Terms & Conditions appropriate to GDPR For Data Licenses
(1) DATA OWNERSHIP
All Data or parts thereof are owned by and copyrighted by Executive Grapevine International Limited (Executive Grapevine). Unless otherwise specified in the Contract Executive Grapevine's or its Agent's data is leased to the Buyer for 6 months use only and no intellectual property rights of any Data shall pass to the Buyer under the Contract. The Data must not be copied or recorded by the Buyer or its Agents, or in any way processed by the Buyer or its Agents other than in accordance with the Contract or as agreed in writing by Executive Grapevine. Data supplied must, in no circumstances, be offered for resale by the Buyer.
(2) DATA ACCURACY
All data is collected in accordance with The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate. Even though the UK has expressed its intention to leave the EU in March 2019, the GDPR will be applicable in the UK from 25th May 2018. Furthermore the Information Commissioner's Office (ICO) has recently laid out its intention to continue with a similar level of regulation post March 2019
Executive Grapevine uses all reasonable endeavours to ensure Data is accurate and up-to-date. The lists are compiled directly from the data subjects but Executive Grapevine cannot warrant that any of the records are 100% complete. Subjects are advised at the time of sign up that Executive Grapevine will rely on Article 6(1)(f) GDPR as a lawful basis for processing their Personal Data.
- Article 6 (1)(f): 'processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental right and freedoms of the data subject which require protection of Personal data, in particular where the data subject is a child'.
- Specifically, Recital 47 affirms direct marketing as a legal basis for processing by the Controller or Third Party provided that the interests or the fundamental rights and freedoms of the data subject are not overridden.
- Recital 47: 'The legitimate interests of a controller, including those of a controller to which the Personal data may be disclosed, or of a third party, may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of the data subject based on their relationship with the controller'.
- 'The processing of Personal Data for direct marketing purposes maybe regarded as carried out for a legitimate interest'.
- Executive Grapevine can also provide, at a premium price, an 'opted in' list. Please contact your CRM for details.
Executive Grapevine undertake to balance the rights of both the individual data subject and any third party to whom the data is passed, taking into consideration the reasonable expectations of data subjects and the provision of Recital 47. Subjects are advised that their data may be transferred to a carefully selected third party, provided they demonstrate to the satisfaction of the Executive Grapevine Data Controller that they have met the criteria laid out in Section 4.
Whilst Executive Grapevine agrees that all Data has been fairly and lawfully obtained in accordance with the GDPR and the current Data Protection Act 2018, no warranty is given regarding the accuracy or completeness of individual addresses, contact names or telephone numbers or that any list is a complete compilation of the categories of persons or establishments described therein. The Buyer should ensure that data has been downloaded freshly from the system no more than 5 days prior to a marketing campaign to optimise the accuracy of the data used.
Executive Grapevine is not responsible or liable for email addresses that prove to be undeliverable due to technical reasons. A list of Undeliverables including a reason for non-delivery must be returned to Executive Grapevine in an Excel or comma separated format document within 30 days of the send date of the campaign that generated the Undeliverables, if Executive Grapevine are to be expected to investigate.
Executive Grapevine's offer to investigate shall not apply where the Buyer decides to use a method of delivery such as the use of an SMTP (Single Message Transfer Protocol) such as Outlook, Netscape and Lotus.
Executive Grapevine warrants that it has compiled with all the relevant data protection laws (including without limitation the DPA, GDPR and PERC) and the UK's Direct Marketing Association's Code in the collection and onward transfer of its Data.
Executive Grapevine does not accept liability for the outcome of the use of its Data. In no event will Executive Grapevine be liable for any loss of profit, revenue, goodwill, opportunity, business, third-party cost, ICO breach fines or other indirect or consequential loss of any kind in contract, tort (including negligence) or otherwise arising out of use of its Data, save where such liability cannot be excluded by law.
The Buyer warrants it shall ensure that its Users shall only use the Database in accordance with the terms of this Agreement and specifically in accordance with the GDPR and e-Privacy Directive known as PERC and shall not infringe any of Executive Grapevine's IPRs in the Database. The Buyer agrees to fully indemnify Executive Grapevine against any losses, damages or costs incurred by Executive Grapevine as a result of any breach of these warranties.
