IMPORTANT - PLEASE READ CAREFULLY BEFORE USING THE ONLINE ASSESSMENT PLATFORM

THE COPYRIGHT, DATABASE RIGHTS AND ANY OTHER INTELLECTUAL PROPERTY RIGHTS IN THE PROGRAMS, TOOLS, DOCUMENTATION, INFORMATION, PROPRIETARY TECHNOLOGY, AND METHODOLOGIES CONTAINED WITHIN THE METTL ONLINE ASSESSMENT PLATFORM ("PLATFORM") AND THE PROPRIETARY OR LICENSED TEST MATERIAL AND CONTENT QUESTIONS CONTAINED THEREIN (THE "METTL METHODOLOGY,” AND COLLECTIVELY WITH THE PLATFORM, THE “MATERIALS”) ARE AND REMAIN THE PROPERTY OF INDUSLYNK TRAINING SERVICES PRIVATE LIMITED (“METTL”). THE COPYRIGHT, DATABASE RIGHTS AND OTHER INTELLECTUAL PROPERTY RIGHTS IN THE MATERIALS AND DATA CONTAINED IN THE ASSESSMENTS (THE “ASSESSMENTS”) ARE AND REMAIN THE PROPERTY OF METTL. YOU ARE LICENSED TO ACCESS AND USE THE MATERIALS AND THE ASSESSMENTS YOU ACCESS UNDER THIS LICENCE ONLY IF YOU ACCEPT ALL THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT (THE “LICENSE”). UNLESS AN EXCEPTION IS NOTED HEREIN, THE TERMS OF THIS LICENSE APPLY TO YOU IF YOU HAVE LICENSED THE PLATFORM, THE METTL METHODOLOGY, OR BOTH. IF AN AFFILIATE OF METTL HAS SUPPLIED ACCESS TO THE MATERIALS, THE AFFILIATE HAS AUTHORITY TO ENTER INTO THIS LICENSE ON METTL’S BEHALF, AND ALL REFERENCES TO METTL HEREIN INCLUDE REFERENCES TO SUCH AFFILIATE.

WHEN YOU CLICK "Get Started" OR AGREE TO THE INSERTION ORDER OR ENGAGEMENT LETTER AGREEMENT TO ACCEPT THIS LICENSE, YOU AGREE THAT THE MATERIALS AND ASSESSMENTS ASSOCIATED WITH THIS LICENSE ARE INTENDED ONLY FOR INTERNAL USE FOR INFORMATION PURPOSES ONLY AS DESCRIBED IN SECTION 1 BELOW BY THE ORGANIZATION WHOSE FULL CORPORATE NAME HAS BEEN IDENTIFIED TO METTL IN THE INSERTION ORDER FORM OR ENGAGEMENT LETTER AGREEMENT (THE “ORDER”) AS THE CLIENT (“CLIENT”) FOR THE PURPOSES OF THE APPLICABLE OFFERINGS DEFINED THEREIN. BY PROCEEDING AND ACCESSING THE MATERIALS AND ANY ASSESSMENTS, YOU INDICATE YOUR ACCEPTANCE ON BEHALF OF THE CLIENT OF THE TERMS AND CONDITIONS OF THIS LICENSE. ACCORDINGLY, REFERENCES TO “YOU” MEAN REFERENCES TO THE CLIENT. THE MATERIALS, THE ASSESSMENTS AND THE INFORMATION AND DATA CONTAINED THEREIN MAY NOT BE COPIED, MODIFIED, SOLD, TRANSFORMED INTO ANY OTHER MEDIA, OR OTHERWISE TRANSFERRED IN WHOLE OR IN ANY PART TO ANY PARTY OTHER THAN THE CLIENT, WITHOUT PRIOR WRITTEN CONSENT FROM METTL. ACCESSING THIS INFORMATION EITHER THROUGH ONLINE ACCESS, PDF, XLS, CSV OR MDB MEANS THAT YOU HAVE ACCEPTED DELIVERY OF YOUR ASSESSMENT AND THE TERMS OF THIS LICENSE AGREEMENT AND THAT YOU AGREE TO PAY THE INVOICE. YOU AGREE AND UNDERSTAND THAT LOCAL METTL AFFILIATE MAY BE SERVING AS THE BILLING AND COLLECTION AGENT ON BEHALF OF METTL AND LOCAL METTL AFFILIATE WILL REMIT TO METTL THE SERVICE FEES ASSOCIATED WITH THE OFFERINGS AND ASSESSMENTS ACCESSED PURSUANT TO THIS LICENSE.

IF METTL OR THE LOCAL METTL AFFILIATE (COLLECTIVELY, “METTL GROUP”), IN ITS SOLE DISCRETION, DETERMINES THAT YOU OR THE CLIENT ARE COMPETITORS, COMMERCIAL USERS, PARTICIPANTS OR PURCHASERS WHO ARE NOT END-USERS, OR ANY ENTITY OR INDIVIDUAL THAT RESELLS OR REDISTRIBUTES THE ASSESSMENTS OR OFFERINGS OR DATA FROM THE ASSESSMENTS IN ANY WAY (a “Competitor”), YOU WILL BE REQUIRED TO PAY HIGHER FEES (the “Competitor Fees”). YOU AGREE TO PAY SUCH COMPETITOR FEES WITHIN THIRTY (30) DAYS OF YOUR RECEIPT OF AN INVOICE FROM LOCAL METTL AFFILIATE IN ITS CAPACITY AS BILLING AGENT FOR METTL.

YOU SHOULD THEREFORE READ THIS LICENSE CAREFULLY BEFORE CLICKING ON “Get Started” OR AGREEING TO THE TERMS OF THE ORDER OR ACCESSING THE MATERIALS OR ANY ASSESSMENTS. IF YOU DO NOT ACCEPT THE TERMS AND CONDITIONS OF THIS LICENSE, YOU CANNOT ACCESS THE MATERIALS. IF IT HAS BEEN MORE THAN THIRTY (30) DAYS SINCE THE MATERIALS HAS BEEN MADE AVAILABLE TO YOU AND YOU HAVE NOT ACCESSED IT, NO REFUNDS WILL BE PROVIDED.


  1. LICENSE


  1. DISCLAIMER OF WARRANTIES

    • 2.1

      EXCEPT AS EXPRESSLY SET OUT IN THIS LICENSE, METTL MAKES NO WARRANTIES OR REPRESENTATIONS WITH RESPECT TO THE MATERIALS OR ANY PART THEREOF, AND DISCLAIMS ALL EXPRESS, IMPLIED AND STATUTORY WARRANTIES OF ANY KIND TO YOU OR ANY THIRD PARTY, INCLUDING, BUT NOT LIMITED TO, REPRESENTATIONS AND WARRANTIES REGARDING ACCURACY, TIMELINESS, COMPLETENESS, MERCHANTABILITY, FITNESS FOR ANY PARTICULAR PURPOSE, NON-INFRINGEMENT OF THIRD PARTY RIGHTS, AND/OR FREEDOM FROM COMPUTER VIRUS. YOU ASSUME THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE MATERIALS AND THE ASSESSMENTS.

    • 2.2

      YOU ACCEPT THE MATERIALS AND THE ASSESSMENTS ON AN “AS IS” AND “AS AVAILABLE” BASIS. YOU ACKNOWLEDGE THAT THE MATERIALS AND THE ASSESSMENTS ARE FOR GENERAL INFORMATION AND USE ONLY. IN PARTICULAR, NEITHER THE MATERIALS NOR THE ASSESSMENTS CONSTITUTE ANY FORM OF ADVICE, RECOMMENDATION, REPRESENTATION, OR ARRANGEMENT BY METTL. METTL DOES NOT WARRANT THE ACCESS OR USE OF THE MATERIALS OR THE ASSESSMENTS IN ANY SPECIFIC SITUATION OR FOR ANY SPECIFIC APPLICATION, NOR DOES METTL WARRANT THAT THE MATERIALS’ PLATFORM WILL BE ACCESSIBLE AT ALL TIMES OR THAT IT WILL BE ERROR FREE.

