TERMS & CONDITIONS
Welcome to the terms & conditions for Scan & Click Limited (also known by it's trading name of Scan+Click and Scan & Click). Scan & Click has its registered address at 12 Fisher Green, Honley, Holmfirth, England, HD9 6GU and is a limited company registered in England and Wales, no. 12747559. We are registered with the UK Information Commissioner's Office (ICO), no. CSN1172291.
Our website is operated by Scan & Click Limited, trading as Scan & Click and Scan+Click. Throughout the terms "we", "us" and "our" refer to Scan & Click. Scan & Click offers our website, including all information, tools and services available from the website to you, the user, conditioned upon your acceptance of all terms, conditions, policies and notices stated here.
By visiting our website and/or purchasing something from us, you engage in our "Service" and agree to be bound by the following terms and conditions ("Terms of Service", "Terms"), including those additional terms and conditions and policies referenced herein above and below and/or available by hyperlink. These Terms of Service apply to all users of the site, including without limitation users who are browsers, vendors, customers, merchants, and/ or contributors of content.
Please read these Terms of Service carefully before accessing or using our website. By accessing or using any part of the site, you agree to be bound by these Terms of Service. If you do not agree to all the terms and conditions of this agreement, then you may not access the website or use any services. If these Terms of Service are considered an offer, acceptance is expressly limited to these Terms of Service.
Any new features or tools which are added to the current store shall also be subject to the Terms of Service. You can review the most current version of the Terms of Service at any time on this page. We reserve the right to update, change or replace any part of these Terms of Service by posting updates and/or changes to our website. It is your responsibility to check this page periodically for changes. Your continued use of or access to the website following the posting of any changes constitutes acceptance of those changes.
SECTION 1 - ONLINE STORE TERMS
By agreeing to these Terms of Service, you represent that you are at least the age of majority in your country, state or province of residence.
You may not use our services or products for any illegal or unauthorized purpose nor may you, in the use of the Service, violate any laws or regulations in your or our jurisdiction (including but not limited to copyright laws and spam and data protection regulations).
You must not transmit any spam, worms or viruses or any code of a destructive nature.
A breach or violation of any of the Terms will result in an immediate termination of your Services with no recourse to a refund of payments made for any services or products.
SECTION 2 - GENERAL CONDITIONS
We reserve the right to refuse our service or product to anyone for any reason at any time.
You understand that your content (not including credit card information), may be transferred unencrypted and involve (a) transmissions over various networks; and (b) changes to conform and adapt to technical requirements of connecting networks or devices. Credit card information is always encrypted during transfer over networks.
You agree not to reproduce, duplicate, copy, sell, resell or exploit any portion of the Service, use of the Service, or access to the Service or any contact on the website through which the Service is provided, without express written permission by us.
The headings used in this agreement are included for convenience only and will not limit or otherwise affect these Terms.
SECTION 3 - ACCURACY, COMPLETENESS AND TIMELINESS OF INFORMATION
We are not responsible if information made available on this site is not accurate, complete or current. The material on this site is provided for general information only and should not be relied upon or used as the sole basis for making decisions without consulting primary, more accurate, more complete or more timely sources of information. Any reliance on the material on this site is at your own risk.
This site may contain certain historical information. Historical information, necessarily, is not current and is provided for your reference only. We reserve the right to modify the contents of this site at any time, but we have no obligation to update any information on our site. You agree that it is your responsibility to monitor changes to our site.
SECTION 4 - MODIFICATIONS TO THE SERVICE AND PRICES
Prices for our services and products are subject to change without notice.
We reserve the right at any time to modify or discontinue the Service (or any part or content thereof) without notice at any time.
We shall not be liable to you or to any third-party for any modification, price change, suspension or discontinuance of the Service.
For the purposes of clarity, the initial purchase price may include access to a number of cloud-based and mobile app services for an initial period (for example 1 month or 1 or 2 years). Access to and use of these services after the initial period may be subject to a further monthly or annual charge at a price that will be communicated on our website or that can be obtained by contacting Scan & Click at any time.
SECTION 5 - PRODUCTS OR SERVICES (if applicable)
Certain products or services may be available exclusively online through the website.
We have made every effort to display as accurately as possible the colors and images of our products that appear at the store. We cannot guarantee that your computer monitor's display of any color will be accurate.
