These terms are applied to all services provided from 23rd october 2019.
Click here to view our previous terms and conditions.
Click here to download these terms and conditions in Microsoft Word Format:
Xanda-Terms-Conditions
Xanda Ltd. General Terms and Conditions.
Any contract between Xanda Limited (“Xanda”) and a person, firm or company who purchases goods from or engages the services of Xanda (“Client”), for the sale and purchase of any goods or for the supply of any services agreed in the contract to be supplied to the Client by Xanda (“Services”) (“Contract”) shall be in accordance with these terms and conditions and with the additional terms set out in the Specification Document produced by Xanda, to the exclusion of all other terms and conditions and the Client is deemed to have accepted these Terms and Conditions and the terms of the Specification Document upon signing the Specification Document.
These terms and conditions may change from time to time. Where appropriate, Xanda will notify the Client of any changes by mail or email. Any variation to these terms and conditions and any representations about the Services shall have not be binding on Xanda unless expressly agreed in writing and signed by a director of Xanda. These terms and conditions apply to the exclusion of all other terms or conditions which the Client may purport to apply. These terms and conditions supersede any and all previous agreements made between the parties and shall remain in place for all future dealings until superseded or variations are made and agreed in writing by the parties. The Client acknowledges that it has not relied on any statement, promise or representation made or given by or on behalf of Xanda which is not set out in the Specification Document. Nothing in this condition shall exclude or limit Xanda’s liability for fraudulent misrepresentation.
Definitions:
- Bug: Any fault, error or malfunction in software which materially affects the operation of that software or associated website.
- Cancellation Fees: The sums payable by the Client in the event that it decides not proceed with the Project set out in the Specification;
- Client Testing: The process of testing conducted by the client in advance of launch to identify bugs and any Project inadequacies.
- Data Processing Agreement: The data processing agreement entered into between the parties on or about the date of the Contract.
- Data Protection Legislation: The Data Protection Act and the General Data Protection Regulation (“GDPR”) (unless and until the GDPR is not applicable in the UK), each as amended and/or updated from time to time.
- Data Protection Policy: The data protection policy of Xanda setting out Xanda’s compliance with the Data Protection Legislation, as amended and/or updated from time to time.
- Development: The design, write, and build of the Project by the means and programming language that Xanda deems appropriate including the use of third party and open source solutions.
- Fees: such charges and fees payable by the Client to Xanda as set out in the Specification
- Hosting Services: The services provided by Xanda or Xanda’s nominee required for data to be stored, transferred and/or made available over the Internet.
- Intellectual Property Rights: All patents, rights to inventions, utility models, copyright and related rights, trademarks, service marks, trade, business and domain names, rights in trade dress or get-up, rights in goodwill or to sue for passing off, unfair competition rights, rights in designs, rights in computer software, database rights, topography rights, moral rights, rights in confidential information (including know-how and trade secrets) and any other intellectual property rights, in each case whether registered or unregistered and including all applications for and renewals or extensions of such rights, and all similar or equivalent rights or forms of protection in any part of the world.
- Maintenance Services: The services for the maintenance of the Project or provision of any and all continuous services as detailed in the specification.
- Malware: An unauthorised computer program of any kind which is designed to cause or which is likely to cause damage to the Project or any data or functions of the specification.
- Materials: Any materials incorporated where appropriate for the Project including without limitation those listed in the Specification. Including, but not limited to, domains, data, code, images, videos, texts, sounds, logos, translations, and any other digital or real world material.
- Parties: Xanda and the Client together.
- Project: The project for which Xanda Services are engaged by the Client in accordance with the Specification.
- Renewable Service: Any product or service provided by or through Xanda that requires renewal after a specified term.
- Services: The services to be provided by Xanda under this agreement as set out in the Specification together with any other services which Xanda provides or agrees to provide to the Client.
- Specification: The Specification Document or Agreement or Spec, being the Contract made between Xanda and the Client and setting out the specification of Services to be provided by Xanda.
- Third party service: Any software, product or service required for the Project not developed exclusively by Xanda.
Operative Provision
In consideration of the payment by the Client to Xanda of the Fees Xanda agrees to provide the Services in accordance with and subject to these terms and conditions and in accordance with the remittance advice and additional provisions set out in the Specification. Time for payment shall be of the essence of this agreement.
No Poaching
Both parties undertake that each will not for a period of two years from the termination of this Agreement entice away or endeavour to entice away from the other party any employee of such other party. Each party acknowledges that the prohibition and restriction contained in this clause are reasonable in the circumstances and necessary to protect the business of the other party.
Intellectual Property
- All Intellectual Property Rights of whatever nature or material devised by Xanda will vest in and belong to Xanda free of any interest of the Client or any third parties. The Client will do such acts as Xanda may reasonably require in order to effectively vest such rights in Xanda or to evidence the same.
- Xanda will grant to the Client a non-exclusive right and licence to use the intellectual property developed as a result of this agreement for the duration of the license period detailed in the specification. Where no license period is specified, no license is granted.
- The Client hereby grants to Xanda a nonexclusive royalty free licence to use the Materials for the purposes of this Agreement.
If the Client has elected to purchase “IP Transfer” and this is listed in the Specification and paid in full, following Intellectual Property Variation will supersede the above Intellectual Property clause and apply;
[start – Intellectual Property Variation for Clients who have purchased “IP Transfer”
Pre-Existing IP
Xanda retain ownership of its Pre-Existing IP and nothing in this Agreement transfers ownership of any Pre-Existing IP of a party to any other party.
Xanda grants to the Client a perpetual, irrevocable, transferable, worldwide and royalty-free licence to use, copy, modify and adapt such Pre-Existing IP to the extent it is relevant to the Project.
Ownership of Developed IP
Xanda assigns to the Client all right, title and interest (including all Intellectual Property Rights) in the Developed IP (including as a present assignment of future copyright) and the Materials. – end]
- The Client hereby warrants that it has or has obtained all necessary rights, permissions and licences for the use of the Materials supplied to Xanda and that it is fully entitled to grant to Xanda the rights in the clause above.
