Master Subscription Terms and Conditions

1. You will co-operate with Instanda in relation to the supply of the Services and provide all information and resources which we request in connection with the provision of the Services. You acknowledge that Instanda’s ability to provide the Services is dependent upon such co-operation and the availability, accuracy and completeness of any information you provide. 
2. You shall: 
   1. provide accurate and correct data. You consent to Instanda’s storage and use of this information (including the transfer of this information to third parties if required by law or where such parties process the information on Instanda’s behalf in the provision of the Services, and the use of such data in the writing or training of any Platform models);
   2. comply with Instanda’s reasonable instructions, guidelines and directions; 
   3. ensure that you engage a sufficient number of suitably qualified personnel for the purpose of fulfilling your obligations and liaising with Instanda promptly in respect of the performance of the Agreement, including ensuring that Authorised Users have a sufficient level of knowledge of the Platform;
   4. ensure that the Authorised Users keep all login details and passwords required to access the Services and the Platform secure and confidential and shall notify Instanda immediately upon becoming aware of any actual or suspected unauthorised access to the Services or the Platform via the Client’s account;
   5. maintain suitable technical and organisational security measures in respect of Your Domain, your technical environment and IT systems (including such measures as are required to protect against viruses, denial-of-service attacks and distributed denial-of-service attacks) to ensure the security and safeguarding of the Platform and the Services; 
   6. provide Instanda with reasonable notice of any planned maintenance or changes to the Domain or your systems which may affect the provision of the Services, and in any event, a minimum of 5 Business Days’ notice;
   7. ensure appropriate network connections to the Platform, including to and from Your Domain.
3. You may request changes to your use of the Platform, including by adding Affiliate licence rights, or any other part of the Services by entering into additional Order Forms with Instanda. This includes Instanda providing any Non-Core Solutions at the request of the Client, which shall be documented in an Order Form which shall include any additional terms governing the Non-Core Solutions, the fee for such Non-Core Solutions, and any additional Support Services required for the Non-Core Solutions. Unless specifically included in an Order Form, no Support Services shall be applicable to the Non-Core Solutions.
4. You and your Authorised Users must comply with all terms of the Platform Licence set out in Section 3. In the event of a breach of Section 3, Instanda reserves the right to (i) disable any access to all or any part of the Services; (ii) terminate the Contract or any Service; and/or (iii) report any activity which Instanda suspects violates applicable laws to the appropriate law enforcement officials, regulators or other appropriate third parties.

1. Save as for the circumstances set out in clause 3.2, no variation of this Contract including any changes to any Order Forms, shall be effective unless it is in writing and is signed by or on behalf of each of the parties.
2. Instanda may make changes, modifications or additions to any part of the Services or the Platform from time to time:
   1. for the purposes of error correction, enhancement to functionality or otherwise in its discretion, provided that this does not have a material adverse effect on the Services; or
   2. if required to comply with, or reflect any change in, applicable laws.
3. Such changes, modifications or additions may require You to modify or update any Third Party Technology integrating or connecting to the Platform in order to continue Your use of the Services. If, in Instanda’s reasonable opinion, this is likely to be the case, Instanda will provide You with reasonable advance notification of the changes and allow you a reasonable period of time to complete the required updates before Instanda deploys its updates to the Services or Software.
4. You may request changes to your Order, integration, Domains or any other technical or support aspect of the Services for Your continued use of the Services (each a “Change”). Instanda shall not be obliged to effect any Change, nor shall it be liable for any delays or failure to implement a Change that are due to Your acts, omissions or statements in relation to agreeing or preparing such Change.
5. A Change may require an increase to the Fees. Your relevant account manager or sales representative will agree these with you. Instanda shall not be obliged to implement any Changes if you are not willing to pay appropriate Fees, and you acknowledge and agree that you must provide at least one week’s notice of the fact You are going to submit a Change request.
6. Changes shall be documented using a pro forma Change request available from Instanda from time to time.

1. You hereby expressly acknowledge and agree that the Platform, the Documentation, and all other Instanda materials, and all Intellectual Property Rights therein (existing now or in the future) are and shall remain the exclusive property of Instanda and its licensors. If Instanda undertakes any bespoke development, implementation or configuration of any Service for you, all products of such development (including any software developed) and all the Intellectual Property Rights therein shall be the exclusive property of Instanda. Except as expressly stated in the Contract, you are not granted any rights (including Intellectual Property Rights) to, under or in the same. 
2. Instanda confirms that it has all the rights in relation to the Platform, the Documentation and the Services that are necessary to grant all the rights it purports to grant under, and in accordance with, the terms of the Agreement.
3. In respect of each Service, Instanda hereby grants to the You a non-exclusive, non-transferable, revocable, limited licence, without the right to grant sub-licences, to permit the Authorised Users to use the Platform and the Documentation relevant to that Service, including the Intellectual Property Rights subsisting therein, for the duration of the Term solely for Your internal business purposes and to the extent strictly necessary in order to receive the benefit of that Service, as agreed in the applicable Order Form. 
4. All Intellectual Property Rights subsisting in Third Party Technology shall be the exclusive property of the relevant Third Party Technology Providers. 
5. All Intellectual Property Rights in the Client Data will remain vested in the Client. The Client grants to Instanda a worldwide, non-exclusive, non-transferable, royalty-free licence to use the Client Data to the extent necessary to provide the Services and perform its other obligations under the Agreement, including for the purpose of developing and improving the quality of the Platform.
6. To the extent required for the continued use of the Services, the Client shall own any changes made by Instanda to the Client instance using the configuration user interface, excluding configuration design screens used to produce such configuration.
7. Instanda shall retain ownership in all development, enhancement requests or recommendations, corrections or other feedback provided by the Client relating to the configuration or operation of any part of the Services.
8. Nothing in the Agreement shall restrict or prevent Instanda from performing services that are the same as or similar to the Services for any third party.

1. The Client shall own all right, title and interest in and to all of the Client Data. 
2. The Client agrees that Instanda may use data gathered or generated by Instanda in the provision of the Services (and grants a licence to Instanda) for the purpose of:
   1. monitoring & evaluating, and developing improvements to, the provision of the Services and other products and/or services provided by or developed by Instanda from time to time;
   2. using such data in any marketing materials or case studies subject that prior to any publication, the data will be anonymised such that the identity of the Client cannot reasonably be identified; and
   3. using such data for research, strategy and thought leadership purposes.
3. You acknowledge that Client Data may include Personal Data, and as such each party shall comply with its respective obligations under the Data Protection Legislation (as defined in the Data Processing Schedule).. 
4. If required, the parties shall enter into ancillary agreements for the safeguarding of Personal Data during the provision of Services, which may for example include the Standard Contractual Clauses issued by the European Commission.

1. Each party agrees that it shall keep the other party’s Confidential Information in strict confidence and shall only use and permit the use of the other party’s Confidential Information for the purpose of providing and receiving the Services and otherwise in accordance with the Contract. Neither party shall, at any time, make or permit to be made any unauthorised use or disclosure of the other party's Confidential Information. The parties may disclose Confidential Information of the other party to:
   1. Representatives of the recipient who need to know the same in order to perform the recipient’s obligations under the Contract;
   2. the recipient’s auditors and professional advisors solely for the purposes of providing professional advice to the recipient;
   3. in the case of Instanda being the recipient, to agents and sub-contractors of Instanda who need to know the same in performing obligations under the Contract on behalf of Instanda,

provided that such persons are subject to obligations of confidentiality equivalent to those set out in this clause 6 in relation to such Confidential Information.

The obligations of confidentiality in this clause 6.1 shall not extend to any Confidential Information which the recipient party can show: (a) is in, or has become part of, the public domain other than as a result of a breach of the obligations of confidentiality set out in the Contract; (b) was in its written records prior to the Effective Date, was not disclosed to it by the other party and is not subject to confidentiality obligations; (c) was independently disclosed to it without obligations of confidence by a third party entitled to disclose the same; or (d) is required to be disclosed under any applicable laws, or by order of a court or governmental body or authority of competent jurisdiction. 

