Helyx SIS Ltd Purchasing Terms
Unless otherwise expressly agreed in writing between Helyx and the Supplier, these terms shall apply to the supply and provision of the Deliverables and Services to Helyx by the Supplier.
1.1 “Applicable Data Protection Law” means all applicable and relevant laws and regulations relating to Personal Data which are implemented in or are binding on the United Kingdom, or which otherwise govern the processing and use of Personal Data, and which include but are not limited to the EU General Data Protection Regulation and the Privacy and Electronic Communications Directive (2002/58/EC) (as implemented in the United Kingdom as the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI2003/2426), as amended or replaced.
1.2 “Deliverables” means the Products and any deliverables provided by the Supplier in relation to the Services.
1.3 “GDPR” means the EU General Data Protection Regulation.
1.4 “Helyx” means Helyx Secure Information Systems Ltd, company number 04464638, whose registered office is Millennium House, 65 Walton Street, Aylesbury, Bucks., HP21 7QG and whose administrative offices are located at 2 Hanley Court, Brockeridge Business Park, Twyning, Tewkesbury, Gloucestershire, GL20 6FE, UK .
1.5 “Intellectual Property” means any patents, inventions, rights in know-how, trade secrets, registered designs, copyright, database rights and design rights afforded equivalent protection to copyright, database rights, design rights, semiconductor, topography rights, trademarks, service marks, logos, domain names, business names, trade names, moral rights and all registrations or applications to register any of the aforesaid items in any country or jurisdiction.
1.6 “Personal Data” is information defined as such in the Applicable Data Protection Law and/or information treated as such under any other law or regulation applicable to it.
1.7 “PO” means the Helyx purchase order to which these terms are attached or the relevant PO, to which is incorporated the applicable proposal, specification or services description in relation to the Products, Services and Deliverables.
1.8 “Product” means commercial off-the-shelf software or data, or hardware, detailed on the PO;
1.9 “Services” means the services listed in the PO.
1.10 “Supplier” means the supplier so named in the PO.
2 DELIVERABLES & SERVICES
2.1 The Supplier shall provide the Deliverables and Services in accordance with these terms.
3 Helyx’s OBLIGATIONS
3.1 Helyx will provide Supplier with:
3.1.1 information in its control and cooperation (subject to any confidentiality and data protection obligations); and
3.1.2 such access to Helyx’s premises within Helyx’s business hours;
as are reasonably necessary to enable the Supplier to provide the Deliverables and Services.
4 TITLE/ RISK
4.1 Subject to Clause 7.1, title in any Deliverables shall pass to Helyx upon receipt of payment of the relevant sums due under the relevant PO.
4.2 Risk in the Deliverables shall pass to Helyx on written approval and acceptance of any such Deliverables by Helyx.
5.1 All prices and rates quoted are exclusive of VAT which shall be paid by Helyx at the rates and in the manner prescribed by law from time to time.
5.2 Unless otherwise agreed between the parties, Helyx shall pay all charges due within 30 days of the date of receipt of the Supplier’s correct and valid invoice. Such invoices shall be issued by the Supplier upon acceptance by Helyx of the Deliverables and Services (such acceptance shall not be unreasonably withheld).
5.3 If Helyx fails to pay any monies due within the period detailed in Clause 5.2 above, Supplier shall be entitled to charge interest on the overdue amount, from the due date up to the date of actual payment, at the rate of 2% per annum above the base rate from time to time of the National Westminster Bank Plc.
6.1 Supplier warrants that:
6.1.1 the Deliverables and Services will be provided
126.96.36.199 with all reasonable skill and care and in accordance with any applicable professional standards and guidelines;
188.8.131.52 in accordance within the timescales detailed in Helyx’s PO, and any agreed project plan, and in any event, in a timely manner;
6.1.2 the Deliverables and Services will conform with the PO and any other requirements agreed between the parties; and
6.1.3 it will comply with all statutes, enactments, orders, regulations, laws, bye-laws or other similar instruments relevant to the provision of the Deliverables and the Services;
6.1.4 its employees, agents and sub-contractors will comply with:
184.108.40.206 Helyx’s reasonable rules, regulations or policies regarding access to, or health, safety and security at, Helyx’s premises;
220.127.116.11 any technological and other measures required in relation to remote or physical access provided to Helyx’s systems;
18.104.22.168 the Helyx Business Conduct Principles for suppliers, subcontractors and partners, available on the Helyx website (and on request), including legislation relating to bribery; and
22.214.171.124 any other reasonable requirements.