- The Client undertakes to Xanda to indemnify and hold harmless Xanda in full and defend at its own expense Xanda against all costs and losses whatsoever and howsoever incurred by Xanda its servants or nominees arising out of any claim made against it or any of them in any jurisdiction in the world for infringement of any Intellectual Property Rights in the Materials or information or Materials supplied by any third party on websites or software developed for the Client by Xanda or in connection with any service provided by Xanda. It is the Client’s responsibility to moderate any third party submissions and to protect itself with the appropriate indemnity provisions in its own terms and conditions for its customers. Accordingly, all Xanda liability or responsibility for the content of such third party submissions, advertising, information or Materials on any website or software developed by Xanda and any infringement or damage it may cause is hereby disclaimed and excluded to the maximum extent permitted by law.
- The Client further warrants that all material that it supplies to Xanda is free of defamatory and other legally restricted material and it warrants that it shall fully indemnify and defend at its own expense Xanda against all costs and losses whatsoever incurred by Xanda its servants or nominees as a result of any claim made against it or any of them in any jurisdiction in the world as a direct or indirect result of the breach of this clause.
- Notwithstanding the provisions of these Intellectual Property clauses, Xanda shall be afforded full and reasonable credit on the website or software designed by Xanda as the Developer and designer. Xanda will implement this credit and any associated link and wording at its own discretion.
- Notwithstanding the provisions of these Intellectual Property clauses, Xanda shall be entitled to refer, in the course of promoting or demonstrating Xanda, to the Project and Xanda’s involvement in the design, Development and as the provider of the Project.
Specification
- Xanda has prepared the Specification in conjunction with the Client.
- All delivery times set out in the Specification are estimates and cannot be guaranteed.
- Delays arising as a result of waiting for client testing, feedback and any required content or materials will affect the delivery estimates.
- Xanda will work strictly to the Specification only and any functionality that is not in the Specification will not be developed even if the Client believes it is implied or obvious.
- Specification changes may incur additional fees and development time. Please see Specification Adjustment below.
Project Initiation
- The Project will be initiated once:
(i) The Client has signed and returned to Xanda the Specification Document confirming acceptance of the terms and conditions, payment terms, director’s personal guarantee if required and the exact details of the planned development;
(ii) The Client has completed and supplied Xanda with the standing order or direct debit if required; and
(iii) The Client has paid in cleared funds to Xanda the specified deposit.
The following Personal Guarantee shall apply to Clients who elect to pay via spread payments only.
In consideration of Xanda Limited agreeing to provide the Services detailed in the Specification to the Client, I, as a Personal Guarantor irrevocably and unconditionally undertake as follows: (a) that the Client shall pay the Fees to Xanda Limited and shall observe and perform the obligations of this Agreement and that if the Client fails to pay the Fees or to observe or perform any of its obligations, I the Guarantor shall pay on demand to Xanda Limited all monies which are now or at any time in the future due, owing or incurred by the Client to or in favour of Xanda Limited and shall observe and perform the obligations of the Client; and (b) that as a separate and independent primary obligation I the Guarantor shall indemnify Xanda Limited in full on demand against all losses, costs and expenses suffered or incurred by Xanda Limited arising from Xanda Limited making available the services to the Client and the failure by the Client to fully and promptly perform and discharge any of its obligations and liabilities under this agreement.
Customer’s obligations
The Client shall:
(i) co-operate with Xanda and act in good faith in respect to all matters relating to the Project;
(ii) provide, in a timely manner, such Materials and other information as Xanda may require, and ensure that it is accurate in all material respects;
(iii) obtain and maintain all necessary licences and consents and comply with all relevant legislation in relation to the Services, the installation of Xanda’s equipment, the use of Materials and the use of the Client’s equipment in relation to Xanda’s equipment insofar as such licences, consents and legislation relate to the Client’s business, premises, staff and equipment, in all cases before the date on which the Services are to start;
- If Xanda’s performance of its obligations under this agreement is prevented or delayed by any act or omission of the Client, its agents, subcontractors, consultants or employees, Xanda shall not be liable for any costs, charges or losses sustained or incurred by the Client that arise directly or indirectly from such prevention or delay.
- The Client shall be liable to pay to Xanda, on demand, all reasonable costs, charges or losses sustained or incurred by Xanda (including any direct, indirect or consequential losses, loss of profit and loss of reputation, loss or damage to property and those arising from injury to or death of any person and loss of opportunity to deploy resources elsewhere) that arise directly or indirectly from the Client’s fraud, dishonesty, negligence, failure to perform or delay in the performance of any of its obligations under this agreement, subject to Xanda confirming such costs, charges and losses to the Client in writing.
Design
- Xanda will provide the Services as detailed in the Specification.
- Designs will be presented to the Client for approval or amendment. Such approval is to be made within a reasonable time. Once the designs are approved by the Client, Xanda will progress the Project to the next phase.
- Design changes requested after design approval will be subject to additional development time and surcharges.
- Xanda reserves the right to proceed with the Project using the approved designs and to refuse further amendments from the Client after design approval.
Development
- Development will commence once any required approvals are received.
- When ready Xanda will deliver a ‘preview link’ for the Client to complete Client Testing and provide any feedback.
- Feedback that requests alterations to be made to parts of the development that have already been changed as a result of earlier feedback will be subject to surcharges.
- Once all feedback has been addressed the client will provide written acceptance of the system.
- Upon acceptance Xanda will take the required time for internal testing before preparing the Project for launch.
- Subsequent to launch, Bugs will be resolved as part of the maintenance services if specified, alternatively Bug fixing may incur surcharges.
- The Client undertakes to test, accept and install where required any revisions or updates to any developed services.
- Xanda reserves the right to apply surcharges where services are required to address issues caused as a result of the Client’s failure to update to the latest revision or update within a reasonable amount of time.
Specification Adjustment
- Any changes to the Specification will be documented and additional charges may be applied and will require written agreement.
- Subsequent specification changes will require new specification, agreement and may incur additional design and development time and costs.
- Subsequent specification changes may require changes to third party designs, services or features. The Client warrants that they will arrange and confirm any third party changes and will agree and settle any costs for such third party changes.
- Subsequent specification changes will not be initiated until the original specification charges have settled in full. Should spread payments have been agreed the Client will be required to pay the full outstanding balance before the new work can be initiated.
