By continuing with the log-in You confirm You have also read and accepted the terms and conditions as set out on this page.
SCHEDULE A – Software use terms
Obligations. You and Your Authorised End Users Will:
- ensure Software log-in details are treated as and kept confidential and secure against unauthorised use;
- notify Us as soon You become aware of any unauthorised Software access via you Kennedys partner.
- acknowledge Our status as the authors of the content displayed and generated by our Software;
- be solely responsible for securing and backing up all information contained within material committed to our Software;
- be responsible for configuring Your information technology, computer programmes and platforms to access our Software and should use your own virus protection software;
- only link to our Software in a way that is fair and legal and does not damage Our reputation or take advantage of it;
- ensure any material committed to the Software is: accurate (where facts stated), genuinely held (where opinions stated), and complies with applicable law in the country from which it is committed.
Will not:
- transfer or assign any rights afforded under this agreement (for example, access rights);
- disclose log-in details or other security details to unauthorised third parties;
- disclose confidential or commercially sensitive details contained within the Software (for example details concerning a claim or incident being processed via Our Software) to unauthorised third parties;
- (and will not permit any third party to) copy, adapt, reverse engineer, decompile, disassemble, modify, adapt or make error corrections to, or extract any of the functionality, design logic, rules or scoring methods used by, the Software in whole or in part, or attempt to undertake such actions;
- access without authority, or interfere with: any part of the Software; equipment or network on which Software is stored; software used in the provision of the Software; or equipment or network or software owned by or used by any third party;
- do anything that may damage, interfere with, disrupt access to or impair the functionality of the Software;
- store on, distribute or transmit via the Software any virus or unlawful, harmful, discriminatory, threatening, explicit, defamatory or obscene material. We do not guarantee that our site will be secure or free from bugs or viruses;
- use the Software in any way (including the commitment of any material to the Software) that is or attempts to be unlawful under local, national or international law or regulation, harmful, discriminatory, deceitful, a breach of a duty owed, hateful, violent, impersonating of another, giving the impression it emanates from Us, threatening, causing of anxiety, explicit, defamatory or obscene. This includes actions that promote such things;
- use the Software to send or procure the sending of advertising or promotional material;
- rely on the content produced by Our Software as if it were professional advice;
- use, copy (including screenshot), or download material, product or content displayed via the Software for purposes other than those permitted under this Agreement;
- modify any material or content printed, screenshotted or downloaded from the Software in anyway, except with Our prior permission;
- build a product or service which competes with or is similar to the Software within (4) years of the Start Date;
- use the Software, content or product generated by the Software (excluding court documents) to provide services to third parties;
- link to Our Software:
- in such a way as to suggest any form of association where none exists;
- in any website that is not owned by You; and/or
- in order to frame our Software on any other site.
- allow or assist third parties (including competitors of Kennedys Law LLP or other insurers) to use or access the Software, without Our prior permission, including via:
- technology that links to the Software; or
- notifications and/or messages from the Software.
Our Rights.
We may determine at Our discretion whether there has been a breach of this Schedule A or a failure to follow these terms and take such action We deem appropriate, which may include but is not limited to any/all of the following:
- disabling user accounts (including changing passwords);
- withdrawal of Yours or Your Authorised End User’s right to use the Software;
- removal of any material committed to the Software;
- issue of a warning to You or Your Authorised End Users;
- disclosure of Your or Your Authorised End Users details to any third party who claims any content committed to the Software is a breach of their IPR or privacy rights;
- appropriate legal action and disclosure of such information to law enforcement authorities where We consider reasonably necessary;
We exclude all liability for actions taken under this section of Schedule A. Any breach of Schedule A will be a material breach of the Agreement. We may amend Schedule A at any time after providing You with reasonable notice;
We may disable user accounts and change log-in details for security reasons, including when We consider there to have been an actual or threatened breach of Data Protection Laws or unauthorised use of the Software, without incurring any liability to You.
SCHEDULE B – Interpretation
Capitalised terms in this Agreement will have the following meaning.:
Agreement: means these General Terms and Conditions (which includes all Schedules);
Affiliates: means any business entity from time to time controlling, controlled by, or under common control with, either party. For the purpose of this definition, a business entity shall be deemed to “control” another business entity if it owns, directly or indirectly, in excess of 50% of the outstanding voting securities or capital stock of such business entity, or any other comparable equity or ownership interest with respect to a business entity other than a corporation.
