Littoralis Standard Terms & Conditions (including Data Processor Contract) for Disc customers

Disc customers are required to read and confirm that they understand and will agree to abide by these Terms and Conditions, incorporating Littoralis’ Data Processing Contract.

Please review the below information and complete the self-certification form beneath to confirm your understanding and acceptance of these terms, and of our Data Processing Contract.

Contents

  1. LITTORALIS LIMITED
  2. DEFINITIONS
  3. DESCRIPTION OF THE SERVICE
  4. DATA PROCESSOR CONTRACT
  5. PAYMENT, TERM AND TERMINATION
  6. GOVERNING LAW
  7. ADDRESS FOR NOTICES

1 LITTORALIS LIMITED

Littoralis Limited (“Littoralis”) is incorporated in the United Kingdom (Company Number 03806211) with its registered office at Suite 210, 91 Western Road, Brighton, BN1 2LB and is acknowledged to be the sole owner of all rights and Intellectual Property related to all variants of the product/service ‘Disc’ and alone is authorised to issue a licence for the use of or access to Disc.

The organisation to which the system is licensed (‘The Customer’) agrees that the licence will be granted subject to the following Terms & Conditions in relation to the provision of Disc and any associated services from Littoralis. These terms become effective from the date of the purchase, and cease on termination of use, of the licence. These terms may be changed from time to time by Littoralis subject to 30 days’ notice in writing, and continuing use of Disc is deemed acceptance of such terms.

2 DEFINITIONS

Data Subject shall mean a person who can be identified, directly or indirectly, by reference to an identification number or to factors specific to his or her physical, physiological, mental, economic, cultural or social identity;
Personal Data shall mean any information relating to an identified or identifiable natural person;
Processing of Personal Data shall mean any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;
Security Measures shall mean technical and organisational measures to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access and against all other unlawful forms of processing;
The Customer shall mean the organisation (or agency or individual) to which Disc is licensed;
Member/User shall mean an individual who accesses The Customer’s Disc system under a contract or agreement with The Customer and whose access is controlled by The Customer through the Disc system;
Disc Manuals shall include ‘Setting up your Disc system’, ‘Managing your Disc system’, ‘Cross-DISC Authoring Guide’ and ‘My Premises Guide’, all of which are accessible through The Customer’s Disc system’s Admin Centre.

3 DESCRIPTION OF THE SERVICE

Disc is a secure information-sharing system deployed over the internet and accessible through the Disc App and Disc Desktop. In using Disc, the information (which may include Personal Data) managed or processed by Disc remains the property of The Customer. In so far as The Customer owns and supplies the information managed by Disc, decides the purposes and means of its processing, and controls its usage, it stands in the role of Data Controller of that information, as defined under current Data Protection law. In so far as The Customers’ information is managed within the Disc system, Littoralis stands in the role of Data Processor, as defined under current Data Protection law.

Littoralis will implement Disc for The Customer for an Implementation Fee to include:

  • Setting up the Disc workspace within five working days of confirmation of the purchase of a Licence so that all  Members/Users designated by The Customer can access the workspace through an internet or smartphone connection;
  • The provision of: all functionality defined in the Disc Manuals;
  • The provision of  consultancy regarding compliance with Data Protection law, and “Must Read Document” templates where appropriate and/or required by The Customer; 
  • Telephone and email support to The Customer’s designated Single Point of Contact throughout the implementation and data population process;
  • The provision of consultative and advisory reviews by Littoralis at Set-up, Pre-live and Post-Live stages of Implementation.

Once Implemented, Littoralis will continue to provide for The Customer, in consideration of the Licence Fee, with:

  • Continuing access to, and full use of: all functionality as defined in the Disc Manuals;
  • The Disc ‘Secure Environment’ located in the UK, EU or EAA all being fully compliant with the provisions of current Data Protection law;
  • 99.5% service availability, subject to any necessary and pre-notified maintenance;
  • All relevant upgrades or incremental enhancements deemed by Littoralis to be core components of the Disc system;
  • Telephone and email support to The Customer’s designated Single Point of Contact available 9:30 A.M. to 5:00 P.M. Monday – Friday, with emergency-only out-of-hours response;
  • Quarterly consultative and advisory reviews by Littoralis.

Additional training following implementation is available by online ‘webinar’ at a charge of £75 per hour; where physical attendance is required by The Customer, Littoralis will charge travel expenses, travel time (£25 per hour or part thereof) and, where necessary, accommodation expenses.

4 DATA PROCESSOR CONTRACT

Because Littoralis processes Personal Data in connection with The Customer’s business activities it stands in the role of Data Processor for The Customer and will operate in accordance with all the obligations required of Data Processors as defined in all current Data Protection Law.

4.1 SUBJECT MATTER AND DURATION OF PROCESSING

The personal data that Littoralis may process on behalf of The Customer relates to

  • Members/Users of The Customers’ Disc system;
  • Other persons as required by The Customer.