- Xanda may, from time to time and without notice, change the Services in order to comply with any applicable safety or statutory requirements, provided that such changes do not materially affect the nature, scope of, or the charges for the Services.
Renewable Services
- In the event of an environment change or legislation that requires alteration to a delivered system or service it is the Client’s responsibility to instruct Xanda to implement the compliance requirements. Surcharges and extended delivery times may apply.
- Renewable services will be provided for the term as written in the specification and will be subject to renewal.
- Xanda will review the fees charged and specification for any renewable services at the expiration of each term.
- Xanda reserves the right to withdraw renewable services upon expiration.
- Hosting services are provided with limits to bandwidth and disk space as detailed within the specification. Xanda will charge £10 per GB used per month over either allowance. Xanda reserves the right to refuse bandwidth and disk space overages.
- Hosting services are provided as a fully managed, locked-down and secured service. Xanda will not grant to any client or nominated representative:
- Admin / root access
- FTP access
- DNS
- CPanel Access
- CMS / WordPress Admin Access
- Database Access
- Source Code Access
- Where Xanda agrees to release source code / database dumps, a preparation fee will apply.
- Hosting terms commence on the date of delivery of the first Project preview regardless of the domain used unless otherwise defined in the specification. Xanda hosting services are fully managed. Unless otherwise defined in the specification, no direct access will be granted to the client.
- Xanda offers no hosting service up-time guarantee.
- The Maintenance Services shall not include providing a server or server connection.
Third Party Services
- Where required or requested the Project may involve integration with third party services.
- Xanda may refuse requests for integration with a third party service should the service not be compatible or appropriate for any other Xanda provided service.
- Xanda may withdraw integration with a third party service should an alteration result in the service becoming no longer appropriate or compatible.
- Xanda will assume a reasonable integration processes with the third party developer or vendor with sufficient technical support and instruction.
- In the event that a service provided by third party developer or vendor causes error, bugs, delays, security risks or system failures, Xanda will work on a best efforts engagement with the vendor to resolve the issues.
- Xanda reserve the right to withdraw our integration service should we deem the integration process to fail a reasonable standard.
- Should Xanda deem the integration process to not be of a reasonable standard, surcharges may apply for Xanda to correct the necessary bugs and processes to achieve a successful integration or to replace the vendor.
- Should a third party service be upgraded or altered in any way that will require additional time to reintegrate the service surcharges may apply.
- Xanda may withdraw their support and availability of service, and recommend upgrades, where support is withdrawn by vendors or developers for platforms used in the development or on-going delivery of the Project.
- The Client accepts and understands that search engine listings, services and results are entirely outside of the control of Xanda.
- Xanda cannot guarantee the results or performance of any third party service.
Bugs & Malware
- All software created by Xanda is checked for Malware using professional anti-malware programs, Xanda accepts no liability for any malware discovered.
- The Client acknowledges that software is rarely wholly free from bugs. Xanda will endeavour to test their developments to identify and resolve bugs but can give no warranty or representation that the Project will be wholly free from bugs.
- Xanda does not warrant or represent that the Project will work in any other hardware or software environment other than that as provided by or supplied to Xanda on the date of launch.
- Xanda does not warrant or represent that the Project will be compatible with any application, program or software not specifically identified in the specification.
- The Client warrants to undertake full Client Testing in advance of launch and provide Xanda with their feedback and details of any bugs identified.
- In advance of launch Xanda will resolve any bugs identified through internal Xanda or Client Testing. Xanda may require additional time to the estimated delivery projection specified to resolve any identified bugs.
- Subsequent to launch Xanda will resolve bugs identified as part of the maintenance services if specified. If a bug resolution service is not detailed within the maintenance services surcharges will apply.
- The Client warrants that they will employ anti-malware solutions for devices employed in the use of any services provided by Xanda.
- Xanda reserves the right to suspend or withdraw services in the event of a malware infection.
Support & Advice
- Xanda will provide the specified Support & Advice services only within Working Hours as detailed below or as per the extended hours if detailed in the specification.
- Xanda will provide technical support via email: [email protected] and telephone: +44 208 4444 757 only.
- Xanda will aim to commence dealing with issues within response time as specified. Actual response times may vary.
- Support required outside of working hours is classifiable as Emergency support and is chargeable at our emergency rates.
- Emergency support shall only be available where detailed in the Specification.
- The Client will provide a nominated staff contact for support queries. The Client agrees that all support queries will be raised with Xanda by the nominated staff contact.
- Xanda will provide support to the Client and the Client’s staff via the nominated staff contact.
- Xanda may provide support to any third party only where Xanda deem it necessary or appropriate. Support to third party members may incur surcharges payable by the Client.
- Where detailed in the Specification, Xanda will provide liaison between the Client and any Third Party system providers and vendors to assist in support matters.
- All work carried out by Xanda is provided to the Client on a strictly non-advice basis. Advice, if any, given by Xanda during communications with the Client is given in good faith and without liability. The Client must rely on his own investigations and research when committing to decisions.
Working Hours
Xanda operates between the Working Hours of 9:00am to 5:30pm UK time, Monday to Friday excluding public holidays and the Christmas Eve to New Year’s Eve period.
Hardware and Networking Services
- Xanda will provide remote support for the hardware, software and users detailed in the Specification only.
- The Client accepts that Xanda will install remote access software on each of the devices specified for support services for the duration of the period.
- The Client accepts that Xanda provides a fully managed network support service. Unless otherwise defined in the specification, no administrative access will be granted to the Client or any third party.
- Xanda will provide on-site support services where detailed in the Specification only.
- On-site support will only be given where Xanda deem it necessary and appropriate.
- When deployed, technicians will be sent to resolve issues on-site within a reasonable time period considering the details for the problem to allow for preparations, the acquisition of any replacement parts and travel.
- Xanda will diagnose hardware faults and deal with manufacturers where supported devices are under warranty. In other cases Xanda will provide quotations for any required repairs or replacements.
- Xanda will only support software detailed in the Specification that is actively maintained and supported by the software vendor and/or developer.
Backup Services
- Where detailed in the specification Xanda will manage the backup solution(s).