    • 2.3

      METTL MAKES NO WARRANTIES OF ANY KIND AS TO THE ACCURACY OF THE DATA OR ASSUMPTIONS CONTAINED IN OR ENTERED INTO THE MATERIALS AND THE ASSESSMENTS, NOR DOES IT ASSUME ANY RESPONSIBILITY FOR THE CONSEQUENCES OF ANY ERRORS OR OMISSIONS. YOU ASSUME THE ENTIRE LIABILITY AND RESPONSIBILITY FOR THE DATA AND ASSUMPTIONS ENTERED BY USERS INTO ANY PARTS OF THE MATERIALS OR THE ASSESSMENTS THAT HAVE THE FUNCTIONALITY TO RECEIVE USER DATA AND FOR ANY REPRESENTATIONS OR CONCLUSIONS DRAWN FROM SUCH DATA OR ASSUMPTIONS.

    • 2.4

      METTL EXPRESSLY DISCLAIMS AND ACCEPTS NO LIABILITY FOR ANY LOSS ARISING FROM THE USE OF THE ASSESSMENT SERVICES, ASSESSMENTS, OFFERINGS, PSYCHOMETRIC TOOLS (INCLUDING ANY RELIANCE ON THE PREDICTIVE VALIDITY OF ANY PSYCHOMETRIC TOOL USED IN CONNECTION WITH ANY ASSESSMENT) OR THE USE OF THE PLATFORM OR WEBSITE, ANY ACTION TAKEN OR REFRAINED FROM, AND ALL BUSINESS DECISIONS TAKEN AS A RESULT OF OR RELIANCE UPON ANYTHING, INCLUDING, WITHOUT LIMITATION, INFORMATION OR ADVICE, CONTAINED IN THE OUTPUT OF ANY ASSESSMENT OR ANY ASSESSMENTS OR SOURCES OF INFORMATION USED OR REFERRED TO THEREIN, OR FOR ACTUAL RESULTS OR FUTURE EVENTS. METTL IS NOT RESPONSIBLE FOR (1) YOUR SELECTION OF ASSESSMENTS, (2) YOUR USE OR RELIANCE ON, OR INTERPRETATION AND APPLICATION OF, ANY ASSESSMENT, OFFERING, PSYCHOMETRIC TOOL OR OUTPUT AND/OR (3) YOUR DECISIONS BASED ON ANY ASSESSMENT, PRODUCT, PSYCHOMETRIC TOOL OR OUTPUT. ANY RISKS RELATED TO THE FOREGOING AND THE RESULTS OF ANY SUCH DECISIONS SHALL BE SOLELY YOUR RESPONSIBILITY. WITHOUT LIMITING THE FOREGOING, THE OUTPUT OF THE ASSESSMENT SERVICES MUST NOT BE RELIED UPON AS STATEMENTS OF FACT OR AS THE SOLE BASIS FOR ANY EMPLOYMENT RELATED DECISIONS.

    • 2.5

      METTL ASSUMES NO RESPONSIBILITY FOR THE EFFECTIVENESS OF ANY ENCRYPTED DATA, NOR WILL IT GUARANTEE THAT AN ENCRYPTION ALGORITHM WILL BE INDECIPHERABLE. METTL MAKES NO CLAIMS OR WARRANTIES REGARDING THE VIABILITY, INTEGRITY OR INVINCIBILITY OF THE ENCRYPTION USED, NOR WILL METTL ACCEPT RESPONSIBILITY FOR THE SUCCESS OR FAILURE OF THE SECURE SERVER TO PROPERLY ENCRYPT DATA. BY ACCESSING THE MATERIALS OR ANY OF THE ASSESSMENTS, YOU ASSUME ANY RISKS THAT THE ENCRYPTION MAY BE DECIPHERABLE.

  1. LIMITATION OF LIABILITY

    • 3.1

      EXCEPT IN RESPECT OF PERSONAL INJURY OR DEATH CAUSED DIRECTLY BY METTL’S OR METTL GROUP’S NEGLIGENCE, THE LIMIT OF METTL’S AND METTL GROUP’S LIABILITY TO YOU OR TO ANY THIRD PARTY FOR ANY AND ALL CLAIMS CONCERNING PERFORMANCE OR NON-PERFORMANCE BY METTL OR ITS AGENTS RELATED TO METTL’S OBLIGATIONS UNDER THIS LICENSE SHALL NOT, IN THE AGGREGATE, EXCEED THE FEES PAID BY YOU TO METTL FOR ACCESS TO AND USE OF THE MATERIALS AND ASSESSMENTS (AS SPECIFIED IN THE ORDER) FOR THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE MONTH IN WHICH THE CLAIM OR CLAIMS ARISE.

    • 3.2

      IN NO EVENT SHALL METTL AND METTL GROUP BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, LOSSES OR EXPENSES, INCLUDING, WITHOUT LIMITATION: LOSS OF SALES OR REVENUES, LOSS OF GOODWILL, LOSS OF BUSINESS INFORMATION, OR LOSS OF SAVINGS OR PROFITS, BASED ON ANY THEORY OF LIABILITY ARISING OUT OF OR IN ANY WAY CONNECTED WITH: THIS LICENSE, THE ACCESS, USE OR INTERPRETATION OF THE INFORMATION ON THE MATERIALS, THE ASSESSMENTS, OR ANY INFORMATION ON A LINKED SITE, THE INABILITY TO USE SUCH INFORMATION, OR ANY FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DEFECT, DELAY IN OPERATION OR TRANSMISSION, COMPUTER VIRUS OR LINE OR SYSTEM FAILURE, WHETHER IN TORT (INCLUDING NEGLIGENCE OR STRICT LIABILITY), CONTRACT OR OTHERWISE. THIS PARAGRAPH APPLIES EVEN IF METTL AND METTL GROUP, OR REPRESENTATIVES THEREOF, IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, LOSSES OR EXPENSES.

    • 3.3

      WITHOUT LIMITATION TO THE FOREGOING, YOU ACKNOWLEDGE THAT THE MATERIALS, THE ASSESSMENTS AND THE ASSUMPTIONS, INFORMATION AND DATA CONTAINED THEREIN MAY BE INCOMPLETE OR CONDENSED AND THAT THE ASSUMPTIONS, INFORMATION AND DATA OBTAINED THROUGH YOUR ACCESS AND USE OF THE MATERIALS AND THE ASSESSMENTS ARE FOR GENERAL INFORMATION PURPOSES ONLY AND ARE NOT INTENDED AS, NOR IMPLIED TO BE, A SUBSTITUTE FOR PROFESSIONAL ADVICE. IN NO EVENT WILL METTL AND METTL GROUP BE LIABLE TO YOU OR TO ANY THIRD PARTY FOR ANY DECISION MADE OR ACTION TAKEN IN RELIANCE OF THE RESULTS OR CONCLUSIONS OBTAINED THROUGH THE ACCESS AND USE OF SUCH INFORMATION OR DATA.

    • 3.4

      YOU ACKNOWLEDGE THAT NO DEFENSE OR INDEMNITY OF ANY KIND IS PROVIDED HEREUNDER BY METTL AND METTL GROUP WITH RESPECT TO ANY CLAIM, DEMAND, CAUSE OF ACTION, COST, LOSS, DAMAGE, EXPENSE OR LIABILITY ARISING FROM OR BASED ON YOUR OR ANY THIRD PARTY’S USE OF OR INABILITY TO USE THE MATERIALS OR THE ASSESSMENTS.

    • 3.5

      SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN DAMAGES, SO THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU. YOU MAY HAVE OTHER RIGHTS WHICH VARY FROM COUNTRY TO COUNTRY. ANY RIGHTS WHICH YOU MAY HAVE AS A RESULT OF THE APPLICATION OF APPLICABLE LAWS IN THESE JURISDICTIONS SHALL NOT BE AFFECTED BY THIS DISCLAIMER OF LIABILITY.

  1. INTELLECTUAL PROPERTY RIGHTS

    • 4.1

      You agree and acknowledge that the Materials and the Assessments, including, without limitation, the information contained in their databases, their table structures, queries, and reports, their arrangement, organization, and methods of interactions, the algorithms and other database artifacts, the sites’ structure, all textual and graphical materials, and all technical information and other content appearing on the sites and their modifications and enhancements, the Materials and the Assessments are confidential and trade secret information that is proprietary to and owned solely by Mettl, together with all related copyrights and trademarks. Mettl retains the exclusive and sole ownership of the Materials and Assessments.

