By continuing with the log-in You confirm You have also read and accepted the terms and conditions as set out below.
We are Kennedys Law LLP. Our company number is OC 353214 and our registered office is at 25 Fenchurch Avenue, London EC3M 5AD. (“We”, “Us”, “Our” or “Kennedys Law LLP”)
You are the Customer or User (“You”, “Your” or “the User”) each a “Party” together the “Parties”.
We will allow You (non-exclusive) access to and use of the Client Lounge web-based application, in order to access certain details of Client Matters on the terms set out in this agreement. This Agreement can only be terminated in accordance with clause 11.
Permitted Software Use. You and Your Authorised End Users must comply with Our Software Use Terms contained at Schedule A. You are responsible and liable for all acts and omissions of Your Authorised End Users. We encourage you to share Our Software Use Terms with Your Authorised End Users.
Your Additional Obligations. You Will:
- employ measures to prevent against unauthorised use of or access to the Software;
You Will not, without Our prior written consent:
- sub-license, assign or novate this Agreement, or deal with Your rights or obligations under this Agreement;
- allow a competitor of Kennedys Law LLP access to or use of the Software as a result of Your takeover or acquisition of such entity such that it forms part of Your Group;
- allow the Software to become the subject of any charge, lien or encumbrance.
We may:
- suspend and/or change log-in details at any time for security reasons;
- enter into similar agreements with third parties;
- independently develop, sell and/or license products or services similar to those provided under this Agreement;
- Update or change the design, format or content of the Software at any time. We will give You reasonable notice of these changes if we consider they will materially affect Your usage of the Software; and
- sub-license, assign, novate, charge or deal with any of Our rights and obligations under this Agreement.
What you’ll receive. We will provide the Client Lounge Application and access credentials in accordance with this Agreement including:
- Software availability & when we’ll do maintenance. The Client Lounge Application will be available during Normal Business Hours (09:00 to 17:30) except when Emergency Maintenance that couldn’t be provided outside of Normal Business Hours or Planned Maintenance is being carried out.
- Maintenance Releases. We will provide You with Maintenance Releases generally made available to other Software users and ensure (via updates) that the Software keeps pace with relevant legal requirements, rules and/or regulations where it is providing guidance on such.
- Notifying us of any problems. You and Your Authorised End Users must immediately notify Us as soon as you become aware of any issues, faults, errors or problems with the Software by contacting your Kennedys partner.
The protection of data is of the utmost importance to Us. We are always working to ensure we handle data collected by our technology products safely and in line with the law, so that You remain compliant when using our technologies.
General obligations. We and You will comply with our obligations under this clause 6 plus all data obligations as set out in Schedule C. This clause and any data obligations in Schedule A will be read together.
Our Status. We and You will each be independent Data Controllers of the data each Party enters onto Client matters or via Client Lounge.
Complying with Data Protection Laws. We and You will comply with our obligations under any Data Protection Laws when processing Personal Data.
Data Supply & Quality Control. You warrant that You:
- are entitled to transfer relevant Personal Data to Us and that We may process that data on Your behalf; and
- will identify inaccuracies and errors in the Personal Data supplied in connection with the Software and promptly notify Us of any inaccuracy or error in, or amendment or correction required to, that data.
Data Processing boundaries. We will:
- process the Personal Data supplied in order to provide You with access to the data as set out in Schedule C;
- ensure Personal Data is only accessed and processed by Our officers, employees, agents and/or contractors who need access to the data for performing obligations under this Agreement, and that they are subject to the duty of confidentiality; and
- not transfer Personal Data outside the EU, unless necessary to perform Our contractual obligations under this Agreement and in such circumstances We will ensure the parties to that transfer (including to any Kennedys Group Firms) agree to the Standard Contractual Clauses prior to the transfer taking place.
Nothing in this clause 6 will prevent Us from complying with requirements under EU or EU member state law to process (or not process) Personal Data.