We reserve the right, but are not obligated, to limit the sales of our products or Services to any person, geographic region or jurisdiction. We may exercise this right on a case-by-case basis. We reserve the right to limit the quantities of any products or services that we offer. All descriptions of products or product pricing are subject to change at anytime without notice, at the sole discretion of us. We reserve the right to discontinue any product at any time. Any offer for any product or service made on this site is void where prohibited.
We do not warrant that the quality of any products, services, information, or other material purchased or obtained by you will meet your expectations, or that any errors in the Service will be corrected.
SECTION 6 - ACCURACY OF BILLING AND ACCOUNT INFORMATION
We reserve the right to refuse any order you place with us. We may, in our sole discretion, limit or cancel quantities purchased per person, per household, per company or per order. These restrictions may include orders placed by or under the same customer account, the same credit card, and/or orders that use the same billing and/or shipping address. In the event that we make a change to or cancel an order, we may attempt to notify you by contacting the email and/or billing address/phone number provided at the time the order was made. We reserve the right to limit or prohibit orders that, in our sole judgment, appear to be placed by dealers, resellers or distributors.
You agree to provide current, complete and accurate purchase and account information for all purchases made at our store. You agree to promptly update your account and other information, including your email address and credit card numbers and expiration dates, so that we can complete your transactions and contact you as needed.
SECTION 7 - OPTIONAL TOOLS
We may provide you with access to third-party tools, over which we neither monitor nor have any control nor input. You acknowledge and agree that we provide access to such tools "as is" and "as available" without any warranties, representations or conditions of any kind and without any endorsement. We shall have no liability whatsoever arising from or relating to your use of optional third-party tools. Any use by you of optional tools offered through the site is entirely at your own risk and discretion. You should ensure that you are familiar with and approve of the terms on which tools are provided by the relevant third-party provider(s).
We may also, in the future, offer new services and/or features through the website (including, the release of new tools and resources). Such new features and/or services shall also be subject to these Terms of Service.
SECTION 8 - THIRD-PARTY LINKS
Certain content, products and services available via our Service may include materials from third-parties.
Third-party links on this site may direct you to third-party websites that are not affiliated with us. We are not responsible for examining or evaluating the content or accuracy and we do not warrant and will not have any liability or responsibility for any third-party materials or websites, or for any other materials, products, or services of third-parties.
We are not liable for any harm or damages related to the purchase or use of goods, services, resources, content, or any other transactions made in connection with any third-party websites. Please review carefully the third-party's policies and practices and make sure you understand them before you engage in any transaction. Complaints, claims, concerns, or questions regarding third-party products should be directed to the third-party.
SECTION 9 - USER COMMENTS, FEEDBACK AND OTHER SUBMISSIONS
If, at our request, you send certain specific submissions (for example contest entries) or without a request from us you send creative ideas, suggestions, proposals, plans, or other materials, whether online, by email, by postal mail, or otherwise (collectively, 'comments'), you agree that we may, at any time, without restriction, edit, copy, publish, distribute, translate and otherwise use in any medium any comments that you forward to us. We are and shall be under no obligation (1) to maintain any comments in confidence; (2) to pay compensation for any comments; or (3) to respond to any comments.
We may, but have no obligation to, monitor, edit or remove content that we determine in our sole discretion are unlawful, offensive, threatening, libelous, defamatory, pornographic, obscene or otherwise objectionable or violates any party's intellectual property or these Terms of Service.
You agree that your comments or other content will not violate any right of any third-party, including copyright, trademark, privacy, personality or other personal or proprietary right. You further agree that your comments or other content will not contain libelous or otherwise unlawful, abusive or obscene material, or contain any computer virus or other malware that could in any way affect the operation of the Service or any related website. You may not use a false email address, pretend to be someone other than yourself, or otherwise mislead us or third-parties as to the origin of any comments or other content. You are solely responsible for any comments or other content you make and their accuracy. We take no responsibility and assume no liability for any comments or other content posted by you or any third-party.
SECTION 10 - PERSONAL INFORMATION
SECTION 11 - ERRORS, INACCURACIES AND OMISSIONS
Occasionally there may be information on our site or in the Service that contains typographical errors, inaccuracies or omissions that may relate to product descriptions, pricing, promotions, offers, product shipping charges, transit times and availability. We reserve the right to correct any errors, inaccuracies or omissions, and to change or update information or cancel orders if any information in the Service or on any related website is inaccurate at any time without prior notice (including after you have submitted your order).