    • 4.2

      You agree to hold all such proprietary and confidential information of Mettl in strictest confidence. You may not modify, sell, transfer or otherwise provide any of the proprietary and confidential information, in whole or in part, in any form to any person or entity who is not a User, the Client or an employee of Mettl or Local Mettl Affiliate who needs access to the information to facilitate your licensed access and use of the Materials and the Assessments without Mettl’s prior written permission.

    • 4.3

      With respect to the Platform and to the extent you load any data into the Materials, you represent and warrant that you have been granted permission to do so by such third party or individuals. You agree to defend, indemnify and hold Mettl and its Affiliates harmless from any and all losses, damages or liabilities incurred by Mettl or its Affiliates as a result of your breach of the foregoing obligations.

    • 4.4

      You may not create derivative works of, or decompile, reverse engineer, translate or disassemble the Materials or the Assessments, in whole or in part, except as expressly permitted by applicable law.

    • 4.5

      You may not create or store in electronic form any shared library, data warehouse, archive, cache or frame of the data or information contained in the Materials or the Assessments.

    • 4.6

      Nothing contained herein shall be deemed to confer by implication, estoppel or otherwise, any license or any other grant of right to use any trademark, copyright, or any other intellectual property right of Mettl or any third party. The “Mettl” and “Induslynk” name are Mettl’s trademarks. All other product and company names belong to their respective owners. You agree that you will take no action inconsistent with this paragraph 4.6.

    • 4.7

      Except as required herein, you agree not to use Mettl’s intellectual property in the press and not to refer to Mettl or attribute any information to Mettl in the press, for advertising or promotional purposes, or for the purpose of informing or influencing any other party without Mettl’s prior written consent.

    • 4.8

      You will be responsible for any access to, or use or disclosure of Mettl’s confidential and proprietary information by you and/or any of your Users to any third party and, further, shall indemnify and hold harmless Mettl for any and all loss, damage or liability incurred by Mettl as a result of (i) a breach by you or any other party to whom you may have provided access to the Materials of any or all of the obligations contained in this License and/or (ii) a breach by you or any other party to whom you may have provided access to the Assessment of any or all the obligations contained in this License.

    • 4.9

      You may (subject to paragraph 4.10 below) access, extract and re-utilize any insubstantial parts of the content of the Assessments (as defined in the Order) for internal research purposes related to your own employment related decisions only which is limited to: (i) making searches of the Assessments; (ii) making one or more copies in hard copy form of the output of any search provided that such copies may not be sold and may not be distributed to anyone who is not a User; and (iii) extracting, paraphrasing or summarizing insubstantial parts of the Assessments on an occasional, non-systematic and infrequent basis for internal distribution via derivative works and/or reference certain information contained in the Assessments.

    • 4.10

      User access, as set out above, is subject at all times to: (i) your own employees to whom insubstantial parts of the Assessments or references to the Assessments are made available, are made aware that such parts or references may not be redistributed or sub-licensed; and (ii) such parts or references to the Assessments are properly attributed to Mettl.

    • 4.11

      Except as expressly permitted by this License, you will not: copy, cut and paste, email, reproduce, publish, distribute, redistribute, broadcast, transmit, modify, adapt, edit, abstract, create derivative works of, store, archive, publicly display, sell or in any way commercially exploit, in whole or in part, the Material, any of the Assessments, or set up derived databases or materials. Unless you have received Mettl’s prior written consent and paid the Competitor Fees, under no circumstances are the Materials, Assessments or the data contained therein to be used for the provision of service bureau, or timesharing, or services of any other kind to your clients, customers or any other third parties.

    • 4.12

      Mettl reserves the right to add to, remove from or edit the contents or change the form of the Assessments and the Materials at any time with or without notice.

    • 4.13

      Mettl reserves the right to monitor usage by you (in terms of volume, frequency or otherwise) of the Materials and the Assessments during the term of this License. In case of unauthorized use of the Materials or any of the Assessments by you, Mettl reserves the right to deny you Access by blocking, without prior notification, the IP address(es) that you used to access the Materials and the Assessments.

    • 4.14

      This License does not constitute a sale of the Materials, the Assessments or any part of them and, except as expressly provided for in this Agreement, no rights or licenses, express or implied, are hereby granted to you in respect of the Materials or the Assessments. You acknowledge that as between you and Mettl, Mettl (or its licensors) is throughout the world the proprietor subsisting in the Materials and the Assessments it produced. Nothing herein contained shall be construed so as to transfer any intellectual property rights whatsoever in the Materials or any of the Assessments to you or the Client.


  1. OTHER SERVICES

    • 5.1

      Subject to the Order, Mettl may provide you and where applicable the Client with other services for an additional fee. Such other services to be provided will be as mutually agreed between Mettl and you in the Order. Mettl will provide a help desk during normal business hours if you or the Client has any questions about how to access and use the Materials or any of the Assessments.

    • 5.2

      You, or where necessary the Client, will be responsible for obtaining and maintaining all requisite computer systems, communication lines and equipment (the “Systems”) needed for access to and use of the Materials and the Assessments and all charges related thereto. You, or where necessary the Client, acknowledge that the speed of the Materials and the Assessments and the Access will depend upon the quality of your own Systems, connection to and extent of your use of the Internet.


  1. USE OF THE INTERNET

    • You should be aware that the Internet is not a fully secure medium, and therefore confidentiality cannot be totally guaranteed. Mettl will not be liable for any harm or damage you, the Client or a third party may experience by sending privileged or confidential information to it over the Internet or by e-mail. The performance of the Internet may fluctuate and will be limited by the bandwidth of your connection to the Internet. Mettl makes no warranties or claims as to the performance of the Materials or Assessments system in your computer environment.


  1. CONFIDENTIAL INFORMATION

    • 7.1

      You will keep confidential and will not share with any third party any password that is provided to you to access to the Materials or any of the Assessments.

    • 7.2

      Mettl will regard and preserve as confidential the information that you provide for inclusion in the database used to publish the Assessments. Notwithstanding the foregoing, you hereby grant Mettl and Mettl Group a perpetual, non-exclusive, royalty-free license to copy, modify and use any information and data supplied by you or on your behalf so that Mettl or Mettl Group may create analytical trend data (in anonymous form) and in order to improve the quality of Mettl’s advice to its clients, including its use in the Assessments. Mettl will not disclose any information in a manner that allows particular clients or individuals to be identified. Notwithstanding the foregoing and to the extent applicable, you agree that your name may appear in a list of participating organizations for reports containing such analytical trend data.

    • 7.3

      You agree that Mettl may retain copies of the confidential information under a continuing duty of confidentiality for the purpose of complying with its legal and regulatory obligations and to defend its work product.


  1. USE OF PERSONAL INFORMATION

    • Each of us and our respective Affiliates (as defined below) will comply with our respective obligations arising from data protection and privacy laws in effect from time to time to the extent applicable to this License and the access and use of the Materials and the Assessments. This includes, without limitation, (i) the obligation, if any, of you, Client or the Client’s Affiliates, to obtain any required consent(s) in respect of the transfer of information to Mettl by you, the Client or any third party relating to an identified or identifiable individual that is subject to applicable data protection, privacy or other similar laws (“Personal Information”), (ii) any obligation with respect to the creation or collection of additional Personal Information by Mettl, and (iii) any obligation with respect to the use, disclosure and transfer by Mettl of Personal Information as necessary with respect to access and use of the information on the Materials or the Assessments or for Mettl to perform any services to you or the Client or as expressly permitted under this License. Subject to the section entitled “Confidential Information,” any use or processing by Mettl of Personal Information supplied by or on your behalf in connection with the Materials or the Assessments shall be done solely on your behalf. Mettl shall handle such Personal Information in accordance with your reasonable instructions as may be provided from time to time or as reasonably necessary with respect to access and use of the information on the Materials and in the Assessments and shall not handle such Personal Information in a manner inconsistent with the terms of this License. Mettl also confirms that it has taken appropriate technical and organizational measures intended to prevent the unauthorized or unlawful processing of Personal Information and the accidental loss or destruction of, or damage to, Personal Information. All information that you submit through your Access may be stored and processed in the country in which you submit it, and in some cases, in India. For purposes of this License, “Affiliates” means, with respect to either party, any entity directly or indirectly controlling, controlled by or under common control with such party.