Data Security Measures. We will:
- take all Appropriate Security Measures to keep Personal Data secure against accidental or unlawful destruction, loss or alteration or unauthorised disclosure or access;
- keep an inspectable record of all Our officers, employees, agents and/or contractors who have access to the Personal Data;
- promptly notify You if We become aware of any personal data breach which involves the Personal Data; and
- promptly delete or destroy all copies of the Personal Data in Our possession or control when We no longer require it for performing Our obligations under this Agreement, or agreement with any Kennedys Group Firms with You, or other commercial reason.
Data Subject Requests & Rights. You must promptly notify Us of any rectification, erasure or restriction of processing of any Personal Data required or carried out in accordance with data subject rights under Data Protection Laws.
Subprocessing. We will not engage a Subprocessor without Your prior agreement. If We do the agreement between Subprocessor and Us will comply with article 28(3) of the GDPR and We will not be relieved of any of Our liabilities or obligations under this Agreement.
Restricted Transfers received from You. If any transfer of data from the You to Us or any Subprocessor is a Restricted Transfer, You and We hereby enter into the Standard Contractual Clauses in respect of that Restricted Transfer and upon its occurrence. This clause will only apply to the extent it allows the Restricted Transfer to take place without breach of applicable Data Protection Laws.
Assisting You with data compliance tasks. In respect of the Personal Data we hold, at Your expense, We will help You:
- to respond to data subject requests made under GDPR;
- notify any personal data breach to the competent supervisory authority and to affected data subjects;
- conduct data protection impact assessments; and
by allowing audits and inspections of the Software and data stored within Normal Business Hours. Such actions must not interfere with Our operations.
Our Privacy Notice. Our Privacy Notice is contained at https://kennedyslaw.com/notices/privacy-notice/. This sets out information about our privacy practices in relation to our Software.
Purpose of software. You acknowledge and agree that:
- the Software is designed to allow for the addition, deletion and searching of certain data;
- the Software and its content is not intended to amount to advice on which You (or any third party) should rely;
- Kennedys Law LLP will not be liable to You (or any third party) for the content or for any consequence of the use of the Software, including the outcome of any claim or incident processed using the Software;
- You and Your Authorised Users will be solely responsible for the accuracy of all information entered into the Software and the content of any product of the Software (for example claim documentation);
- all information You and Your Authorised End Users enter into the Software will comply with Our Software Use Terms contained at Schedule A; and
any other conditions, warranties or terms that might have effect (whether incorporated/implied by statute, common law or otherwise) are hereby excluded; including those regarding satisfactory quality, fitness for purpose or the use of reasonable skill and care.
Claims. You indemnify Us against all claims, actions, losses, damages, expenses and costs arising out of or in connection with:
- Your or Your Authorised End Users’ unauthorised, improper or unlawful use of the Software and any breach of Our Software Use Terms contained at Schedule A;
- claims by a third party on whose behalf You have processed a claim or incident using the Software;
- breach of Your Data Protection Obligations;
Your or Your Authorised End Users’ infringement of IPR in (or via) the Software.
Limits. We shall have no liability for direct or indirect losses, damages, expenses or costs suffered by You (or any party claiming under or through You);
arising from or in connection with:
- use of or inability to use the Software;
- reliance on any content of the Software;
- failure to take professional advice ;
- a failure to provide the Software on or before the agreed Start Date (which for the avoidance of doubt shall be treated as approximate);
and/or which fall within these categories:
- special loss or damage;
- loss of profit, sales, revenue or business;
- loss of anticipated savings;
- loss of business opportunity;
- loss of goodwill or reputation;
- loss or corruption of data; or
- business interruption.
Authorised End User Claims. We will have no liability for any claims brought by or losses damages expenses or costs suffered by Your Authorised End Users.
Cap. Our total liability shall not exceed £3 million whether in contract, tort, misrepresentation or otherwise.
Reliance on this Agreement only. You will have no remedy in respect of representations made other than the express terms of this Agreement. We shall have no liability other than in accordance with the express terms of this Agreement.
