes to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.
      11.2. This right to audit shall not be used more than one time per calendar year, unless the Controller and/or a competent public supervisory authority has reasonable grounds to assume that the Processor acts in conflict with this Data Processing Agreement and/or the provisions of Applicable Data Protection Law.
      11.3. In any the case the right to audit shall only be performed on Business Days during normal Business Hours of the Processor and shall not unreasonably intervene with the Processor’s normal daily functioning and business operations.
      11.4. If there is agreement between the Processor and the Controller on a material shortcoming in the compliance with Applicable Data Protection Law and/or the Data Processing Agreement, as revealed in the audit, the Processor shall recover this failure as soon as possible. The Parties can agree to have a plan in place, including a timescale to implement this plan, to respond to the shortcomings revealed in the audit.
      11.5. The Controller will bear the costs of any performed audit in the meaning of this article. Although, when the audit has revealed that the Processor is manifestly not compliant to the Applicable Data Protection Law and/or the provisions of this Data Processing Agreement, the Processor shall bear the costs of such audit.
      11.6. Assistance by Processor in the context of this audit will be charged at the proposed daily rate specified in the Quote for additional support. It is also possible for the Controller to perform a joint audit (together with other clients) in order to reduce costs.

      Article 13: Transfer outside the EEA or UK (as applicable)

      13.1. The Processor does by default not transfer or store any information within the Comtech Solutions Limited application outside of the European Economic Area (EEA). All resources running Comtech Solutions Limited are located in Belgium or The Netherlands.
      13.2. If necessary to comply with the obligations of this or a separate Agreement between the Parties, Parties agree that Personal Data can only be transferred to and/or kept with a recipient outside the European Economic Area (EEA) or the United Kingdom (UK) where the Parties have taken such measures to ensure the data transfer is in compliance with Applicable Data Protection Law. Such measures may include (without limitation) transferring the Personal Data to a recipient in a country that the European Commission and/or the UK Secretary of State (as applicable) has decided provides adequate protection of personal data, or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission and/or UK Secretary of State or UK Information Commissioner (as applicable) or binding corporate rules, adherence to an approved code of conduct, certification mechanisms, or any other appropriate measures as determined by the Applicable Data Protection Law.
      Article 13: Transfer to Third Parties

      13.1. All information received by the Processor from the Controller is subject to an obligation of confidentiality when it comes to transfers of this Personal Data to Third Parties.
      13.2. This obligation of confidentiality does not apply in so far as the Controller has given his prior explicit consent to provide information to listed Third Parties or if the transfer of this data to Third Parties is necessary to comply with the Agreement between the Parties.

      13.3. The obligation of confidentiality shall also not apply if the Processor is required by law to provide the information to a Third Party. If the Processor is in doubt as to whether it is permitted to provide information to Third Parties, it shall consult the Controller prior to the transfer
      13.4. After termination of this Agreement, this obligation of confidentiality shall continue to apply as long as the Personal Data of the Controller is still processed in any way by the Processor

      Article 14: Data Breach Notification

      14.1. The Processor shall fully and within a reasonable term after detecting a (potential) Personal Data Breach inform the Controller about:

      • 1. The time the Persona Data Breach started,
      • 2. The nature and extent of the Personal Data Breach,
      • 3. The service and/or part of the service at which the Personal Data Breach occurred,
      • 4. The nature and extent of the data files involved,
      • 5. The impact of the Personal Data Breach and the associated risk analysis of the expanding effect thereof,
      • 6. The expected recovery time of the Comtech Solutions Limited service,
      • 7. Which measures have been taken (or are proposed to be taken) to mitigate the Personal Data Breach.
      • 8. Which measures have been taken (or will be taken) to prevent such Persona Data Breaches in the future.

      14.2. The Processor shall be prohibited, whether or not in the context of a Personal Data Breach, from communicating directly with the Controllers’ Data Subjects and/or report the Personal Data Breach to the competent public supervisory authorities in name of the Controller, other than on the express written instruction of the Controller, or with his explicit consent.

      Article 15: Intellectual Property Rights

      15.1. All intellectual property rights as regards to the Personal Data and as regards to the databases which contain these Personal Data are reserved to the Controller, unless otherwise contractually agreed upon between the Parties.

      Article 16: Liability

      16.1. Without prejudice to the provision in this regard set forth in the Agreement, the Processor is liable for the damage caused by processing only where it has not complied with the obligations of the Applicable Data Protection Law specifically directed to processors or where it has acted outside or contrary to lawful instructions of the Controller.
      16.2. The Processor shall in no case be liable if it proves that it is not responsible for the event giving rise to the damage.
      16.3. If it appears that both the Controller and the Processor are responsible for the damage caused by the processing of Personal Data, both Parties shall be liable and pay damages, in accordance with their individual share in the responsibility for the damage caused by the Processing.

Centralise your governance data
today