      If Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation) applies to the parties’ processing of personal data under this Agreement, the parties agree to comply with the terms of the Data Processing Addendum in Schedule 2.


  1. EXPORT/IMPORT RESTRICTIONS AND TARIFFS

    • The Materials and Assessments may not be available through Mettl to any Restricted Entity. You shall not provide access to the Materials or the Assessments to anyone for use in any country or used in any manner prohibited by the United States or European Union trade sanctions or export control laws, including the Export Administration Act or laws administered by the U.S. Department of the Treasury’s Office of Foreign Assets Control. Furthermore, you will comply with any trade sanctions and export and import control laws of the countries and jurisdictions where you access and use the Materials and the Assessments or receives copies of any technical information or other materials. You agree to indemnify, defend Mettl and hold Mettl harmless from any fines or other penalties arising from a violation of this section. You agree to indemnify, defend Mettl and hold Mettl harmless from any tariffs, import or export taxes, levied with respect to the Materials and the Assessments by jurisdictions in which you use the Materials or the Assessments. For the purpose of this section, “Restricted Entity” shall mean any individual, organization or other entity owned or controlled by, or acting as an agent for, any person or entity who is the subject of an asset freeze or otherwise designated under United Nations Security Council Resolutions, or the trade sanctions laws of the U.S. or the EU, or other governments of jurisdictions in which you are based or operated and from which the Materials or the Assessments may be accessed.


  1. PROHIBITED USE

    • You shall ensure that all Users and the Client shall comply with the “Prohibited Use” as set out in Schedule 1.


  1. UNFORESEEN EVENTS

    • We agree that neither of us shall have any liability for any failure or delay in performance of our obligations under this Agreement or the Order because of circumstances beyond our reasonable control, including, without limitation, pandemics, epidemics, acts of God, fires, floods, earthquakes, acts of war or terrorism, civil disturbances, sabotage, accidents, unusually severe weather, governmental actions, power failures, computer/network viruses that are not preventable through generally available retail products, catastrophic hardware failures or attacks on its servers that affect either party or its Affiliates or subcontractors involved in the provision of the Services. Neither party shall be in breach of this Agreement or the Order nor shall they be liable for delay in performing, or failure to perform, any of its obligations under this Agreement or the Order if such delay or failure results from events beyond their reasonable control.


  1. JURISDICTION

    • 12.1

      Each party hereby irrevocably agrees that this License and the Order and any controversy or claim of whatever nature arising out of or relating to them or breach thereof shall be construed, interpreted and governed by the laws of India. The jurisdictional venue for any proceedings involving this Agreement and/or the Order shall be the exclusive jurisdiction of the courts of New Delhi, India. Notwithstanding the foregoing, any disputes shall be referred and submitted for arbitration in accordance with the India Arbitration and Conciliation Act, 1996 and subsequent amendments currently in force. The number of arbitrator shall be one, and the language shall be English. The decision and award of the arbitration shall be final and binding on the parties.

    • 12.2

      You acknowledge that Mettl will be irreparably harmed if your obligations under this License are not specifically enforced and that it would not have an adequate remedy at law in the event of an actual or threatened violation by you of your obligations. Therefore, you agree that Mettl will be entitled to an injunction or any appropriate decree of specific performance for any actual or threatened violations or breaches by you, or any of the Users, without the necessity of showing actual damages or that monetary damages would not afford an adequate remedy.

    • 12.3

      The English language version of this License shall prevail over any translation thereof into another language


  1. Not in use.


  1. ENTIRE AGREEMENT

    • THIS LICENSE AND THE ORDER CONSTITUTE THE ENTIRE AGREEMENT BETWEEN YOU, THE CLIENT AND METTL WITH RESPECT TO THE SUBJECT MATTER THEREOF AND SUPERSEDE ANY AND ALL PRIOR PROPOSALS, UNDERSTANDINGS, REPRESENTATIONS AND/OR AGREEMENTS, WHETHER ORAL OR WRITTEN, AND ALL OTHER COMMUNICATIONS BETWEEN THE PARTIES RELATING THERETO. INVOICES, PURCHASE ORDERS, PURCHASE ORDER ACKNOWLEDGMENTS AND ANY TERMS AND CONDITIONS SET FORTH ON SUCH DOCUMENTS OR ANY SIMILAR DOCUMENTS SHALL BE FOR THE ISSUING PARTY’S INTERNAL PURPOSES ONLY. THE PARTIES SPECIFICALLY REJECT ANY SUCH TERMS AND CONDITIONS. ANY ADDITIONAL TERMS INCLUDED IN SUCH DOCUMENTS SHALL NOT BE CONSIDERED TO BE VALID OR IN ANY WAY INCORPORATED UNDER THIS AGREEMENT EVEN IF SUCH DOCUMENTS ARE ACKNOWLEDGED OR ACCEPTED BY THE RECEIVING PARTY.

    • WITH RESPECT TO THE MATERIALS AND THE ASSESSMENTS, IN THE EVENT OF ANY CONFLICT OR INCONSISTENCY BETWEEN A PROVISION OF THIS LICENSE AND A PROVISION OF ANY OTHER AGREEMENT BETWEEN YOU AND METTL, THE APPLICABLE PROVISION OF THIS LICENSE SHALL CONTROL.


  1. TRANSFER/ASSIGNMENT

    • 15.1

      ACCESS TO THE MATERIALS AND ASSESSMENTS IS LICENSED ONLY TO YOU (AND THE PERMITTED USERS). YOU MAY NOT RENT, LEASE, SUBLICENSE, SELL, ASSIGN, PLEDGE, TRANSFER OR OTHERWISE DISPOSE OF THE ACCESS TO THE MATERIALS OR THE ASSESSMENTS, OR ANY OF YOUR RIGHTS OR OBLIGATIONS UNDER THIS LICENSE, IN WHOLE OR IN PART, TO ANY OTHER PARTY, INCLUDING, WITHOUT LIMITATION, YOUR EMPLOYEES WHO ARE NOT USERS, ON A TEMPORARY OR PERMANENT BASIS, WITHOUT METTL’S PRIOR WRITTEN CONSENT. ANY PURPORTED ASSIGNMENT IN VIOLATION OF THIS PARAGRAPH WILL BE VOID AND CONSTITUTE A MATERIAL BREACH OF THIS LICENSE.

    • 15.2

      THIS LICENSE IS BINDING UPON AND SHALL INURE TO THE BENEFIT OF ALL PARTIES AND THEIR RESPECTIVE SUCESSORS, HEIRS, EXECUTOR, ADMINISTRATORS, PERSONAL REPRESENTATIVES AND PERMITTED ASSIGNS.


  1. SUBCONTRACTING

    • In order to provide the Access in the most efficient manner, Mettl may sub-contract appropriate parts of the Access to a trusted third party or parties who may be located anywhere in the world. Notwithstanding paragraphs 7 and 8 of the License, in the event that the third party processes personal data, Mettl will ensure that such third party agrees in writing to act only on Mettl’s instructions and provides appropriate guarantees in respect of the technical and organizational security measures governing the processing to be carried out. Mettl will take all reasonable steps to ensure compliance with those measures. Where such third party is located outside the European Economic Area, Mettl will take all necessary steps to ensure that the processing of any personal data by the third party, including its transfer to the third party, complies with all relevant data protection and privacy laws.


  1. OTHER

    • 17.1

      Severability. It is the intent of the parties that the provisions of this License shall be enforced to the fullest extent permitted by applicable law. To the extent that the terms set forth in this License or any word, phrase, clause or sentence is found to be illegal or unenforceable for any reason, such word, phrase, clause or sentence shall be modified deleted or interpreted in such a manner so as to afford the party for whose benefit it was intended the fullest benefit commensurate with making this License as modified, enforceable and the balance of this License shall not be affected thereby, the balance being construed as severable and independent.