Exclusions. Neither You nor We may exclude liability for:
- death or personal injury caused by negligence;
- fraud or fraudulent misrepresentation;
- breach of section 12 of the Sale of Goods Act 1979; or
other liabilities that may not be excluded by law.
Scope. References to Us shall for the purposes of this clause be treated as including all Our employees, subcontractors, suppliers and Affiliates.
Owner. All IPR in the Software, Maintenance Releases and any product belong to Us absolutely. You will not dispute that position even after termination or expiration of this Agreement.
New IP. Any new inventions, designs or IPR created by Us during the provision of the Software shall belong to Us absolutely. At Our expense, You will execute documents and acts necessary to vest such rights in Us.
Use Claims. We will handle (at Our complete discretion) any claim or action brought against You alleging Your possession or use of the Software infringes the UK IPR of a third party (“Use Claim”), and will be responsible for reasonable losses, damages, costs and expenses incurred as a result. This clause will not apply if the Use Claim relates to possession or use of the Software:
- other than in accordance with this Agreement;
- in combination with hardware or software not provided by Us; or
- in a non-current release or version.
Use Claim handling conditions. Our obligations in respect of Use Claims are conditional on You:
immediately notifying Us in detail of the Use Claim;
- taking the action We reasonably request to avoid, dispute, settle or defend the Use Claim;
- supplying Us (and Our professional advisers) with:
- all information under Your control required to assess and handle the Use Claim;
- access to Your employees, representatives, advisers and contractors (upon reasonable notice) for the purposes of examining them about the Use Claim; and
- not making any admission of liability, agreement or compromise without Our prior written consent;
Options after a Use Claim. If a Use Claim is made against You, We may at Our expense and absolute discretion provide one or multiple of the following remedies:
- modify the Software to avoid infringement;
- replace the Software with non-infringing software;
- procure the right for You to continue use of the Software;
- vary this Agreement to avoid infringement; or
- terminate this Agreement (in whole, or in part if You have selected to use various Selected Tools and the Use Claim is not made in relation to the entirety of the Software and/or Selected Tools being used under this Agreement) immediately and refund any Fees You have paid in relation to the infringing Software as at the date of termination less a reasonable sum in respect of Your use of the infringing Software to the date of termination.
Exclusive remedy. This clause 11 constitutes Your exclusive remedy and Our only liability in respect of Use Claims. Our liability is also subject to the cap in clause 9.
Non-fault. We may terminate this Agreement at any time via the submission of a Quit Notice to You. You may terminate this Agreement at any time after expiry of the Term via the submission of a Quit Notice to Us. This Agreement will terminate four (4) months after receipt of a Quit Notice by the other party.
Fault.
Either You or We may terminate with immediate effect upon submitting a Quit Notice to the other party if:
- the other party commits a material breach of this agreement and that breach cannot be remedied, or if it can be remedied is not remedied within a period of 60 days after being asked to do so in writing;
- the other party suspends, or threatens to suspend, payment of amounts due;
- the other party is unable to pay its debts as they fall due or admits inability to pay its debts or is deemed unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986;
- the other party commences negotiations with creditors with a view to rescheduling its debts, or makes a proposal for or enters into any arrangement with its creditors (other than solvent restructuring);
- a petition is filed, notice is given, a resolution is passed, or an order made, for or in connection with the winding up of that other party (other than solvent restructuring);
- an application is made to court, or an order made, for the appointment of an administrator, or if a notice of intention to appoint an administrator is given or if an administrator is appointed, over the other party;
- the holder of a qualifying floating charge over the assets of that other party has become entitled to appoint or has appointed an administrative receiver, or a person becomes entitled to appoint a receiver over the assets of the other party or a receiver is appointed over the assets of the other party;
- a creditor or encumbrancer of the other party attaches or takes possession of, or a distress, execution, sequestration or other such process is levied or enforced on or sued against, the whole or any part of the other party’s assets and such attachment or process is not discharged within 14 days;
- any event occurs, or proceeding is taken, with respect to the other party in any jurisdiction to which it is subject that has an effect equivalent or similar to any of the events mentioned in this clause 14.2; or
- the other party suspends or ceases, or threatens to suspend or cease, carrying on all or a substantial part of its business.