Duration of processing will continue in accordance with Section 5: Payment, Term and Termination

4.2 NATURE AND PURPOSE OF PROCESSING

The purpose of this processing is to enable The Customer to share data, including Personal Data, with Members/Users and with other Data Controllers, store it securely, anonymise it appropriately, and delete it irrevocably in accordance with The Customer’s documented rules and protocols.

4.3 TYPE OF PERSONAL DATA AND CATEGORIES OF DATA SUBJECT

The type of Personal Data processed may include name and contact details, ’classification’ of Member/User as defined by The Customer; data relating to Member/User’s certification against The Customer’s rules and protocols, and access to The Customer’s Disc system; relevant incidents reported by Members/Users, and physical personal characteristics of individuals associated with such incidents including build, ethnicity and gender, in accordance with the The Customer’s rules and protocols.  The categories of Data Subject comprise Members/Users and other individuals as defined in The Customer’s rules and protocols. 

4.4 DUTY OF CONFIDENCE 

Littoralis will ensure that all individuals processing The Customer’s data, including employees and sub-contractors of Littoralis, are subject to a duty of confidence; Littoralis will ensure that employees are fully informed of their obligations under this Contract and under all current Data Protection law.

4.5 SUB-CONTRACTORS

The Customer grants Littoralis general authorisation to engage sub-contractors for the purpose of delivering Littoralis’ services. 

All such sub-contractors will only be employed when fully informed of their obligations under all current Data Protection law and under a formal written contract or agreement. For the avoidance of doubt, where the sub-contractor fails to fulfil its obligations under any such contract or agreement, Littoralis shall remain fully liable to The Customer for the fulfilment of its obligations.

Littoralis will confirm to The Customer the identity of any new such sub-contractor, and the purposes of the sub-contract;  not withstanding Section 5: Payment, Term and Termination, The Customer may require the termination  of this Data Processing Contract between itself and Littoralis without notice if The Customer objects to the use of a specific new such sub-contractor, or the purposes of the sub-contract. 

4.6 MEASURES TO ENSURE THE SECURITY OF PROCESSING

Littoralis applies robust security procedures at every level of processing, as defined in the document Littoralis & Disc Information Security & Protection Provisions.

4.7 DATA SUBJECTS’ RIGHTS UNDER CURRENT DATA PROTECTION LAW

Littoralis will assist The Customer in servicing Data Subject Access Requests, data correction and any other Data Subjects’ rights as defined in current Data Protection law.

4.8 NOTIFICATION OF PERSONAL DATA BREACHES

Littoralis will inform The Customer of any Personal Data breach as soon as Littoralis suspects or becomes aware of it, and provide any assessment of its likely impact on relevant Data Subjects’ rights and freedoms.

4.9 RETURN OR DELETION OF DATA AT CONCLUSION OF CONTRACT

Littoralis will delete or return all Personal Data to The Customer as requested at the termination of this contract; where returned, this will be in the form of encrypted CSV and image files.

4.10 AUDITS AND INSPECTIONS

Littoralis will submit to audits and inspections to provide The Customer with whatever information it needs to ensure that Littoralis and any of its sub-contractors are meeting their obligations under current Data Protection law.

4.11 OTHER COMPLIANCE INFORMATION

Littoralis will inform The Customer immediately if The Customer requires Littoralis to process Personal Data in a manner which, in the view of Littoralis is not compliant with current Data Protection law.  This provision does not imply that Littoralis is in the role of joint Data Controller with The Customer, or relieve The Customer of any of its obligations under current Data Protection law. 

4.12 LIABILITY

Nothing in this document relieves Littoralis of its own direct responsibilities and liabilities under current Data Protection law; The Customer has agreed to no further additional indemnity in the favour of Littoralis.

5 PAYMENT TERMS AND TERMINATION

The Customer undertakes to pay all invoices within 14 days of the invoice date; to provide Littoralis with the name and contact details of a Single Point of Contact for all communication between Littoralis and The Customer; and to notify Littoralis of any changes to name and contact details of the designated Single Point of Contact.

These Terms & Conditions shall continue indefinitely unless appropriate written notice of termination is provided to the Address for Notice (below) by The Customer’s Single Point of Contact. The minimum notice period is 30 days by The Customer to Littoralis, and 90 days by Littoralis to The Customer. Within 30 days following termination Littoralis shall, at the direction of The Customer, (a) comply with any written agreement between the parties concerning the data, or (b) return all Personal Data passed to Littoralis by The Customer for processing, or (c) on receipt of instructions from The Customer, destroy all such data unless prohibited from doing so by any applicable law.

Where this Contract is terminated by The Customer under the provisions of Section 4.5: Subcontractors, no period of notice by The Customer to Littoralis is required. 

6 GOVERNING LAW

These Terms & Conditions shall be governed by and construed in accordance with the laws of England & Wales

7 ADDRESS FOR NOTICES

Littoralis Limited, Suite 210, 91 Western Road, Brighton, BN1 2LB