1. Following termination of this Contract, each party shall return (or at the other party's option destroy) the other party's Confidential Information which was disclosed in respect of the same (save to the extent such Confidential Information is required by Instanda in order to provide the Services under a continuing Order Form). Instanda shall be entitled to retain the Client's Confidential Information in its correspondence files and other working papers to the extent reasonably necessary to meet Instanda's professional, legal, regulatory and/or internal reporting requirements and obligations, but the provisions of clause 6.1 shall continue to apply with respect to such information.
2. You agree that we may refer to you in marketing and promotional materials relating to the Services and You hereby grant to us a non-exclusive, limited, and irrevocable licence to use your logos for the purpose of promoting You as a client of Instanda.
3. Instanda may further use anonymous and aggregate information derived from Confidential Information for additional purposes including, without limitation, development of client databases, reporting, or market analysis.  The provisions of the immediately preceding sentence shall survive the termination of this Contract. 
4. Instanda uses the ‘Powered by INSTANDA’ mark embedded within the published web front end of the Platform. The Client shall not remove this ‘Powered by INSTANDA’ mark without the prior written approach of Instanda.

1. In respect of each Service, the Client shall pay to Instanda the Fees set out in the Order Form(s). 
2. In addition to the Charges, Instanda shall be entitled to charge you for: (a) any expenses for reasonable travel, accommodation and out-of-pocket expenses incurred and approved you in advance for which Instanda shall provide receipts or other reasonable evidence; (b) any change to the scope of the Services pursuant to clause 3 of this Section 2; (c) any additional Services not included within the scope of Services set out in the Order Form for which Instanda may charge on a time and materials basis; and (d) where a Service includes the provision of Third Party Technology, amounts reflective of any increases to the fees charged by the Third Party Technology Provider(s) for licences of that Third Party Technology. 
3. Unless otherwise agreed by Instanda, Charges for non-standard configuration, integration or customisation services shall be calculated on a time and materials basis at Instanda’s applicable day rate in force from time to time.
4. Instanda will invoice the Client for each of the Services in accordance with the payment terms set out in the relevant Order Form. You must pay each invoice submitted us within 30 days of the date of each invoice (unless we agree to a different period). Time for payment of our invoices will be of the essence. 
5. If You fail to pay an invoice in accordance with our Contract, Instanda reserves the right to: (a) demand immediate payment of all outstanding amounts owed to Instanda; and/or (b) charge interest payable by the Client on the overdue amount both before and after any court judgement, which:
   1. if your contract is with Instanda UK, shall be at 4% above the Bank of England’s base rate from time to time unless the base rate is less than 1%, in which case the rate of interest shall be at 5%; and
   2. if your contract is with Instanda USA shall be at the lower rate of 18% per annum or the highest rate allowed by applicable laws in the US.

Such interest shall accrue on a daily basis from the due date until actual payment of the overdue amount, whether before or after judgment. You shall pay the interest together with the overdue amount. Notwithstanding the foregoing, Instanda may, in the alternative, claim interest under applicable laws.

1. Unless otherwise agreed or documented in an Order Form for a Renewal Subscription Period, Instanda may increase the Charges by up to 10% from the last Subscription Period by giving at least 30 days’ written notice to you prior to the date of expiry of such Subscription Period.
2. In addition to Instanda’s rights under clause 7.6, in the event that you exceed any agreed user limits or there is a change in scope of the Services not properly documented as a Change, Instanda may (i) charge and issue you with an immediate invoice for our standard user or change fees; or (ii) increase the Fees by any percentage upon any renewal or commencement of a new Subscription Period to reflect or accommodate the increased Fees incurred as a result. 
3. You will pay all amounts due in full without any set-off, counterclaim, deduction or withholding (except for any deduction or withholding required by law). Instanda may at any time, without limiting its other rights or remedies, set off any amount owing to it by you against any amount payable by Instanda to you.
4. If we suspend your access to all or part of any Service under any term of the Contract, this shall not affect your liability to pay the Fees in respect of such Service and you shall not be entitled to any refund or Fees as a result of such suspension. 

1. The Client warrants and represents that:
   1. it shall comply with all applicable laws in respect of its use of the Services;
   2. it shall comply with all terms applicable to the use of Third Party Software provided by Instanda under this Contract;
   3. it has all rights, licences, consents and permissions required to authorise Instanda to provide the Services in respect of the Domain(s) under this Contract; 
   4. it will not supply any data (including any Personal Data) to Instanda which is not required in relation to the performance of the Services;
   5. it has all the rights in relation to the Client Data that are necessary to grant all the rights it purports to grant under, and in accordance with, this Contract; and
   6. Instanda’s use of the Client Data in accordance with the terms of this Contract will not infringe the rights (including the Intellectual Property Rights) of any third party. 
2. The Client hereby indemnifies and shall keep Instanda indemnified on demand from and against all losses, costs, claims, liabilities, damages, fines and/or penalties (including any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal and other professional costs and expenses) of whatsoever nature or kind and whenever arising which are suffered or incurred by, demanded from or awarded against Instanda and/or its Representatives arising out of or in connection with any actual or alleged breach by the Client of clauses 2.4, 5.3, 6, 7 or 8.1 of this Section 2. 
3. Instanda hereby indemnifies the Client from and against any amounts awarded by a court against the Client in respect of any claim that the Platform infringes any United Kingdom registered trade mark or design right, or any copyright effective as of the Effective Date, provided that: 
   1. Instanda is given prompt notice of any such claim;
   2. the Client does not make any admission and provides reasonable co-operation to Instanda in the defence and settlement of such claim; and
   3. Instanda is given sole authority to defend or settle the claim.

In the defence or settlement of such a claim, Instanda may procure the right for the Client to continue using the affected Software, replace or modify the Software so that they become non-infringing or, if such remedies are not reasonably available, terminate the affected Service(s) with immediate effect without any liability to the Client.

1. In no circumstances shall Instanda be liable to the Client under clause 8.3 to the extent that the alleged infringement arises out of or relates to: 
   1. a modification of the Platform, Services or Documentation by anyone other than Instanda;
   2. the Client’s use of the Platform, Services or Documentation in a manner contrary to any term of the Contract and/or the instructions given to the Client by Instanda;  
   3. developments to the Platform made by Instanda to meet the specification or requirements of the Client and the Domain(s);
   4. the Client’s use of the Platform, Services or Documentation after notice of the alleged or actual infringement from Instanda or any appropriate authority;
   5. the Client’s use of the Services in conjunction with any products and/or services not provided by or approved by or via Instanda;
   6. any Third Party Technology or other third party materials incorporated into any part of the Services. 
2. Instanda agrees that the Services will be performed materially in accordance with the Documentation, in accordance with applicable laws and with reasonable skill and care in a manner consistent with generally accepted standards for identical or similar software as a service provision in this field, but that Instanda shall not be liable for non-conformance with this clause to the extent it is caused by a Third Party Application or use of the Services not in accordance with Instanda’s instructions, or modification to the Services by any party other than Instanda. For any breach of this clause 8.5,  Instanda shall, at its expense, use reasonable endeavours to correct any such non-conformance, or provide the Client with an alternative means of accomplishing the desired performance. Such correction or substitution constitutes the Client’s sole and exclusive remedy for any applicable non-conformance pursuant to this clause.