7 PROVISION OF SOFTWARE
7.1 If a Product is commercial off-the-shelf software or data, or hardware that contains software or data, Helyx is granted a non-exclusive, perpetual, worldwide licence to use such software or data for its business purposes.
8 LIMITATION OF LIABILITY
8.1 Except in relation to claims pursuant to Clause 9 or 11, neither party shall be liable for any indirect or consequential loss or damage.
8.2 Subject to Clause 8.3, Helyx’s total aggregate liability to the Supplier shall in no event exceed 110 % of the amount paid or payable by Helyx pursuant to the PO.
8.3 Nothing in these terms seeks to exclude or limit the liability of either party for death and/or personal injury arising from the negligence of that party or its agents or subcontractors, or for fraud or fraudulent misrepresentation.
8.4 The Supplier shall effect and maintain policies of insurance to provide a level of cover sufficient for all of its liabilities under these terms, including death or personal injury and loss of or damage to property.
9.1 All information disclosed by Helyx or obtained by Supplier in relation to or in connection with these terms shall be regarded and treated as confidential and shall not be released to any third party without Helyx’s prior written approval, and only be used for the purposes of providing the Deliverables and Services.
9.2 Supplier shall use all reasonable measures to protect the confidentiality of Helyx’s information.
10 DATA PROTECTION
10.1 For the purpose of any Personal Data processing under these terms, the Data Processor and the Data Controller shall be as defined in the Applicable Data Protection Law. The Data Controller and the Data Processor shall comply with their respective obligations as prescribed by Applicable Data Protection Law.
10.2 The Data Processor shall implement and maintain appropriate technical and organisational measures in order to meet the requirements of the GDPR and to ensure the rights of data subjects. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk, the Data Processor shall take the following measures: the pseudonymisation and/or encryption of the Personal Data; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to the Personal Data in a timely manner in the event of a physical or technical incident; a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
10.3 The Data Processor shall not engage another data processor (a “sub-processor”) without the Data Controller’s written authorisation. So far as is necessary for the purposes and/or performance of these terms:
10.3.1 Customer hereby grants Helyx written authorisation to use the following sub-processors: (i) the hosting service providers which Helyx uses for its back office systems; (ii) the third party owner and/or licensor of any third party software and/or third party data (for the purpose of licensing and administering access, use and support of the third party software and/or third party data); and (iii) the venue providers , organisers and third parties that Helyx uses for its conferences and events (where you attend Helyx conferences or events).
10.3.2 Supplier shall seek Helyx’s written authorisation to use any sub-processors.
Where a party wishes to make any changes to its use of sub-processors, including any additional or replacement sub-processors, it shall notify the other party so that the other party may object to such change. All sub-processors engaged pursuant to this Clause 10.3 shall be bound by obligations no less onerous than those set out in this Clause 10 (Data Protection).
10.4 The subject-matter of the processing shall be as set out in writing, including in the PO, any corresponding proposal and/or quotation, or in any other form. The subject-matter includes the supply and provision of the Deliverables and Services to Helyx by the Supplier. The duration of the processing shall be for the term of this agreement. The nature and purpose of the processing is the exchange, storage, transmission and use of Personal Data in the ordinary course of business, for the purpose of contract performance in relation to the subject-matter. The type of Personal Data and applicable categories of data subjects that will be processed includes: the names of the parties’ employees or contractors or representatives, their respective business email and business postal addresses, and business telephone numbers), and/or their IP addresses. Where there are categories of data subject not covered by this clause, for example, data subjects whom are children, the parties shall enter into a supplemental written agreement detailing additional rights and obligations.