We undertake no obligation to update, amend or clarify information in the Service or on any related website, including without limitation, pricing information, except as required by law. No specified update or refresh date applied in the Service or on any related website, should be taken to indicate that all information in the Service or on any related website has been modified or updated.
SECTION 12 - PROHIBITED USES
In addition to other prohibitions as set forth in the Terms of Service, you are prohibited from using our website or its content or any products or services obtained from us: (a) for any unlawful purpose; (b) to solicit others to perform or participate in any unlawful acts; (c) to violate any international, federal, provincial or state regulations, rules, laws, or local ordinances; (d) to infringe upon or violate our intellectual property rights or the intellectual property rights of others; (e) to harass, abuse, insult, harm, defame, slander, disparage, intimidate, or discriminate based on gender, sexual orientation, religion, ethnicity, race, age, national origin, or disability; (f) to submit false or misleading information; (g) to upload or transmit viruses or any other type of malicious code that will or may be used in any way that will affect the functionality or operation of the Service or of any related website, other websites, or the Internet; (h) to collect or track the personal information of others; (i) to spam, phish, pharm, pretext, spider, crawl, or scrape; (j) for any obscene or immoral purpose; or (k) to interfere with or circumvent the security features of the Service or any related website, other websites, or the Internet. We reserve the right to terminate your use of the Service or any related website for violating any of the prohibited uses.
If you purchase a besoke solution which requires your branding to be displayed within our smartphone apps, websites, web dashboards, or printed, then you grant Scan & Click permission to use your logo, branding and colours as necessary within the aforementioned locations. Scan & Click will first seek written or email approval from you prior to final publication or printing.
If you purchase a besoke solution which requires co-branding and the inclusion of the Scan & Click logo, the Scan & Click arrow, or other trademarks (whether registered or unregistered) such as but not limited to "Scan+Click" then you are permitted to use these but only in the context of promoting the Scan & Click solution, services or products and only whilst you remain a fee paying contractual client of Scan & Click. If you wish to re-produce these in any electronic, web or printed format then you are required to first seek written or email approval from a Scan & Click Director.
SECTION 13 - DISCLAIMER OF WARRANTIES; LIMITATION OF LIABILITY
We do not guarantee, represent or warrant that your use of any product or service obtained from us will be uninterrupted, timely, secure or error-free. We do not guarantee, represent or warrant that the results that may be obtained from the use of any product or service obtained from us will be accurate or reliable.
You expressly agree that your use of, or inability to use, the service is at your sole risk. The service and all products and services delivered to you through the service are (except as expressly stated by us) provided 'as is' and 'as available' for your use, without any representation, warranties or conditions of any kind, either express or implied, including all implied warranties or conditions of merchantability, merchantable quality, fitness for a particular purpose, durability, title, and non-infringement.
You accept full responsibility for ensuring that your usage of our services and products conforms to applicable laws, best practices, privacy requirements and regulations, including but not limited to the EU GDPR regulations. Where necessary you will acquire all appropriate user, permission and privacy consents from your users and customers before they use any services or products that you obtained from us and you accept full responsibility for any failure to do so.
In no case shall Scan & Click, our directors, officers, employees, affiliates, agents, contractors, interns, suppliers, service providers or licensors be liable for any injury, loss, claim, or any direct, indirect, incidental, punitive, special, or consequential damages of any kind, including, without limitation lost profits, lost revenue, lost savings, loss of data, replacement costs, or any similar damages, whether based in contract, tort (including negligence), strict liability or otherwise, arising from your use of any of the service or any products procured using the service, or for any other claim related in any way to your use of the service or any product, including, but not limited to, any errors or omissions in any content, or any loss or damage of any kind incurred as a result of the use of the service or any content (or product) posted, transmitted, or otherwise made available via the service, even if advised of their possibility. Because some states or jurisdictions do not allow the exclusion or the limitation of liability for consequential or incidental damages, in such states or jurisdictions, our liability shall be limited to the maximum extent permitted by law.
SECTION 14 - AFFILIATE AND REFERRAL PARTNER PROGRAMME If you optionally signup as an Affiliate (also known as a referral partner) then you agree to these Terms of Service in their entirety as well as these additional terms in this Section 14 and all terms as shown on or linked to from our affiliate tracking signup page.