1. Nothing in this Contract excludes the liability of either party for death or personal injury caused by its negligence, for fraud or fraudulent misrepresentation or for any other liability that cannot be limited or excluded under applicable law. All exclusions and limitations of liability set out in the Agreement shall be subject to this clause 9.1. 
2. Instanda does not warrant that the Client’s use of the Platform, the Documentation or the Services will be completely uninterrupted or error-free, or that the Platform will be free from bugs, errors or other technologically harmful material. Save as expressly provided otherwise in the Agreement, the Platform, the Documentation and the Services are provided “as is”. This clause 9.2 does not affect the Client’s rights or remedies under any service level agreement set out in any applicable Service Specific Terms, but Instanda does not accept any liability whatsoever for the Third Party Technology.
3. Instanda does not warrant that the Platform, the Documentation, the Services and/or the information, services or results obtained by the Client through them will meet the Client’s requirements. You will have been offered or will have completed a trial access of the Platform and any decisions to purchase a licence for the Services under this Contract are Your own without any reliance upon representations, statements or warranties by Instanda as to the performance or delivery of the Platform.
4. Instanda is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Client acknowledges that the Platform, the Documentation and the Services may be subject to limitations, delays and other problems inherent in the use of such communications facilities.
5. The Client shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Client Data. 
6. Instanda shall in no circumstances whatsoever have any liability in respect of any loss or damage, or any failure of or interruption in the Services or any of the Platform, or delay in the provision of any of the Services, or any inability by the Client to access or connect to or use any of the Services or Platform, or any delay, interruption or unavailability of any Protected Domains, as a result of: 
   1. any error or omission in any information or instructions, or inaccurate data or information, provided by the Client in connection with the Contract (including errors, omissions or inaccurate data contained in the Client Data) or any actions taken by Instanda at the Client’s direction;
   2. any criminal, fraudulent, dishonest or negligent act or omission, misrepresentation or default by or on behalf of the Client or any of its Representatives, or any other act, error or omission of the Client or any of its Representatives; 
   3. any fault, error or problem relating to the Third Party Technology or Client’s software, hardware, devices, equipment, network or infrastructure, or the Client’s internet service or hosting provider; 
   4. use of the Platform or any Service (or any part thereof) in combination or conjunction with any Third Party Technology, software, hardware, device or equipment that is not approved by Instanda; 
   5. the Client exceeding any licence limitations;
   6. the Client’s failure to implement appropriate technical and organisational security measures in respect of the Domain(s) and/or Client’s IT systems (including such measures as are required to protect against viruses, denial-of-service attacks and distributed denial-of-service attacks);
   7. the Client’s failure to promptly install and implement any update to the Platform that is released to the Client by Instanda for implementation by the Client; 
   8. the Client’s failure to notify Instanda of any changes to the Domain endpoint or instance; and
   9. the Client making any modifications to the Platform or any part of the Services without the written approval of Instanda.
7. Instanda shall not be liable to the extent that the fulfilment of its obligations under the Contract is prevented, hindered, delayed or otherwise impaired as a result of the Client’s failure to do any act, matter or thing it is obligated to do under the Contract or otherwise as a result of the Client’s wilful misconduct.
8. Instanda shall under no circumstances whatsoever be liable to the Client, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, for any loss of profit, loss of business, loss of goodwill or reputation, loss, interruption or corruption of data, information or services, pure economic loss, or any indirect, special or consequential loss, damages, charges or expenses arising under or in connection with the performance of the Services, the Platform, the Documentation and/or the Agreement. Subject to clause 9.10 below, Instanda's total liability in aggregate to the Client, under or in connection with the Agreement and provision of the Services, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall in no circumstances exceed the greater of (i) £500,000 (if Your Contract is with Instanda UK), $600,000 USD (if Your Contract is with Instanda USA), or 100 million Japanese YEN if your Contract is with Instanda Japan; and (ii) an amount equal to 100% of the Fees paid by the Client during that immediately preceding Year in which the grounds for a claim arose.
9. If and to the extent that Instanda provides a Trial to the Client without a separate Trial agreement, Instanda’s total liability to the Client in respect of any claims made relating to such Trial shall not exceed (i) £10,000 if your contract is with Instanda UK, (ii) $10,000 USD if your contract is with Instanda USA, or (iii) 2 million Japanese YEN if your contract is with Instanda Japan. All Trial agreements entered into prior to this Contract shall automatically extinguish on the date of expiry set out therein, or in the absence of such date, upon the Effective Date; and for the avoidance of doubt, each of the agreement for a Trial and for the Services are separate and independent of each other.
10. Instanda's total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with any breach of the Instanda’s confidentiality obligations or data protection obligations, or in connection with any claim or allegation relating to the Platform licence granted to the Client under these Terms, shall not exceed (i) £1 million if your contract is with Instanda UK, (ii) $1.5 million if your contract is with Instanda US, and (iii) 180 million YEN if your contract is with Instanda Japan.
11. To the extent that the Client breaches the restrictions set out in this Contract on penetration testing, most notably in clause 3 of Section 3 Platform Licence, the Client shall pay to Instanda an amount equivalent to £20,000 GBP or $25,000 in respect of each Instanda customer affected by any unauthorised penetration testing conducted by the Client. The parties acknowledge that the foregoing is a genuine pre-estimate of potential loss in respect of each affected Instanda customer and that the Client shall be liable to Instanda on a liquidated damages basis in relation to each such breach. 
12. All representations (whether express or implied) and all implied conditions, warranties and terms as to the provision of the Services by Instanda, including any implied warranties or conditions of satisfactory quality and fitness for a particular purpose, are hereby expressly excluded to the fullest extent permitted by law.

1. Instanda shall provide the Services:
   1. substantially in accordance with the Services descriptions set out in this Contract, including the Support Schedule;
   2. in accordance with applicable laws and regulations; and
   3. with reasonable skill and care in a manner consistent with generally accepted standards for identical or similar software as a service provision.
2. The obligations in clause 10.1 of Section 2 above constitute Instanda’s obligations as to the conformance of the Platform and the Services to their specification as they are delivered to the Client. To the extent that the Platform or Services do not conform with clause 10.1 of Section 2 above, Instanda shall, and such non-conformance is not due to any breach by the Client of its obligations under this Contract, Instanda shall, at its expense, use reasonable endeavours to correct such conformance, or provide the Client with an alternative means of accomplishing the desired performance. Such correction or substitution constitutes the Client’s sole and exclusive remedy for any applicable non-conformance and breach of clause 10.1 of Section 2 above.

1. The term of each Service shall commence on the Start Date for the Service set out in an Order Form and shall continue for the duration of the relevant Subscription Period, unless terminated earlier in accordance with the terms of this Contract. Thereafter, unless stated otherwise in the relevant Order Form, the term for each Service shall renew for a further twelve month period (each a Renewal Subscription Period), unless (i) the Client has given at least 90 days written notice to Instanda or (ii) Instanda has given at least 30 days written notice to the Client, to terminate the Contract, such notice not to expire before the expiry of the relevant Subscription Period  during which notice was given. 
2. Either party may terminate the Agreement and/or any Order Form in respect of a particular Service with immediate effect upon written notice and without liability to the other party if the other party: 
   1. commits a material breach of any of the terms of the Contract (except as provided in clause 11.3(a)) and (if such a breach is remediable) fails to remedy that breach within 30 days after receipt of notice from the other party specifying the breach and requiring its remedy; or
   2. becomes subject to an Insolvency Event.
3. Instanda may terminate the  Contract and/or any Order Form in respect of a particular Service with immediate effect upon written notice and without liability to the Client if: 
   1. the Client fails to pay any invoice issued under the Contract within 30 days of the due date for such payment, and payment has not been received within 7 days of the Client being notified by Instanda in writing that payment is overdue; 
   2. there is a breach of any warranty given by the Client in the Contract;
   3. the Client is acquired by, merges with, or the Client’s group structure is any way altered that it becomes affiliated with, an entity or person resident in a jurisdiction that is subject trade embargos or sanctions by the UK or US governments, or is on the UK government list of High Risk Third Countries for Money Laundering at any given time; 
   4. Instanda is required to do so in order to comply with any applicable laws, or by any court of competent jurisdiction, or any regulatory or administrative body; or
   5. Instanda reasonably considers that providing the Services could create a substantial economic burden or material security risk.
4. Instanda may suspend the provision of the Services without liability to the Client in the event that: 
   1. Instanda's performance of the Services or any of its other obligations under the Contract is prevented or delayed by any act or omission by the Client, or failure by the Client to perform any relevant obligation; 
   2. the Client fails to make payment to Instanda by the due date for payment; 
   3. there is any actual or alleged breach by the Client of clauses 2.4, 5.3, 6 or 8.1; and/or
   4. your Pre-Contract Information (as defined in the Support Schedule) is incorrect or inaccurate in any way,

(each a Client Default), and the Client shall reimburse Instanda on written demand for any costs or losses sustained or incurred by Instanda arising directly or indirectly from the Client Default.

