IMPORTANT - PLEASE READ CAREFULLY BEFORE USING THE ONLINE ASSESSMENT PLATFORM
THE COPYRIGHT, DATABASE RIGHTS AND ANY OTHER INTELLECTUAL PROPERTY RIGHTS IN THE PROGRAMS, TOOLS, DOCUMENTATION, INFORMATION, PROPRIETARY TECHNOLOGY, AND METHODOLOGIES CONTAINED WITHIN THE METTL ONLINE ASSESSMENT PLATFORM (“PLATFORM“) AND THE PROPRIETARY OR LICENSED TEST MATERIAL AND CONTENT QUESTIONS CONTAINED THEREIN (THE ”METTL METHODOLOGY,” AND COLLECTIVELY WITH THE PLATFORM, THE “MATERIALS”) ARE AND REMAIN THE PROPERTY OF INDUSLYNK TRAINING SERVICES PRIVATE LIMITED (“METTL”). THE COPYRIGHT, DATABASE RIGHTS AND OTHER INTELLECTUAL PROPERTY RIGHTS IN THE MATERIALS AND DATA CONTAINED IN THE ASSESSMENTS (THE “ASSESSMENTS”) ARE AND REMAIN THE PROPERTY OF METTL. YOU ARE LICENSED TO ACCESS AND USE THE MATERIALS AND THE ASSESSMENTS YOU ACCESS UNDER THIS LICENCE ONLY IF YOU ACCEPT ALL THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT (THE “LICENSE”). UNLESS AN EXCEPTION IS NOTED HEREIN, THE TERMS OF THIS LICENSE APPLY TO YOU IF YOU HAVE LICENSED THE PLATFORM, THE METTL METHODOLOGY, OR BOTH. IF AN AFFILIATE OF METTL HAS SUPPLIED ACCESS TO THE MATERIALS, THE AFFILIATE HAS AUTHORITY TO ENTER INTO THIS LICENSE ON METTL’S BEHALF, AND ALL REFERENCES TO METTL HEREIN INCLUDE REFERENCES TO SUCH AFFILIATE.
WHEN YOU CLICK "Get Started" OR AGREE TO THE INSERTION ORDER TO ACCEPT THIS LICENSE, YOU AGREE THAT THE MATERIALS AND ASSESSMENTS ASSOCIATED WITH THIS LICENSE ARE INTENDED ONLY FOR INTERNAL USE FOR INFORMATION PURPOSES ONLY AS DESCRIBED IN SECTION 1 BELOW BY THE ORGANIZATION WHOSE FULL CORPORATE NAME HAS BEEN IDENTIFIED TO METTL IN THE INSERTION ORDER FORM (THE “ORDER”) AS THE CLIENT (“CLIENT”) FOR THE PURPOSES OF THE APPLICABLE OFFERINGS DEFINED THEREIN. BY PROCEEDING AND ACCESSING THE MATERIALS AND ANY ASSESSMENTS, YOU INDICATE YOUR ACCEPTANCE ON BEHALF OF THE CLIENT OF THE TERMS AND CONDITIONS OF THIS LICENSE. ACCORDINGLY, REFERENCES TO “YOU” MEAN REFERENCES TO THE CLIENT. THE MATERIALS, THE ASSESSMENTS AND THE INFORMATION AND DATA CONTAINED THEREIN MAY NOT BE COPIED, MODIFIED, SOLD, TRANSFORMED INTO ANY OTHER MEDIA, OR OTHERWISE TRANSFERRED IN WHOLE OR IN ANY PART TO ANY PARTY OTHER THAN THE CLIENT, WITHOUT PRIOR WRITTEN CONSENT FROM METTL. ACCESSING THIS INFORMATION EITHER THROUGH ONLINE ACCESS, PDF, XLS, CSV OR MDB MEANS THAT YOU HAVE ACCEPTED DELIVERY OF YOUR ASSESSMENT AND THE TERMS OF THIS LICENSE AGREEMENT AND THAT YOU AGREE TO PAY THE INVOICE. YOU AGREE AND UNDERSTAND THAT LOCAL METTL AFFILIATE MAY BE SERVING AS THE BILLING AND COLLECTION AGENT ON BEHALF OF METTL AND LOCAL METTL AFFILIATE WILL REMIT TO METTL THE SERVICE FEES ASSOCIATED WITH THE OFFERINGS AND ASSESSMENTS ACCESSED PURSUANT TO THIS LICENSE.
IF METTL OR THE LOCAL METTL AFFILIATE (COLLECTIVELY, “METTL GROUP”), IN ITS SOLE DISCRETION, DETERMINES THAT YOU OR THE CLIENT ARE COMPETITORS, COMMERCIAL USERS, PARTICIPANTS OR PURCHASERS WHO ARE NOT END-USERS, OR ANY ENTITY OR INDIVIDUAL THAT RESELLS OR REDISTRIBUTES THE ASSESSMENTS OR OFFERINGS OR DATA FROM THE ASSESSMENTS IN ANY WAY (a “Competitor”), YOU WILL BE REQUIRED TO PAY HIGHER FEES (the “Competitor Fees”). YOU AGREE TO PAY SUCH COMPETITOR FEES WITHIN THIRTY (30) DAYS OF YOUR RECEIPT OF AN INVOICE FROM LOCAL METTL AFFILIATE IN ITS CAPACITY AS BILLING AGENT FOR METTL.