Unless agreed beforehand in an addendum between Scan & Click and the affiliate the percentage level of commission offered to the affiliate for each available product or service will be emailed to the affiliate or as shown on our affiliate tracking signup page at the time of the affiliate signup on that same affiliate tracking signup page. Commissions offered are based on the customer paying the full advertised price for any product or service. If the customers pays less than the advertised price for any product or service then the amount of commission offered to the affiliate will be at the discretion of Scan & Click unless agreed beforehand in an addendum between Scan & Click and the affiliate. Commission will only be offered on cloud Saas accounts by new and existing customers that first visited the Scan & Click website via the affiliate's unique tracking link or coupon codes and less than 365 days before the purchase. The affiliate will not be entitled to any commission if the customer's first visit to the Scan & Click website is not via the affiliates unique tracking link or coupon codes. Unless agreed beforehand in an addendum between Scan & Click and the affiliate the affiliate will not be entitled to any commission on additional purchases or on subsequent renewal fees by the customer for access to our cloud Saas accounts, app-based services and tools after the first 365 days.
Affiliates are only entitled to commission on Scan & Click products and services purchased by a party that is un-related to the affiliate, apart from having been introduced to Scan & Click by the affiliate. The affiliate is not entitled to commission on Scan & Click products and services purchased by any party where the affiliate or their staff, colleagues, fellow company officers, contractors or other representatives have an interest. A Scan & Click customer may not signup as a Scan & Click affiliate as a means of obtaining an effective discount on Scan & Click products and services for themselves or parties to whom they are already connected.
Any earnings shown on our affiliate tracking pages are estimated and final figures will be confirmed by Scan & Click prior to payout. We will add VAT to commission payouts if you are registered for UK VAT and you provide us with a UK VAT invoice. The payout of commission to affiliate partners will be subject to a waiting period of at least 60 calendar days after each purchase is paid and received as cleared funds into Scan & Click's UK bank account. This requirement is to ensure that purchases made via the affiliate will not be subject to chargebacks by our payment processing partners or any 3rd party banks or other financial institutions. If a commission has already been paid to the affiliate and a subsequent chargeback is made, Scan & Click will be entitled to request full and immediate repayment of the commission from the affiliate and if this is not forthcoming within 7 days will use all legal means available to reclaim the commissions and all associated costs incured in recovering such commissions.
Unless agreed beforehand in an addendum between Scan & Click and the affiliate, no payouts will be made to the affiliate until the level of commission owed is a minimum of £100. Unless agreed beforehand in an addendum between Scan & Click and the affiliate a payout of commissions owed will be done a maximum of once per calendar month and will be transfered to the affiliate using Paypal.
SECTION 15 - INDEMNIFICATION
You agree to indemnify, defend and hold harmless Scan & Click and our parent, subsidiaries, affiliates, partners, officers, directors, agents, contractors, licensors, service providers, subcontractors, suppliers, interns and employees, harmless from any claim or demand, including reasonable attorneys' fees, made by any third-party due to or arising out of your breach of these Terms of Service or the documents they incorporate by reference, or your violation of any law or the rights of a third-party.
If you are not in the European Union you are fully responsible for all taxes and duty applicable when the goods enter your country and you agree that Scan & Click will not be responsible for payment of these.
SECTION 16 - SEVERABILITY
In the event that any provision of these Terms of Service is determined to be unlawful, void or unenforceable, such provision shall nonetheless be enforceable to the fullest extent permitted by applicable law, and the unenforceable portion shall be deemed to be severed from these Terms of Service, such determination shall not affect the validity and enforceability of any other remaining provisions.
SECTION 17 - TERMINATION
The obligations and liabilities of the parties incurred prior to the termination date shall survive the termination of this agreement for all purposes.
These Terms of Service are effective unless and until terminated by either you or us. You may terminate these Terms of Service at any time by notifying us that you no longer wish to use our Services, or when you cease using our site.
If in our sole judgment you fail, or we suspect that you have failed, to comply with any term or provision of these Terms of Service, we also may terminate this agreement at any time without notice and you will remain liable for all amounts due up to and including the date of termination; and/or accordingly may deny you access to our Services (or any part thereof).
SECTION 18 - ENTIRE AGREEMENT
The failure of us to exercise or enforce any right or provision of these Terms of Service shall not constitute a waiver of such right or provision.