What happens on termination. Upon termination for any reason: all rights granted to You and the activities authorised under this Agreement shall cease. Any sums due shall immediately become payable. We will delete Your data from the Software upon termination, although you acknowledge that Your data will be retained on Our backup systems.
Termination will not affect other contractual rights. Termination or expiry shall not affect any rights, remedies, obligations or liabilities that have accrued up to the date of termination or expiry, including the right to claim damages in respect of any breach of the Agreement which existed at or before the date of termination or expiry.
Clauses that continue after termination. Any provision expressly or by implication intended to come into or continue in force on or after termination shall remain in full force and effect, this includes: (Data Protection – Clause 6) (Warranties – Clause 7), (Indemnity – Clause 8), (Liability – Clause 9) (Dispute Resolution – Clause 12) and (Termination – Clause 11).
Procedure. If a Dispute arises, You and We will follow this procedure:
Notice. Provide the other party with a written notice of the Dispute that sets out its nature and full particulars (“Dispute Notice”), together with supporting documents.
First Meeting. Within 14 days of providing the Dispute Notice, Our authorised representatives will meet with Yours either via phone, online or in person in an attempt to resolve the Dispute.
Second Meeting. If the Dispute cannot be resolved at, or within 14 days of, the first meeting described above Our Board level representatives will meet with Yours either via phone, online or in person within 14 days in an attempt to resolve the Dispute.
Third Meeting. If the Dispute cannot be resolved at, or within 14 days of, the second meeting described above Our authorised representatives will meet with Yours together with legal teams either via phone, online or in person within 14 days in an attempt in good faith to resolve the Dispute.
Mediation. If the Dispute cannot be resolved at, or within 14 days of, the third meeting described above You and We will attempt mediation in accordance with the Centre for Effective Dispute Resolution (CEDR) Model Mediation Procedure. To initiate mediation, You or We must serve notice in writing (“Mediation Notice”) to the other. Unless otherwise agreed, the mediator shall be nominated by CEDR, and the mediation will start no later than 14 days after the date of the Mediation Notice.
Contractual obligations continue. All obligations under this Agreement will continue in force whilst any Dispute is being resolved unless agreed otherwise in writing.
Claims moratorium. Neither You nor We may commence legal proceedings in relation to a Dispute until the procedure in this clause 12 has been exhausted and until 14 days after conclusion of an unsuccessful Mediation, or until all efforts have been made to exhaust the obligations under this clause 12.
Enforcement. Only the Parties may enforce the terms of this Agreement subject to this Agreement and the Contracts (Rights of Third Parties) Act 1999. Although, We will owe no duty to any Affiliates.
No third party permission needed. Yours and Our rights to terminate, rescind or agree any variation, waiver or settlement under this Agreement are not subject to the consent of any person not a party to this Agreement.
Waiver. Failure or delay to exercise (or partial exercise of) any right or remedy under this Agreement or by law will not constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy.
Remedies available. Except as stated in this Agreement, the rights and remedies provided under this Agreement are in addition to any rights or remedies provided by law.
Entire agreement. This Agreement contains the whole agreement between the You and Us relating to the supply and use of the Software, and supersedes all and any prior agreements, arrangements and understandings between You and Us, relating to that subject matter including in relation to any prior use by You of the Software, or previous versions.
Variations. We may amend this Agreement from time to time including to comply with changes to legislation, in response to Software and product updates and to improve our customers‘ position. We will give You notice in accordance with clause 14 if We consider it likely that any amendment to these terms will have a materially adverse effect on Your position.