    • 17.2

      Modification and Waiver. Mettl reserves the right to amend this License as necessary from time to time. Any other modification or waiver of the provisions of this License and the Order shall be effective only if made in writing and signed by both parties. The failure by a party to insist upon strict performance of any provisions of this License shall not be construed as a waiver of such party’s rights arising out of any subsequent default of the same or similar nature. Any use of pre-printed, standard or posted term forms, including without limitation purchase orders, shrink-wrap agreements, click-wrap agreements, acknowledgements or invoices provided by the Client or the User, are for administrative and convenience use only and any terms and conditions stated therein shall not have the ability, unless expressly agreed between the parties, to modify or override the terms contained in this License.

    • 17.3

      Consent to Disclose. You agree that Mettl is entitled to disclose information relating to this License or you to regulators having jurisdiction over its business. You also agree that, notwithstanding any other provision in this License, Mettl may include the identities of those persons who are identified by you as contacts persons for you and information about the terms of this License in their internal client management, financial and conflict checking database.

    • 17.4

      Survival. The following provisions will survive any expiration, termination or rescission of this License: 2 to 4 and 12 to 17.

    • 17.5

      Third Party Beneficiaries. Neither this License nor access and use of the information on the Materials or the provision of the Access is intended to confer any right or benefit on any third party.

    • 17.6

      Term and Termination. Unless you have been granted access to the Materials and Assessments for a trial period (the “Trial Period”) or trial credits (the “Trial Credits”), this License will continue for the period as stated in the Order unless terminated earlier in accordance with the Order. If you have been granted a thirty (30) day trial, your access will automatically terminate at the end of the Trial Period or the utilization of the Trial Credits, whichever occurs first. In the event you terminate the Order for convenience prior to the end of the Term (as defined in the Order), you may be required to pay termination fees to the extent provided in such Order. Mettl may terminate the Order and this License immediately if you fail to comply with any term or condition of this License, or upon thirty (30) days written notice to you, at its sole discretion. You agree upon termination for any reason to return any materials associated with the Materials and the Assessments in your possession together with all copies in any form.

    • 17.7

      Marketing. Any public statement, marketing material, press releases or the like that contain the whole or any part of the Materials or any of the Assessments shall only be (a) disclosed with the prior written consent of Mettl; and (b) accompanied by an acknowledgement that any such data, information or figures are supplied by Mettl. Either party may use the other partys name and logo in its publicity, provided that any reference to the other party beyond its name or logo will be subject to prior approval of the party whose name and logo is being used.

    • 17.8

      Notices. Any notice which is to be given by one party to the other under the License or the Order will be given in writing (other than email). It will be effective if delivered to the address of the other party set out in the Order or any other address specified subsequently. A notice will be effective 48 hours after delivery. Either party may change its address for service by giving notice to the other party in accordance with this paragraph 17.8.

    • 17.9

      This License shall be read together with the Terms of Services (available at https://mettl.com/en/terms-of-services ) . and the Terms of Services shall be in addition to the terms set forth in this License. in the event of a conflict or inconsistency between the terms of this License that those of that the Terms of Services, (a) the terms of this License shall prevail to the extent related to the use and access of the Platform and/or use of the Materials, and (b) the terms of the Terms of Services shall prevail to the extent related to the use and access of the website.


Should you have questions regarding this License, you may contact your Mettl contact person.

Schedule 1

PROHIBITED USE

In relation to the use of the Materials and Assessments and Access to the Platform, you shall ensure that you, the Users and the Client shall not:

  1. Resell the usage, functionalities or services provided in the Platform;

  2. Host, display, upload, modify, publish, transmit, update, share or otherwise, any information, material or content that does not belong or licensed to you, the Users or the Client;

  3. Host, display, upload, modify, publish, transmit, update, share or otherwise, any information, material or content which is harmful, harassing, defamatory, blasphemous, offensive, obscene, pornographic, pedophilic, libelous, invasive of others privacy, hateful, racially or ethically objectionable, disparaging, relating or encouraging gambling, money laundering or engaging in activities which would cause offence to others on grounds of race, religion, creed, or sex or is otherwise unlawful in any manner;

  4. Host, display, upload, modify, publish, transmit, update, share or otherwise, any information, material or content which causes harm or attempt to harm minors in any way;

  5. Create, host, display, upload, modify, publish, transmit, update, share or otherwise, any information, material or content which infringes the copyright, trademark, patent, trade secret or other intellectual property or proprietary rights of any person;

  6. Host, display, upload, modify, publish, transmit, update, share or otherwise, any information, material or content for unlawful purpose;

  7. Host, display, upload, modify, publish, transmit, update, share or otherwise, any information, material or content to impersonate another person or for the purpose of impersonation;

  8. Host, display, upload, modify, publish, transmit, update, share or otherwise, any information, material or content that contains virus or any other computer codes, files or programs that are designed to harm, interrupt, destroy or limit Mettl?s system or networks;

  9. Host, display, upload, modify, publish, transmit, update, share or otherwise, any information, material or content that threatens the unity, integrity, defence, security or sovereignty of India, its relations with foreign states, or public order, or causes incitement to the commission of any cognizable offence, or prevents investigation of any offence, or is insulting to any nation;

  10. Use and Access the Platform in any manner which is not permitted under the License and the Order; and

  11. Use and Access the Platform for any unauthorized marketing purposes or for sending any unsolicited materials or advertisements.

Schedule 2

MERCER DATA PROCESSING ADDENDUM

This Schedule applies solely to the extent that: (i) the Services are provided by Mercer or its Affiliates from an establishment within the EEA or the United Kingdom; or (ii) the Services involve Mercer or its Affiliates processing Personal Data relating to the offering of goods or services to Data Subjects in the EEA or the United Kingdom or to the monitoring of their behaviour as far as such behaviour takes place within the EEA or the United Kingdom.

1  Introduction

1.1   The parties acknowledge and agree that this DPA:

  1. forms part of any services agreement entered into between Mercer and Client (including, but not limited to, master services agreements and Statements of Work), and all engagement letters, documents, addenda, schedules and exhibits incorporated therein and all communications sent in connection therewith (the Agreement);

  2. sets out:

    1. the data protection terms that are required under the GDPR in relation to the Processing of Personal Data that Mercer undertakes as Processor;

    2. the parties? respective obligations where the parties each act as Controllers; and

    3. all other terms governing the parties? Processing of Personal Data in connection with the Agreement; and

  3. to the extent that clause 1.1(c) is satisfied, this DPA amends and replaces: (i) the provisions in the Agreement that relate expressly to the parties? use of Personal Data, including any specific data protection clauses and data protection schedules in Agreements; and (ii) any other provisions in the Agreement that conflict with the terms of this DPA, provided that, unless expressly stated otherwise in this DPA, nothing in this DPA shall change either party?s exclusions and limitations of liability under the Agreement and all provisions relating to liability and indemnities set out in the remainder of the Agreement shall continue to apply notwithstanding this DPA coming into effect. For the avoidance of doubt, the existing provisions in the Agreement that relate to the use of Personal Data shall continue to apply between the parties to the extent that clause 1.1(c) above does not apply.

2  Definitions

2.1   Capitalised terms used but not defined in this DPA shall have the meaning set forth in the Agreement.

2.2   The following terms have the following meanings when used in this DPA:

3  Relationship with the Agreement

3.1   Subject to clause 1.1(d)(ii), in the event of a conflict between the terms of the Agreement and the terms of this DPA, the terms of this DPA shall prevail.