These Terms of Service and any terms, policies or operating rules referenced by them or posted by us on this site or in respect to The Service constitutes the entire agreement and understanding between you and us and govern your use of the Service, superseding any prior or contemporaneous agreements, communications and proposals, whether oral or written, between you and us (including, but not limited to, any prior versions of the Terms of Service).
Any ambiguities in the interpretation of these Terms of Service shall not be construed against the drafting party.
SECTION 19 - GOVERNING LAW
These Terms of Service and any separate agreements whereby we provide you Services shall be governed by and construed in accordance with the laws of England.
SECTION 20 - CHANGES TO TERMS OF SERVICE
You can review the most current version of the Terms of Service at any time at this page.
We reserve the right, at our sole discretion, to update, change or replace any part of these Terms of Service by posting updates and changes to our website. It is your responsibility to check our website periodically for changes. Your continued use of or access to our website or the Service following the posting of any changes to these Terms of Service constitutes acceptance of those changes.
SECTION 21 - DATA PROCESSING AGREEMENT (DPA)
The Customer shall make available to Scan & Click and the Customer authorizes Scan & Click to process information including personal data for the provision of the Services under this Agreement. Both parties have agreed to enter into this Agreement including this Data Processing Agreement (also known herein as the DPA) to confirm the data protection provisions relating to their relationship and so as to meet the requirements of applicable privacy laws and regulations.
For the purposes of this DPA:
"Privacy Laws" mean any applicable law relating to data protection and security, including without limitation EU Data Protection Directive, Directive on privacy in electronic communications and General Data Protection Regulation and any amendments, replacements or renewals thereof (collectively the "EU Legislation"), all binding national laws implementing the EU Legislation and other binding data protection or data security directives, laws, regulations and rulings valid at the given time including any guidance and codes of practices issued by the applicable supervisory authority.
The terms "data controller", "data processor", "data subject", "personal data" "processing" and "appropriate technical and organisational measures" shall have the meanings given to them under applicable Privacy Laws.
2 Role of the Parties
The Parties understand that for the provision of the Services a distinction is made between two types of processing of personal data carried out by Scan & Click:
2.1 The provision of Services by Scan & Click to its Customers which may also be used by the Customer's users, customers, sales leads and ay other people; whereby Scan & Click will act as a Data Processor and agrees to comply with the respective obligations set out in this Agreement and in applicable Privacy Laws
2.2 The communication by Scan & Click with its Customers and potential Customers in order to communicate Services status and to discuss and offer new or additional Services; whereby Scan & Click will act as a Data Controller and agrees to comply with the respective obligations set out in this Agreement and in applicable Privacy Laws
3 Subject matter, nature and purpose of Scan & Click's processing of personal data
The subject matter, nature and purpose of the processing of personal data under this DPA is pursuant to this Agreement and as further instructed in writing by the Customer in its use of the Services, unless required to do so otherwise by Privacy Laws, in which case to the extent permitted by Privacy Laws, Scan & Click shall inform the Customer of this legal requirement prior to carrying out the processing. Scan & Click shall only collect or process personal data for the duration of this Agreement to the extent, and in such a manner, as is necessary for provision of the Services and in accordance with this Agreement and Privacy Laws applicable to Scan & Click in its role as data processor.
Scan & Click shall process personal data originating from and sent to a country located in the EU/EEA solely in countries situated in the EU/EEA and not cause any cross border transfer of personal data from a country situated in the EU/EEA to any country situated outside the EU/EEA unless personal data is transferred to a country approved by the European Commission as providing an adequate level of protection for personal data, the transfer is made pursuant to European Commission approved.
The processing of personal data will be carried out by Scan & Click for the duration of this Agreement unless otherwise agreed upon in writing.
Unless otherwise agreed upon in writing we may retain data and logs related to our Services for a period of up to 12 months after which we will delete it. We reserve the right to keep data and logs offline such that it is not instantly accessable by the Customer, but under normal circumstances would only look to do this with data and logs older than 6 months.