Severance. If any part of this Agreement is or becomes invalid, illegal or unenforceable, You and We will negotiate in good faith to amend such provision so that amended it is legal, valid and enforceable, and achieves the intended commercial result of the original provision as far as possible. If no agreement on an amendment can be reached the relevant part shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If that is not possible, the relevant part shall be deemed deleted. Any modification or deletion under this clause shall not affect the validity and enforceability of the rest of this Agreement.
No Partnership or Agency. Nothing in this Agreement is intended to, or shall be deemed to, establish any partnership or joint venture between You and Us or any other parties, constitute any party the agent of another party, or authorise any party to make or enter into any commitments for or on behalf of any other party. You and We confirm to be acting on our own behalf and not for the benefit of any other person.
Force Majeure. Neither You nor We will be in breach of this Agreement nor liable for delay in performing, or failure to perform, any obligations under this Agreement if such delay or failure results from events, circumstances or causes beyond its reasonable control. In such circumstances the affected party shall be entitled to a reasonable extension of time for performing its obligations. If the period of delay or non-performance continues for three (3) months, the party not affected may terminate this agreement by giving thirty (30) days’ written notice by way of a Quit Notice to the affected party.
Notices. Any notice given shall be in writing and delivered to a party either:
by email;
- in the case of notice from You to Us, to your Kennedys partner.
- In the case of notice from Us to You to the main contact email address We have been provided with;
or next day delivery post at its principal place of business
Any notice must be marked urgent and contain the heading ‘Urgent: Kennedys Law LLP - Client Lounge’. Unless the sender of a notice by email receives any notice of non-deliverance, notice provided by email will be deemed received at 9.00 am the following working day after it has been sent. Notice via next day delivery post will be deemed received at 9.00 am on the second working day after posting or at the time recorded by the delivery service (where applicable). This clause does not apply to the service of proceedings.
Anti-Bribery. You and We will:
- comply with all applicable laws, regulations, and codes relating to anti-bribery and anti-corruption;
- not engage in any activity, practice or conduct which would constitute an offence under sections 1, 2 or 6 of the Bribery Act 2010 if such activity, practice or conduct had been carried out in the UK; and
- immediately report to each other any request or demand for any undue financial or other advantage of any kind received in connection with the performance of this Agreement.
Governing Law and Jurisdiction. This Agreement and any dispute, Dispute, or claim arising out of or in connection with it shall be governed by and construed in accordance with the laws of England and Wales. You and We irrevocably agree that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute, Dispute or claim arising out of or in connection with this Agreement.
By continuing with the log-in You confirm You have also read and accepted the terms and conditions as set out on this page.
SCHEDULE A – Software use terms
Obligations. You and Your Authorised End Users Will:
- ensure Software log-in details are treated as and kept confidential and secure against unauthorised use;
- notify Us as soon You become aware of any unauthorised Software access via you Kennedys partner.
- acknowledge Our status as the authors of the content displayed and generated by our Software;
- be solely responsible for securing and backing up all information contained within material committed to our Software;
- be responsible for configuring Your information technology, computer programmes and platforms to access our Software and should use your own virus protection software;
- only link to our Software in a way that is fair and legal and does not damage Our reputation or take advantage of it;
- ensure any material committed to the Software is: accurate (where facts stated), genuinely held (where opinions stated), and complies with applicable law in the country from which it is committed.