1. Termination of a Service shall not serve to automatically terminate this Contract or any other Services or Order Forms. Any termination or cancellation part way through the Subscription Period or a Renewal Subscription Period shall not entitle Client to a refund of Fees by Instanda for any remaining months.
2. The Contract will automatically terminate upon the date on which all Order Forms have been terminated or have expired pursuant to the relevant terms of the Contract, at which point all Services and licences granted to the Client by Instanda shall terminate. Termination for cause shall serve to terminate all Order Forms and the Contract on the notice period specified therein.
3. On termination of  Contract and/or any Order Form for any reason:
   1. the Client will immediately pay to Instanda all Fees due and all outstanding invoices (including interest accrued) in respect of the terminated Service(s);  
   2. subject to clause 12.4, each party will promptly (at the other party’s option) destroy or return to the other party all Confidential Information and copies of it belonging to the other party that may be in its possession, custody or control which relates to the terminated Service(s) and will permanently erase all such Confidential Information from its computer systems to the extent technically practicable (except for data generated by Instanda pursuant to clause 5.2 which Instanda may continue to use following termination of the Contract or Service(s));
   3. the Client shall, at Instanda’s request, promptly return to Instanda or at Instanda’s direction destroy, any Instanda materials containing Confidential Information, including any Documentation, and provide a certificate stating that such materials have been returned or destroyed, as required;
   4. if reasonably requested by the Client, except where the Contract and/or Order Form is terminated by Instanda pursuant to clause 11.2 or 11.3, Instanda may in its sole discretion agree to provide assistance in respect of the transfer of any terminated Service(s) to an alternative service provider, subject to the Client paying Instanda’s charges for such assistance at its then current rates. Nothing in this clause shall require Instanda to disclose any Confidential Information or allow any alternative service provider to have access to the Platform or any Documentation; and
   5. the accrued rights of the parties as at termination will not be affected or prejudiced and any provision of the Agreement that expressly or by implication is intended to come into or continue in force on or after termination or expiry of the Contract or the terminated Order Form (s) (as applicable) will remain in full force and effect.
4. Instanda will destroy any Client Data within 30 days of termination of this Contract unless Instanda receives a written request from the Client prior to that date to deliver the most recent back-up copy of the Client Data (a Client Data Back-Up), in which case Instanda will, at the Client’s cost (and provided the Client has paid all undisputed Fees in full) use reasonable endeavours to deliver the Client Data Back-Up to the Client within 30 days of receipt of the request in such CSV / XML format as agreed by the parties. A Client Data Back-Up will not be required if the Client has purchased the ODS in an Order Form or Statement of Work.

1. Instanda shall have no liability to the Client under the Contract if it is prevented from or delayed in performing any of its obligations under the Contract, or from carrying on its business, by any act, event or accident beyond its reasonable control, including acts of God, war, civil unrest, riot, malicious damage, accident, breakdown of plant or machinery, strike, lock-out or other industrial disputes, failure of a utility service or transport network, any failure or interruption of any telecommunications network, denial or service attacks or distributed denial of service attacks, acts of civil or military authorities, fire, flood, earthquake, storm, shortage of supply, default of suppliers or sub-contractors, or compliance with any law or governmental order, rule, regulation or direction, including such government restrictions imposed as a result of a pandemic. Instanda shall notify the Client of such an event and its expected duration. 

1. The parties will deal with disputes arising under or in connection with the Contract in accordance with this clause, but nothing in this clause will prevent either party from seeking injunctive or similar relief or commencing court proceedings at any time.
2. Each party will refer any dispute that arises under or in connection with the Contract in the first instance to their suitable senior representatives within a reasonable time of such dispute arising and those senior representatives shall attempt in good faith to resolve the dispute. 
3. If any dispute has not been settled by the parties’ senior representatives, or a course of action for settlement of the dispute has not been agreed by the parties, within 30 Business Days of a party notifying the other party of the dispute, the parties may attempt to settle the dispute in the following ways depending on who your contract is with:
   1. if your contract is with Instanda UK, the parties shall attempt to settle in good faith by mediation in accordance with the CEDR (Centre for Effective Dispute Resolution) Model Mediation Procedure. Unless otherwise agreed between the parties in writing, the mediator will be appointed by CEDR and the mediation shall take place in London, England in the English language. To initiate the mediation a party must give written notice to the other party/parties to the dispute requesting mediation (the ADR Notice). A copy of the ADR Notice should also be sent to CEDR Solve. Subject to any constraints imposed by CEDR the mediation will start not later than ten (10) days after the date of the ADR Notice. OR:
   2. if your contract is with Instanda USA such dispute shall be settled by and through an arbitration proceeding to be administered by the American Arbitration Association (or any like organization successor thereto) in New York, New York, in accordance with the American Arbitration Association’s Commercial Arbitration Rules. Each of the parties to this Agreement hereby agrees and consents to such venue and waives any objection thereto. The arbitrability of any such dispute, claim or controversy shall likewise be determined in such arbitration. Such arbitration proceeding shall be conducted in as expedited a manner as is then permitted by the commercial arbitration rules (formal or informal) of the American Arbitration Association. Both the foregoing agreement of the parties to this Agreement to arbitrate any and all such disputes, claims and controversies and the results, determinations, findings, judgments and/or awards rendered through any such arbitration shall be final and binding on the parties hereto and may be specifically enforced by legal proceedings. Notwithstanding any provision of this Agreement relating to which state laws govern this Agreement, all issues relating to arbitrability or the enforcement of the agreement to arbitrate contained herein shall be governed by the Federal Arbitration Act (9 U.S.C. §§ 1 et seq.) and the federal common law of arbitration.

1. Instanda shall not be obliged to provide and does not guarantee the provision of specific individuals in relation to the supply of the Services. 
2. Client undertakes that for the duration of the Contract and for a period of twelve (12) months afterwards it will not, without Instanda’s prior written consent, directly or indirectly solicit any of Instanda’s employees who were in direct contact with the Client in connection with the Agreement.

