Fena Business Toolkit Terms and Conditions

This agreement is made up of the following:

a) The Terms and Conditions

b) The Schedules

If there is any conflict or ambiguity between the terms of the documents listed in the paragraph above, a term contained in the bespoke Contract shall prevail over a term in the Terms and Conditions. In the event of a conflict, the Schedules shall take precedence over both the Contract and the Terms and Conditions.

Agreed terms

The Customer’s attention is particularly drawn to clauses 5.3 (Quality), 6.2 (Customer Data), 7.2 (Fena Labs’s obligations), 13 (Limitation of Liability), and 17 (Entire Agreement).

1. Interpretation

1.1 The definitions and rules of interpretation in this clause apply in this agreement.

• Ancillary Fees: as defined in clause 9.4.

• Authorised Users: those employees of the Customer from time to time.

• Confidential Information: information that is proprietary or confidential and is either clearly labelled as such or identified as Confidential Information.

• Contract: a bespoke agreement signed between Fena Labs and the Client

• Terms and Conditions: the terms and conditions set out in clause 1 to 21 (inclusive).

• Customer Data: the data inputted by the Customer, Authorised Users, or Fena Labs on the Customer's behalf for the purpose of using the Services or facilitating the Customer's use of the Services.

• Documentation: the documentation made available to the Customer by Fena Labs via e-mail and/or online via a web address notified by Fena Labs to the Customer from time to time which sets out a description of the Services and the user instructions for the Services.

• Effective Date: the date of this agreement as agreed at the registration process.

• Initial Subscription: the initial term of this agreement is 6 or 12 months depending on the chosen package.

• Installation Period: the period, beginning on the Effective Date and ending on the Subscription Start Date, during which Fena Labs installs the Software.

• Rollover Period: as defined in clause 14.

• Services: the subscription services provided by Fena Labs to the Customer under this agreement.

• Software the online software applications provided by Fena Labs as part of the Services.

• Open Banking: Open Banking Account Information and Payment Initiation Services provided by Fena Labs

• Subscription Fees the subscription fees payable by the Customer to Fena Labs as set out on the website on the Pricing page.

• Subscription Term the Initial Subscription Term and any Rollover Period (as defined in the Conditions).

• Subscription Start Date unless otherwise agreed, the day after Fena Labs notifies the Customer that installation is complete.

• Support: as detailed in the Contact (if applicable).

• Terminal: a point-of-sale terminal sold by Fena Labs to the Customer.

• Training: as detailed in the Contact (if applicable).

• Virus: any thing or device (including any software, code, file or programme) which may prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re- arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user-experience, including worms, trojan horses, viruses and other similar things or devices.

  1.2 Unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular.

  1.3 A reference to a statute or statutory provision is a reference to it as it is in force as at the date of this agreement.

  1.4 A reference to writing or written includes email but not fax.

2. Installation Period

2.1 During the Installation Period Fena Labs shall, in consideration of the Ancillary Fees, notify the Customer of its installation plan and the Customer shall use reasonable endeavours to co-operate with Fena Labs in carrying out the installation plan including (without limitation) allowing access to the Customer’s premises on reasonable notice.

2.2 Fena Labs shall inform the Customer when installation is complete and when the Subscription Start Date begins.

2.3 Should the Customer cause undue delay to the Installation Period, Fena Labs may terminate this agreement on ten days’ notice and the Customer shall indemnify Fena Labs for any costs or expenses reasonably incurred by Fena Labs whilst attempting to carry out its installation plan.

3. Services

3.1 Fena Labs shall, during the Subscription Term, provide the Services and make available the Documentation to the Customer on and subject to the terms of this agreement.

3.2 Fena Labs shall use commercially reasonable endeavours to make the Services available 24 hours a day, 7 days a week, except for planned maintenance carried out at times notified to the Customer in advance and emergency maintenance which is likely to be carried out at short notice.

3.3 Fena Labs will provide the Customer with the Support and/or the Training in consideration of the Ancillary Fees (if applicable).