YOU SHOULD THEREFORE READ THIS LICENSE CAREFULLY BEFORE CLICKING ON “Get Started” OR AGREEING TO THE TERMS OF THE ORDER OR ACCESSING THE MATERIALS OR ANY ASSESSMENTS. IF YOU DO NOT ACCEPT THE TERMS AND CONDITIONS OF THIS LICENSE, YOU CANNOT ACCESS THE MATERIALS. IF IT HAS BEEN MORE THAN THIRTY (30) DAYS SINCE THE MATERIALS HAS BEEN MADE AVAILABLE TO YOU AND YOU HAVE NOT ACCESSED IT, NO REFUNDS WILL BE PROVIDED.
1. LICENSE
1.1. Subject to the terms and conditions of this License and upon receipt of full consideration, Mettl agrees to grant you, with respect to the Materials, a limited, non-exclusive, non-transferrable license to access and use the Materials or Assessments, as applicable on personal computers or a local area network in the normal places of business of your company, or through a secure remote network access facility provided by you. Use of the Materials or Assessments and the information and data contained therein is for your internal research and analysis purposes only. You will not provide access to the Materials or any Assessment, or to any information contained therein, to anyone other than the prescribed Users. Unless you have received Mettl’s prior written consent and paid the Competitor Fees, under no circumstances are the Materials or any Assessments to be used for the provision of service bureau, or timesharing, or services of any other kind to your clients, customers or any other third parties. Mettl has the right at any time to receive full and complete reporting from you of these locations and the individuals provided with access to the Materials and the Assessments.
1.2. The activities set out in the Order constitute the access to be provided by Mettl (the “Access“). Any variation to the scope of such Access must be agreed in writing between the applicable parties. You are solely responsible for training of your personnel in the use of and applications of the Materials and the Assessments unless otherwise agreed upon in writing by the parties.
1.3. Information to be provided
1. 3. 1. Any information that you are required to supply (or which is supplied on your behalf) is expected to be accurate and complete. With respect to the Assessments, as a standard part of Mettl's information processing, Mettl may review the data you submit for completeness and obvious errors. You agree to work with Mettl on a timely basis to answer any questions that arise from its review and to correct any identified problem, omissions or errors. Despite Mettl's review, you remain accountable for the accuracy of your data. Problems with information quality and/or delays in providing such information may result in a delay in the project delivery date and/or an increase in fees as have been agreed with you.
1. 3. 2. With respect to the Assessments, you acknowledge and accept that: (i) the response rates to Assessments cannot be predicted and are not guaranteed by Mettl; and (ii) all figures contained in Assessments may be subject to the limits of statistical errors/rounding up or down.
2. DISCLAIMER OF WARRANTIES
2.1. EXCEPT AS EXPRESSLY SET OUT IN THIS LICENSE, METTL MAKES NO WARRANTIES OR REPRESENTATIONS WITH RESPECT TO THE MATERIALS OR ANY PART THEREOF, AND DISCLAIMS ALL EXPRESS, IMPLIED AND STATUTORY WARRANTIES OF ANY KIND TO YOU OR ANY THIRD PARTY, INCLUDING, BUT NOT LIMITED TO, REPRESENTATIONS AND WARRANTIES REGARDING ACCURACY, TIMELINESS, COMPLETENESS, MERCHANTABILITY, FITNESS FOR ANY PARTICULAR PURPOSE, NON-INFRINGEMENT OF THIRD PARTY RIGHTS, AND/OR FREEDOM FROM COMPUTER VIRUS. YOU ASSUME THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE MATERIALS AND THE ASSESSMENTS.
2.2. YOU ACCEPT THE MATERIALS AND THE ASSESSMENTS ON AN “AS IS” AND “AS AVAILABLE” BASIS. YOU ACKNOWLEDGE THAT THE MATERIALS AND THE ASSESSMENTS ARE FOR GENERAL INFORMATION AND USE ONLY. IN PARTICULAR, NEITHER THE MATERIALS NOR THE ASSESSMENTS CONSTITUTE ANY FORM OF ADVICE, RECOMMENDATION, REPRESENTATION, OR ARRANGEMENT BY METTL. METTL DOES NOT WARRANT THE ACCESS OR USE OF THE MATERIALS OR THE ASSESSMENTS IN ANY SPECIFIC SITUATION OR FOR ANY SPECIFIC APPLICATION, NOR DOES METTL WARRANT THAT THE MATERIALS' PLATFORM WILL BE ACCESSIBLE AT ALL TIMES OR THAT IT WILL BE ERROR FREE.
2.3. METTL MAKES NO WARRANTIES OF ANY KIND AS TO THE ACCURACY OF THE DATA OR ASSUMPTIONS CONTAINED IN OR ENTERED INTO THE MATERIALS AND THE ASSESSMENTS, NOR DOES IT ASSUME ANY RESPONSIBILITY FOR THE CONSEQUENCES OF ANY ERRORS OR OMISSIONS. YOU ASSUME THE ENTIRE LIABILITY AND RESPONSIBILITY FOR THE DATA AND ASSUMPTIONS ENTERED BY USERS INTO ANY PARTS OF THE MATERIALS OR THE ASSESSMENTS THAT HAVE THE FUNCTIONALITY TO RECEIVE USER DATA AND FOR ANY REPRESENTATIONS OR CONCLUSIONS DRAWN FROM SUCH DATA OR ASSUMPTIONS.