- Xanda does not guarantee the backup media, backup software or recovery ability but will work with the supported backup system to restore data when required as fully as possible.
- The Client understands that data recovery is not always possible.
- The Client is responsible for changing any backup media and will report any failures to Xanda.
- In the event of data loss, Xanda will attempt to recover to the most recently available healthy backup. Some data loss may occur between the date of failure and the date of the recovered backup.
Cancellation and Termination
- The Client shall pay to Xanda the Fees on receipt of a valid invoice in accordance with the payment terms set out therein or on the Specification.
- Without prejudice to any other right or remedy that it may have, if the Client fails to pay Xanda on the relevant due date, Xanda may charge interest on such sum from the due date for payment at the annual rate of 10% above the base lending rate from time to time of National Westminster Bank accruing on a daily basis and being compounded quarterly until payment is made, whether before or after any judgment and Xanda may claim interest under the Late Payment of Commercial Debts (Interest) Act 1998 and the Client shall pay the interest immediately on demand.
- If applicable an invoice for this interest will be raised at Xanda’s discretion at any time or times after the payment due date.
- Without prejudice to any other right or remedy that it may have, if the Client fails to pay Xanda on the relevant due date, Xanda may pass the debt to a third party debt collection agency where a 17.5% recovery fee will be added to the outstanding balance.
- If applicable an invoice for this fee will be raised at Xanda’s discretion at any time or times after the payment due date.
- All sums and the full Fees payable to Xanda under this agreement shall become due immediately on its termination, despite any other provision. This provision is without prejudice to any right to claim for interest under the law, or any such right under this agreement.
- Xanda may, without prejudice to any other rights it may have, set off any liability of the Client to Xanda against any liability of Xanda to the Client.
- Xanda reserves the right to terminate this Agreement; (i) for any reason on giving 30 days’ notice to the Client; or (ii) with immediate effect if the Client has committed any serious or repeated breach or non-observance of its obligations, including but not limited to (a) failing to pay any amount due under this agreement on the due date for payment and remaining in default not less than 14 days after being notified in writing to make such payment; or (b) suspending or threatening to suspend payment of its debts or is unable to pay its debts as they fall due; or (c) failing to act in good faith towards Xanda, unreasonably withholding required Materials or information required by Xanda, or obstructing Xanda from carrying out its obligations hereunder.
- On termination of this agreement for any reason:
(i) the Client shall immediately pay to Xanda all of Xanda’s outstanding unpaid invoices and interest and, in respect of Fees due but for which no invoice has been submitted, Xanda may submit an invoice, which shall be payable immediately on receipt;
(ii) Xanda will only release the Materials upon receipt of the full outstanding Fees;
(iii) Xanda shall be entitled to immediately restrict or suspend without notice, the Client’s access to and use of the Services; and
(iv) the accrued rights and liabilities of the parties as at termination and the continuation of any provision expressly stated to survive or implicitly surviving termination, shall not be affected.
Interruptions of service
- Where services are lost due to bugs or errors, Xanda undertakes to use reasonable endeavours to recover the services.
- Where detailed in the Specification, Xanda will take backups of important data. In the event of system failure Xanda will recover to the most recently available healthy backup. Some data loss may occur between the date of failure and the date of the recovered backup.
Liability
This clause sets out the entire financial liability of Xanda (including any liability for the acts or omissions of its employees, agents, consultants and subcontractors) to the Client in respect of:
(i) any breach of this agreement;
(ii) any use made by the Client of the Services or any part of them; and
(iii) any representation, statement or tortious act or omission (including negligence) arising under or in connection with this agreement.
All warranties, conditions and other terms implied by statute or common law are, to the fullest extent permitted by law, excluded from this agreement.
Nothing in this agreement limits or excludes the liability of Xanda for death or personal injury resulting from negligence; or for any damage or liability incurred by the Client as a result of fraud or fraudulent misrepresentation by Xanda; or for any other liability which cannot be excluded or limited under applicable law.
Subject to the above:
(a) Xanda shall not be liable for:
(i) loss of profits; or
(ii) loss of business; or
(iii) depletion of goodwill and/or similar losses; or
(iv) loss of anticipated earnings or savings; or
(v) loss of goods; or
(vi) loss of contract; or
(vii) loss of use; or
(viii) loss or corruption of data or information; or
(ix) any other loss or damage of any kind however arising, including special, indirect, consequential or pure economic loss, costs, damages, charges or expenses; and
(b) Xanda’s total liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise arising in connection with the performance or contemplated performance of this agreement shall be limited to the price paid to and received by Xanda for the Services.
- Xanda will not and does not purport to provide any legal, taxation or accountancy advice under this Agreement or in relation to the Software and (except to the extent expressly provided otherwise) Xanda does not warrant or represent that the Software will not give rise to any civil or criminal legal liability on the part of the Client or any other person.
- Xanda can accept no liability for any losses or damages incurred of whatever nature as a direct or indirect cause of any bug.
- Without prejudice to other clauses in this agreement, the Client undertakes that it will obtain all necessary licenses and permissions required throughout the world for any and all activities that it conducts through the Internet.
Indemnity
The Client shall indemnify and hold Xanda harmless from all claims and all direct, indirect or consequential liabilities (including loss of profits, loss of business, depletion of goodwill and similar losses), costs, proceedings, damages and expenses (including legal and other professional fees and expenses) awarded against, or incurred or paid by, Xanda as a result of or in connection with any claim made against us as a consequence of a direct or indirect breach or negligent performance or failure or delay in performance of this agreement by the Client. The provisions of this indemnity shall survive termination of this agreement, however arising.
Warranty
In entering this agreement with Xanda, the Client warrants that it has no existing or contemplated past or present claims against Xanda whatsoever in relation to the Services or any previous agreements for the supply of products and/or services and/or engagements with Xanda and shall not bring any claims in relation thereto.
Payments
- Xanda reserves the right to suspend any service or withdraw any of its codes in the event of failure to make a required payment on by an agreed due date. Spread payment plans are offered subject to prompt payment. Should an expected payment not be received by a due date, the spread payment option will be withdrawn and the full outstanding balance will become immediately due.
- Xanda will restore services in a reasonable time after full payment has been received.