Will not:
- transfer or assign any rights afforded under this agreement (for example, access rights);
- disclose log-in details or other security details to unauthorised third parties;
- disclose confidential or commercially sensitive details contained within the Software (for example details concerning a claim or incident being processed via Our Software) to unauthorised third parties;
- (and will not permit any third party to) copy, adapt, reverse engineer, decompile, disassemble, modify, adapt or make error corrections to, or extract any of the functionality, design logic, rules or scoring methods used by, the Software in whole or in part, or attempt to undertake such actions;
- access without authority, or interfere with: any part of the Software; equipment or network on which Software is stored; software used in the provision of the Software; or equipment or network or software owned by or used by any third party;
- do anything that may damage, interfere with, disrupt access to or impair the functionality of the Software;
- store on, distribute or transmit via the Software any virus or unlawful, harmful, discriminatory, threatening, explicit, defamatory or obscene material. We do not guarantee that our site will be secure or free from bugs or viruses;
- use the Software in any way (including the commitment of any material to the Software) that is or attempts to be unlawful under local, national or international law or regulation, harmful, discriminatory, deceitful, a breach of a duty owed, hateful, violent, impersonating of another, giving the impression it emanates from Us, threatening, causing of anxiety, explicit, defamatory or obscene. This includes actions that promote such things;
- use the Software to send or procure the sending of advertising or promotional material;
- rely on the content produced by Our Software as if it were professional advice;
- use, copy (including screenshot), or download material, product or content displayed via the Software for purposes other than those permitted under this Agreement;
- modify any material or content printed, screenshotted or downloaded from the Software in anyway, except with Our prior permission;
- build a product or service which competes with or is similar to the Software within (4) years of the Start Date;
- use the Software, content or product generated by the Software (excluding court documents) to provide services to third parties;
- link to Our Software:
- in such a way as to suggest any form of association where none exists;
- in any website that is not owned by You; and/or
- in order to frame our Software on any other site. - allow or assist third parties (including competitors of Kennedys Law LLP or other insurers) to use or access the Software, without Our prior permission, including via:
- technology that links to the Software; or
- notifications and/or messages from the Software.
Our Rights.
We may determine at Our discretion whether there has been a breach of this Schedule A or a failure to follow these terms and take such action We deem appropriate, which may include but is not limited to any/all of the following:
- disabling user accounts (including changing passwords);
- withdrawal of Yours or Your Authorised End User’s right to use the Software;
- removal of any material committed to the Software;
- issue of a warning to You or Your Authorised End Users;
- disclosure of Your or Your Authorised End Users details to any third party who claims any content committed to the Software is a breach of their IPR or privacy rights;
- appropriate legal action and disclosure of such information to law enforcement authorities where We consider reasonably necessary;
We exclude all liability for actions taken under this section of Schedule A. Any breach of Schedule A will be a material breach of the Agreement. We may amend Schedule A at any time after providing You with reasonable notice;
We may disable user accounts and change log-in details for security reasons, including when We consider there to have been an actual or threatened breach of Data Protection Laws or unauthorised use of the Software, without incurring any liability to You.
SCHEDULE B – Interpretation
Capitalised terms in this Agreement will have the following meaning.:
Agreement: means these General Terms and Conditions (which includes all Schedules);
Affiliates: means any business entity from time to time controlling, controlled by, or under common control with, either party. For the purpose of this definition, a business entity shall be deemed to “control” another business entity if it owns, directly or indirectly, in excess of 50% of the outstanding voting securities or capital stock of such business entity, or any other comparable equity or ownership interest with respect to a business entity other than a corporation.
Authorised End User(s): any officers, employees and/or contractors of the User who are authorised by the User and Kennedys LLP to use the Software.
Confidential Information: means, in relation to either Party, information which is disclosed to that Party by the other Party pursuant to or in connection with this Agreement (whether orally or in writing or any other medium, and whether or not the information is expressly stated to be confidential or marked as such), and in relation to You in particular, information which is related to the You, Your Affiliates, policyholders, beneficiaries, employees, and all other related persons;
Client Data: means data (including claims data) which You agree You will supply to Us under this Agreement and which includes Client Personal Data.
Client Personal Data: means any Personal Data which You provide to Us, or which You hold and allows Us to access or copy.
Data Protection Obligations: means all obligations in respect of data protection as set out in this Agreement.
Data Protection Laws: means the EU Data Protection Laws, and any other privacy or data protection laws (including any statutes, regulations, by-laws, ordinances, mandatory codes of conduct or rules of common law or equity) which applies to the relevant Party.