1. Each party shall: (a) comply with all applicable laws, statutes, regulations and codes relating to anti-bribery and anti-corruption including the UK Bribery Act 2010 if your contract is with Instanda UK and the Foreign Corrupt Practices Act 1977 if your Contract is with Instanda USA (each and both, Relevant Requirements); and (b) have and maintain in place its own policies and procedures, including adequate procedures under the Relevant Requirements, to ensure compliance with the Relevant Requirements and will enforce them where appropriate.
2. Instanda shall be entitled to vary the terms of this Contract to address a change in applicable laws. If Instanda exercises its right to vary this Agreement pursuant to this clause, Instanda shall give the Client at least 30 days’ prior written notice of such changes before they take effect.
3. Any notice given under or in connection with the Contract shall be in writing and shall be delivered by hand or by pre-paid first-class post or other next business day delivery service to the address stated in the Order Form (or to such other address as a party may notify to the other party in accordance with this clause) or by such other means or method as the parties may agree in writing. All notices for the cancellation of a Service sent by the Client must be sent by email to commercials@Instanda.com. Notices shall be deemed to have been received: (a) if delivered by hand, on signature of a delivery receipt or at the time the notice is left at the proper address; (b) if sent by pre-paid first-class post or other next business day delivery service, at 9.00am on the second Business Day after posting or at the time recorded by the delivery service; or (c) if sent by fax or email (if such method of delivery is permitted), at 9.00am on the next Business Day after transmission (provided no delivery notification is received).
4. Each party is an independent contractor, and nothing in the Contract shall constitute the creation, establishment or relationship of partnership, joint venture or employer and employee between the parties. Neither party shall have the authority, and shall not hold itself out, or permit any third party to hold itself out, as being authorised to bind the other party in any way, and shall not do any act which might reasonably create the impression that it is so authorised.
5. If any provision or part-provision of the Contract is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of the Contract.
6. No failure or delay by a party to exercise any right or remedy provided under the Contract or by law shall constitute a waiver or abandonment of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. 
7. Each party agrees that it shall have no remedies in respect of any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in the Contract. Each party agrees that it shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on any statement in the Contract. 
8. Instanda may at any time assign, transfer, mortgage, charge, subcontract or otherwise deal in any manner with all or any of its rights or obligations under the Contract. The Client shall not assign, transfer, mortgage, charge, subcontract, declare a trust over or otherwise deal in any manner with any or all of its rights and obligations under the Contract without the prior written consent of Instanda.
9. Beneficiaries to the Contract.
   1. Except as set out in this clause 16.9 of Section 2, the parties agree that a person who is not a party to this Contract has no rights under the Contracts (Rights of Third Parties) Act 1999 if your contract is with Instanda UK, or will simply not be deemed a third party beneficiary if your contract is with Instanda USA, so in both circumstances will have no rights to enforce any term of this Contract.
   2. Each and every obligation of the Client is owed to each member of the Instanda Group and in relation to the Client’s obligations under clause 3 Change Control, to any successor supplier of the Services, each of whom may enforce the terms of this Contract and references to Instanda in the context of the Client’s obligations shall be construed accordingly.
   3. [Only applicable if your Contract is with Instanda UK]. If a person who is not a party to this Contract is stated to have the right to enforce any of its terms under the Contracts (Rights of Third Parties) Act 1999, the parties may rescind or vary this Contract (and any documents entered into pursuant to or in connection with it) without the consent of that person.
10. Except as expressly stated in the Contract, the rights and remedies provided under the Agreement are in addition to and not exclusive of each other and any rights or remedies provided by applicable law. 

1. You shall only send prescribed data sets to Instanda and only through the methods prescribed by Instanda. You must follow all of Instanda’s instructions (including in Instanda’s Documentation) to securely send the data to Instanda. Instanda shall not be responsible for the transfer of any type of data while in transit outside of Instanda’s technical environment.  
2. The provision of the Services might be supported by or rely upon integrations and other connections within Your technical environment to certain Client-side services. If You use a Client-side service alongside or intraoperatively with the Services, You hereby grant to Instanda permission to interoperate with each relevant Client-side service, and You warrant that You have all rights, licenses and permissions to do so. Your use of any Client-side services is governed by the terms agreed between You and the relevant provider and You acknowledge and agree that: (a) Instanda does not control and is not responsible for any Client-side services; (b) Instanda has no liability with respect to any use of Client-side services or any disruption caused to the Platform as a result of Client-side services; and (c) You are responsible for complying with any licenses and other terms applicable to the Client-side services. 
3. Unless otherwise agreed with us in an Order Form, You are solely responsible for the maintenance of Your Domains and Instanda is not responsible for any failure or interruption to the Services as a result of an issue with the Domains.
4. You are responsible for working with Instanda to determine the use of cookies on the Platform and update your policies appropriately, including cookie and website terms of use. 

1. Except as may be allowed by applicable law which is incapable of exclusion by agreement between the parties, and except to the extent expressly permitted under the Contract, you shall not:  
   1. attempt to copy or clone, modify, create derivative works from, republish, download, transmit, or distribute all or any element of the Services, Platform and/or any Third Party Technology (as applicable) in any form or media or by any means; or  
   2. attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any element of the Services, Platform and/or any Third Party Technology under the Contract; 
   3. attempt to conduct your own penetration testing or other security level testing on the Platform;  
   4. access all or any element of the Services or Platform in order to develop a product or service which competes with Instanda and its products or services;   
   5. use any element of the Services or Platform to provide services to third parties;   
   6. commercially exploit in any way, or otherwise make any element of the Services or Platform available, to any third party;   
   7. make a competitive or functional assessment of any element of the Services or Platform (other than assessing Instanda’s ability to meet Your own internal business purposes) on behalf of third parties (including any of Instanda’s competitors) or with the intention of publishing or making information about the Services available to third parties that we have not previously consented to in writing; 
   8. attempt to obtain, or assist third parties in obtaining, access to any element of the Services or Platform other than as permitted under the Contract;
   9. exploit the Services or Platform for any lawful, fraudulent, harmful or malicious purpose or for a purpose or in a way that infringes the Intellectual Property Rights or rights of any person;
   10. knowingly or recklessly transmit any data or send or upload any material to the Services or Platform that contains any viruses or any other technologically harmful programmes, data or code;
   11. use the Services or Platform to gain unauthorised access to or use of data, systems, applications, devices or networks, including any attempt to probe, scan or test the vulnerability of a system or network or to breach security measures; 
   12. remove or attempt to remove Instanda’s name or logos from the Platform, including “Powered by Instanda” or any equivalent wording; or
   13. otherwise use the Services or Platform in any way which would contravene the terms of this Contract, any of Instanda’s instructions or use policies (including a Platform acceptable use policy), or any other terms or policies for Third Party Technology.
2. Any Third Party Technology is subject to, and the Client shall comply with, the terms and conditions of the relevant Third Party Technology Provider.
3. You will ensure that all data that you supply to Instanda is complete, accurate and in the format Instanda has agreed with You and it is solely Your responsibility to keep these accurate and up to date, and Instanda will not be liable to You for any data provided which is outside of any prescribed data parameters. Instanda will inform You if it becomes aware of any data received other than or outside of the agreed sets or parameters and You acknowledge that Instanda will immediately delete any such data in accordance with its data retention and destruction policies without any liability to You.

1. The Platform interoperates with certain third party features made available through the Platform by Instanda, including pre-integrated Payment Gateways (Third Party Features). Third Party Features are made available using web services and APIs. In addition, at the discretion of the Client, the Platform may be integrated with processes, programmes or APIs that are developed by the Client or by third party providers (Client Applications).
2. The Client accepts and acknowledges that Instanda bears no responsibility whatsoever for any interruption of the Services in whole or in part and/or access to the Platform in whole or in part related to Third Party Features and/or any integration processes, programmes, applications developed by or on behalf of the Client that integrate in any way to or from the Platform whether or not in support of any Third Party Features. Instanda has no ownership and therefore does not make any warranty or representation on the availability of such Third Party Features and the Service Levels set out in the Support Schedule do not apply to the performance of any Third Party Features.
3. To the extent required, Instanda shall grant a limited, non-assignable, non-transferable, revocable license for each Third Party Feature or Client Application to integrate or interoperate with the Platform, and for the avoidance of doubt Instanda shall own all developments, updates or enhancements to source code and models in relation to the interoperability of the Platform pursuant to this clause 4 of Section 3.
4. If the Client wishes to utilise a Payment Gateway the Client must execute an additional schedule to the Order Form and set up an account and execute terms with the external Payment Gateway provider.
5. The Client will notify Instanda in writing of any intention to integrate the Platform with a Client Application, providing full details of the proposed Client Application and integration. Instanda shall be under no obligation to integrate or support any Client Application. To the extent that such integration incurs additional costs, including licensing fees, technical support fees, or any other additional expenses (Client Application Costs), which have not factored into any quotes, proposals or Order Forms, the Client shall reimburse Instanda for such Client Application Costs. 
6. The Client will be solely responsible for the operation, monitoring, configuration, functionality, performance, compliance with applicable laws and security of all Client Applications, including any external API interfaces used to connect to the Platform. 
7. Unless a bespoke support package has been purchased by the Client to cover integration of a Third Party Feature or Client Application, the provisions of the Support Schedule do not apply to issues and tickets raised with regards to Third Party Features or Client Applications.
8. Where the provider of a Third Party Feature ceases to be available on reasonable service or commercial terms, Instanda  may move the Third Party Feature to a new provider, provided that, if Instanda is aware the Client has integrated such Third Party Feature, it will use all reasonable endeavours to notify the Client of the migration as soon as reasonably practicable and in any event within 30 days of becoming aware of the need for the migration. 