- Interest will be chargeable on late payments on the terms specified above.
Data Protection Compliance
- Each party undertakes that it shall comply with its obligations under the Data Processing Agreement and the Data Protection Legislation.
- Xanda shall have no liability to any person or company and the Client shall indemnify and hold harmless the other from all claims and all direct, indirect or consequential liabilities (including loss of profits, loss of business, depletion of goodwill and similar losses), costs, proceedings, damages and expenses (including legal and other professional fees and expenses) awarded against, or incurred or paid by, Xanda as a result of or in connection with any claim made against Xanda as a consequence of any non-compliance by the Client with its obligations under the Data Processing Agreement or the Data Protection Legislation (except to the extent that such claims against Xanda have arisen out of or in connection with any negligence or wilful default of Xanda or any breach by Xanda of its obligations under the Data Processing Agreement or the Data Protection Legislation).
- Xanda shall perform its obligations under the Contract in compliance with the terms of the Data Protection Policy.
Betting Gaming And Lotteries Act
The Client undertakes that it will not use the Services provided by Xanda for competitions within the meaning of the Betting Gaming and Lotteries Act 1963 or the Lotteries and Amusements Act 1976 and the Betting and Gaming Duties Act 1981 without full prior consultation with Xanda and first obtaining licenses under those Acts or any amending legislation.
Financial Services Act
The Client undertakes that it will not carry on or purport to carry on investment business through the Internet or advertise such services unless authorised to do so under the current Financial Services Act and the Client further undertakes to comply with the provisions of the current Financial Services Act or any other legislation regarding financial services in force at the time of this Agreement or subsequently in all other respects.
Obscene and Defamatory Material
Xanda gives no warranty or guarantee and explicitly and unequivocally excludes all responsibility and liability for all and any information and material contained on or within the Internet as a result of Xanda providing the Project and Services, whether such information or material is included by the Client personally, by any third party or by Xanda on the instructions of the Client. Xanda shall have no liability to any person or company and the Client shall indemnify and hold harmless Xanda from all claims and all direct, indirect or consequential liabilities (including loss of profits, loss of business, depletion of goodwill and similar losses), costs, proceedings, damages and expenses (including legal and other professional fees and expenses) awarded against, or incurred or paid by, Xanda as a result of or in connection with any claim made against Xanda as a consequence of any such information and material including without limitation any material that is private, offensive, obscene, defamatory or inflammatory. It is the Client’s responsibility to moderate any third party submissions and to protect itself with the appropriate indemnity provisions in its own terms and conditions for its customers. Accordingly, all Xanda liability or responsibility for the content of any Client or third party submissions, advertising, information or Materials on any website or software developed by Xanda and any damage it may cause is hereby disclaimed and excluded to the maximum extent permitted by law.
Telecommunications and Broadcasting
The Client undertakes that it will obtain all necessary licences under UK Telecommunications and Broadcasting Legislation and that it will comply in every respect with such legislation.
Competition
The Client agrees and accepts that it may be subject to European and UK law on anti-competitive practices including without limitation abuse of a dominant position and concerted practices. The Client undertakes to Xanda that it will not, in respect of the Project, enter into any agreement that has as its object or effect the restriction of competition within the UK or Europe nor will it at any time seek to abuse a dominant position within its relevant market, unless such activity is specifically permitted by law.
The Client accepts and understands that this agreement does in no way limit or exclude Xanda from working with any other organisations of any kind within any direct, indirect or otherwise industry the Client operates in. The Client also understands that Xanda remain free to use any or all Intellectual Property belonging to Xanda without limitation.
General
- No forbearance, delay, failure or indulgence by either party in enforcing the provisions of this Agreement shall prejudice or restrict the rights of that party nor shall any waiver of rights operate as a waiver of any subsequent breach of this Agreement.
- Neither Party can assign the benefit or burden of this Agreement without the prior written consent of the other Party.
- The UK shall be considered the place of first publication of any material on the internet or Website.
Force majeure
Xanda shall not be liable or responsible for any failure to perform, or delay in performance of, any of its obligations under this agreement that is caused by events outside its reasonable control, including without limitation Internet outages, communications outages, fire, flood, war or act of God.
Severance
If any provision of this agreement (or part of any provision) is found by any court or other authority of competent jurisdiction to be invalid, illegal or unenforceable, that provision or part-provision shall, to the extent required, be deemed not to form part of the agreement, and the validity and enforceability of the other provisions of the agreement shall not be affected. If a provision of this agreement (or part of any provision) is found illegal, invalid or unenforceable, the provision shall apply with the minimum modification necessary to make it legal, valid and enforceable.
No partnership or agency
Nothing in this agreement is intended to, or shall operate to, create a partnership between the parties, or to authorise either party to act as agent for the other, and neither party shall have authority to act in the name or on behalf of or otherwise to bind the other in any way.
Entire agreement
These terms and conditions (including the Contract and the Data Processing Agreement) constitute the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to their subject matter.
Governing law and jurisdiction
These terms and conditions, and any dispute or claim arising out of or in connection with them or their subject matter, shall be governed by, and construed in accordance with, the law of England and Wales and the courts of England and Wales shall have exclusive jurisdiction to settle any such disputes or claims.
DATA PROCESSING AGREEMENT
This agreement is entered into between Xanda and the Client on the date stated at the end of this agreement.
BACKGROUND
The Client owns the Intellectual Property Rights in the Client Data.
- The Xanda has agreed to provide the Services to the Client in accordance with the Contract and the Terms.
- The Client has agreed to license the use of the Client Data to Xanda, and to transfer the Client Data to Xanda, to enable it to provide the Services to the Client on the terms set out in this agreement.
- The parties acknowledge that for the purposes of this agreement, the Client is the data controller and Xanda is the data processor.
Agreed terms
- Interpretation
- The following definitions shall apply in this agreement:
- Client Data: the data (including personal data) supplied by the Client to the Xanda in connection with the Contract and this agreement.
- Contract: has the meaning ascribed to it in the Terms;
- Data Protection Legislation: has the meaning ascribed to it in the Terms;
- Data Protection Policy: has the meaning ascribed to it in the Terms.
- Intellectual Property Rights: patents, utility models, rights to inventions, copyright and neighbouring and related rights, trademarks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets), and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.