3.2   In the event of a conflict between this DPA and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail.

4  Processing of Personal Data

4.1   Roles of the Parties

  1. The parties acknowledge and agree that (to the extent applicable):

    1. Client and Mercer each act as Controllers in connection with the Processing of Personal Data in relation to any actuarial services provided in the United Kingdom under the Agreement by a member of the Institute and Faculty of Actuaries (the ?UK Actuarial Services?);

    2. Client and Mercer each act as Controllers in connection with the Processing of Personal Data in relation to any insurance broking services provided in Spain, Portugal and France (the ?Spanish, Portuguese and French Broking Services?);

    3. Client and Mercer each act as Controllers in connection with the Processing of Personal Data in relation to the provision of the Workforce Products;

    4. Mercer acts as Controller when Processing Personal Data for the following business and operational purposes: (1) carrying out fraud, anti-money laundering, sanctions and any other checks and investigating and prosecuting fraud, money laundering or sanctions violations in connection with the establishment and maintenance of a client relationship and provision of services; (2) where required for compliance with legal and regulatory obligations; and (3) for data analytics as described at clause 13;

    5. Mercer acts as a Processor in connection with the Processing of Personal Data for Mettl, except in the following limited circumstances where Mercer acts as Controller: (1) where Mercer collects data about corporate representatives who sign up to the service, or register interest, on behalf of the Client; (2) when Mercer registers individual accounts for its online assessment platform; and (3) where an individual registers their general interest in participating in future hackathons (and not where the individual is signing up to a specific client hackathon);

    6. except as set out in clauses 4.1(a) (i) to (v), Mercer acts as a Processor with respect to Personal Data; and

    7. in the event that, during the course of the Agreement, in response to emerging guidance or legislation Mercer considers that its categorisation for any Processing carried out under the Agreement should change: (i) from Controller to Processor; or (ii) from Processor to Controller, Mercer shall provide written notice of this change to Client and the parties agree that the terms under this DPA relating to the new status shall apply to all Processing from date of receipt of such notice.

  2. Client has engaged Mercer to provide certain services as detailed in the Agreement.

4.2   Clients Processing of Personal Data ? General Obligations

  1. In respect of the parties? Processing, Client shall:

    1. comply with Data Protection Laws and ensure that any instructions it issues to Mercer shall comply with Data Protection Laws; and

    2. have sole responsibility for the accuracy, quality, and legality of Personal Data, and the means by which Client acquired Personal Data and shall establish the legal basis for Processing under Data Protection Laws.

  2. Client warrants that:

    1. the disclosure of Personal Data to Mercer is limited to what is necessary in order for Mercer to perform the Services; and

    2. such Personal Data is accurate and up-to-date at the time that it is provided to Mercer.

  3. Client shall:

    1. collect Personal Data in a manner compliant with Data Protection Laws, including by providing all notices and obtaining all consents as may be required under Data Protection Laws in order for Mercer to lawfully and fairly Process Personal Data in connection with the provision of the Services and as otherwise contemplated by this DPA and the remainder of the Agreement; and

    2. notify Mercer upon becoming aware that Personal Data has become inaccurate or out of date.

4.3   Mercers Processing of Personal Data ? General Obligations

  1. Where Mercer Processes Personal Data as a Controller, Mercer shall only Process Personal Data:

    1. to the extent that it is reasonably necessary for the purposes of providing any UK Actuarial Services or Spanish, Portuguese and French Broking Services or Workforce Products and as required by Applicable Law; and

    2. as otherwise set out in the Agreement (including this DPA).

  2. Where Mercer Processes Personal Data as a Processor, it shall comply with the Data Protection Laws as they apply to Mercer as a Processor and only Process Personal Data in accordance with Clients instructions or as required by law. Client instructs Mercer to Process Personal Data to perform the Services and as described in the DPA and the remainder of the Agreement including Processing initiated by Data Subjects in their use of the Services where applicable.

  3. This DPA and the Agreement are Client?s complete and final instructions to Mercer for the Processing of Personal Data. Mercer shall not be bound by additional or alternate instructions except pursuant to the parties? mutual written agreement.

  4. Without prejudice to Client?s obligations under clause 4.2(a)(i), Mercer shall inform Client if, in its reasonable opinion, an instruction issued by Client infringes Data Protection Laws and shall, without liability, be entitled to stop Processing Personal Data in accordance with such infringing instruction. The parties acknowledge and agree that a failure or delay by Mercer to identify that an instruction infringes Data Protection Laws shall not cause Mercer to be in breach of this Agreement nor relieve Client from its liability under this Agreement.

4.4   Compliance with Data Protection Law

In respect of the Personal Data for which Client and Mercer each act as Controllers, Client and Mercer shall each comply with their respective obligations as Controllers under Data Protection Law, except to the extent that this DPA allocates responsibility for compliance with a particular requirement under Data Protection Law to one party

4.5   Purpose; Categories of Personal Data and Data Subjects

The purpose of Processing of Personal Data by Mercer is the performance of the Services pursuant to the Agreement. The types of Personal Data and categories of Data Subjects Processed by Mercer, when acting as a Processor, under this DPA are further specified in Attachment 1 (Data Processing Details Addendum) to this DPA.

4.6   Limitation on Disclosure

Mercer shall not disclose Personal Data to any third parties without Client?s prior consent, except as required by law or permitted by the Agreement. Without limiting the generality of the foregoing, Mercer may disclose Personal Data to Processors and Sub-processors (including Mercer Affiliates acting in such capacities) engaged as described in clause 10.

4.7   Confidentiality

Mercer shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data and are subject to binding confidentiality obligations.

5  Data Subject Rights; Other Complaints and Requests

5.1   Data Subject Requests

If Mercer receives a Data Subject Request (whether as a Processor or a Controller):

  1. Mercer shall, to the extent permitted by law, promptly notify Client upon receipt of a Data Subject Request. Following receipt of a Data Subject Request, Mercer may contact the relevant Data Subject to acknowledge receipt of the Data Subject Request and to notify the Data Subject that it has referred the Data Subject Request to Client, but Mercer shall otherwise not respond to any Data Subject Request without Client?s prior written instructions;

  2. Client shall handle the Data Subject Request in accordance with Data Protection Law; and

  3. Mercer shall provide such commercially reasonable assistance as Client may reasonably request to help Client fulfil its obligations under Data Protection Laws to respond to Data Subject Requests. Client shall be responsible for any reasonable costs arising from Mercer?s provision of such assistance.

5.1   Other Complaints and Requests

  1. Mercer shall, to the extent permitted by law, promptly notify Client upon receipt of any complaint or request (other than Data Subject Requests or enquiries of Regulators described in clause 6) relating to: (a) Client?s obligations under Data Protection Laws; or (b) Personal Data.

  2. Unless otherwise agreed between the parties, Client shall handle the relevant request or complaint in accordance with Data Protection Law

  3. Mercer shall provide such commercially reasonable assistance as Client may reasonably request in relation to such complaint or request. Client shall be responsible for any reasonable costs arising from Mercer?s provision of such assistance

6  Cooperation with Regulators and Conduct of Claims

6.1   Mercer shall notify Client of all enquiries from a Regulator that Mercer receives which relate to the Processing of Personal Data, unless prohibited from doing so at law or by the Regulator.

6.2   Unless a Regulator requests in writing to engage directly with Mercer or the parties (acting reasonably and taking into account the subject matter of the request) agree that Mercer shall handle a Regulator request itself, Client shall:

  1. be responsible for all communications or correspondence with the Regulator in relation to the Processing of Personal Data; and

  2. keep Mercer informed of such communications or correspondence to the extent permitted by law.

7  Security

7.1   Mercer shall take the technical and organisational measures set out in Attachment 2 (Security Measures) to protect the confidentiality, integrity, availability and resilience of Mercer systems which are involved in Processing Personal Data.

7.2   Client has assessed the level of security appropriate to the Processing in the context of its obligations under Data Protection Laws and agrees that the security measures set out in Attachment 2 (Security Measures) are consistent with such assessment.

7.2   Client shall take appropriate technical and organisational measures to protect the security of the Personal Data, including ensuring that Personal Data is securely transferred to Mercer.

8  Security Breach Management and Notification

8.1   Mercer shall:

  1. promptly notify Client upon becoming aware of the occurrence of a Personal Data Breach and provide Client with the following information as it becomes available:

    1. a description of the nature of the Personal Data Breach, including where possible the categories and approximate number of Data Subjects concerned;

    2. the name and contact details of the Mercer contact from whom more information can be obtained; and

    3. a description of the measures taken or proposed to be taken to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects.

8.2   Client shall promptly notify Mercer upon becoming aware of the occurrence of a Personal Data Breach involving Mercer, or Mercer?s systems or facilities, personnel, Processors or Sub-processors.