4. Software access

4.1 In relation to the Authorised Users, the Customer undertakes that each Authorised User shall keep a secure password for his use of the Services and Documentation and that each Authorised User shall keep his password confidential.

4.2 The Customer shall not, and shall not allow any Authorised user to, access, store, distribute or transmit any Viruses, or any material during the course of its use of the Services that is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive, and Fena Labs reserves the right, without liability or prejudice to its other rights to the Customer, to disable the Customer's access to any material that breaches the provisions of this clause.

4.3 The Customer shall not, nor allow any Authorised User to:

4.3.1 except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties and except to the extent expressly permitted under this agreement: attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Software and/or Documentation (as applicable) in any form or media or by any means; or attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Software;

4.3.2 access all or any part of the Services and Documentation in order to build a product or service which competes with the Services and/or the Documentation; or

4.3.3 use the Services and/or Documentation to provide services to third parties; or

4.3.4 subject to clause 18.1, licence, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services and/or Documentation available to any third party except the Authorised Users; or

4.3.5 attempt to obtain, or assist third parties in obtaining, access to the Services and/or Documentation, other than as provided under this clause 4.

4.4 The Customer shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Services and/or the Documentation and, in the event of any such unauthorised access or use, promptly notify Fena Labs.

4.5 The rights provided under this clause 4 are granted to the Customer only, and shall not be considered granted to any subsidiary or holding company of the Customer.

5. Open Banking

5.1 Fena Labs provides payment initiation services under the brand name fena. By using our services, you can accept payments made by consumers using fena (“Web and Mobile App User(s)”) via our own application or applications offered by Partners in which fena is available (any of these applications: the “Web and Mobile App”).

5.2 The separate terms and conditions to all Payment Initiation and Account Information Services offered by Fena Labs Ltd.

5.3 If a

6. Customer data

6.1 The Customer shall own all right, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of all such Customer Data.

6.2 Fena Labs shall follow archiving procedures for Customer Data. Fena Labs shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by Fena Labs to perform services related to Customer Data maintenance and back-up for which it shall remain responsible).

6.3 Both parties will comply with all applicable requirements of the Data Protection Laws (as defined in Schedule 1) and their obligations contained in Schedule 1. This clause 6 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the Data Protection Laws.

7. Fena Labs's obligations

7.1 Fena Labs undertakes that the Services will be performed substantially in accordance with the Documentation and with reasonable skill and care.

7.2 The undertaking at clause 7.1 shall not apply to the extent of any non-conformance which is caused by use of the Services contrary to Fena Labs's instructions, or modification or alteration of the Services by any party other than Fena Labs or Fena Labs's duly authorised contractors or agents. Notwithstanding the foregoing, Fena Labs:

7.2.1 does not warrant that the Customer's use of the Services will be uninterrupted or error-free; or that the Services, Documentation and/or the information obtained by the Customer through the Services will meet the Customer's requirements; and

7.2.2 is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the Services and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities.

7.3 Fena Labs warrants that it has and will maintain all necessary licences, consents, and permissions necessary for the performance of its obligations under this agreement.

8. Customer's obligations

8.1 The Customer shall:

8.1.1 provide Fena Labs with all necessary co-operation in relation to this agreement in order to provide the Services, including but not limited to Customer Data, security access information and configuration services;

8.1.2 without affecting its other obligations under this agreement, comply with all applicable laws and regulations with respect to its activities under this agreement;

8.1.3 ensure that the Authorised Users use the Services and the Documentation in accordance with the terms and conditions of this agreement and shall be responsible for any Authorised User's breach of this agreement;

8.1.4 ensure that its network and systems comply with the relevant specifications provided by Fena Labs from time to time; and

8.1.5 be, to the extent permitted by law and except as otherwise expressly provided in this agreement, solely responsible for procuring, maintaining and securing its network connections and telecommunications links from its systems to Fena Labs's data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Customer's network connections or telecommunications links or caused by the internet.