2.4. METTL EXPRESSLY DISCLAIMS AND ACCEPTS NO LIABILITY FOR ANY LOSS ARISING FROM THE USE OF THE ASSESSMENT SERVICES, ASSESSMENTS, OFFERINGS, PSYCHOMETRIC TOOLS (INCLUDING ANY RELIANCE ON THE PREDICTIVE VALIDITY OF ANY PSYCHOMETRIC TOOL USED IN CONNECTION WITH ANY ASSESSMENT) OR THE USE OF THE PLATFORM OR WEBSITE, ANY ACTION TAKEN OR REFRAINED FROM, AND ALL BUSINESS DECISIONS TAKEN AS A RESULT OF OR RELIANCE UPON ANYTHING, INCLUDING, WITHOUT LIMITATION, INFORMATION OR ADVICE, CONTAINED IN THE OUTPUT OF ANY ASSESSMENT OR ANY ASSESSMENTS OR SOURCES OF INFORMATION USED OR REFERRED TO THEREIN, OR FOR ACTUAL RESULTS OR FUTURE EVENTS. METTL IS NOT RESPONSIBLE FOR (1) YOUR SELECTION OF ASSESSMENTS, (2) YOUR USE OR RELIANCE ON, OR INTERPRETATION AND APPLICATION OF, ANY ASSESSMENT, OFFERING, PSYCHOMETRIC TOOL OR OUTPUT AND/OR (3) YOUR DECISIONS BASED ON ANY ASSESSMENT, PRODUCT, PSYCHOMETRIC TOOL OR OUTPUT. ANY RISKS RELATED TO THE FOREGOING AND THE RESULTS OF ANY SUCH DECISIONS SHALL BE SOLELY YOUR RESPONSIBILITY. WITHOUT LIMITING THE FOREGOING, THE OUTPUT OF THE ASSESSMENT SERVICES MUST NOT BE RELIED UPON AS STATEMENTS OF FACT OR AS THE SOLE BASIS FOR ANY EMPLOYMENT RELATED DECISIONS.
2.5. METTL ASSUMES NO RESPONSIBILITY FOR THE EFFECTIVENESS OF ANY ENCRYPTED DATA, NOR WILL IT GUARANTEE THAT AN ENCRYPTION ALGORITHM WILL BE INDECIPHERABLE. METTL MAKES NO CLAIMS OR WARRANTIES REGARDING THE VIABILITY, INTEGRITY OR INVINCIBILITY OF THE ENCRYPTION USED, NOR WILL METTL ACCEPT RESPONSIBILITY FOR THE SUCCESS OR FAILURE OF THE SECURE SERVER TO PROPERLY ENCRYPT DATA. BY ACCESSING THE MATERIALS OR ANY OF THE ASSESSMENTS, YOU ASSUME ANY RISKS THAT THE ENCRYPTION MAY BE DECIPHERABLE.
3. LIMITATION OF LIABILITY
3.1. EXCEPT IN RESPECT OF PERSONAL INJURY OR DEATH CAUSED DIRECTLY BY METTL'S OR METTL GROUP'S NEGLIGENCE, THE LIMIT OF METTL'S AND METTL GROUP'S LIABILITY TO YOU OR TO ANY THIRD PARTY FOR ANY AND ALL CLAIMS CONCERNING PERFORMANCE OR NON-PERFORMANCE BY METTL OR ITS AGENTS RELATED TO METTL'S OBLIGATIONS UNDER THIS LICENSE SHALL NOT, IN THE AGGREGATE, EXCEED THE FEES PAID BY YOU TO METTL FOR ACCESS TO AND USE OF THE MATERIALS AND ASSESSMENTS (AS SPECIFIED IN THE ORDER) FOR THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE MONTH IN WHICH THE CLAIM OR CLAIMS ARISE.
3.2. IN NO EVENT SHALL METTL AND METTL GROUP BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, LOSSES OR EXPENSES, INCLUDING, WITHOUT LIMITATION: LOSS OF SALES OR REVENUES, LOSS OF GOODWILL, LOSS OF BUSINESS INFORMATION, OR LOSS OF SAVINGS OR PROFITS, BASED ON ANY THEORY OF LIABILITY ARISING OUT OF OR IN ANY WAY CONNECTED WITH: THIS LICENSE, THE ACCESS, USE OR INTERPRETATION OF THE INFORMATION ON THE MATERIALS, THE ASSESSMENTS, OR ANY INFORMATION ON A LINKED SITE, THE INABILITY TO USE SUCH INFORMATION, OR ANY FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DEFECT, DELAY IN OPERATION OR TRANSMISSION, COMPUTER VIRUS OR LINE OR SYSTEM FAILURE, WHETHER IN TORT (INCLUDING NEGLIGENCE OR STRICT LIABILITY), CONTRACT OR OTHERWISE. THIS PARAGRAPH APPLIES EVEN IF METTL AND METTL GROUP, OR REPRESENTATIVES THEREOF, IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, LOSSES OR EXPENSES.