- Services: the services to be supplied by the Xanda to the Client as defined in the Contract.
- Terms: the general terms and conditions of Xanda as updated and/or amended from time to time, the current version of which is available at xanda.net/terms
- The following rules of interpretation shall apply in this agreement:
- Capitalised terms used but not defined in this agreement have the meanings ascribed to them in the Terms.
- Data controller, data processor, data subject, personal data, processing and appropriate technical and organisational measures shall all bear the meanings given to those terms respectively in the Data Protection Legislation.
- Clause, Schedule and paragraph headings shall not affect the interpretation of this agreement.
- A person includes a natural person, corporate or unincorporated body (whether or not having separate legal personality).
- The Schedules form part of this agreement and shall have effect as if set out in full in the body of this agreement. Any reference to this agreement includes the Schedules.
- A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.
- Unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular.
- Unless the context otherwise requires, a reference to one gender shall include a reference to the other genders.
- A reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted from time to time.
- A reference to a statute or statutory provision shall include all subordinate legislation made from time to time under that statute or statutory provision.
- A reference to writing or written includes faxes but not e-mail.
- References to clauses and Schedules are to the clauses and Schedules of this agreement and references to paragraphs are to paragraphs of the relevant Schedule.
- Any words following the terms including, include, in particular or for example or any similar phrase shall be construed as illustrative and shall not limit the generality of the related general words.
- The following rules of interpretation shall apply in this agreement:
- Supplemental agreement
This agreement is supplemental to, and should be read in conjunction with, the Contract and the Terms.
- Scope, nature and purpose of processing
- Schedule 1 sets out the scope, nature and purpose of the processing to be undertaking by Xanda in connection with this agreement, the duration of processing and the types of personal data to be processed and the categories of data subject. Xanda shall only process the Client Data in accordance with Schedule 1and in compliance with the Client’s instructions from time to time.
- The Client acknowledges that Xanda is under no duty to investigate the completeness, accuracy or sufficiency of any Client instructions or any Client Data.
- Data protection and data processing
- Each party shall comply with all applicable requirements of the Data Protection Legislation. The obligations imposed on the parties under this agreement are in addition to and not in replacement of any obligations imposed on the parties contained in the Data Protection Legislation.
- The parties acknowledge that for the purposes of the Data Protection Legislation, the Client is the data controller and Xanda is the data processor.
- Without prejudice to the generality of clause 1, the Client shall ensure that it has obtained all necessary consents and/or supplied all necessary notices to enable the lawful transfer of the Client Data to Xanda in connection with this agreement.
- Without prejudice to the generality of clause 1, Xanda shall:
- comply with provisions of the Data Protection Policy;
- process Client Data only on documented instructions from the Client, unless required to do so by the laws of the European Union or the national laws of any member state of the European Union to which Xanda is subject, in which case Xanda shall inform the Client of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
- ensure that any persons authorised to process Client Data have contractually committed themselves to confidentiality or are under an appropriate statutory duty of confidentiality;
- ensure that it has in place appropriate technical and organisational measures (taking account of the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of data subjects) to protect against the accidental loss, damage or destruction or unauthorised or unlawful processing of Client Data, including where appropriate:
- pseudonymisation and/or encryption of Client Data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring security of the processing;
- comply with all applicable provisions of the Data Protection Legislation where it engages another data processor;
- provide such reasonable assistance (including by appropriate technical and organisational means) as may be reasonably required by the Client (taking into account the nature of the processing) to comply with the Client’s obligations under the Data Protection Legislation to facilitate the exercise by a data subject of its rights under the Data Protection Legislation;
- provide such reasonable assistance (including by appropriate technical and organisational means) as may be reasonably required by the Client (taking into account the nature of the processing) to ensure the Client’s compliance with its obligations under the Data Protection Legislation;
- at the option of the Client, delete or return all Client Data to the Client after the end of the provision of the Services;
- make available to the Client all information necessary to demonstrate compliance with its obligations under the Data Protection Legislation and to allow for audits (including inspections) conducted by the Client or a third party auditor nominated by the Client (provided that the Xanda receives reasonable notice in writing of any such audit and provided that all costs associated with any such audit shall be borne by the Client); and
- notify the Client without undue delay (and in any event not later than 72 hours) after it becomes aware of a personal data breach.
- Intellectual Property Rights
- Xanda acknowledges that:
- all Intellectual Property Rights in the Client Data are and will remain the property of the Client or its licensors, as the case may be; and
- it shall have no rights in or to the Client Data other than the right to use it in accordance with this agreement.
- Xanda acknowledges that:
- Warranties and indemnity
- Each party represents and warrants to the other that it will process the Client Data in compliance with its obligations under this agreement and the Data Protection Legislation.
- Without prejudice to the generality of clause 1, the Client acknowledges, represents and warrants that:
- Xanda is reliant on it for direction as to the extent to which Xanda is entitled to use and process the Client Data;
- it is the owner of the Intellectual Property Rights in any rights licensed or to be licensed to the Xanda under clause 1(b);
- it has the right to license the processing of the Client Data for the purposes stated in this agreement;
- as far as it is aware, the processing of the Client Data under this agreement will not infringe the Intellectual Property Rights of any third party;
- the Client Data contains nothing that is defamatory or indecent;
- it is not aware of any circumstances likely to give rise to breach of any of the Data Protection Legislation in the future;
- Xanda is entitled to process the Client Data for the purposes stated in this agreement;
- all data subjects relating to the Client Data have given their valid written consent (where required under the Data Protection Legislation) to the transfer of their personal data by the Client to Xanda and to the processing of their personal data by Xanda for the purposes stated in this agreement;
- all Client Data is necessary, accurate and up-to-date; and
- it is registered with all relevant data protection authorities to process all Client Data.
- Except as expressly stated in this agreement, all warranties, conditions and terms, whether express or implied by statute, common law or otherwise are hereby excluded to the extent permitted by law.