9. Charges and payment

9.1 The Customer shall pay the Subscription Fees to Fena Labs for access The subscription packages are listed on the Pricing page. In case of the Enterprise packages, a bespoke contract will be signed.

9.2 In the event monthly billing is selected at the registration process, the Customer shall on or before the Effective Date provide to Fena Labs valid, up-to-date and complete credit or debit card details and the Customer authorises Fena Labs to bill such credit or debit card:

9.2.1 in advance on the Subscription Start Date for the Subscription Fees due that month; and

9.2.2 in advance for the Subscription Fees due monthly thereafter.

9.3 In the event lump sum is selected at the registration process, the Customer shall on or before the Effective Date provide to Fena Labs valid, up-to-date and complete credit or debit card details and the Customer authorises Fena Labs to bill such credit or debit card:

9.3.1 in advance on the Subscription Start date for the Subscription Fees due for the Initial Subscription Term; and

9.3.2 in the event the agreement enters a Rollover Period, monthly in advance for the Subscription Fees due.

9.4 The Customer shall pay the Installation, Training and Support fees (separately or together, Ancillary Fees) as per the Contract (if applicable).

9.4.1 if the ‘lump sum’ option for the Ancillary Fees is selected at the registration process, Fena Labs shall bill the Customer’s debit or credit card referred to in clauses 9.2 and 9.3 for the Ancillary Fees on the Subscription Start Date; or

9.4.2 if the ‘built into Subscription Fees’ option for the Ancillary Fees is selected at the registration process, Fena Labs shall bill the Customer in accordance with clause 9.2.

9.5 If Fena Labs has not received payment of Subscription Fees, Ancillary Fees, Commercial Warranty Fees, Hardware Fees or any other fees due under this agreement within 14 days after the due date, and without prejudice to any other rights and remedies of Fena Labs:

9.5.1 Fena Labs may, without liability to the Customer, disable the Customer's password, account and access to all or part of the Services and Fena Labs shall be under no obligation to provide any or all of the Services while the invoice(s) concerned remain unpaid;

9.5.2 interest shall accrue on a daily basis on such due amounts at an annual rate equal to the statutory rate referred to in the Late Payment of Commercial Debts (Interest) Act 1998, commencing on the day after the due date and continuing until fully paid, whether before or after judgement; and

9.5.3 Fena Labs may engage a third party debt collection agency to collect any of the fees mentioned in this clause.

9.6 In the event of suspension of Services under clause 9.6.1, the Customer must pay Fena Labs an administration fee of £150 to cover Fena Labs’s cost in unlocking the Services.

9.7 All amounts and fees stated or referred to in this agreement:

9.7.1 shall be payable in pounds sterling;

9.7.2 are, subject to express provisions in this agreement, non-cancellable and non-refundable;

9.7.3 are exclusive of value added tax, which shall be added to Fena Labs's invoice(s) at the appropriate rate.

10. Proprietary rights

The Customer acknowledges and agrees that Fena Labs and/or its licensors own all intellectual property rights in the Services and the Documentation. Except as expressly stated herein, this agreement does not grant the Customer any rights to, under or in, any patents, copyright, database right, trade secrets, trade names, trade marks (whether registered or unregistered), or any other rights or licences in respect of the Services or the Documentation.

11. Confidentiality

11.1 Each party may be given access to Confidential Information from the other party in order to perform its obligations under this agreement.

A party's Confidential Information shall not be deemed to include information that:

11.1.1 is or becomes publicly known other than through any act or omission of the receiving party;

11.1.2 was in the other party's lawful possession before the disclosure; or

11.1.3 is lawfully disclosed to the receiving party by a third party without restriction on disclosure.

11.2 Subject to clause 11.3, each party shall hold the other's Confidential Information in confidence and not make the other's Confidential Information available to any third party, or use the other's Confidential Information for any purpose other than the implementation of this agreement or without the prior written consent of the other party.