10.5 The Data Processor shall:
10.5.1 process the Personal Data in accordance with the Data Controller’s documented instructions, including with regard to transfers to international organisations or to a third country, unless required to do so by law (in which case the Data Processor will inform the Data Controller of such legal requirement prior to the processing, unless prohibited from doing so on legal grounds);
10.5.2 ensure that any person processing the Personal Data is bound by obligations of confidentiality;
10.5.3 take the measures detailed in Clause 10.2 (technical and organisational measures);
10.5.4 abide by the process and obligations in Clause 10.3 (engagement of sub-processors); and shall be responsible and liable to the Data Controller for the performance of such sub-processor’s obligations;
10.5.5 taking into account the nature of the processing, assist the Data Controller in its obligations to respond to data subject requests to exercise their rights (including transparency, information and access, rectification, erasure, restriction, data portability, to object and automated individual decision-making; all subject to any of the restrictions provided by Applicable Data Protection Law);
10.5.6 assist the Data Controller in ensuring compliance with Clause 10.2 (technical and organisational measures);
10.5.7 where a data protection impact assessment has indicated that the processing will result in high risk, assist the Data Controller in undertaking prior consultation with the supervisory authority;
10.5.8 at the choice of the Data Controller, delete or return to the Data Controller all of the Personal Data after the end of the provision of services relating to processing, and delete existing copies unless the law requires storage of the Personal Data;
10.5.9 make available to the Data Controller all information necessary to demonstrate compliance with the obligations detailed in this Clause 10, and shall immediately inform the Data Controller if, in the Data Processor’s opinion, an instruction infringes the GDPR. Upon the Data Controller’s request the Data Processor shall and allow for and contribute to audits, including inspections, conducted by the Data Controller or the Data Controller’s approved auditor;
10.5.10 notify the Data Controller without undue delay after becoming aware of a Personal Data breach, and in any event within 24 hours;
10.5.11 where required, maintain a written record of all categories of processing activities that it carries out on behalf of the Data Controller in accordance with the GDPR and make the record available to supervisory authority on request. Such records for the purposes of these terms should include: (i) the name and contact details of the Data Processor (including any relevant sub-processors) and of the Data Controller, together with details of their representatives and any data protection officer; (ii) the categories of processing being carried out; (iii) any transfers of Personal Data to a third country or international organisation, including identifying the third country or international organisation and the suitable safeguards; and (iv) the measures detailed in Clause 10.2 (technical and organisational measures);
10.5.12 cooperate, on request, with the supervisory authority in the performance of its tasks.
10.6 Where the Data Processor transfers Personal Data to a third country / international organisation in accordance with Clause 10.3 (engagement of sub-processors) it shall ensure that appropriate safeguards are in place and that enforceable data subject rights and effective legal remedies for data subjects are available. Specifically, such safeguards include one or more of the following: binding corporate rules; approved standard data protection clauses adopted by the EU Commission; or an approved certification mechanism (for example the EU-US Privacy Shield) together with binding and enforceable commitments of the sub-processor in the third country to apply the safeguards (including data subjects rights).
10.7 The Data Controller will ensure that it has a sufficient and valid lawful basis for providing any Personal Data to and authorising the Data Processor to perform its obligations, activities and exercise its rights under this Clause 10
11 INTELLECTUAL PROPERTY
11.1 Except for pre-existing Intellectual Property rights of the Supplier, all Intellectual Property created pursuant to these terms shall vest solely in Helyx and the Supplier shall do all such things to vest such Intellectual Property in Helyx.
11.2 Supplier shall indemnify Helyx against all claims, demands, actions, costs, expenses (including legal costs), losses and damages arising from or incurred by reason of any infringement or alleged infringement of any Intellectual Property right by the use or possession the Deliverables and the receipt of the Services by or on behalf of Helyx.
12.1 If either party is in material breach of these terms, then the other may terminate these terms on written notice with immediate effect, provided that if the breach is capable of remedy, the breaching party has not remedied that breach within 30 days of the other party giving it notice to do so.
12.2 Helyx shall have the right to terminate these terms upon 30 days written notice to the Supplier.
13 FORCE MAJEURE
13.1 Neither party shall be liable to the other if it is prevented from the performance of its obligations by events beyond such party’s reasonable control (“Force Majeure Event”).
13.2 The Supplier shall use all reasonable endeavours to perform the Services and provide the Deliverables notwithstanding a Force Majeure Event.
14.1 If any provision of these terms shall be found by any court or administrative body of competent jurisdiction to be invalid, illegal or unenforceable, such invalidity, illegality or unenforceability shall not affect the other provisions of these terms, which shall remain in full force and effect.
14.2 A failure by either party to enforce any of its rights under these terms is not a waiver of those rights or any other rights it has under these terms.
14.3 Supplier shall not be allowed to assign, novate, transfer, charge, subcontract or otherwise deal with possession of any of the rights or obligations under these terms.
14.4 Except where expressly provided to the contrary, these terms are not intended to be for the benefit of and shall not be enforceable by any person other than Helyx and the Supplier, and the Contracts (Rights of Third Parties) Act 1999 is hereby excluded to the maximum extent permitted by law.
14.5 Notwithstanding any other terms and conditions which Supplier has proposed or may seek to impose on Helyx, these terms constitute the entire understanding between Helyx and Supplier in relation to the provision of the Deliverables and Services and shall supersede any other terms, promises, representations, undertakings or implications whether made orally or in writing.
14.6 These terms are governed by the laws of England & Wales. The parties irrevocably submit to the nonexclusive jurisdiction of the English courts.