5 Type of personal data processed
The Customer may submit Customer personal data to the Services, the extent of which is determined and controlled by the Customer in its sole discretion, and which may include, but is not limited to the following categories of personal data:
- Contact information such as company, email, phone, physical address - First and last name - ID data - Title - Position - Employer - Connection data - Localisation data
6 Type of data subjects
The Customer may submit personal data to the Services, the extent of which is determined and controlled by the Customer in its sole discretion, and which may include, but is not limited to personal data relating to the following categories of data subject:
- Customers, business partners, users and vendors of the Customer (who are natural persons) - Employees of contact persons of the Customer's customers, business partners and vendors - Employees, agents, advisors, freelancers of the Customer (who are natural persons) - Customer's Service user including any user of the Services, which Customer permits to use the Services
7 Technical and organisational measures
7.1 Scan & Click has implemented and maintains appropriate technical and organizational measures including but not limited to physical and IT measures, and organizational measures to protect personal data processed against unauthorized or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. Such measures are detailed further within this Agreement and in the Security Measures section of this DPA and provide a level of security that is appropriate to the risks of the processing having regard to:
- the state of the art technology - the costs of implementation - the nature, scope, context and purposes of processing, including the type of personal data - risk for the rights and freedoms of natural persons that personal data relate to
7.2 The Technical and Organisational Measures are subject to technical progress and further development. In this respect Scan & Click may implement alternative adequate measure, however, the security level of the defined measures must never be reduced.
8 Quality assurances and other duties of Scan & Click
Scan & Click shall comply with the mandatory requirements referred to in Privacy Laws, and ensures in particular compliance with the following requirements:
- Confidentiality in accordance with Privacy Laws. Scan & Click entrusts only such employees with the data processing outlined in this contract who have been bound to confidentiality and have previously been familiarized with the data protection provisions relevant to their work. Scan & Click and any person acting under its authority who has access to personal data, shall not process that data unless on instructions from the Customer, which includes the powers granted in this Agreement, unless required to do so by Privacy Laws.
- At the Customer's cost and expense and taking into account the nature of the processing and the information available to Scan & Click, provide such information and assistance as the Customer may reasonably require and within the timescales reasonably specified by the Customer to assist the Customer to comply with its obligations under applicable Privacy Laws which may include assisting the Customer to:
o notify the Customer of any request Scan & Click receives for a data subject relating to personal data processed
o comply with its security obligations
o discharge its obligations to respond to requests relating to the exercise of Data Subject rights including right of access, right to rectification, right to erasure ("right to be forgotten") right to restriction of processing (to the extent that personal data is not accessible to the Customer through the Services)
o carry out Data Protection Impact Assessment and audit Data Protection Impact Assessment compliance and consult with the supervisory authority
- Unless prohibited by applicable law or a legally binding request of law enforcement, Scan & Click shall promptly notify the Customer of any request by, any government official, data protection supervisory authority or law enforcement authority in respect of any personal data
- Scan & Click shall periodically monitor its internal processes and security to ensure that processing within Scan & Click's area of responsibility is in accordance with the requirements of Privacy Laws and the protection of the rights of the data subject
9.1 The Customer agrees that Scan & Click may engage third parties to process personal data in order to assist Scan & Click to deliver the Services on behalf of the Customer ("Sub-processors"). Scan & Click has or will enter into written agreement with each Sub-processor containing data protection obligations not less protective than those in this DPA to the extent applicable to the nature of the Services provided by such Sub-processor. If the Sub-processor processes the Services outside the EU/EEA, Scan & Click shall ensure that the transfer is made pursuant to European Commission approved standard contractual clauses for the transfer of Personal Data which the Customer authorizes Scan & Click to enter into on its behalf, or that other appropriate legal data transfer mechanisms are used.
9.3 Scan & Click shall notify the Customer thirty days in advance of any intended changes concerning the addition or replacement of any Sub-processor during which period the Customer may raise objections to the Sub-processor's appointment. Any objections must be raised promptly and in any event no later than fourteen days following Scan & Click's notification of the intended changes. Should Scan & Click choose to retain the objected to Sub-processor, Scan & Click will notify the customer at least fourteen days before authorising the Sub-processor to process personal data and then the Customer may immediately discontinue using the relevant portion of the Services and may terminate the relevant portion of the Services.
9.4 Where any Sub-processor fails to fulfil its obligations under any sub-processing agreement or under applicable law Scan & Click will remain fully liable to the Customer for the fulfilment of its obligations under this DPA.
10 Audits and inspections
10.1 In the event that the a regulator, data protection authority or Customer (subject to clause 10.2) requires to audit related information related to the Services, then Scan & Click agrees to submit its data processing facilities and data files needed for processing personal data to audit by the regulator, data protection authority or Customer to ascertain compliance with this DPA, subject to being given reasonable notice and in compliance with Scan & Click's security requirements and the regulator, data protection authority or Customer enters into a non-disclosure agreement directly with Scan & Click. Scan & Click agrees to provide reasonable cooperation to the regulator, data protection authority or Customer in the course of such an audit. Such audits shall be carried out at the the regulator, data protection authority's or Customer's cost and expense.