11.3 A party may disclose Confidential Information to the extent such Confidential Information is required to be disclosed by law or any regulatory authority.

11.4 The above provisions of this clause 11 shall survive termination of this agreement, however arising.

12. Indemnity

12.1 Fena Labs shall indemnify, defend and hold harmless the Customer, its officers, directors and employees against any claim that the Services or Documentation infringe any United Kingdom patent effective as of the Effective Date, copyright, trade mark, database right or right of confidentiality, and shall indemnify the Customer for any amounts awarded against the Customer in judgement or settlement of such claims, provided that:

12.1.1 Fena Labs is given prompt notice of any such claim;

12.1.2 the Customer provides reasonable co-operation to Fena Labs in the defence and settlement of such claim, at Fena Labs's expense; and

12.1.3 Fena Labs is given sole authority to defend or settle the claim.

12.2 In the defence or settlement of any claim, Fena Labs may procure the right for the Customer to continue using the Services, replace or modify the Services so that they become non-infringing or, if such remedies are not reasonably available, terminate this agreement on 10 working days' notice to the Customer without any additional liability or obligation to pay liquidated damages or other additional costs to the Customer.

12.3 In no event shall Fena Labs, its employees, agents and subcontractors be liable to the Customer to the extent that the alleged infringement is based on:

12.3.1 a modification of the Services or Documentation by anyone other than Fena Labs; or

12.3.2 the Customer's or Authorised User’s use of the Services or Documentation in a manner contrary to the instructions given to the Customer by Fena Labs; or

12.3.3 the Customer's or Authorised User’s use of the Services or Documentation after notice of the alleged or actual infringement from Fena Labs or any appropriate authority.

12.4 The foregoing and clause 13.3.2 states the Customer's sole and exclusive rights and remedies, and Fena Labs's (including Fena Labs's employees', agents' and subcontractors') entire obligations and liability, for infringement of any patent, copyright, trade mark, database right or right of confidentiality.

13. Limitation of liability

13.1 Except as expressly and specifically provided in this agreement:

13.1.1 all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this agreement; and

13.1.2 the Services and the Documentation are provided to the Customer on an "as is" basis.

13.2 Nothing in this agreement excludes the liability of Fena Labs:

13.2.1 for death or personal injury caused by Fena Labs's negligence; or

13.2.2 for fraud or fraudulent misrepresentation.

13.3 Subject to clause 13.1 and clause 13.2:

13.3.1 Fena Labs shall not be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for any: loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss; or special, indirect or consequential loss, costs, damages, charges or expenses however arising under this agreement.

13.3.2 Fena Labs's total aggregate liability in contract (including in respect of the indemnity at clause 12.1), tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of this agreement shall be limited to the total Subscription Fees paid as at the date on which the claim arose.

14. Term and termination

14.1 This agreement shall, unless otherwise terminated as provided in this clause 14, commence on the Effective Date and shall continue for the Installation Period, the Initial Subscription Term and shall continue thereafter until terminated (Rollover Period) in accordance with this clause 14, unless:

14.1.1 either party notifies the other party of termination, in writing, at least 60 days before the end of the Initial Subscription Term, in which case this agreement shall terminate upon the expiry of the Initial Subscription Term;

14.1.2 during the Rollover Period, either party gives the other at least 60 days’ written notice of termination; or

14.1.3 otherwise terminated in accordance with the provisions of this agreement.

14.2 Without affecting any other right or remedy available to it, either party may terminate this agreement with immediate effect by giving written notice to the other party if:

14.2.1 the other party fails to pay any amount due under this agreement on the due date for payment and remains in default not less than 30 days after being notified in writing to make such payment;

14.2.2 the other party commits a material breach of any other term of this agreement which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 30 days after being notified in writing to do so;

14.2.3 the other party suspends, or threatens to suspend, payment of its debts or is unable to pay its debts as they fall due or admits inability to pay its debts or is deemed unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986, as if the words "it is proved to the satisfaction of the court" did not appear in sections 123(1)(e) or 123(2) of the Insolvency Act 1986; or

14.2.4 the other party suspends or ceases, or threatens to suspend or cease, carrying on all or a substantial part of its business.