1. The Client shall appoint nominated individuals from within the pool of Authorised Users who have superior knowledge of the Platform to have a key role in management of the Client’s use of the Platform, including relating to the Support Services and the diagnosis and triage of any incidents before they are referred to Instanda’s Platform Service Desk (Super Users).
2. The Client shall ensure that there are a minimum of two (2) Super Users nominated at any given time during the provision and receipt of the Services.
3. Super Users shall review, validate and approve all requests and queries from the Client relating to the Platform and the Services, including Support Services to ensure that only necessary requests and queries are submitted to Instanda for resolution and answer.
4. The Super Users shall immediately inform Instanda of any known or suspected breach of the licence restrictions set out in clause 3 of this Section 3.

1. Instanda will often perform a discovery and design exercise (“D&D”) after we have entered into a Contract with you, which is based upon all of the information You have provided us about your use cases, platform requirements, sales models and any other information or data relevant to providing our Services to you in pre-sales and technical pre-sales stages (“Pre-Contract Information”).
2. Instanda issues quotes for Services based upon the Pre-Contract Information that you provide, and you make an offer to buy our Services for the price stated in such quotes. Instanda may then accept your offer, relying upon the data and representations made in your Pre-Contract Information to make that decision.
3. If during a D&D it transpires that your Pre-Contract Information was not accurate, or your requirements or use cases have changed in any way, which means there is a materially different scope of Service (including the Platform configuration) to that which we understood from your Pre-Contract Information, then the Change Control procedure shall automatically be triggered and Instanda shall not be obliged to continue to provide the Services (including any Support pursuant to this section) until such time that we have agreed an appropriate and accurate revised scope and (if applicable) Fees, which for the avoidance of doubt may include an increase in the Access Fee, Processing Fee or any other ancillary fees during the Term.

1. The Platform needs to be integrated into the Domain and the Client can elect for either (i) Instanda to perform such integration work; (ii) the Client to complete the integration itself; or (iii) in exceptional circumstances only and at the sole discretion of Instanda, for a third party service provider to perform such systems integration.
2. To the extent that the Client elects Instanda to perform such systems integration support, this will be documented in an Order Form. Instanda’s liability in respect of such systems integration support shall be as per section 2 (Standard Terms of Supply) of this Contract.
3. Where the Client elects for a third party service provider to perform such systems integration, Instanda shall not be liable for any acts or omissions in respect of the systems integration to the Platform or for any performance or availability issues attributed to systems integration.
4. Time shall not be of the essence in respect of any systems integration work performed by Instanda, and Instanda cannot be held responsible for any delays to systems integration caused by the Client (including the unavailability of key personnel within the Client who are required to cooperate with Instanda).

1. The Client shall be responsible for: 
   1. ensuring that the scope of the support under the relevant Service Tier shall meet its requirements;
   2. ensuring that the Authorised Users understand and use the processes for requesting the support under the relevant Service Tier and that there are a minimum of two (2) Super Users appointed at any given time during the Term; 
   3. notifying Instanda immediately upon becoming aware of an Incident; 
   4. after the Super Users have considered each incident, submitting each relevant request for support to Instanda; 
   5. providing as much information as possible in respect of each Incident and each support request;
   6. providing remote access to its systems, if required by Instanda in order to provide support;
   7. maintaining its systems and Domains to enable Instanda to fulfil its obligations to provide support; and
   8. provide Instanda with all necessary assistance to enable Instanda to successfully integrate the Platform to provide the Services.
2. The Client shall contact Instanda for support by submitting requests through the Support Portal. Only in the event of a P1 Incident shall the Client be permitted to request support via telephone or email.
3. All Support requests must be reviewed, validated and approved by a Super User prior to being logged as a ticket via the Support Portal. Tickets must contain the following information at a minimum:
   1. the Client name (i.e. recognisable business name);
   2. the name of the Super User the incident was validated by prior to logging a Support Request;
   3. the actual name of the end-user and/or function impacted when the incident was experienced;
   4. details of the insurance product page impacted (e.g. title and/or URL copied from the web browser);
   5. details (if known) of whether this is a third party integration or Client application issue;
   6. date and time when the relevant end-user first noticed the issue (including the geographic time zone);
   7. any screenshot(s) of the relevant area(s) of the Platform, if applicable and only if feasible;
   8. brief step by step explanation of what happened;
   9.     end-user’s local.
4. Once the Service Desk receives the ticket through the Support Portal it will be assigned a priority level. All requests for support that are not expressly set out in the In-Scope table below shall automatically be assigned a P4 priority level. 

1. The scope and level of service and support to be provided by Instanda shall be determined by the Service Tier purchased by the Client. Unless otherwise agreed separately, the Client shall receive the Standard Service Tier, details of which are included in this Support Schedule.
2. The Client acknowledges that Instanda provides the Platform and the Services only as a hosted software service solution, and that unless the parties expressly agree otherwise in an Order relating to a Non-Core Solution, the Support Services shall not apply to any Non-Core Solutions.
3. Instanda shall use reasonable endeavours to respond to and resolve incidents and support requests that are reported by the Client in accordance with this Support Schedule and identified as In-Scope only, irrespective of the Client’s purchased Service Tier, as follows:

1. Whereby the following Priority Levels shall have the following meanings:

1. “Priority Level 1” or “P1” (Critical Production Environment Incident) means an incident that renders the whole of the Platform unavailable, thus impacting users.

1. “Priority Level 2” or “P2” (High Production Environment Incident) means the Platform is operating as required, however, the following important aspects of the Platform are not working optimally and are creating some business impact or operational problems with processing payments or completing renewals, or, there is a persistent issue affecting a significant number of users with no known workaround yet available.
   
    
2. “Priority Level 3” or “P3” (Medium Production Environment Incident) means the Platform is operating as required, however, there are some performance issues or bugs affecting parts of the Platform, thus affecting individual user experience, for which there maybe be a short term workaround available but might not be considered acceptable long term or is scalable.
   
    
3. “Priority Level 4” or “P4” (Low Production Environment Incident or Queries) means the Service is functioning but there might be minor bug or cosmetic issues affecting single users and where a workaround may already be available, OR, general Platform questions, routine technical or functional questions.
   