For the purposes of this Agreement Executive Grapevine and the Buyer are both data controllers where the contract relates to a data Licence or Subscription. Both parties will comply with all applicable Data Protection Legislation and General Data Protection Regulation (GDPR) in connection with the processing of Personal Data pursuant to this Agreement and will not do, or cause, or permit to be done, anything which may result in a breach by the other party of the same. In particular both parties will:
- ensure that it is notified with the Information Commissioner's Office public register of data controllers and such notification is accurate and up-to-date;
- implement and maintain appropriate technical and organisational measures to protect Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. Such measures will be appropriate to the harm that might result from unauthorised or unlawful processing or accidental loss, destruction or damage to Personal Data and to the nature of the Personal Data to be protected
- promptly notify the other party if it receives a request from an individual for access to their Personal Data. Each party will also promptly notify the other party of any other complaint or request relating to either party's obligations under relevant Data Protection Legislation and will provide full cooperation and assistance to the other party in relation to any such complaint or request (including, without limitation, allowing individuals to have access to their Personal Data).
The Buyer will not transfer any Personal Data that it receives pursuant to this Agreement to any third party or outside the European Economic Area without Executive Grapevine's prior written consent.
Without limitation, Executive Grapevine does not provide any warranties or representations regarding:
- the accuracy, timeliness or completeness of the Database or the Service
- the satisfactory quality, merchantability, suitability or fitness for purpose of the Database or the Service
- the results that may be obtained from reliance on the Database or the Service
- the performance, availability, lack of negligence, workmanlike effort or delivery of the Database or the Service
- the provision of the Service free from any virus, worms, time locks or anything else that has contaminating or destructive properties.
Furthermore, the Database is only for general information and use and is not intended to address particular requirements. In particular, the Database does not constitute any form of advice, recommendation, representation, endorsement or arrangement by Executive Grapevine and is not intended to be relied upon in making (or refraining from making) any specific investment or other decisions. Appropriate independent advice should be obtained before making any such decision. Any information received through the Service, whether or not it is classified as “real time”, may have ceased to be current at the time it is received.
Without limiting the foregoing:
- the Buyer agrees that Executive Grapevine shall not have any liability for any late delivery of, inaccuracies or omissions in the Database or the Service;
- the Database is provided “as is” and neither Executive Grapevine nor its partners who have been involved in the creation, production or delivery of the Database or the Service shall be liable for any direct or indirect damages arising out of the use of, or the inability to use the Database or the Service.
(4) BUYER'S OBLIGATIONS
Data will be transferred to The Buyer once the following are documents are submitted. These are subject to the approval of Executive Grapevine's Data Controller Representative. In the case of agent purchasing on behalf of a third party, then both parties must complete the following where applicable.
- Complete a Legitimate Interest Assessment Questionnaire as laid out by the Direct Marketing Association and supported by the Information Commissioner's Office
- Provide a Data Subject Impact Assessment
- Provide a Copy of the any marketing template to be used to ensure it has professional relevance to the data subject and demonstrates the identity of the sender and includes a straightforward opt out mechanism.
- Provide a sample copy of the communication schedule to include date and frequency of send
- Proof of GDPR Compliance (specifically for a data breach)
The Buyer also
- agrees to comply with any requests for the suppression of deceased names and also notify Executive Grapevine of any request received by the Buyer for the suppression of a deceased name or disputed data that can be identified as being included in the Data supplied by Executive Grapevine, within 30 days of receipt of the request.
- agrees to notify Executive Grapevine within 30 days of receipt, of any request for access to, or the correction or the deletion of inaccurate data it receives from an individual whose name can be identified as being included in the Data supplied by the Executive Grapevine to the Buyer.
- agrees to notify Executive Grapevine if any Data is found to be out of date or incorrect.
- will, where email Data is leased to send emails, ensure that the recipient is given a simple means to opt-out of receiving further communications. The Buyer must not conceal its identity when sending, or instigating the sending of, a marketing message by electronic mail. The Buyer must provide a valid email address to which the recipient can send an opt-out request. The Buyer must forward to Executive Grapevine the details of any recipients who do exercise their right to opt-out including any comments that may be made by such recipients in an Excel or comma separated format document.
- will, where Data is leased to send postal marketing, ensure that they forward to Executive Grapevine Limited the details of any recipients who do exercise their right to opt-out of further postal marketing including any comments that may be made by such recipients in an Excel or comma separated format document.
- shall inform Executive Grapevine in writing if they close, cease to trade, go into administration or liquidation as the Data must cease to be used as it cannot be sold on as part of a company's assets or transferred to another company.
(5) ACCEPTABLE USE POLICY
Executive Grapevine has undertaken to balance the rights of both the individual data subject and any third party to whom the data is passed, taking into consideration the reasonable expectations of data subjects and the provision of Recital 47. As such Executive Grapevine must balance the rights of data subjects across all third parties. Schedules must be submitted in advance to Executive Grapevine Data Controller, and must not in all instances exceed a maximum of 1 send per week and should be sent to a freshly downloaded list of contacts from the EGIL portal.