14.3 On termination of this agreement for any reason:

14.3.1 all licences granted under this agreement shall immediately terminate and the Customer shall immediately cease all use of the Services and/or the Documentation;

14.3.2 each party shall return and make no further use of any equipment, property, Documentation and other items (and all copies of them) belonging to the other party;

14.3.3 Fena Labs may destroy or otherwise dispose of any of the Customer Data (excluding any Personal Data (as defined in Schedule 1), which shall be governed by the obligations in Schedule 1) in its possession in, unless Fena Labs receives, no later than 10 days after the effective date of the termination of this agreement, a written request for the delivery to the Customer of the then most recent back-up of the Customer Data; and

14.3.4 any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the agreement which existed at or before the date of termination shall not be affected or prejudiced.

14.4 On termination of this agreement before title has passed in any Hardware in accordance with clause 5, Fena Labs may recover that Hardware using the rights contained in clause 5.4.4.

15. Force majeure

Fena Labs shall have no liability to the Customer under this agreement if it is prevented from or delayed in performing its obligations under this agreement, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes (whether involving the workforce of Fena Labs or any other party), failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or sub-contractors, provided that the Customer is notified of such an event and its expected duration.

16. Variation

No variation of this agreement shall be effective unless it is in writing and signed by the parties (or their authorised representatives).

17. Entire agreement

17.1 This agreement constitutes the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter.

17.2 Each party acknowledges that in entering into this agreement it does not rely on, and shall have no remedies in respect of, any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in this agreement.

17.3 Nothing in this clause shall limit or exclude any liability for fraud.

18. Assignment

18.1 The Customer shall not, without the prior written consent of Fena Labs, assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this agreement.

18.2 Fena Labs may at any time assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this agreement.

19. Third party rights

This agreement does not confer any rights on any person or party (other than the parties to this agreement and, where applicable, their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.

20. Notices

20.1 Any notice required to be given under this agreement shall be in writing and shall be delivered by hand or sent by pre-paid first -class post or recorded delivery post, or e-mail to the other party at its address or e- mail address set out in this agreement, or such other address or e-mail address as may have been notified by that party for such purposes.

20.2 A notice delivered by hand shall be deemed to have been received when delivered (or if delivery is not in business hours, at 9.00 am on the first working day following delivery). A correctly addressed notice sent by pre- paid first-class post or recorded delivery post shall be deemed to have been received at the time at which it would have been delivered in the normal course of post. A notice delivered by email shall be deemed to have been received at 9.00 am on the next working day after transmission.

21. Governing law and jurisdiction

This agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and the parties irrevocably agreed that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this agreement or its subject matter or formation (including non-contractual disputes or claims).

Schedule 1

Data Protection

1. Definitions

• Data Controller: has the meaning given to ‘Data Controller’, or ‘Controller’ as appropriate, in the Data Protection Laws.

• Data Breach: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.

• Data Processor: has the meaning given to ‘Data Processor’, or ‘Processor’ as appropriate, in the Data Protection Laws.

• Data: means any and all laws, statutes, enactments,

• Protection Laws: orders or regulations or other similar instruments of general application and any other rules, instruments or provisions in force from time to time relating to the processing of personal data and privacy applicable to the performance of this agreement, including where applicable the Data Protection Act 1998, the Data Protection Act 2018, the Regulation of Investigatory Powers Act 2000, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003) and the GDPR (Regulation (EU) 2016/679), as amended or superseded.

• GDPR: means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing directive 95/46/EC as updated, superseded or repealed from the time to time;

• Personal Data: has the meaning given in the Data Protection Laws.

2. Data Processing

Where Fena Labs, pursuant to this agreement, processes Personal Data on behalf of the Customer, Fena Labs acknowledges that the Customer is the Data Controller and the owner of such Personal Data, and that Fena Labs is the Data Processor.