- Xanda shall have no liability to any person or company and the Client shall indemnify and hold harmless the other from all claims and all direct, indirect or consequential liabilities (including loss of profits, loss of business, depletion of goodwill and similar losses), costs, proceedings, damages and expenses (including legal and other professional fees and expenses) awarded against, or incurred or paid by, Xanda as a result of or in connection with any claim made against Xanda as a consequence of any non-compliance by the Client with its obligations under this agreement or the Data Protection Legislation (except to the extent that such claims against Xanda have arisen out of or in connection with any negligence or wilful default of Xanda or any breach by Xanda of its obligations under this agreement or the Data Protection Legislation).
- Xanda may make additional services available to the Client which are designed to ensure the effectiveness of the Client’s technical and organisational measures for ensuring data security (the “Additional Services”). Without prejudice to the generality of clause 6.4, Xanda shall have no liability to any person or company and the Client shall indemnify and hold harmless the other from all claims and all direct, indirect or consequential liabilities (including loss of profits, loss of business, depletion of goodwill and similar losses), costs, proceedings, damages and expenses (including legal and other professional fees and expenses) awarded against, or incurred or paid by, Xanda as a result of or in connection with any claim made against Xanda as a consequence of the Client’s failure to avail of the Additional Services (except to the extent that such claims against Xanda have arisen out of or in connection with any negligence or wilful default of Xanda or any breach by Xanda of its obligations under this agreement or the Data Protection Legislation).
Schedule 1: Data processing activities of Xanda Limited (Xanda/We)
Xanda system
A Xanda system will be either a Website, Mobile App or Web Application
STANDARD TYPES OF DATA PROCESSING
1) System to email
- We provide web forms to collect the data fields as listed in the specification (e.g. registration forms, contact forms, enquiry forms, call me back forms). Upon submission, the System processes the data to create one or more emails which are sent to Client or User specified recipients.
- Email data transmission is inherently insecure, once data has left the System, Xanda have no access or responsibility over the servers or transport mechanisms over which the email is transmitted.
- The transmitted data reside on third party systems outside of our control.
2) System to Database
- We provide web forms to collect the data fields as listed in the specification (e.g. registration forms, contact forms). Upon form submissions, the system processes the data to store it directly within a database located within the same environment as the hosting server.
- Our databases are strictly locked down to Xanda’s office IP to limit access.
- No client or third party has access to the server databases, except for our datacentre support engineers who log any access and are contracted to only access during a Xanda initiated service request or Xanda created monitoring trigger than requires investigated.
Database providers include but are not limited to:
- MySQL / MariaDB
- SQL Server
3) System to third party email distributor / email marketing automator
- Data that has been collected on the website and stored within the System database is segmented according to attributes as requested by the Client.
- Using the API provided by the email distributer / email marketing automator, or via a Clint initiated manual (.csv) export of data from the System, data required for the email distributer is processed and transferred to the email distributer.
- The email distributor will then process the data on behalf of the Client for the purposes of sending the email, using either content supplied from the system or built in the email distributer terminal.
- The third party APIs are most usually encrypted using SSL and/or an encrypted data payload using an account specific encryption key.
- Xanda advise Clients against using APIs where the third party API does not support data encryption
- The transmitted data then resides on third party systems outside of our control.
Third party email distributors / marketing automators include but are not limited to:
- Mailchimp
- Mailgun
- Sendgrid
4) System to third party CRM
- Data that has been collected on the website and/or stored within the system database is transmitted to the CRM provider via an API.
- The CLIENT defines the data to be collected and the subset of data that is transmitted to the third party CRM system.
- The third party APIs are most usually encrypted using SSL and/or an encrypted data payload using an account specific encryption key.
- Xanda advise Clients against using APIs where the third party API does not support data encryption
- The transmitted data then resides on third party systems outside of our control.
CRM providers include but are not limited to:
- SalesForce
- Web2Lead
- Microsoft Dynamics
5) System to Payment Service Provider
- Non PCI DSS Data that has been collected on the website for the purposes of completing an online transaction is transmitted to a payment service provider for the purpose of off-site card data capture and payment processing. This will include customer name and address, order details and order value for processing.
- No PCI DSS data is collected or stored on the System
- The third party APIs are most usually encrypted using SSL and/or an encrypted data payload using an account specific encryption key.
- Xanda advise Client against using APIs where the third party API does not support data encryption
- Upon authorisation success or failure, only an authorisation field is returned to the System. No PCI DSS is received or stored following payment processing.
- The transmitted data reside on third party systems outside of our control.
Payment Service Providers include but are not limited to:
- Worldpay
- Sagepay
- Stripe
- PayPal
- GoCardless
- EPDQ
- GlobalIris
6) System to Hosting provider / backup service
- Customer data is stored within Data Centres operated and owned by one of our hosting providers and backup services. As part of our ISO 27001 accreditations data centres go through a compliance check to ensure they mean industry standards (eg ISO 27001 and/or SSAE 16). In-data centre environment backups are managed by the data centre team. Access to backup data and restoration is strictly on instruction by Xanda only and is logged.
- Where backup data is transmitted externally from the data centre environment, data is encrypted using AES 256 and then transmitted over AES 128 commination channel with ISO 27001 assessed partners. Access to backup data and restoration is strictly by Xanda only.
Hosting providers / backup services include but are not limited to:
- Peer 1
- Rackspace
- Digital Ocean
- CrashPlan
7) System to client service via API or Alternate Protocol
- Upon instruction by the Client, Xanda work with the client service vendor/support team to establish the API requirements. Only data specifically required for the client service is transmitted over the API or alternate protocol.
- The third party APIs are most usually encrypted using SSL and/or an encrypted data payload using an account specific encryption key.
- Xanda advise Clients against using APIs or alternate protocols where the third party does not support data encryption
- The transmitted data reside on third party systems outside of our control.
Client Services include but are not limited to:
- Client owned
- Client Contracted
8) System to Logistics Providers
- Upon instruction by the Client, Xanda work with the logistics provide to establish the API requirements. Only data specifically required for the logistics service is transmitted over the API.
- The third party APIs are most usually encrypted using SSL and/or an encrypted data payload using an account specific encryption key.
- Xanda advise Clients against using APIs where the third party API does not support data encryption
- Often a bi-directional API is required to return tracking, delivery success or failure. Where possible within the logistics system, this data is restructured to non PII data – e.g. order reference and tracking number only
- The transmitted data will then reside on third party systems outside of our control.