All data supplied by Executive Grapevine will contain a reasonable quantity of seed names, which will be monitored to detect unauthorised usage at all times throughout and after the term of the license. Executive Grapevine considers the unauthorised usage of its data very seriously. Unauthorised usage includes, but is not limited to, disclosure, transfer, resale, re-use, data capture or copying and modification in part or in whole. If unauthorised usage is detected and confirmed upon investigation, the Buyer will be liable for a penalty charge of £5,000, payable immediately and must expunge from any storage facility owned by, or under the control of the Buyer any data contained in or derived from Executive Grapevine's database. Where it is proven beyond reasonable doubt that the Purchaser, Buyer or their Nominated Third Party has supplied or resold Executive Grapevine's information an immediate fine of £10,000 will be payable and the Information Commissioner's Office and Police will be informed.
(6) DATA SECURITY BREACH
In the event of a data breach, no matter how small, the Buyer shall immediately inform Executive Grapevine and the Information Commissioner's Office, if required under GDPR.
The buyer shall undertake to make public to all data subjects the nature of the breach and highlight any potential harm that the data subjects could be exposed to. If required under GDPR.
The buyer shall undertake to investigate the breach and do everything possible to limit any further impact on the data subject.
(7) THE SERVICE
Executive Grapevine shall provide the Buyer with access to the Service through the company IP addresses.
The Buyer (including its Users) shall keep confidential and shall not share with any third party any “PIN”, “ID” or similar code (if applicable) that it is provided with to facilitate User access to the Service.
The Buyer shall be responsible for obtaining and maintaining all terminals, telephone, computer hardware and other equipment needed for access to and use of the Services and all charges related thereto. The Buyer acknowledges that the speed of the Service will depend upon the specification and quality of the Buyer's own terminals, connection to the Internet and the extent of the Buyer's use of the Internet.
(8) USE OF THE DATABASES AND INTELLECTUAL PROPERTY RIGHTS
Subject to the terms of this Agreement, Executive Grapevine hereby grants to the Buyer a non-exclusive, non-transferable, non-sub-licensable licence to allow its Users to use the Database for their own personal internal business use subject to meeting the GDPR standard for Legitimate Interest and other conditions laid out in Section 4, and for no other purpose.
If Data is leased by a Buyer for a third party company then the Data is only authorised to be used for the marketing purposes of that one third party company and not also the Buyer himself. Executive Grapevine will require written confirmation of the third party company's name and company details before releasing the data In this case, both the Buyer and third party must complete the requirements laid out in Section 4.
The Buyer shall be liable for the loss or misuse of Data whilst in its care, or the care of his Agent. It will be deemed an Unauthorised misuse of a list if the list is used for any activity other than the purpose for which it was originally provided. The Buyer undertakes to keep lists and any copies or extracts of lists supplied by Executive Grapevine secure and completely safeguarded against unauthorised use or disclosure.
Users may access, extract and re-utilise any insubstantial parts of the contents of the Database for research and current awareness purposes only in the normal course of business which includes:
- making searches of the Database
- making one or more copies in hard copy form of the output of any search provided that such copies may not be sold and may not be distributed to anyone who is not a User;
- downloading search results to hard disk provided that such data is not made available to anyone who is not a User; at all times provided that the systematic extraction and/or re-utilisation of insubstantial parts of the Database shall not conflict with the normal exploitation of the Database and shall not cause prejudice to the interests of Executive Grapevine.
Prior to providing Users with access to the Database via the Service, the Buyer shall ensure that all Users are aware of the terms of this Agreement, including their obligation to comply with any other user terms applicable to the Service and notified to the Buyer. The Buyer shall only provide Users with access to the Service via the access method provided by Executive Grapevine and shall not provide access to anyone other than a User.
The Buyer and its Users may not use the Database and the Service in any way which in Executive Grapevine's reasonable judgment, adversely affects Executive Grapevine's business or business prospects, or where Executive Grapevine has been misled about either the contents or the Client, or it affects the performance or function of the Database or the Service or interferes with the ability of other Users to use the Database or the Service.
Except as expressly permitted by this Agreement, the Buyer shall not and shall ensure that its Users do not copy, cut and paste, email, reproduce, publish, distribute, redistribute, broadcast, transmit, modify, adapt, edit, abstract, create derivative works of, store, archive, publicly display, sell or in any way commercially exploit any part of the Database or set up derived databases.