Dispute: a dispute arising out of or in connection with this Agreement or the performance, validity or enforceability of it and which must be handled in accordance with clause 12
Dispute Notice: means as set out at clause 12.
EU Data Protection Laws: means the EU Directive 95/46/EC as transposed onto national legislation of each EU member state and as amended, replaced, or superseded from time to time, including by the GDPR, and any EU member state law which modifies the application of the GDPR.
Group: means any company or entity part of Your group of authorised to use Your trading name.
GDPR: means EU General Data Protection Regulation 2016/679.
Intellectual Property Rights: means any patents, utility models, rights to inventions, copyright and related rights, trade-marks and service marks, trade names and domain names, rights in get-up, goodwill and the right to sue for passing off or unfair competition, rights in designs, rights in computer software, database rights, rights to preserve the confidentiality of information (including know-how and trade secrets) and any other intellectual property rights, including all applications for (and rights to apply for and be granted), renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist, now or in the future, in any part of the world.
Mediation Notice: means as set out in Clause 12.
Normal Business Hours: means 09:30 to 17:30 Monday to Friday, excluding UK Bank Holidays and Public Holidays or in respect of jurisdictions outside of the UK, as agreed between the parties.
New Version: means any new version of the Software which from time to time is publicly marketed and offered for purchase by Us in the course of Our normal business, being a version which contains such significant differences from the version(s) being licensed under this Agreement as to be generally accepted in the marketplace as constituting a new product.
Software: means the Client Lounge Application.
Software Use Terms: means the terms as set out in Schedule A.
Start Date: means the date upon which Kennedys Law LLP will use commercially reasonable efforts to either provide you with access to the Software or begin working on providing You with access to the Software.
Term: means the period for which access to the Software will be given.
Quit Notice: means as set out in clause 11 and which must comply with the provisions of clause 14
Virus: means viruses, Trojan horses, worms, time-bombs, keystroke loggers, spyware, adware or any other harmful programs or similar computer code designed to adversely affect the operation of any computer software or hardware
Appropriate Security Measures: means any technical and organisational measures to protect Personal Data that are necessary to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
EU: means the European Union.
Kennedys Group Firms: means Kennedys Law LLP or any firm authorised by Kennedys Law LLP to use the name “Kennedys”. A full list of Kennedys Group Firms is available at www.kennedyslaw.com/regulatory.
Personal Data: means any personal data (as that term is defined in the GDPR) provided to Us by You or Your Authorised End Users or accessed or obtained from You or Your Authorised End Users by Us under or in connection with this Agreement.
Restricted Transfer: means a cross-border transfer of Personal Data: (a) from You to a Contracted Processor; or (b) from one Contracted Processor to another Contracted Processor or between two establishments of a Contracted Processor, where such transfer would be prohibited by Data Protection Laws unless the parties to that transfer agree to the Standard Contractual Clauses.
Standard Contractual Clauses: means the standard contractual clauses (controller to processor and controller to controller) approved by EC Decision 2010/87/EU, as amended, replaced, or superseded from time to time, including by an equivalent decision under the GDPR.
Subprocessor: means any person appointed by Us to process Personal Data on Your behalf (including any third party or any Kennedys Group Firm but excluding employees or individuals).
“Data subject”, “personal data”, “data controller”, “processing”, “process” and “appropriate technical and organisational measures” shall have the meanings given to those terms in the this Agreement or if not defined in this Agreement the meanings given to those terms in the UK Data Protection Act 2018 and the General Data Protection Regulation, Regulation (EU) 2016/679 (“GDPR”).
