Version 3 / December 2018 [PDF]
We may change any of the Terms by posting a revised version on our website
Use of all RiskBase Applications is governed by these terms and conditions, which the Customer is deemed to have accepted in full by accessing the Applications.
1.1 In addition to any terms defined in the Sales Order, the following terms shall have the following meanings:
Agreement means the terms of any Sales Order and these Terms;
Application(s) means the web-based applications made available by RiskBase from time to time;
Customer Data means all data and information of any kind which: (i) may be uploaded to, stored within or processed by the Applications by or on behalf of the Customer or any User; or (ii) are otherwise provided to RiskBase by or on behalf of the Customer or any User, including any End Client Data;
End Client means any person or organisation that is the subject of a risk assessment or other activity carried out within the Applications;
End Client Data means Customer Data relating specifically to an End Client;
Excluded Event means incompetence, misuse or User error of any Applications, any Customer systems failings or issues arising in respect of Customer Data;
Intellectual Property Rights means all intellectual property rights, including patents, trade and service marks, rights to domain names, rights in passing off, registered and unregistered designs, rights in confidential information, rights in knowhow, database rights, topography rights, copyright (including rights in software), rights in any invention, and applications for registration of any of the foregoing, and the right to apply therefor, in each case in any part of the world;
Invited User means any person or entity including consultancies or groups that uses the Applications with the authorisation of the Customer from time to time;
Operating Hours means any time between 09:00 and 17:00 on any day when RiskBase is open for business RiskBase means RiskBase Limited (registered number 06222596) a company incorporated in England and Wales whose registered office is at 8 The Green, Richmond, England, TW9 1PL;
Sales Order means the proposal, quotation or order form agreed between the parties by email;
Services means the support services described in clause 4 and any other services agreed between the parties, in each case as may be amended by RiskBase from time to time;
Term means the Initial Subscription Term stated in the Sales Order, as may be extended pursuant to clause 2 or otherwise by agreement;
Terms means these terms and conditions which are incorporated into the Agreement; and
User means an individual that has a log-in to the Applications authorised by the Customer or RiskBase from time to time including any Invited Users.
1.2 In these Terms:
1.2.1 words denoting the singular include the plural and vice versa and references to persons include individuals, partnerships, bodies corporate and unincorporated associations; and
1.2.2 the words and phrases “other”, “including” and “in particular” shall not limit the generality of any preceding words or be construed as being limited to the same class as the preceding words where a wider construction is possible.
The Agreement commences from and continues until the expiry of the Initial Subscription Term and thereafter for successive periods of 3 months (each a “Renewal Term”), unless and until terminated by either party giving the other at least 30 days’ notice, such notice to expire no earlier than the expiry of the Initial Subscription Term or the then current Renewal Term.
3.1 Subject to the Customer at all times complying with the terms of the Agreement, RiskBase hereby grants to the Customer a non-exclusive, non-transferable right during the Term for the Users to access and use the Applications in accordance with the Agreement, solely for the Customer’s business risk assessment, risk management or other relevant data collection purposes.
3.2 The Customer shall comply with all applicable laws in relation to its activities under the Agreement and ensure the Applications are only used in a proper manner and for lawful purposes.
3.3 The Customer shall procure the Users’ compliance with these Terms and be solely responsible for all acts and omissions of such Users.
3.4 A Customer or User’s access to the Applications may be suspended if RiskBase identifies a technical, operational or security risk associated with that access.
3.5 Notwithstanding any other provision of the Agreement, all Intellectual Property Rights in the Applications or arising from the Services excluding the Customer Data (“RiskBase IPRs”) belong to RiskBase exclusively and the Customer shall have no rights in relation to them other than the limited rights of access and use granted in accordance with these Terms.
3.6 RiskBase warrants that the Customer’s use of the Applications in accordance with the terms of the Agreement will not infringe any third party’s Intellectual Property Rights in the United Kingdom. This warranty shall neither apply to a claim which is attributable to any Excluded Event nor to any Customer Data.
4.1 The Customer acknowledges and agrees that prior to placing any Sales Order it fully understands its technical requirements and the functionality of the Applications and it therefore accepts responsibility for the selection of the Application to meet its requirements.
4.2 The Applications have been designed to assist with the management of compliance processes from creating fire risk assessments through to documenting remedial actions and analysing risk. The Customer acknowledges and agrees that the Customer or other relevant Invited User shall at all times remain solely responsible for its own compliance processes, risk assessments, analyses, remedial actions and general compliance with applicable laws and other duties in respect of the same. Accordingly, in no event shall RiskBase be liable for any acts, omissions or failures in this regard.
4.3 Subject to the Customer paying the Fees, RiskBase shall provide the Services to the Customer during the Term, consisting of email support during Operating Hours and any other services agreed between the parties.