Executive Grapevine reserves complete freedom in the form and content of the Database and may add to, remove or edit the contents of the Database at any time on a permanent or temporary basis and with or without notice.
Executive Grapevine reserves the right to monitor Database usage by all Users (in terms of volume, frequency or otherwise) during the term of this Agreement.
Executive Grapevine reserves the right to monitor its Database usage by all Users with the use of 'seeds'. These are dummy entries in the database which contain contact details owned by Executive Grapevine. They exist to protect Executive Grapevine's intellectual property and copyright. Executive Grapevine do not pass out individual seed addresses to The Buyer or their Agents even in the event of a dispute.
This Agreement does not constitute a sale of the Database or any part of it and except as expressly provided in this Agreement no rights or licences, express or implied, are hereby granted to the Buyer or its Users in respect of the Database. The Buyer acknowledges that Executive Grapevine (or its licensors) is throughout the world the owner of all IPRs subsisting in the Database. Nothing herein contained shall be construed so as to transfer any IPRs whatsoever in the Database to the Buyer or its Users.
The Buyer acknowledges and agrees that:
- all use of Executive Grapevine's Marks hereunder to the benefit of Executive Grapevine
- Executive Grapevine's Marks will remain the exclusive property of Executive Grapevine
- nothing in this Agreement shall confer upon the Buyer any right of ownership in Executive Grapevine's Marks
- Buyer shall not now or in the future contest the validity of Executive Grapevine's Marks or take any action impairing the rights of Executive Grapevine in its Marks.
In the case of unauthorised use of the Database or the Service by the Buyer or a User, Executive Grapevine reserves the right to deny access to the Service to the Buyer or any User by blocking without prior notification the IP address(es) of the Buyer or User used to access the Service.
The Buyer must electronically mark the Data as belonging to Executive Grapevine so that it may be easily removed from any system (CRM etc.) should the lease period expire and not be renewed by the Buyer.
The Buyer authorises Executive Grapevine to provide any User Data to any third party that Executive Grapevine engages to provide any aspect of the Services for the purpose of that third party providing the Services.
The Buyer shall provide Executive Grapevine with reasonable assistance in complying with its obligations under applicable data protection and privacy laws insofar as necessary to facilitate Executive Grapevine's compliance with Executive Grapevine's obligations in this Agreement.
The Buyer agrees that from time to time, Executive Grapevine may alter the features and functions made available, as part of the Service, but it shall use all reasonable endeavours to ensure that the overall quality, quantity and variety of features and functions remain constant.
The Buyer will keep the password and personal identifier confidential and will immediately notify Executive Grapevine if and when it becomes aware of any unauthorised third party using the password or personal identifiers.
Whilst every effort is made to quote the number of records accurately, the quantity may vary from time to time, as is reasonable, due to movements within the Data and no warranty or condition is given that the figure quoted agrees with that finally reached during the execution of the order.
Executive Grapevine may temporarily suspend the Service for the purpose of repair, maintenance or improvement of any of Executive Grapevine's facilities which are necessary to provide the Service, or vary the technical specification of the Service for operational reasons subject to Executive Grapevine giving the Buyer as much on-line, written or oral notice as is reasonably practicable in the circumstances, and restoring the Service as soon as reasonably practicable after such temporary suspension.
Executive Grapevine reserves the right to monitor the use of the Service by the Buyer.
The Buyer acknowledges that it has no right to any physical access to the premises from which the Service is provided or any other Executive Grapevine premises.
(9) TERMINATION OF AGREEMENT
On the termination or expiry of this Agreement the Buyer’s and its Users’ rights to receive the Service shall immediately cease and the Buyer shall notify its Users that they are no longer entitled to access or use the Service. Buyers are reminded that ownership of the data set remains with Executive Grapevine at all times and does not transfer to the buyer at the end of the period, unless through the communication between the buyer and a recipient of marketing a connection has been established. This connection is not established by the recipient opening an email, engagement is classed by a formal opt-in
The Buyer shall delete all copies of contents of the Database and return or destroy (as instructed by Executive Grapevine) all files, materials and documents supplied by Executive Grapevine before and during the Term unless the Buyer can demonstrate a legal basis to continue to process a data subjects Personal Data. The buyer must be able to demonstrate this basis for each and every data subject it wishes to retain. Use of any data after the termination date will be considered an ‘unauthorised breach’ and incur a penalty charge. Buyers should ensure that data is adequately marked up in such a way as to allow its easy removal in a timely fashion.