Logistics Providers include but are not limited to:
- RoyalMail
- DHL
- UPS
- Hermes
9) System to Regulators
- Upon instruction by the Client and/or a regulator, Xanda work to establish the scope of the data required.
- Only data specifically required for the regulator is transmitted over an API or exported for manual submission.
- The transmitted data reside on third party systems outside of our control.
Regulators include but are not limited to Ofsted, Oftel, Ofcom, The FCA.
10) System to Analytics Providers
- The Client provides their unique analytics account details which are used in conjunction with tracking code(s), most usually JavaScript, on the system transmitting data to the analytics provider via an API.
- These codes most frequently tracks anonymised data
- In some circumstances and where instructed by the Client, non-anonymised data can also be transmitted. This data is limited to the scope required by the Client.
- The third party APIs are most usually encrypted using SSL and/or an encrypted data payload using an account specific encryption key.
- Xanda advise Clients against using APIs where the third party API does not support data encryption
- The transmitted data reside on third party systems outside of our control.
Analytics Providers include but are not limited to:
- Google Analytics
- Xanda Server Analytics
- HotJar
11) Sign In Provider to Xanda System
- Upon agreement, Users with Social media accounts can request to complete registration functions using pre-existing social media accounts
- The social media accounts transmit user data as agreed within the data scope between the Client and the social media provider to the system
- Upon transmission, the system processes the received data to store it directly within a database located within the same environment as the hosting server.
- A copy of this data will now reside within the system.
- The third party APIs are most usually encrypted using SSL and/or an encrypted data payload using an account specific encryption key.
- Xanda advise Clients against using APIs where the third party API does not support data encryption
Sign In Providers include but are not limited to:
12) Xanda to Alternate Service Provider
- Upon CLIENT request, Xanda will work with the alternate service provider to establish the scope of assets requiring to be transferred.
- Where User data sits within a database or file store, an agreed encryption method is used
- Data is transmitted to the alternate service provider encrypted and confirmation is required to confirm receipt.
- Provision of decryption keys is always via a separate data exchange to the encrypted assets; ideally over another medium.
Alternate Service Providers will be nominated by the client in writing.
13) Xanda to Law Enforcement
- Upon law enforcement request, and having notified the Client where permitted, Xanda will work with law enforcement to establish the scope of assets requiring to be transferred.
- Where user data sits within a database or file-store, an agreed encryption method is used
- Data is transmitted to law enforcement encrypted and confirmation is required to confirm receipt.
- Provision of decryption keys is always via a separate data exchange to the encrypted assets; ideally over another medium.
14) Third Party Marketplace to Xanda System
- Upon Client request, Xanda will work with the third party marketplace (either directly or through a channel aggregator appointed by the Client) to establish a TLS/SSL secured API
- The third party marketplace transmits user data as agreed within the data scope between the Client and marketplace and/or aggregator
- Upon transmission, the system processes the received data to store it directly within a database located within the same environment as the hosting server.
- A copy of this data will now reside within the system.
Third party marketplaces include but are not limited to:
- Amazon
- Zalando
- Fruugo
- eBay
- Otto
- Net a Porter
- Debenhams
- House of Fraser
15) System to User Data Request
- Upon user request to the Client, Client inform Xanda of the user request (data access, migration or deletion)
- Xanda review the scope of PII data within the system
- For data access and migration, an agreed encryption method is used between Xanda and the Client and the data is sent to the Client
- Provision of decryption keys is always via a separate data exchange to the encrypted assets; ideally over another medium.
- It is the responsibility of the Client to then arrange for this data to be sent to the user or user nominated third party
- For data deletion Xanda will take all reasonable steps to delete the data from the database and confirm in writing to the Client that this has been done.
- Xanda will also inform the Client of the expiration of that data held in encrypted backups.
16) System to User
- Within the scope of the project, Users can access other Users personal data. (e.g. member listing directories, event attendee listings).
- Inclusion in these listings is subject to privacy settings where a User can opt in or out.
- Access to this data is subject to password secured website authentication.
17) User to System
- Users log into the system
- Users access management tools provided by the system as detailed in the specification
- Transactional emails
Scope of Xanda’s role and processing
(how data will be held including technical and organizational measures and processes)
All Client Data processed in connection with the Contract and this agreement shall be processed by Xanda within Xanda its secured and managed hosting services, in conjunction with its SSAE 16 complaint data partner (Cogoco PEER1) (“PEER1”).
Unless otherwise agreed with the Client in writing in advance, all data processing shall take place within the UK and all Client Data shall remain within the UK.
Xanda is an ISO 27001 accredited and audited company and works with PEER1 to ensure appropriate technical and organizational measures and processes are in place, including:
- intrusion detections and prevention measures and processes;
- malware protection measures and process;
- appropriate firewall controls and port/IP blocking;
- internal repository for data centre tested OS and other stack software
- updates/patches;
- backup provision; and
- pseudonymisation and/or encryption of data (where possible).
Xanda is a data processor for the purposes of the Contract and this agreement.
The nature of the Client Data to be processed by Xanda in connection with the Contract and this agreement is as set out in the Contract and the Data Protection Policy.
Purpose(s) of processing
The purpose of the data processing by Xanda in connection with the Contract and this agreement is to facilitate the hosting and operation of the Client’s website and other systems as set out in the Contract and the Data Protection Policy.
Duration of processing
Xanda shall only process the Client Data in connection with the Contract and this agreement for the as long as the Client provides the Services to the Client in accordance with the Contract.
Types of personal data
Xanda shall only process the types of Client Data as set out in the Contract and Data Protection Policy.
Categories of data subject
Xanda shall only process Client Data in connection with the Contract and this agreement in respect of the following categories of data subject:
Natural persons of the Client’s website and other systems who provide their personal data when they register to create an account; Natural persons who are advertisers who interact with the Client, the Client’s website or other systems or the users of the Client’s website or its systems; Natural persons who are suppliers who interact with the Client, the Client’s website or other systems or the users of the Client’s website or its systems; and/or Natural persons who are contributors to or who otherwise interact with the Client, the Client’s website or other systems or the users of the Client’s website or its systems.