    
4. Instanda shall use reasonable endeavours to make the Platform available and functioning (in a production environment only) in accordance with the following availability service level, measured over a calendar month, excluding any Excluded Downtime, problems with the Client’s local or wide area networks, or End User’s home internet connections:

1. Instanda shall not be responsible for any Service performance issues attributable to latencies in the public internet or the Client’s connection to the public internet (including Client Affiliates and Authorised Users’ own personal or business connection to the public internet).
2. Instanda reserves all discretion to award claims for a Service Credit, and where it does so shall aim to issue a Service Credit Note to the Client by no later than the end of the month following the month in which such claim is accepted. An awarded Service Credit:
   1. must be used no later than thirty (30) days prior to the end of a Subscription Period; 
   2. cannot be rolled over and used in any successive Subscription Period;
   3. will not entitle the Client to any refund or repayment of Charges or any other amounts from Instanda; or
   4. may not be transferred to any other account or Service.
3. The Client shall not be entitled to a Service Credit if it is in breach of any term of the Agreement (including without limitation its payment obligations) until the Client has remedied such breach. 
4. Instanda shall not be liable for any failure to comply with a Service Level as a result of any action or inaction of the Client or any third party acting on the Client’s behalf, including the Client failing to comply with its obligations under these Service Specific Terms.
5. Where the Client considers that Instanda has not performed the services to a standard set out in clause 5.5 above, and Instanda agrees that such performance fell short of that agreed standard, the Client shall only be entitled to receive Service Credits in accordance with the relevant Service Level mechanism. Such award of Service Credits shall be deemed to be an adjustment to the Charges to compensate the Client for Instanda’s under performance and the Client’s sole and exclusive remedy in the first instance. In the event that the Client attempts to subsequently claim that such performance was in breach of this Agreement and claim contractual damages subject to the limitations set out therein, the Client agrees that the monetary equivalent of Service Credits actually and previously awarded in this respect (calculated in accordance with Instanda’s standard rates at the time of such claim) shall be deducted from any sums awarded by a court or settlement amounts agreed between the parties.
6.  If the Availability of the Platform falls below 99.5% in any three consecutive months, then the Client may request immediate remedial measures and service review meetings from Instanda. 

1. The following are included within the Standard tier of Support as part of the Access Fee:

Anything not stated above is excluded from the Support Service unless the Client agrees to pay applicable Fees. For example purposes, the following are excluded from the Standard Tier:

1. Maintenance includes regular or preventative maintenance to perform updates, patching and the application of software fixes or security updates carried out by Instanda, as required during periods of planned Platform maintenance.
2. All maintenance requiring downtime shall be communicated and agreed in advance with the Client, with notification of at least five (5) days before such maintenance is required. Instanda will exercise reasonable endeavours to schedule planned maintenance after 9pm and before 7am GMT between a Tuesday and a Thursday. Where the Client has licenced the Platform to operate in several geographical locations, Instanda and the Client shall work together to agree the most appropriate times for maintenance, but in all events, releases and maintenance shall be carried out on days and times at Instanda’s sole discretion.
3. Where emergency Platform maintenance is required, Instanda shall provide as much advanced notice as possible to a Super User.

1. Instanda permits the use of applications (including third party integration processes, programmes, or other such applications developed for or on behalf of the Client and which connect into or from the Platform. Instanda is not able to warrant the Availability, nor include any support relating to, a Client application.
2. The following are examples of Client applications which are not Instanda’s responsibility and are explicitly excluded from any Support Services (irrespective of the Service Tier).

1. Instanda performs monthly and annual security testing as part of the Support Services, and can provide its annual penetration testing certificate to the Client upon request.
2. To the extent the Client wishes to conduct any penetration testing (either itself or through a third party), it shall make a Support request through the Support Portal and Instanda shall provide a specific penetration testing request form for consideration by Instanda. All requests must be made at least thirty (30) days before any proposed dates for such testing.
3. Any penetration testing authorised by Instanda shall be strictly limited to the scope, source and destination IP addresses set out in the relevant request form. 

The Client shall always remain strictly liable to Instanda and its other clients for losses and damages caused by any unauthorised penetration testing activities. 

1. The parties acknowledge and agree that, to the extent that Instanda Processes any Personal Data on the Client’s behalf when performing its obligations under the Contract, the Client will be the Controller of, and Instanda will be a Processor of, such Personal Data (hereafter referred to as the “Protected Data”).
2. The parties refer to the Annex which sets out the scope of Processing under this DPA. To the extent the Annex does not contain all requisite information in respect of such Processing, the parties shall ensure that an Order Form or other accompanying document is also entered into setting out the full scope of Processing.
3. Both parties shall comply with their respective obligations under the Data Protection Legislation in respect of personal data processed in connection with the Contract and nothing in this DPA is intended to relieve, remove or replace a party’s obligations or rights under the Data Protection Legislation.
4. In the event of any conflict between the provisions of this DPA and the other sections or provisions of the Contract, the provisions of this DPA shall take precedence.

YOUR OBLIGATIONS:

1. In respect of any Personal Data for which you are the Controller, it shall be Your responsibility to ensure that You are entitled to, and have a lawful basis to, process and to authorise Instanda to process such Personal Data in the manner envisaged by this DPA and you hereby consent to Instanda doing so for the purpose of performing its obligations under the Contract. You shall immediately notify Instanda if you know of any Processing of Personal data under this DPA that is in breach of the Data Protection Legislation. 
2. You shall ensure at all times that Your instructions to Instanda for the Processing of Personal data under this DPA comply with Data Protection Legislation and that compliance with such instructions would not cause Instanda to breach the Data Protection Legislation.
3. This sub-paragraph 2.3 only applies if your Contract is with Instanda UK. You shall be responsible for compliance with Article 22 GDPR “Automated individual decision-making, including profiling” or article 14 of the UK Data Protection Act 2018, as a result of the way in which you decide to make use of the Services. This includes providing for human intervention following a Data Subject Request.
4. You shall review Instanda’s privacy policies and security statements, as amendment from time to time, and to assess whether such measures are appropriate to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. You can request the latest versions of Instanda’s policies and statements at any time.
5. You shall provide an email address to which Instanda shall transfer Data Subjects Requests, as well as a telephone number for notification of data breach incidents.
6. You shall consult Instanda beforehand on the content of any data breach notification made to a Supervisory Authority that mentions Instanda and provide a copy of the notification once it has been submitted. 
7. You shall be responsible for the provision of fair processing information to relevant data subjects and for obtaining any consents that may be required (in each case to the extent necessary in order to comply with the Data Protection Legislation) from that data subject. You shall ensure that such fair processing notices are accurate and complete, and that any consents are sufficient for Instanda to lawfully process the personal data in the manner set out in this DPA.
8. Given that Instanda has no direct contact with the Data Subjects, You shall be responsible for:
   1. for informing Data Subjects that Personal Data collected is also Processed by Instanda as either a Processor or a Joint Controller as applicable, which includes updating your privacy, cookie and other applicable policies as relevant; 
   2. for providing a link to Instanda’s privacy policy; and
   3. for notifying Instanda without delay if You become aware of any Data Subject Request that is wholly or partly intended for Instanda.
9. You shall be responsible for monitoring compliance of Instanda with the terms and conditions of this DPA.
10. You shall be responsible for ensuring all of Your own and Your clients’ privacy policies, data protection policies, security statements and any and all such other applicable policies or statements relating to the safeguarding of personal data are up to date and where applicable declare Instanda as a Processor or Sub-Processor of Personal Data, as the case may be.
11. You represent to Instanda (and ensure that):
    1. You are entitled to transfer the relevant Protected Data to Instanda (and you have all necessary appropriate consents and notices in place) in order that Instanda may lawfully use, process and transfer the Protected Data in accordance with this Agreement on the your behalf;
    2. You have, and will maintain throughout the Service Term at your own cost and expense all relevant regulatory registrations and notifications as required from time to time under the Data Protection Legislation;
    3. all instructions that the You give to INSTANDA in respect of the Protected Data will at all times fully comply with the Data Protection Legislation; and
    4. You will not unreasonably withhold, delay, or make conditional its agreement to any change or amendment reasonably requested by Instanda to this DPA in order to ensure that the Services and Instanda (and each Sub-processor) comply with the Data Protection Legislation.
        