3.3. WITHOUT LIMITATION TO THE FOREGOING, YOU ACKNOWLEDGE THAT THE MATERIALS, THE ASSESSMENTS AND THE ASSUMPTIONS, INFORMATION AND DATA CONTAINED THEREIN MAY BE INCOMPLETE OR CONDENSED AND THAT THE ASSUMPTIONS, INFORMATION AND DATA OBTAINED THROUGH YOUR ACCESS AND USE OF THE MATERIALS AND THE ASSESSMENTS ARE FOR GENERAL INFORMATION PURPOSES ONLY AND ARE NOT INTENDED AS, NOR IMPLIED TO BE, A SUBSTITUTE FOR PROFESSIONAL ADVICE. IN NO EVENT WILL METTL AND METTL GROUP BE LIABLE TO YOU OR TO ANY THIRD PARTY FOR ANY DECISION MADE OR ACTION TAKEN IN RELIANCE OF THE RESULTS OR CONCLUSIONS OBTAINED THROUGH THE ACCESS AND USE OF SUCH INFORMATION OR DATA.
3.4. YOU ACKNOWLEDGE THAT NO DEFENSE OR INDEMNITY OF ANY KIND IS PROVIDED HEREUNDER BY METTL AND METTL GROUP WITH RESPECT TO ANY CLAIM, DEMAND, CAUSE OF ACTION, COST, LOSS, DAMAGE, EXPENSE OR LIABILITY ARISING FROM OR BASED ON YOUR OR ANY THIRD PARTY'S USE OF OR INABILITY TO USE THE MATERIALS OR THE ASSESSMENTS.
3.5. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN DAMAGES, SO THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU. YOU MAY HAVE OTHER RIGHTS WHICH VARY FROM COUNTRY TO COUNTRY. ANY RIGHTS WHICH YOU MAY HAVE AS A RESULT OF THE APPLICATION OF APPLICABLE LAWS IN THESE JURISDICTIONS SHALL NOT BE AFFECTED BY THIS DISCLAIMER OF LIABILITY.
4. INTELLECTUAL PROPERTY RIGHTS
4.1. You agree and acknowledge that the Materials and the Assessments, including, without limitation, the information contained in their databases, their table structures, queries, and reports, their arrangement, organization, and methods of interactions, the algorithms and other database artifacts, the sites' structure, all textual and graphical materials, and all technical information and other content appearing on the sites and their modifications and enhancements, the Materials and the Assessments are confidential and trade secret information that is proprietary to and owned solely by Mettl, together with all related copyrights and trademarks. Mettl retains the exclusive and sole ownership of the Materials and Assessments.
4.2. You agree to hold all such proprietary and confidential information of Mettl in strictest confidence. You may not modify, sell, transfer or otherwise provide any of the proprietary and confidential information, in whole or in part, in any form to any person or entity who is not a User, the Client or an employee of Mettl or Local Mettl Affiliate who needs access to the information to facilitate your licensed access and use of the Materials and the Assessments without Mettl's prior written permission.
4.3. With respect to the Platform and to the extent you load any data into the Materials, you represent and warrant that you have been granted permission to do so by such third party or individuals. You agree to defend, indemnify and hold Mettl and its Affiliates harmless from any and all losses, damages or liabilities incurred by Mettl or its Affiliates as a result of your breach of the foregoing obligations.
4.4. You may not create derivative works of, or decompile, reverse engineer, translate or disassemble the Materials or the Assessments, in whole or in part, except as expressly permitted by applicable law.
4.5. You may not create or store in electronic form any shared library, data warehouse, archive, cache or frame of the data or information contained in the Materials or the Assessments.
4.6. Nothing contained herein shall be deemed to confer by implication, estoppel or otherwise, any license or any other grant of right to use any trademark, copyright, or any other intellectual property right of Mettl or any third party. The “Mettl“ and “Induslynk“ name are Mettl's trademarks. All other product and company names belong to their respective owners. You agree that you will take no action inconsistent with this paragraph 4.6.
4.7. Except as required herein, you agree not to use Mettl's intellectual property in the press and not to refer to Mettl or attribute any information to Mettl in the press, for advertising or promotional purposes, or for the purpose of informing or influencing any other party without Mettl's prior written consent.
4.8. You will be responsible for any access to, or use or disclosure of Mettl's confidential and proprietary information by you and/or any of your Users to any third party and, further, shall indemnify and hold harmless Mettl for any and all loss, damage or liability incurred by Mettl as a result of (i) a breach by you or any other party to whom you may have provided access to the Materials of any or all of the obligations contained in this License and/or (ii) a breach by you or any other party to whom you may have provided access to the Assessment of any or all the obligations contained in this License.
4.9. You may (subject to paragraph 4.10 below) access, extract and re-utilize any insubstantial parts of the content of the Assessments (as defined in the Order) for internal research purposes related to your own employment related decisions only which is limited to: (i) making searches of the Assessments; (ii) making one or more copies in hard copy form of the output of any search provided that such copies may not be sold and may not be distributed to anyone who is not a User; and (iii) extracting, paraphrasing or summarizing insubstantial parts of the Assessments on an occasional, non-systematic and infrequent basis for internal distribution via derivative works and/or reference certain information contained in the Assessments.
4.10. User access, as set out above, is subject at all times to: (i) your own employees to whom insubstantial parts of the Assessments or references to the Assessments are made available, are made aware that such parts or references may not be redistributed or sub-licensed; and (ii) such parts or references to the Assessments are properly attributed to Mettl.