10.2 Customers may only request an audit or inspection once in any 12 month period, and only if in their reasonable opinion and after reasonable notice, Scan & Click has not produced records to satisfy them of Scan & Click's compliance with the DPA. Prior to such an audit or inspection request by a Customer, the Customer is required to request from Scan & Click such records so as to satisfy them of Scan & Click's compliance with the DPA and the Customer will give Scan & Click 5 business days to produce such records. Only if such records are not produced within 5 business days of the request will the Customer be allowed to request an audit or inspection as per clause 10.1. 11 Notification of a data breach
In the event of Scan & Click becoming aware of any breach of security that results in the accidental, unauthorised or unlawful destruction or unauthorised disclosure of or access to personal data Scan & Click shall, among other things:
- Notify the Customer in writing immediately but not later than 36 hours after becoming aware of the breach of security
- Assist the Customer with regard to the Customers obligation to provide information to the data subject and to provide the Customer with relevant information in this regard
- Support the Customer in consultations with relevant data protection authorities
12 Deletion and return of personal data
Upon expiration of this Agreement or in the event of early termination for any reason whatsoever, Scan & Click and its subcontractors shall promptly provide to the Customer all personal data held by them for the duration of this Agreement for the performance of the Services. Upon the Customer's request, Scan & Click will destroy copies of personal data held in its systems and confirm this to the Customer in writing unless required to keep certain personal data in order to comply with applicable laws.
13 Scan & Click's Obligations as Data Controller
14 Customer's Obligations
The Customer shall comply at all times with applicable Privacy Laws in relation to the processing of personal data in connection with this Agreement and the Services.
15 Limitation of Liability
Each party's liability, taken together in the aggregate, arising out of or related to this DPA whether in contract, tort or under any other theory of liability, is subject to the Limitation of Liability section and other relevant clauses of this Agreement, and any reference in such section to the liability of a party means the aggregate liability of that party under this Agreement and this DPA.
16 Security Measures
Scan & Click shall implement measures described here, provided that the measures directly or indirectly contribute or can contribute to the protection of personal data under this Agreement concluded between the Parties for the processing of data. If Scan & Click believes that a measure is not necessary for the respective Service or part thereof, Scan & Click will justify this and come to an agreement with the Customer.
The technical and organisational measures are subject to technical progress and development. In this respect Scan & Click is permitted to implement alternative adequate measures. The level of security must align with industry security best practice and not less than, the measures set forth herein. All major changes are to be agreed with the Customer and documented.
16.1 Risk management
Security risk management
- Scan & Click shall identify and evaluate security risks related to confidentiality, integrity and availability and based on such evaluation implement appropriate technical and organizational measures to ensure a level of security which is appropriate to the risk
- Scan & Click shall have documented processes and routines for handling risks within its operations
- Scan & Click shall periodically assess the risks related to information systems and processing, storing and transmitting information
Security risk management for personal data
- Scan & Click shall identify and evaluate security risks related to confidentiality, integrity and availability and based on such evaluation implement appropriate technical and organizational measures to ensure a level of security which is appropriate to the risk of the specific personal data types and purposes being processed by Scan & Click, including inter alia as appropriate:
o The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services
o The ability to restore the availability and access to the Customer's Data in a timely manner in the event of a physical or technical incident
o A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing
- Scan & Click shall have documented processes and routines for handling risks when processing personal data on behalf of the Customer
- Scan & Click shall periodically assess the risks related to information systems and processing, storing and transmitting personal data
16.2 Information security policies
- Scan & Click shall have a defined and documented information security management system including an information security policy and procedures in place, which shall be approved by Scan & Click's management. They shall be published within Scan & Click�s organization and communicated to relevant Scan & Click Personnel
- Scan & Click shall periodically review Scan & Click's security policies and procedures and update them if required to ensure their compliance with the Security Measures
16.3 Organization of information security
- Scan & Click shall have defined and documented security roles and responsibilities within its organization
16.4 Human resource security
- Scan & Click shall ensure that Scan & Click personnel handles information in accordance with the level of confidentiality required under this Agreement
- Scan & Click shall ensure that relevant Scan & Click personnel is aware of the approved use (including use restrictions as the case may be) of information, facilities and systems under this Agreement