Authorised End User(s): any officers, employees and/or contractors of the User who are authorised by the User and Kennedys LLP to use the Software.
Confidential Information: means, in relation to either Party, information which is disclosed to that Party by the other Party pursuant to or in connection with this Agreement (whether orally or in writing or any other medium, and whether or not the information is expressly stated to be confidential or marked as such), and in relation to You in particular, information which is related to the You, Your Affiliates, policyholders, beneficiaries, employees, and all other related persons;
Client Data: means data (including claims data) which You agree You will supply to Us under this Agreement and which includes Client Personal Data.
Client Personal Data: means any Personal Data which You provide to Us, or which You hold and allows Us to access or copy.
Data Protection Obligations: means all obligations in respect of data protection as set out in this Agreement.
Data Protection Laws: means the EU Data Protection Laws, and any other privacy or data protection laws (including any statutes, regulations, by-laws, ordinances, mandatory codes of conduct or rules of common law or equity) which applies to the relevant Party.
Dispute: a dispute arising out of or in connection with this Agreement or the performance, validity or enforceability of it and which must be handled in accordance with clause 12
Dispute Notice: means as set out at clause 12.
EU Data Protection Laws: means the EU Directive 95/46/EC as transposed onto national legislation of each EU member state and as amended, replaced, or superseded from time to time, including by the GDPR, and any EU member state law which modifies the application of the GDPR.
Group: means any company or entity part of Your group of authorised to use Your trading name.
GDPR: means EU General Data Protection Regulation 2016/679.
Intellectual Property Rights: means any patents, utility models, rights to inventions, copyright and related rights, trade-marks and service marks, trade names and domain names, rights in get-up, goodwill and the right to sue for passing off or unfair competition, rights in designs, rights in computer software, database rights, rights to preserve the confidentiality of information (including know-how and trade secrets) and any other intellectual property rights, including all applications for (and rights to apply for and be granted), renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist, now or in the future, in any part of the world.
Mediation Notice: means as set out in Clause 12.
Normal Business Hours: means 09:30 to 17:30 Monday to Friday, excluding UK Bank Holidays and Public Holidays or in respect of jurisdictions outside of the UK, as agreed between the parties.
New Version: means any new version of the Software which from time to time is publicly marketed and offered for purchase by Us in the course of Our normal business, being a version which contains such significant differences from the version(s) being licensed under this Agreement as to be generally accepted in the marketplace as constituting a new product.
Software: means the Client Lounge Application.
Software Use Terms: means the terms as set out in Schedule A.
Start Date: means the date upon which Kennedys Law LLP will use commercially reasonable efforts to either provide you with access to the Software or begin working on providing You with access to the Software.
Term: means the period for which access to the Software will be given.
Quit Notice: means as set out in clause 11 and which must comply with the provisions of clause 14
Virus: means viruses, Trojan horses, worms, time-bombs, keystroke loggers, spyware, adware or any other harmful programs or similar computer code designed to adversely affect the operation of any computer software or hardware
Appropriate Security Measures: means any technical and organisational measures to protect Personal Data that are necessary to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
EU: means the European Union.
Kennedys Group Firms: means Kennedys Law LLP or any firm authorised by Kennedys Law LLP to use the name “Kennedys”. A full list of Kennedys Group Firms is available at www.kennedyslaw.com/regulatory.
Personal Data: means any personal data (as that term is defined in the GDPR) provided to Us by You or Your Authorised End Users or accessed or obtained from You or Your Authorised End Users by Us under or in connection with this Agreement.
Restricted Transfer: means a cross-border transfer of Personal Data: (a) from You to a Contracted Processor; or (b) from one Contracted Processor to another Contracted Processor or between two establishments of a Contracted Processor, where such transfer would be prohibited by Data Protection Laws unless the parties to that transfer agree to the Standard Contractual Clauses.
Standard Contractual Clauses: means the standard contractual clauses (controller to processor and controller to controller) approved by EC Decision 2010/87/EU, as amended, replaced, or superseded from time to time, including by an equivalent decision under the GDPR.
Subprocessor: means any person appointed by Us to process Personal Data on Your behalf (including any third party or any Kennedys Group Firm but excluding employees or individuals).
“Data subject”, “personal data”, “data controller”, “processing”, “process” and “appropriate technical and organisational measures” shall have the meanings given to those terms in the this Agreement or if not defined in this Agreement the meanings given to those terms in the UK Data Protection Act 2018 and the General Data Protection Regulation, Regulation (EU) 2016/679 (“GDPR”).