4.11. Except as expressly permitted by this License, you will not: copy, cut and paste, email, reproduce, publish, distribute, redistribute, broadcast, transmit, modify, adapt, edit, abstract, create derivative works of, store, archive, publicly display, sell or in any way commercially exploit, in whole or in part, the Material, any of the Assessments, or set up derived databases or materials. Unless you have received Mettl's prior written consent and paid the Competitor Fees, under no circumstances are the Materials, Assessments or the data contained therein to be used for the provision of service bureau, or timesharing, or services of any other kind to your clients, customers or any other third parties.
4.12. Mettl reserves the right to add to, remove from or edit the contents or change the form of the Assessments and the Materials at any time with or without notice.
4.13. Mettl reserves the right to monitor usage by you (in terms of volume, frequency or otherwise) of the Materials and the Assessments during the term of this License. In case of unauthorized use of the Materials or any of the Assessments by you, Mettl reserves the right to deny you Access by blocking, without prior notification, the IP address(es) that you used to access the Materials and the Assessments.
4.14. This License does not constitute a sale of the Materials, the Assessments or any part of them and, except as expressly provided for in this Agreement, no rights or licenses, express or implied, are hereby granted to you in respect of the Materials or the Assessments. You acknowledge that as between you and Mettl, Mettl (or its licensors) is throughout the world the proprietor subsisting in the Materials and the Assessments it produced. Nothing herein contained shall be construed so as to transfer any intellectual property rights whatsoever in the Materials or any of the Assessments to you or the Client.
5. OTHER SERVICES
5.1. Subject to the Order, Mettl may provide you and where applicable the Client with other services for an additional fee. Such other services to be provided will be as mutually agreed between Mettl and you in the Order. Mettl will provide a help desk during normal business hours if you or the Client has any questions about how to access and use the Materials or any of the Assessments.
5.2. You, or where necessary the Client, will be responsible for obtaining and maintaining all requisite computer systems, communication lines and equipment (the 'Systems') needed for access to and use of the Materials and the Assessments and all charges related thereto. You, or where necessary the Client, acknowledge that the speed of the Materials and the Assessments and the Access will depend upon the quality of your own Systems, connection to and extent of your use of the Internet.
5.3. Mettl may offer additional services such as a remote proctoring technology that can be configured on Mettl's or the Client's Systems, as applicable, for monitoring the users during assessments to conduct secure virtual exams ('Software') that includes, without limitation, artificial intelligence (AI) powered live proctoring or human proctoring (as the case may be), Mettl Proctoring as a Service (MPaaS), and such related aspects. Such additional services and corresponding fees for such additional services shall be further detailed in the applicable Order if the Client wishes to procure such services.
5.4. If the Client opts to procure such additional services as set out in Section 5.3, the Client will be provided with an admin access to the Software to monitor the videos and audio during such Assessments real time, or audit recorded media generated, through proctoring, as applicable to the arrangement agreed between the parties. Client acknowledges and agrees that it shall be solely responsible, and hold Mettl and its Affiliates harmless, for (i) any tampering, deletion, leak or unauthorized use of the video and audio media files by the employee/authorized person of the Client through the admin access, and (ii) procuring and maintaining its network connections and telecommunications links from its systems to Mettl's data centres, and/or all problems, conditions, delays, delivery failures, or any other loss or damage arising from or relating to the Client's network connections or telecommunications links or caused by the internet. The Client shall also be solely responsible to inform the affected user about such monitoring and recording, and obtain all relevant consent for the such monitoring and recording during the Assessments, including the Client's potential or actual use of the recording for audit or monitoring purposes. In addition to the foregoing, Mettl shall not be responsible or liable for any failure to provide such additional services if the Client fails to inform the affected user, or the affected user fails, to allow applicable and relevant remote access to the affected user's system for the purposes of the additional services. Notwithstanding anything to the contrary in this Agreement, Mettl may use third parties in the performance of such additional services.
6. USE OF THE INTERNET
You should be aware that the Internet is not a fully secure medium, and therefore confidentiality cannot be totally guaranteed. Mettl will not be liable for any harm or damage you, the Client or a third party may experience by sending privileged or confidential information to it over the Internet or by e-mail. The performance of the Internet may fluctuate and will be limited by the bandwidth of your connection to the Internet. Mettl makes no warranties or claims as to the performance of the Materials or Assessments system in your computer environment.
7. CONFIDENTIAL INFORMATION
7.1. You will keep confidential and will not share with any third party any password that is provided to you to access to the Materials or any of the Assessments.
7.2. Mettl will regard and preserve as confidential the information that you provide for inclusion in the database used to publish the Assessments. Notwithstanding the foregoing, you hereby grant Mettl and Mettl Group a perpetual, non-exclusive, royalty-free license to copy, modify and use any information and data supplied by you or on your behalf so that Mettl or Mettl Group may create analytical trend data (in anonymous form) and in order to improve the quality of Mettl's advice to its clients, including its use in the Assessments. Mettl will not disclose any information in a manner that allows particular clients or individuals to be identified. Notwithstanding the foregoing and to the extent applicable, you agree that your name may appear in a list of participating organizations for reports containing such analytical trend data.
7.3. You agree that Mettl may retain copies of the confidential information under a continuing duty of confidentiality for the purpose of complying with its legal and regulatory obligations and to defend its work product.