8.3   The parties agree to coordinate in good faith on developing the content of any related public statements and any required notices to the affected Data Subjects and/or the relevant Regulators in connection with a Personal Data Breach, provided that nothing in this clause 8.3 shall prevent either party from complying with its obligations under Data Protection Laws.

9  Return and Deletion of Client Data

9.1   Subject to clause 13, on termination of the Agreement for any reason, or upon written request from Client at any time, Mercer shall cease Processing any Personal Data, and (at Clients direction) return to Client or delete (in accordance with Mercer?s document retention and deletion policies), any Personal Data in Mercers possession or control, except as required by law or as required in order to defend any actual or possible legal claims.

9.2   Client acknowledges and agrees that Mercer shall have no liability for any losses incurred by Client arising from or in connection with Mercer?s inability to perform the Services as a result of Mercer complying with a request to delete or return Personal Data made by Client pursuant to clause 9.1.

10  Mercer Processors and Sub-processors

10.1   Appointment of Processors and Sub-processors

Client acknowledges and agrees that: (a) Mercer may engage Processors (where Mercer acts as Controller) and Sub-processors (where Mercer acts as Processor) in connection with the provision of the Services; and (b) such Processors and Sub-processors may include Mercer Affiliates.

10.2   Sub-processing Agreement

Mercer shall ensure that its contract with any Sub-processor imposes on the Sub-processor obligations that are equivalent to the obligations to which Mercer is subject under this DPA.

10.3   List of Current Sub-processors and Notification of New Sub-processors

A list of Sub-processors, current as of the Effective Date, shall be made available at https://www.uk.mercer.com//data-protection.html on or before the Effective Date. At that location Mercer shall also provide Client with a mechanism to subscribe in order to receive notifications regarding Mercer?s use of any new Sub-processor not included in such list (?New Sub-processors?) for the Processing of Personal Data. Notification of a New Sub-processor shall be issued prior to such New Sub-processor being authorised to Process Personal Data in connection with the provision of the Services.

10.4   Objection Right for New Sub-processors

Client may object to Mercers use of a New Sub-processor where there are reasonable grounds to believe that the New Sub-processor will be unable to comply with the terms of this DPA or the Agreement. If Client objects to Mercer?s use of a New Sub-processor, Client shall notify Mercer promptly in writing within ten (10) days after notification regarding such Sub-processor. Client?s failure to object in writing within such time period shall constitute approval to use the New Sub-processor. Client acknowledges that the inability to use a particular New Sub-processor may result in delay in performing the Services, inability to perform the Services or increased fees. Mercer will notify Client in writing of any change to Services or fees that would result from Mercer?s inability to use a New Sub-processor to which Client has objected. Client may either execute a written amendment to the Agreement implementing such change or exercise its right to terminate the Agreement in accordance with the termination provisions thereof. Such termination shall not constitute termination for breach of the Agreement. Mercer shall have a right to terminate the Agreement if Client unreasonably objects to a Sub-Processor, or does not agree to a written amendment to the Agreement implementing changes in fees or Services resulting from the inability to use the Sub-processor at issue.

10.5   Responsibility for Sub-processors

Mercer shall be responsible and liable for the acts, omissions or defaults of its Sub-processors in the performance of obligations under this DPA or otherwise as if they were Mercer?s own acts, omissions or defaults.

11  Audits and Requests for Information and Assistance

11.1   Client may audit Mercer?s compliance with its obligations under this DPA, subject to the following requirements:

  1. Client may perform such audits once per year or more frequently if required by Data Protection Laws applicable to Client;

  2. Client may use a third party to perform the audit on its behalf, provided the third party is mutually agreed to by Client and Mercer and executes a confidentially agreement acceptable to Mercer before the audit;

  3. audits must be conducted during regular business hours, subject to Mercer?s policies, and may not unreasonably interfere with Mercer?s business activities;

  4. Client must provide Mercer with any audit reports generated in connection with any audit at no charge unless prohibited by law. Client may use the audit reports only for the purposes of meeting its audit requirements under Data Protection Laws and/or confirming compliance with the requirements of this DPA. The audit reports shall constitute confidential information of the parties under the Agreement;

  5. to request an audit, Client must submit a detailed audit plan to Mercer at least six (6) weeks in advance of the proposed audit date. The audit plan must describe the proposed scope, duration, and start date of the audit. Mercer will review the audit plan and inform Client of any concerns or questions (for example, any request for information that could compromise Mercer?s confidentiality obligations or its security, privacy, employment or other relevant policies). Mercer will work cooperatively with Client to agree on a final audit plan;

  6. nothing in this clause 11.1 shall require Mercer to breach any duties of confidentiality owed to any of its clients or employees;

  7. if the requested audit scope is addressed in an SSAE 16/ISAE 3402 Type 2, ISO, NIST or similar audit report performed by a qualified third party auditor within twelve (12) months of Client?s audit request and Mercer confirms there are no known material changes in the controls audited, Client agrees to accept those findings in lieu of requesting an audit of the controls covered by the report; and

  8. all audits are at Client?s sole cost and expense. Any request for Mercer audit assistance requiring the use of resources different from or in addition to those required for provision of the Services will be considered an additional service for which reasonable additional fees may be charged. Mercer reserves the right to require Client?s written agreement to pay for such fees before providing such audit assistance.

11.2   Each party will be separately responsible for assessing the need to undertake, and the completion of, any data protection impact assessment, including any consultation with a Regulator, under Articles 35 and 36 of the GDPR or otherwise in respect of its use or provision of the Services.

11.3   Where requested by Client, Mercer shall, at Client?s cost, provide Client with such assistance and information as may be reasonably required in order for Client to comply with any obligation to carry out a data protection impact assessment or consult with a Regulator pursuant to Articles 35 and 36 of the GDPR, respectively.

11.4   Where requested by Mercer, Client shall, at Mercer?s cost, provide Mercer with such assistance and information as may be reasonably required in order for Mercer to comply with any obligation to carry out a data protection impact assessment or consult with a Regulator pursuant to Articles 35 and 36 of the GDPR, respectively.

12  Transfers Outside of the European Economic Area

12.1   Subject to the remainder of this clause 12, Client consents to transfers of Personal Data to Mercer, Mercer?s Affiliates or Mercer?s and Mercer?s Affiliates? respective Sub-processors based in countries outside the EEA.

12.2   Data Transfer Mechanisms where Mercer acts as a Processor

  1. Where Mercer acts as a Processor of Personal Data that is transferred, either directly or via onward transfer, from the EEA to a recipient outside the EEA in a country not recognised by the European Commission as providing an adequate level of protection for personal data (?Third Country Recipient?), such transfer shall be covered by a framework recognised by the relevant authorities or courts as providing an adequate level of protection for Personal Data, including but not limited to Standard Contractual Clauses, binding corporate rules or the EU-US Privacy Shield Framework (each a ?Data Transfer Mechanism?).

  2. Mercer is an affiliate of Marsh & McLennan Companies, Inc. ?MMC? and ?MMC Group? shall mean the corporate group of MMC. MMC has adopted processor binding corporate rules in the form of the Processor standard, which shall be made available on or before the Effective Date at https://www.uk.mercer.com//data-protection.html (the ?Standard?) in order to provide adequate safeguards for transfers of Personal Data from certain MMC Group Affiliates to certain non-EEA MMC Group Affiliates.

  3. Where Mercer makes a transfer covered by the Standard Mercer warrants that:

    1. it is a party to and is bound by the intra-group agreement regarding the Standard dated 20 June 2017 and entered into between MMC UK Group Limited and MMC Group Affiliates as listed and amended in the same agreement from time to time (the ?Intra-Group Agreement?);

    2. clause 1.1 of the Intra-Group Agreement binds Mercer to comply with all of the provisions of the Standard in respect of any Personal Data transferred from any of the EEA MMC Group members to any of the non-EEA MMC Group members (as defined in the Standard);

    3. it shall comply with all of the provisions of the Standard;

    4. where Client is established within the EEA, the Standard has been duly approved by the data protection authority with competent jurisdiction in the EEA territory where Client is established (the ?Competent DPA?); and

    5. it will promptly notify Client if the Competent DPA withdraws its approval of the Standard.

  4. Client undertakes to make available to Data Subjects upon request a copy of the Standard and of this DPA unless the DPA contains any sensitive and confidential commercial information in which case it will remove such information.