3. Compliance with Data Protection Laws

The Data Processor warrants that it has complied, and shall continue to comply, with the requirements of the applicable Data Protection Laws and all other data protection legislation in any jurisdiction relevant to the exercise of its rights or the performance of its obligations under this agreement.

4. Data Processing Obligations

4.1 In respect of any Personal Data to be processed by the Data Processor pursuant to this agreement for which the Customer is Data Controller, the Data Processor shall:

4.1.1 have in place and at all times maintain appropriate technical and organisational measures in such a manner as is designed to ensure the protection of the rights of the data subject and to ensure a level of security appropriate to the risk;

4.1.2 not engage any sub-processor without the prior specific or general written authorisation of the Customer (and in the case of general written authorisation, the Data Processor shall inform the Customer of any intended changes concerning the addition or replacement of other processors and the Customer shall have the right to object to such changes);

4.1.3 ensure that each of the Data Processor’s employees, agents, consultants, subcontractors and sub-processors are made aware of the Data Processor’s obligations under this Schedule and enter into binding obligations with the Data Processor to maintain the levels of security and protection required under this Schedule. The Data Processor shall ensure that the terms of this Schedule are incorporated into each agreement with any sub-processor, subcontractor, agent or consultant to the effect that the sub -processor, subcontractor, agent or consultant shall be obligated to act at all times in accordance with duties and obligations of the Data Processor under this Schedule;

4.1.4 process that Personal Data only on behalf of the Customer in accordance with the Customer’s instructions and to perform its obligations under this agreement or other documented instructions and for no other purpose save to the limited extent required by law;

4.1.5 on termination or expiry of the agreement, the Data Processor shall either delete or return (at the request and cost of the Customer) all Personal Data to the Customer, unless storage by the Data Processor is required by law;

4.1.6 ensure that all persons authorised to access the Personal Data are subject to obligations of confidentiality and receive training to ensure compliance with this agreement and the Data Protection Laws;

4.1.7 make available to the Customer all information necessary to demonstrate compliance with the obligations laid out in Article 28 of GDPR and this Schedule and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer (at the cost of the Customer); provided that, in respect of this provision the Data Processor shall immediately inform the Customer if, in its opinion, an instruction infringes Data Protection Laws;

4.1.8 taking into account the nature of the processing, provide assistance to the Customer, within such timescales as the Customer may require from time to time, in connection with the fulfilment of the Customer’s obligation as Data Controller to respond to requests for the exercise of data subjects’ rights pursuant to Chapter III of the GDPR to the extent applicable;

4.1.9 provide the Customer with assistance in ensuring compliance with articles 32 to 36 (inclusive) of the GDPR (concerning security of processing, data breach notification, communication of a personal data breach to the data subject, data protection impact assessments, and prior consultation with supervisory authorities) to the extent applicable to the Customer, taking into account the nature of the processing and the information available to the Data Processor;

4.1.10 deal promptly and properly (at the cost of the Customer) with all enquiries or requests from the Customer relating to the Personal Data and the data processing activities, promptly provide to the Customer a copy of any Personal Data requested by the Customer;

4.1.11 assist the Customer (where requested by the Customer, and at its cost) in connection with any regulatory or law enforcement authority audit, investigation or enforcement action in respect of the Personal Data.

5. International data transfers

5.1 In respect of any Personal Data to be processed by a party acting as Data Processor pursuant to this agreement for which the other party is Data Controller, the Data Processor shall not transfer the Personal Data outside the EEA or to an international organisation without:

5.1.1 obtaining the written permission of the Data Controller;

5.1.2 ensuring appropriate levels of protection, including any appropriate safeguards if required, are in place for the Personal Data in accordance with the Data Protection Laws;

5.1.3 documenting and evidencing the protections and appropriate safeguards in paragraph 5.1.2 above and allowing the Data Controller access to any relevant documents and evidence.