8. USE OF PERSONAL INFORMATION
Each of us and our respective Affiliates (as defined below) will comply with our respective obligations arising from data protection and privacy laws in effect from time to time to the extent applicable to this License and the access and use of the Materials and the Assessments. This includes, without limitation, (i) the obligation, if any, of you, Client or the Client's Affiliates, to obtain any required consent(s) in respect of the transfer of information to Mettl by you, the Client or any third party relating to an identified or identifiable individual that is subject to applicable data protection, privacy or other similar laws ('Personal Information'), (ii) any obligation with respect to the creation or collection of additional Personal Information by Mettl, and (iii) any obligation with respect to the use, disclosure and transfer by Mettl of Personal Information as necessary with respect to access and use of the information on the Materials or the Assessments or for Mettl to perform any services to you or the Client or as expressly permitted under this License. Subject to the section entitled 'Confidential Information,' any use or processing by Mettl of Personal Information supplied by or on your behalf in connection with the Materials or the Assessments shall be done solely on your behalf. Mettl shall handle such Personal Information in accordance with your reasonable instructions as may be provided from time to time or as reasonably necessary with respect to access and use of the information on the Materials and in the Assessments and shall not handle such Personal Information in a manner inconsistent with the terms of this License. Mettl also confirms that it has taken appropriate technical and organizational measures intended to prevent the unauthorized or unlawful processing of Personal Information and the accidental loss or destruction of, or damage to, Personal Information. All information that you submit through your Access may be stored and processed in the country in which you submit it, and in some cases, in India. For purposes of this License, 'Affiliates' means, with respect to either party, any entity directly or indirectly controlling, controlled by or under common control with such party.
If Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation) applies to the parties' processing of personal data under this Agreement, the parties agree to comply with the terms of the Data Processing Addendum in Schedule 2.
9. EXPORT/IMPORT RESTRICTIONS AND TARIFFS
The Materials and Assessments may not be available through Mettl to any Restricted Entity. You shall not provide access to the Materials or the Assessments to anyone for use in any country or used in any manner prohibited by the European Union trade sanctions or export control laws. Furthermore, you will comply with any trade sanctions and export and import control laws of the countries and jurisdictions where you access and use the Materials and the Assessments or receives copies of any technical information or other materials. You agree to indemnify, defend Mettl and hold Mettl harmless from any fines or other penalties arising from a violation of this section. You agree to indemnify, defend Mettl and hold Mettl harmless from any tariffs, import or export taxes, levied with respect to the Materials and the Assessments by jurisdictions in which you use the Materials or the Assessments. For the purpose of this section, 'Restricted Entity' shall mean any individual, organization or other entity owned or controlled by, or acting as an agent for, any person or entity who is the subject of an asset freeze or otherwise designated under United Nations Security Council Resolutions, or the trade sanctions laws of the EU, or other governments of jurisdictions in which you are based or operated and from which the Materials or the Assessments may be accessed.
10. PROHIBITED USE
You shall ensure that all Users and the Client shall comply with the 'Prohibited Use' as set out in Schedule 1.
11. UNFORESEEN EVENTS
We agree that neither of us shall have any liability for any failure or delay in performance of our obligations under this Agreement or the Order because of circumstances beyond our reasonable control, including, without limitation, pandemics, epidemics, acts of God, fires, floods, earthquakes, acts of war or terrorism, civil disturbances, sabotage, accidents, unusually severe weather, governmental actions, power failures, computer/network viruses that are not preventable through generally available retail products, catastrophic hardware failures or attacks on its servers that affect either party or its Affiliates or subcontractors involved in the provision of the Services. Neither party shall be in breach of this Agreement or the Order nor shall they be liable for delay in performing, or failure to perform, any of its obligations under this Agreement or the Order if such delay or failure results from events beyond their reasonable control.
12. JURISDICTION
12.1. Each party hereby irrevocably agrees that this License and the Order and any controversy or claim of whatever nature arising out of or relating to them or breach thereof shall be construed, interpreted and governed by the laws of India. The jurisdictional venue for any proceedings involving this Agreement and/or the Order shall be the exclusive jurisdiction of the courts of New Delhi, India. Notwithstanding the foregoing, any disputes shall be referred and submitted for arbitration in accordance with the India Arbitration and Conciliation Act, 1996 and subsequent amendments currently in force. The number of arbitrator shall be one, and the language shall be English. The decision and award of the arbitration shall be final and binding on the parties.
12.2. You acknowledge that Mettl will be irreparably harmed if your obligations under this License are not specifically enforced and that it would not have an adequate remedy at law in the event of an actual or threatened violation by you of your obligations. Therefore, you agree that Mettl will be entitled to an injunction or any appropriate decree of specific performance for any actual or threatened violations or breaches by you, or any of the Users, without the necessity of showing actual damages or that monetary damages would not afford an adequate remedy.