- Scan & Click shall ensure that any Scan & Click personnel performing assignments under this Agreement is trustworthy, meets established security criteria and has been, and during the term of the assignment will continue to be, subject to appropriate screening and background verification
- Scan & Click shall ensure that Scan & Click personnel with security responsibilities is adequately trained to carry out security related duties
- Scan & Click shall provide or ensure periodical security awareness training to relevant Scan & Click personnel. Such Scan & Click training shall include, without limitation:
o How to handle customer information security (i.e. the protection of the confidentiality, integrity and availability of information)
o Why information security is needed to protect customers information and systems
o The common types of security threats (such as identity theft, malware, hacking, information leakage and insider threat)
o The importance of complying with information security policies and applying associated standards/procedures
o Personal responsibility for information security (such as protecting customer's privacy-related information and reporting actual and suspected data breaches)
16.5 Access control
- Scan & Click shall have a defined and documented access control policy for facilities, sites, network, system, application and information/data access (including physical, logical and remote access controls), an authorization process for user access and privileges, procedures for revoking access rights and an acceptable use of access privileges for Scan & Click personnel in place
- Scan & Click shall have a formal and documented user registration and de-registration process implemented to enable assignment of access rights
- Scan & Click shall assign all access privileges based on the principle of need-to-know and principle of least privilege
16.6 Operations security
- Scan & Click shall have an established change management system in place for making changes to business processes, information processing facilities and systems. The change management system shall include tests and reviews before changes are implemented, such as procedures to handle urgent changes, roll back procedures to recover from failed changes, logs that show, what has been changed, when and by whom
- Scan & Click shall implement malware protection to ensure that any software used for Scan & Click's provision of the Services to the Customer is protected from malware
- Scan & Click shall make backup copies of critical information and test back-up copies to ensure that the information can be restored as agreed with the Customer
- Scan & Click shall log and monitor activities, exceptions, faults and information security events and regularly review these. Furthermore, Scan & Click shall protect and store log information. Anomalies, incidents and indicators of compromise shall be reported according to the data breach management requirements as set out below
- Scan & Click shall manage vulnerabilities of all relevant technologies such as operating systems, databases, applications proactively and in a timely manner
- Scan & Click shall establish security baselines (hardening) for all relevant technologies such as operating systems, databases, applications
- Scan & Click shall ensure development is segregated from test and production environment
16.7 Communications security
- Scan & Click shall implement network security controls such as service level, firewalling and segregation to protect information systems
16.8 System acquisition, development and maintenance (when software development or system development is provided to the Customer by Scan & Click)
- Scan & Click shall implement rules for development lifecycle of software and systems including change and review procedures
- Scan & Click shall test security functionality during development in a controlled environment
16.9 Scan & Click relationship with sub-suppliers
- Scan & Click shall reflect the content of these Security Measures in its agreements with Sub-processors that perform tasks assigned under this Agreement
- Scan & Click shall regularly monitor, review and audit Sub-processor's compliance with the Security Measures
16.10 Data breach management
- Scan & Click shall have established procedures for data breach management
- Scan & Click shall inform the Customer about any data breach (including but not limited to incidents in relation to the processing of personal data) as soon as possible but no later than within 36 hours after the data breach has been identified
- All reporting of security-related incidents shall be treated as confidential information and be encrypted, using industry standard encryption methods
- The data breach report shall contain at least the following information:
o The nature of the data breach
o The nature of the personal data affected
o The categories and number of data subjects concerned
o The number of personal data records concerned
o Measures taken to address the data breach
o The possible consequences and adverse effect of the data breach
o Any other information the Customer is required to report to the relevant regulator or data subject
- To the extent legally possible, Scan & Click may claim compensation for support services under this clause which are not attributable to failures on the part of Scan & Click
16.11 Business continuity management
- Scan & Click shall identify business continuity risks and take necessary actions to control and mitigate such risks
- Scan & Click shall have documented processes and routines for handling business continuity
- Scan & Click shall ensure that information security is embedded into the business continuity plans
- Scan & Click shall periodically assess the efficiency of its business continuity management, and compliance with availability requirements (if any)
SECTION 22 - CONTACT INFORMATION
Questions about the Terms of Service should be sent to us at the email address shown on the Scan & Click website.