  5. If Mercer elects to apply the Standard Contractual Clauses pursuant to clause 12.2(a):

    1. if required by Mercer, Client shall sign a copy of the Standard Contractual Clauses and take such further action as is required by applicable law to ensure that the Standard Contractual Clauses are legally valid;

    2. they shall constitute a separate agreement between each Data Exporter and the Data Importer;

    3. if the Processing under the Standard Contractual Clauses can subsequently be performed under an alternative Data Transfer Mechanism (including where the relevant Data Importer becomes party to the Intra-Group Agreement), then the Standard Contractual Clauses shall automatically terminate effective as of the date that such alternative Data Transfer Mechanism takes effect in respect of such Processing, and Client shall execute such documents or acknowledgements as Mercer may reasonably request to evidence such termination;

    4. the parties agree to amend the Standard Contractual Clauses if required in accordance with a relevant European Commission decision or Data Protection Laws;

    5. the parties agree that the prior written consent to the engagement of Sub-processors required by Clause 5(h) of the Standard Contractual Clauses has been given pursuant to clause 10.1 of this DPA;

    6. the parties agree that upon Data Exporter?s request, Data Importer will provide the copies of the Sub-processor agreements that must be sent by the Data Importer to the Data Exporter pursuant to Clause 5(j) of the Standard Contractual Clauses, and that Data Importer may remove or redact all commercial information or clauses unrelated to the Standard Contractual Clauses or their equivalent beforehand; and

    7. the parties agree that clause 11 of this DPA shall satisfy the audit requirements of the Standard Contractual Clauses applied to Data Importer under Clause 5(f) and to any Sub-processors under Clause 11 and Clause 12(2).

12.3   Transfer where Mercer acts as a Controller

Where Mercer acts as a Controller and transfers Personal Data outside of the EEA or a country recognised by the European Commission as providing an adequate level of protection for personal data, Mercer will ensure that such transfers are covered by a Data Transfer Mechanism.

13   Analytics

13.1   Client agrees that during and after the term of the Agreement, Mercer may use any information it collects and uses in connection with the Services, together with information from its other clients, for data analytics purposes, including to create insights, reports and other analytics to improve the quality of and market Mercer?s advice, products and services. The output of such analytics will not identify particular clients or individuals.

13.2   Where the Services involve Mercer interacting directly with Data Subjects via platform use or otherwise, Mercer may carry out further analytics or direct marketing to Data Subjects conditional on Mercer directly providing such Data Subjects with appropriate notices or obtaining from them appropriate consents, as required by Data Protection Laws and Regulations.

14   Termination and General

14.1   This DPA and the Standard Contractual Clauses will terminate when Mercer ceases to Process Personal Data, unless otherwise agreed in writing between the parties.

14.2   Liability

The parties agree that all liabilities between them under this DPA and the Standard Contractual Clauses will be subject to the limitations and exclusions of liability and other terms of the Agreement, except that such limitations and exclusions of liability will not apply to any party?s liability to Data Subjects under the third party beneficiary provisions of the Standard Contractual Clauses to the extent limitation of such rights is prohibited by Data Protection Laws.

14.3   Exclusion of third party rights

Subject to clause 12.2, Data Subjects are granted third party rights under the Standard Contractual Clauses. Client Recipients and Mercer Providers who execute a Statement of Work under a master services agreement shall have rights solely in respect of the data processed under that Statement of Work. All other third party rights are excluded.

14.4   Governing Law

To the extent required by applicable Data Protection Laws (e.g., in relation to the governing law of the Standard Contractual Clauses), this DPA shall be governed by the law of the applicable jurisdiction. In all other cases, this DPA shall be governed by the laws of the jurisdiction specified in the Agreement in respect of the applicable Services.

ATTACHMENT 1

Data Processing Details Addendum

Controller

Client and the Client Affiliates that Process Personal Data for their own business purposes.

Processor

The Processor is Mercer.

Data subjects

The Personal Data Processed may concern the following categories of Data Subjects:

Categories of data

The Personal Data Processed may concern the following categories of data:

Details such as a Data Subject?s name, date of birth, gender, address, email address, telephone number, employer name, employee ID, employment and pensionable service status and periods, dates of absence, employment grade, employee performance, job title, salary and remuneration arrangements, nature and details of current and historic pension arrangements, pension amounts, pension contributions, employee benefit details, insurance cover, marital status, beneficiary details, bank details, national insurance number/national identification number/social security number, underwriting status, business travel information, educational background, passport number, driving licence number, details of power of attorney, pyschometric test results, number of dependents/beneficiaries and/or ill-health status.

Special categories of data (if appropriate)

The Personal Data Processed may concern the following special categories of data:

Details of a Data Subject?s sexual orientation, trade union membership, political affiliation, ill-health status and/or medical records/details.

Processing operations

The Personal Data Processed will be subject to the following basic Processing activities:

Mercer, acting as a Processor, will, depending on the scope of its engagement, Process the Personal Data to perform the Services, to comply with its statutory and regulatory obligations, to maintain accounts and records and to conduct analysis in order to improve its products and services. This will involve, among other things, the collection, storage, analysis and disclosure of Personal Data that Mercer receives from (or on behalf of) the Client in accordance with the Agreement.

ATTACHMENT 2

Security Measures

In satisfaction of its obligation under clause 7 of this DPA, Mercer shall implement the following:

  1. Organisational management and dedicated staff responsible for the development, implementation and maintenance of Mercer?s information security program.

  2. Audit and risk assessment procedures for the purposes of periodic review and assessment of risks to Mercer?s organisation, monitoring and maintaining compliance with Mercer?s policies and procedures, and reporting the condition of its information security and compliance to internal senior management.

  3. Data security controls which include at a minimum, but may not be limited to, logical segregation of data, restricted (e.g. role-based) access and monitoring, and utilisation of commercially available and industry standard encryption technologies for Personal Data that is:

    1. transmitted over public networks (i.e. the Internet) or when transmitted wirelessly; or

    2. at rest or stored on portable or removable media (i.e. laptop computers, CD/DVD, USB drives, back-up tapes).

  4. Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g. granting access on a need-to-know and least privilege basis, use of unique IDs and passwords for all users, periodic review and revoking/changing access promptly when employment terminates or changes in job functions occur).

  5. Password controls designed to manage and control password strength, expiration and usage including prohibiting users from sharing passwords and requiring that Mercer?s passwords that are assigned to its employees: (i) be at least eight (8) characters in length, (ii) not be stored in readable format on Mercer?s computer systems; (iii) must be changed every ninety (90) days; must have defined complexity; (v) must have a history threshold to prevent reuse of recent passwords; and (vi) newly issued passwords must be changed after first use.

  6. System audit or event logging and related monitoring procedures to proactively record user access and system activity for routine review.

  7. Physical and environmental security of data center, server room facilities and other areas containing Personal Data designed to: (i) protect information assets from unauthorised physical access, (ii) manage, monitor and log movement of persons into and out of Mercer facilities, and (iii) guard against environmental hazards such as heat, fire and water damage.

  8. Operational procedures and controls to provide for configuration, monitoring and maintenance of technology and information systems according to prescribed internal and adopted industry standards, including secure disposal of systems and media to render all information or data contained therein as undecipherable or unrecoverable prior to final disposal or release from Mercer?s possession.

  9. Change management procedures and tracking mechanisms designed to test, approve and monitor all changes to Mercer?s technology and information assets.

  10. Incident / problem management procedures designed to allow Mercer to investigate, respond to, mitigate and notify of events related to Mercer?s technology and information assets.

  11. Network security controls that provide for the use of enterprise firewalls and layered DMZ architectures, and intrusion detection systems and other traffic and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack.

  12. Vulnerability assessment, patch management and threat protection technologies and scheduled monitoring procedures designed to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code.

  13. Business resiliency/continuity and disaster recovery procedures designed to maintain service and/or recovery from foreseeable emergency situations or disasters.

    Mercer reserves the right to revise the security measures set out in this Attachment 2 at any time, without notice, so long as any such revisions will not materially reduce or weaken the protection provided for Personal Data that Mercer Processes in the course of providing the Services to Client.