4.4 RiskBase may from time to time at its discretion provide and apply any modification, update or upgrade to the Applications for the purpose of fixing a bug or error, for providing enhanced functionality and there may be downtime. RiskBase shall use reasonable endeavours to ensure the main features of the Applications are not removed or substantially changed and that any maintenance work is carried out outside of Operating Hours.
4.5 RiskBase shall not be obliged to provide any Services required, and shall not be responsible for any unavailability or failure of the Applications, as a result of any Excluded Event.
4.6 The Services do not include:
4.6.1 diagnosis or rectification of problems associated with the other systems, software or equipment of the Customer or any third party;
4.6.2 customisation or configuration services in respect of any Applications;
4.6.3 IT consultancy services or training,
and if RiskBase provides such services the Customer shall pay for them in accordance with RiskBase’s prevailing standard rates.
5.1 The Customer shall or shall procure that any relevant Invited User pays the Fees to RiskBase in accordance with the Invoicing & Payment Arrangements set out in the Sales Order.
5.2 Payment of RiskBase’s invoices shall be made by the Customer or any relevant Invited User without any set off, deduction or withholding no later than 30 days after the date of the applicable invoice.
5.3 All Fees and payments to be made by the Customer or any relevant Invited User under the Agreement shall be exclusive of VAT, which shall be payable by the Customer wherever relevant at the rate and in the manner from time to time prescribed by law.
5.4 If the Customer or any relevant User fails to make any payment when due, RiskBase may if the payment is overdue by 14 days or more, suspend access to and the right to use the Applications and/or performance of the Services until paid.
6.1 Subject to clause 6.8, all rights in and to the Customer Data shall remain, as between the parties, the property of the Customer or relevant Invited User and the Customer shall have sole responsibility for the legality, integrity, accuracy and quality of the Customer Data.
6.2 Certain Customer Data may belong to third parties. In such cases, the Customer warrants that all such Customer Data, including End Client Data, is used with the consent of any relevant third parties.
6.3 RiskBase shall be entitled to store, copy and use Customer Data to the extent necessary to fulfil its obligations and exercise its rights under the Agreement.
6.4 RiskBase shall implement and maintain appropriate measures to prevent unauthorised access to Customer Data and to ensure Customer Data remains secure. In the event any Customer Data is lost or damaged, RiskBase shall take reasonable steps to recover it. RiskBase is not responsible for any losses due to stolen, shared or misused passwords.
6.5 The Customer shall be responsible for the back-up of its own data (including the Customer Data) at all times and shall ensure that all Customer Data are properly backed up on its own systems.
6.6 The Customer warrants and represents to RiskBase that the Customer Data and its use by RiskBase in accordance with the terms of the Agreement will not breach any laws, infringe any person’s Intellectual Property Rights or other rights or give rise to any cause of action against RiskBase in any jurisdiction.
6.7 RiskBase shall have no liability for any disclosure or unauthorised access to Customer Data caused by any third party.
6.8 It is acknowledged and agreed that an End Client will always be entitled to access and manage its own End Client Data and accordingly RiskBase may take instructions from such End Client instead of the Customer in respect of how such End Client Data is handled or returned.
7.1 Subject to clause 7.2, RiskBase’s total aggregate liability, however caused, shall be limited to a sum equal to 100% of the Fees paid and payable and RiskBase shall have no liability for any indirect or consequential loss or damage.
7.2 RiskBase’s liability shall not be limited or excluded by any provision of the Agreement to the extent prohibited or limited by law and in particular nothing in the Agreement shall exclude or limit liability for death or personal injury caused by negligence or for fraud.
7.3 Except as expressly set out in the Agreement:
7.3.1 all warranties, conditions, terms and liabilities express or implied, statutory or otherwise, on the part of RiskBase, in respect of compliance with descriptions, the quality or the fitness for purpose of the Applications or Services are excluded except to the extent such exclusion is prohibited or limited by law; and
7.3.2 the Applications are provided on an “as is” basis.
8.1 Either party may terminate the Agreement at any time on giving written notice to the other party if the other party:
8.1.1 commits an irremediable material breach of the Agreement;
8.1.2 commits a material breach of the Agreement which is capable of being remedied but has failed to remedy such breach within 30 days after having received written notice from the terminating party requiring the same; or
8.1.3 has any corporate action, application, order, proceeding or appointment or other step taken or made by or in respect of it for any composition or arrangement with creditors generally, winding-up other than for the purpose of a bona fide scheme of solvent reconstruction or amalgamation, dissolution, administration, receivership (administrative or otherwise) or bankruptcy, or if it is unable to pay its debts as they fall due, or if it ceases to trade or if a distress, execution or other legal process is levied against any of its assets which is not discharged or paid out in full within three days or if any event analogous to any of the foregoing shall occur in any jurisdiction in which the other party is incorporated, resident or carries on business.