12.3. The English language version of this License shall prevail over any translation thereof into another language.Unless expressly agreed in writing between the parties and to the extent of subject matter thereof, the 3 links (License agreement, Terms of Service, Privacy Policy collectively referred to as “Click-Wrap Agreement”) will prevail as regards any past or future document executed between the parties
13. Not in use.
14. ENTIRE AGREEMENT
THIS LICENSE AND THE ORDER CONSTITUTE THE ENTIRE AGREEMENT BETWEEN YOU, THE CLIENT AND METTL WITH RESPECT TO THE SUBJECT MATTER THEREOF AND SUPERSEDE ANY AND ALL PRIOR PROPOSALS, UNDERSTANDINGS, REPRESENTATIONS AND/OR AGREEMENTS, WHETHER ORAL OR WRITTEN, AND ALL OTHER COMMUNICATIONS BETWEEN THE PARTIES RELATING THERETO. INVOICES, PURCHASE ORDERS, PURCHASE ORDER ACKNOWLEDGMENTS AND ANY TERMS AND CONDITIONS SET FORTH ON SUCH DOCUMENTS OR ANY SIMILAR DOCUMENTS SHALL BE FOR THE ISSUING PARTY'S INTERNAL PURPOSES ONLY. THE PARTIES SPECIFICALLY REJECT ANY SUCH TERMS AND CONDITIONS. ANY ADDITIONAL TERMS INCLUDED IN SUCH DOCUMENTS SHALL NOT BE CONSIDERED TO BE VALID OR IN ANY WAY INCORPORATED UNDER THIS AGREEMENT EVEN IF SUCH DOCUMENTS ARE ACKNOWLEDGED OR ACCEPTED BY THE RECEIVING PARTY.
WITH RESPECT TO THE MATERIALS AND THE ASSESSMENTS, IN THE EVENT OF ANY CONFLICT OR INCONSISTENCY BETWEEN A PROVISION OF THIS LICENSE AND A PROVISION OF ANY OTHER AGREEMENT BETWEEN YOU AND METTL, THE APPLICABLE PROVISION OF THIS LICENSE SHALL CONTROL.
15. TRANSFER/ASSIGNMENT
15.1. ACCESS TO THE MATERIALS AND ASSESSMENTS IS LICENSED ONLY TO YOU (AND THE PERMITTED USERS). YOU MAY NOT RENT, LEASE, SUBLICENSE, SELL, ASSIGN, PLEDGE, TRANSFER OR OTHERWISE DISPOSE OF THE ACCESS TO THE MATERIALS OR THE ASSESSMENTS, OR ANY OF YOUR RIGHTS OR OBLIGATIONS UNDER THIS LICENSE, IN WHOLE OR IN PART, TO ANY OTHER PARTY, INCLUDING, WITHOUT LIMITATION, YOUR EMPLOYEES WHO ARE NOT USERS, ON A TEMPORARY OR PERMANENT BASIS, WITHOUT METTL'S PRIOR WRITTEN CONSENT. ANY PURPORTED ASSIGNMENT IN VIOLATION OF THIS PARAGRAPH WILL BE VOID AND CONSTITUTE A MATERIAL BREACH OF THIS LICENSE.
15.2. THIS LICENSE IS BINDING UPON AND SHALL INURE TO THE BENEFIT OF ALL PARTIES AND THEIR RESPECTIVE SUCESSORS, HEIRS, EXECUTOR, ADMINISTRATORS, PERSONAL REPRESENTATIVES AND PERMITTED ASSIGNS.
16. SUBCONTRACTING
In order to provide the Access in the most efficient manner, Mettl may sub-contract appropriate parts of the Access to a trusted third party or parties who may be located anywhere in the world. Notwithstanding paragraphs 7 and 8 of the License, in the event that the third party processes personal data, Mettl will ensure that such third party agrees in writing to act only on Mettl's instructions and provides appropriate guarantees in respect of the technical and organizational security measures governing the processing to be carried out. Mettl will take all reasonable steps to ensure compliance with those measures. Where such third party is located outside the European Economic Area, Mettl will take all necessary steps to ensure that the processing of any personal data by the third party, including its transfer to the third party, complies with all relevant data protection and privacy laws.
17. OTHER
17.1. Severability. It is the intent of the parties that the provisions of this License shall be enforced to the fullest extent permitted by applicable law. To the extent that the terms set forth in this License or any word, phrase, clause or sentence is found to be illegal or unenforceable for any reason, such word, phrase, clause or sentence shall be modified deleted or interpreted in such a manner so as to afford the party for whose benefit it was intended the fullest benefit commensurate with making this License as modified, enforceable and the balance of this License shall not be affected thereby, the balance being construed as severable and independent.
17.2. Modification and Waiver. Mettl reserves the right to amend this License as necessary from time to time. Any other modification or waiver of the provisions of this License and the Order shall be effective only if made in writing and signed by both parties. The failure by a party to insist upon strict performance of any provisions of this License shall not be construed as a waiver of such party's rights arising out of any subsequent default of the same or similar nature. Any use of pre-printed, standard or posted term forms, including without limitation purchase orders, shrink-wrap agreements, click-wrap agreements, acknowledgements or invoices provided by the Client or the User, are for administrative and convenience use only and any terms and conditions stated therein shall not have the ability, unless expressly agreed between the parties, to modify or override the terms contained in this License.
17.3. Survival. The following provisions will survive any expiration, termination or rescission of this License: 2 to 4 and 12 to 17.
17.4. Third Party Beneficiaries. Neither this License nor access and use of the information on the Materials or the provision of the Access is intended to confer any right or benefit on any third party.