SCHEDULE C - Data Protection
Definitions
For the purposes of this schedule:
“personal data”, “special categories of data/sensitive data”, “process/processing”, “controller”, “processor”, “data subject” and “supervisory authority/authority” shall have the same meaning as in Directive 95/46/EC of 24 October 1995 (whereby “the authority” shall mean the competent data protection authority in the territory in which the data exporter is established);
“the data exporter” shall mean the controller who transfers the personal data;
“the data importer” shall mean the controller who agrees to receive from the data exporter personal data for further processing in accordance with the terms of these clauses and who is not subject to a third country’s system ensuring adequate protection;
DATA PROCESSING PRINCIPLES
- Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described below or subsequently authorised by the data subject.
- Data quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed.
- Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporter.
- Security and confidentiality: Technical and organisational security measures must be taken by the data controller that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, presented by the processing. Any person acting under the authority of the data controller, including a processor, must not process the data except on instructions from the data controller.
- Rights of access, rectification, deletion and objection: As provided in Article 12 of Directive 95/46/EC, data subjects must, whether directly or via a third party, be provided with the personal information about them that an organisation holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporter. Provided that the authority has given its Prior Approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer or other organisations dealing with the data importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual would be violated. Data subjects must be able to have the personal information about them rectified, amended, or deleted where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organisation may require further justifications before proceeding to rectification, amendment or deletion. Notification of any rectification, amendment or deletion to third parties to whom the data have been disclosed need not be made when this involves a disproportionate effort. A data subject must also be able to object to the processing of the personal data relating to them if there are compelling legitimate grounds relating to their particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority.
- Sensitive data: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under clause II.
- Data used for marketing purposes: Where data are processed for the purposes of direct marketing, effective procedures should exist allowing the data subject at any time to "opt-out" from having their data used for such purposes.
- Automated decisions: For purposes hereof "automated decision" shall mean a decision by the data exporter or the data importer which produces legal effects concerning a data subject or significantly affects a data subject and which is based solely on automated processing of personal data intended to evaluate certain personal aspects relating to them, such as their performance at work, creditworthiness, reliability, conduct, etc. The data importer shall not make any automated decisions concerning data subjects, except when:
a) i. such decisions are made by the data importer in entering into or performing a contract with the data subject; and
ii. the data subject is given an opportunity to discuss the results of a relevant automated decision with a representative of the parties making such decision or otherwise to make representations to that party; or
b) where otherwise provided by the law of the data exporter.
DESCRIPTION OF THE TRANSFER
Data subjects:
Insured Persons: (including policyholders, covered or named persons and persons related to a corporate policyholder)
Claimants: (including policyholder claimants and third party claimants)
Business Partner: (including insurers, brokers, solicitors, medical experts, accountants, loss adjusters, individual representatives of corporate suppliers and service providers and individual suppliers)
Purposes of the transfer(s): The data exporter and the data importer are sharing personal data for the purposes of the data importer providing an expert professional opinion relevant to an ongoing claim; the data importer negotiating insurance contracts with the data exporter in its capacity as a provider of insurance brokerage services; the data importer evaluating risk relating to a reinsurance treaty entered into with the data exporter.
Categories of data:
Insured Person Data: name, address, telephone number, email address, policy number, relationship to the policyholder, details of policy including insured amount, exceptions etc., previous claims, gender, date of birth, vehicle registration number, professional history or CV, schedule of possessions, property construction, physical condition, security, fire protection and value
bank account details or credit card data used for billing
Claimant Data: policy number, relationship to the policyholder/insured person, details of policy including insured amount, exceptions etc., previous claims, details of incident giving rise to claim, vehicle registration number
Business Partner Data: name, work address, work email, work telephone numbers, job title, interests / marketing list assignments, record of permissions or marketing objections, website data (including online account details, IP address and browser generated information)
Recipients: The personal data may be disclosed to group companies and to third party companies which are contracted to provide relevant services under the instruction of the data importer, where reasonably required for the purposes of the transfer outlined above.
Sensitive data (if appropriate):
Health Data (physical and mental conditions, medical history and procedures, relevant personal habits (e.g. smoking, alcohol consumption), details of injury, medical report
Criminal Data (driving offences, unspent convictions), driving offences, police reports