8.2 The Customer may, within 14 days of any termination or expiry, request a copy of the last available back-up of Customer Data held by RiskBase and RiskBase shall at the Customer’s expense use its reasonable endeavours to provide such backup. Upon the expiry of 14 days following such termination or expiry, RiskBase may destroy any of the Customer Data in its possession.
9.1 In the event RiskBase processes personal data in the course of performing its obligations under the Agreement, the parties agree that, for the purposes of the GDPR, the Customer shall be the controller and RiskBase shall be the processor.
9.2 The subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects shall be as set out below, unless otherwise stated in the Agreement: Subject-matter of the processing The performance of the Agreement. Duration of the processing The term of the Agreement and for such further time as the parties shall agree in writing. Nature and purpose of the processing The purposes of providing the Applications and Services. Type(s) of personal data Name, contact details of Users and any other Customer Data.
Categories of data subjects Authorised Users and other individuals identified in the Customer Data.
Sub-processors and sub-contractors Hosting providers appointed by RiskBase from time to time.
9.3 RiskBase, to the extent it is acting as processor in respect of such personal data, agrees to comply with the obligations of a processor set out in Article 28(3) of the GDPR and these Terms shall be deemed to include those obligations and impose them on RiskBase.
9.4 The Customer consents to RiskBase engaging sub-processors in relation to the personal data and:
9.4.1 in particular, the Customer consents to the engagement of the sub-processors referred to in clause 9.2; and
9.4.2 RiskBase shall inform the Customer of any intended changes concerning the addition or replacement of such processors.
9.5 The Customer warrants and represents that:
9.5.1 it has all authority, grounds, rights and consents necessary to enable RiskBase to process the personal data in accordance with the GDPR for the purposes of the Agreement and it shall comply with the GDPR; and
9.5.2 the information set out in clause 9.2 is accurate.
9.6 “Controller”, “data subject”, “personal data”, “process” and “processor” shall, for the purposes of this clause 9, have the meanings set out in the General Data Protection Regulation (Regulation (EU) 2016/679), or similar legislation as implemented under English law (including any national implementing laws, regulations and secondary legislation), in each case as applicable and in force in the United Kingdom from time to time (“GDPR”).
10.1 Each party shall keep confidential all information of the other party relating to the Application, the contents of the Agreement, or the business of the other party including all technical, financial or other information created or exchanged between the parties. The provisions of this clause shall not apply to:
10.1.1 any information that was in the public domain at the commencement of the Agreement;
10.1.2 any information that comes into the public domain subsequently, other than as a consequence of any breach of these Terms or any related agreement;
10.1.3 any disclosure required by law.
10.2 The foregoing confidentiality obligations shall remain in full force and effect notwithstanding the expiry or earlier termination of the Agreement.
10.3 The Customer agrees to permit RiskBase to list its name as a user of the Application in RiskBase’s user lists published and advertised from time to time.
11.1 RiskBase shall not be liable for any delay in or failure to perform its obligations under the Agreement if such delay or failure results from circumstances beyond its reasonable control, including power failure, internet service provider failure, industrial action, civil unrest, theft, fire, flood, storms, earthquakes, acts of terrorism, acts of war, governmental action, failure of telecommunications networks or default of suppliers or sub-contractors.
11.2 The Customer shall not without the prior written consent of RiskBase assign, novate or sub-contract any of its rights and obligations under the Agreement.
11.3 Any notice required to be given pursuant to the Agreement shall be sent by email to the email address set out in the Sales Order or an alternative active email address confirmed by a party. Email notices will be deemed to have been served immediately and confirmed upon receipt of a read-receipt or other acknowledgement from the recipient (such acknowledgement shall not be unreasonably withheld).
11.4 The Agreement constitutes the entire agreement and understanding of the parties and supersedes any previous agreements or understandings between the parties with respect to the arrangements contemplated by it.
11.5 Each party acknowledges and agrees that:
11.5.1 in entering into the Agreement it does not rely on and shall have no remedy in respect of, any statement, representation, warranty (in each case whether negligently or innocently made) which is not expressly set out in these Terms; and
11.5.2 the only remedy available to it for breach of any statement, representation, warranty or other term set out in these Terms shall be for breach of contract under the terms of the Agreement.
11.6 No provision of the Agreement shall be enforceable pursuant to the Contracts (Rights of Third Parties) Act 1999 by any person who is not a party to it.
11.7 No variation of the Agreement, including any increase in or substitution of Users, shall be effective unless agreed by the parties by email.
11.8 The Agreement including these Terms shall be governed by and construed in accordance with English law and each party hereby submits to the exclusive jurisdiction of the English courts.