12. INSTANDA’S OBLIGATIONS:
    If and to the extent that Instanda Processes Protected Data as a Processor on Your behalf, Instanda shall in respect of such personal data:
    1. Process the Protected Data only on the written instructions of the Client, unless INSTANDA is required by applicable laws to otherwise Process that Personal Data. In such circumstances, INSTANDA will notify the Client of this before performing the Processing required by the applicable laws (unless such laws prohibit INSTANDA from notifying the Client);
    2. immediately notify the Client where INSTANDA is aware that the Client’s Processing instructions infringe the Data Protection Legislation unless prevented from doing so by applicable law and, in such circumstances, INSTANDA will be entitled to cease performing the relevant Services until the parties have agreed appropriate amended instructions which are not infringing; 
    3. ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful Processing of Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected having regard to the state of technological development and the cost of implementing any measures. On execution of the Order Form, the Client will be provided with a copy of such technical and organisation measures, which may be updated or amended from time to time by written notice to the Client, provided always that no such update or amendment will materially result in any adverse effect or impact on the level and standard of the technical and organisational measures implemented by INSTANDA at the date of execution of the Order Form; 
    4. ensure that all INSTANDA personnel who access and/or Process the Personal Data are obliged to keep the Personal Data confidential; 
    5. provide reasonable assistance to the Client, at the Client's reasonable cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data  Protection Legislation with respect to security, breach notifications, impact assessments and consultations with Supervisory Authorities or regulators (provided always that such assistance takes into account the nature of Processing by and information available to INSTANDA);
    6. maintain complete and accurate records and information to demonstrate its compliance with these Data Privacy Terms (the Relevant Records) and promptly provide copies of the Relevant Records to the Client upon the Client's written request (provided always that the Client makes no more than one such request in each 12 month period);
    7. to the extent, following a request made by the Client pursuant to paragraph 2.12(f) above, the Relevant Records provided by INSTANDA to the Client are not to the Client's reasonable satisfaction as regards INSTANDA's compliance with these Data Privacy Terms, INSTANDA will on the Client's prior written request allow for and contribute to audits or inspections by the Client's authorised and professionally qualified auditors solely and strictly for the purposes of verifying that INSTANDA is Processing the Protected Data in accordance with its obligations under the Data Protection Legislation and these Data Privacy Terms, subject to the Client: (i) giving at least three months’ written notice to the INSTANDA of any request for an audit or inspection under this Section; (ii) ensuring that all information obtained or generated by the Client's authorised and professionally qualified auditors are kept strictly confidential (save for disclosure to Supervisory Authorities or as otherwise required by applicable law); (iii) ensuring that any such audits or inspections are undertaken during INSTANDA’s normal business hours and with minimal disruption to INSTANDA’s business (and the respective businesses of the INSTANDA’s other Clients) and permitting INSTANDA’s personnel to accompany and escort the Client's authorised and professionally qualified auditors at all times during any such audit or inspection; and (iv) requesting no more than one such audit or inspection under this Section in any 12 month period; 
    8. notify the Client in writing without undue delay on becoming aware of a Personal Data Breach (and, in such circumstances, INSTANDA will reasonably co-operate with the Client in the Client's handling of the matter, including: (i) assisting with any investigation; (ii) making available all Relevant Records, logs, files, data reporting, and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by the Client; and (iii) taking commercially reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from such Personal Data Breach); and
    9. at the written direction of the Client, delete or return Personal Data and copies made of the Protected Data to the Client on termination or expiry of the Contract, unless required by applicable law to store such Protected Data (in which case, Instanda will ensure that any Protected Data stored as required by applicable law will remain subject to the terms of this DPA and the requirements of the Data Protection Legislation.
13. For the avoidance of doubt, paragraph 2.12 does not apply to Personal Data Processed by Instanda as a Controller.
    SUB-PROCESSORS
14. In respect of personal data which is processed by Instanda on Your behalf, You hereby consent to Instanda appointing the Sub-Processors set out its Sub-Processor List set out in this DPA, and where updated and notified to you from time to time, as sub-processors of the Protected Data under this DPA. 
15. Instanda shall have in place a written contract with all Sub-Processors in respect of such Processing of Protected Data. Where such sub-processors are providing the services from outside of the EEA in countries that do not benefit from an adequacy decision by the EU commission , Instanda shall provide this information and implement appropriate safeguards as required by Data Protection Legislation, as the case may be by way of standard contractual clauses or other means.
16. Instanda may add, substitute, or replace any Sub-processor listed in the Sub-Processor List from time to time. The Client must issue a request to receive updates of the online Sub-Processor List. If the Client objects to any new Sub-Processor added to the online Sub-Processor List within 30 days of such update, the parties will promptly discuss the Client's concerns in good faith and, unless and until such concerns are resolved to both parties’ reasonable satisfaction (as agreed in writing by both parties), INSTANDA may: (i) either not appoint such new or replacement Sub-Processor to Process any Protected Data or offer an alternative method of providing the affected portions of the relevant Services to the Client without using such proposed new or replacement Sub-Processor; (ii) take any commercially reasonable corrective steps identified by the Client; or (iii) cease to provide to the Client (either temporarily or permanently) the Services (or relevant portion thereof) that would necessitate the deployment, appointment, or engagement of such Sub-Processor, subject always to the parties' written agreement as to any corresponding adjustment to the relevant Service Fees payable by the Client as a result of such reduced scope of the Services provided by Instanda.
17. Instanda remains fully liable to the Client for all acts, defaults, and omissions of each Sub-Processor as if they were Instanda’s own.

Instanda will not transfer any Protected Data outside the geographical area comprising the United Kingdom and the European Economic Area unless the relevant transfer is to a country or territory that is subject to a valid and effective Adequacy Decision or: (i) either party has provided appropriate safeguards within the meaning of the UK GDPR and/or EU GDPR (as applicable) in relation to the relevant transfer; (ii) Instanda ensures that the transfer otherwise complies with the Data Protection Legislation; and (iii) Instanda conducts transfer risk assessments as required by the Data Protection Legislation

Purpose of Processing

Instanda provides a platform management software subscription service which allows the Client to implement, manage and offer out insurance policies to end users. The Client is responsible for configuring the platform to capture all the necessary data for their products. This may include the capturing and Processing of Personal Data if end users are able to purchase an insurance policy using the platform and need to complete questionnaires for quote generation, secure payment and contract formation. The Personal Data being captured and Processed is entirely at the discretion of the Client, and Instanda has no control over or visibility of such Personal Data. As such, the Processing is limited to hosting of data on the Platform only.

Types of Personal Data Processed

The following are likely to be Processed by Instanda in all cases:

1. names;
2. ages; and
3. email addresses.

If the Client is aware of any other types of Personal Data to be Processed pursuant to the Services it must immediately notify Instanda to either update this DPA or enter into a supplementary document to adequately record the Processing.

Categories of Data Subjects

Visitors to the Domain(s) that wish to receive the Client’s insurance information, obtain a quote for or purchase an insurance product, which may include:

a. individuals;

b. brokers acting on behalf of individuals; and

c. managing general agents acting on behalf of individuals.

Type of Processing Activity

Instanda hosts all Client Data input into the Platform by either the Client or individual Data Subjects in order to access the Client’s insurance products. Instanda has no control over the Client Data and Personal Data inputted into the Platform as the Platform is made available on a “self-serve” model, i.e. the Client as the Controller is entirely responsible for the Personal Data and Instanda has no influence or ability to change the nature of the Processing.

Frequency

Continuous during the provision of the Services.

Joint Controllership

Not applicable. The parties will not be Joint Controllers during the Term of the Contract or afterwards.

Data Retention

Instanda shall determine the period for which any Personal Data contained within any Client Data is Processed and retained, subject always to:

1. Instanda shall only Process Personal Data for as long as is required for the performance of its obligations under the Contract or as required by applicable laws; and
2. Following termination of the Contract, Instanda shall cease Processing and delete any Personal Data save to the extent that:
   1. it is required to retain it under applicable laws;
   2. the data will subsequently be retained and deleted in accordance with a routine arching and back-up procedure; or
   3. it is required to retain it to comply with bona fide internal compliance and audit policies and obligations.

Processors and Sub-Processors

Instanda may update the list of its processors from time to time and notify you as provided in the DPA.