SCHEDULE C - Data Protection
Definitions
For the purposes of this schedule:
“personal data”, “special categories of data/sensitive data”, “process/processing”, “controller”, “processor”, “data subject” and “supervisory authority/authority” shall have the same meaning as in Directive 95/46/EC of 24 October 1995 (whereby “the authority” shall mean the competent data protection authority in the territory in which the data exporter is established);
“the data exporter” shall mean the controller who transfers the personal data;
“the data importer” shall mean the controller who agrees to receive from the data exporter personal data for further processing in accordance with the terms of these clauses and who is not subject to a third country’s system ensuring adequate protection;
DATA PROCESSING PRINCIPLES
1. Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described below or subsequently authorised by the data subject.
2. Data quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed.
3. Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporter.
4. Security and confidentiality: Technical and organisational security measures must be taken by the data controller that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, presented by the processing. Any person acting under the authority of the data controller, including a processor, must not process the data except on instructions from the data controller.
5. Rights of access, rectification, deletion and objection: As provided in Article 12 of Directive 95/46/EC, data subjects must, whether directly or via a third party, be provided with the personal information about them that an organisation holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporter. Provided that the authority has given its Prior Approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer or other organisations dealing with the data importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual would be violated. Data subjects must be able to have the personal information about them rectified, amended, or deleted where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organisation may require further justifications before proceeding to rectification, amendment or deletion. Notification of any rectification, amendment or deletion to third parties to whom the data have been disclosed need not be made when this involves a disproportionate effort. A data subject must also be able to object to the processing of the personal data relating to them if there are compelling legitimate grounds relating to their particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority.
6. Sensitive data: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under clause II.
7. Data used for marketing purposes: Where data are processed for the purposes of direct marketing, effective procedures should exist allowing the data subject at any time to "opt-out" from having their data used for such purposes.
8. Automated decisions: For purposes hereof "automated decision" shall mean a decision by the data exporter or the data importer which produces legal effects concerning a data subject or significantly affects a data subject and which is based solely on automated processing of personal data intended to evaluate certain personal aspects relating to them, such as their performance at work, creditworthiness, reliability, conduct, etc. The data importer shall not make any automated decisions concerning data subjects, except when:
a) i. such decisions are made by the data importer in entering into or performing a contract with the data subject; and
ii. the data subject is given an opportunity to discuss the results of a relevant automated decision with a representative of the parties making such decision or otherwise to make representations to that party; or
b) where otherwise provided by the law of the data exporter.
DESCRIPTION OF THE TRANSFER
Data subjects:
Insured Persons: (including policyholders, covered or named persons and persons related to a corporate policyholder)
Claimants: (including policyholder claimants and third party claimants)
Business Partner: (including insurers, brokers, solicitors, medical experts, accountants, loss adjusters, individual representatives of corporate suppliers and service providers and individual suppliers)
Purposes of the transfer(s): The data exporter and the data importer are sharing personal data for the purposes of the data importer providing an expert professional opinion relevant to an ongoing claim; the data importer negotiating insurance contracts with the data exporter in its capacity as a provider of insurance brokerage services; the data importer evaluating risk relating to a reinsurance treaty entered into with the data exporter.
Categories of data:
Insured Person Data: name, address, telephone number, email address, policy number, relationship to the policyholder, details of policy including insured amount, exceptions etc., previous claims, gender, date of birth, vehicle registration number, professional history or CV, schedule of possessions, property construction, physical condition, security, fire protection and value
bank account details or credit card data used for billing
Claimant Data: policy number, relationship to the policyholder/insured person, details of policy including insured amount, exceptions etc., previous claims, details of incident giving rise to claim, vehicle registration number
Business Partner Data: name, work address, work email, work telephone numbers, job title, interests / marketing list assignments, record of permissions or marketing objections, website data (including online account details, IP address and browser generated information)
Recipients: The personal data may be disclosed to group companies and to third party companies which are contracted to provide relevant services under the instruction of the data importer, where reasonably required for the purposes of the transfer outlined above.
Sensitive data (if appropriate):
Health Data (physical and mental conditions, medical history and procedures, relevant personal habits (e.g. smoking, alcohol consumption), details of injury, medical report
Criminal Data (driving offences, unspent convictions), driving offences, police reports