17.5. Term and Termination. Unless you have been granted access to the Materials and Assessments for a trial period (the 'Trial Period') or trial credits (the 'Trial Credits'), this License will continue for the period as stated in the Order unless terminated earlier in accordance with the Order. If you have been granted a thirty (30) day trial, your access will automatically terminate at the end of the Trial Period or the utilization of the Trial Credits, whichever occurs first. In the event you terminate the Order for convenience prior to the end of the Term (as defined in the Order), you may be required to pay termination fees to the extent provided in such Order. Mettl may terminate the Order and this License immediately if you fail to comply with any term or condition of this License, or upon thirty (30) days written notice to you, at its sole discretion. You agree upon termination for any reason to return any materials associated with the Materials and the Assessments in your possession together with all copies in any form.
Mettl may terminate this License or any particular Order, immediately upon written notice to you if Mettl reasonably determines that the provision of Services would violate applicable laws or professional regulations or expose Mettl or the Mettl Group to any sanction, prohibition, or restriction under United Nations Security Council Resolutions or under other trade or economic sanctions, laws or regulations.
17.6. Marketing. Any public statement, marketing material, press releases or the like that contain the whole or any part of the Materials or any of the Assessments shall only be (a) disclosed with the prior written consent of Mettl; and (b) accompanied by an acknowledgement that any such data, information or figures are supplied by Mettl. Either party may use the other party's name and logo in its publicity, provided that any reference to the other party beyond its name or logo will be subject to prior approval of the party whose name and logo is being used.
17.7. Notices. Any notice which is to be given by one party to the other under the License or the Order will be given in writing (other than email). It will be effective if delivered to the address of the other party set out in the Order or any other address specified subsequently. A notice will be effective 48 hours after delivery. Either party may change its address for service by giving notice to the other party in accordance with this paragraph 17.8.
17.8. Consent to Disclose. You agree that Mettl is entitled to disclose information relating to this License or you to regulators having jurisdiction over its business. You also agree that, notwithstanding any other provision in this License, Mettl may include the identities of those persons who are identified by you as contacts persons for you and information about the terms of this License in their internal client management, financial and conflict checking database.
17.9. This License shall be read together with the Terms of Services (available at https://mettl.com/terms-of-services ) and the Terms of Services shall be in addition to the terms set forth in this License. in the event of a conflict or inconsistency between the terms of this License that those of that the Terms of Services, (a) the terms of this License shall prevail to the extent related to the use and access of the Platform and/or use of the Materials, and (b) the terms of the Terms of Services shall prevail to the extent related to the use and access of the website.
Should you have questions regarding this License, you may contact your Mettl contact person.
Schedule 1
PROHIBITED USE
In relation to the use of the Materials and Assessments and Access to the Platform, you shall ensure that you, the Users and the Client shall not:
Resell the usage, functionalities or services provided in the Platform;
Host, display, upload, modify, publish, transmit, update, share or otherwise, any information, material or content that does not belong or licensed to you, the Users or the Client;
Host, display, upload, modify, publish, transmit, update, share or otherwise, any information, material or content which is harmful, harassing, defamatory, blasphemous, offensive, obscene, pornographic, pedophilic, libelous, invasive of others' privacy, hateful, racially or ethically objectionable, disparaging, relating or encouraging gambling, money laundering or engaging in activities which would cause offence to others on grounds of race, religion, creed, or sex or is otherwise unlawful in any manner;
Host, display, upload, modify, publish, transmit, update, share or otherwise, any information, material or content which causes harm or attempt to harm minors in any way;
Create, host, display, upload, modify, publish, transmit, update, share or otherwise, any information, material or content which infringes the copyright, trademark, patent, trade secret or other intellectual property or proprietary rights of any person;
Host, display, upload, modify, publish, transmit, update, share or otherwise, any information, material or content for unlawful purpose;
Host, display, upload, modify, publish, transmit, update, share or otherwise, any information, material or content to impersonate another person or for the purpose of impersonation;
Host, display, upload, modify, publish, transmit, update, share or otherwise, any information, material or content that contains virus or any other computer codes, files or programs that are designed to harm, interrupt, destroy or limit Mettl?s system or networks;
Host, display, upload, modify, publish, transmit, update, share or otherwise, any information, material or content that threatens the unity, integrity, defence, security or sovereignty of India, its relations with foreign states, or public order, or causes incitement to the commission of any cognizable offence, or prevents investigation of any offence, or is insulting to any nation;
Use and Access the Platform in any manner which is not permitted under the License and the Order; and
Use and Access the Platform for any unauthorized marketing purposes or for sending any unsolicited materials or advertisements.
Schedule 2
Data Processing Addendum (DPA)
1. Introduction
1.1. The parties acknowledge and agree that this DPA:
1. 1. 1.sets out:
the data protection terms that are required under the GDPR in relation to the Processing of Personal Data that Mercer undertakes as Processor;
the parties’ respective obligations where the parties each act as Controllers; and
all other terms governing the parties’ Processing of Personal Data in connection with the Agreement;
1. 1. 2.applies solely to the extent that: (i) the Services are provided by Mercer or its Affiliates from an establishment within the EEA or the United Kingdom; or (ii) the Services involve Mercer or its Affiliates processing Personal Data relating to the offering of goods or services to Data Subjects in the EEA or the United Kingdom or to the monitoring of their behaviour as far as such behaviour takes place within the EEA or the United Kingdom.
2. Definitions
2.1. Capitalised terms used but not defined in this DPA shall have the meaning set forth in the Agreement.
2.2. The following terms have the following meanings when used in this DPA:
UK Actuarial Services has the meaning given in clause 4.1.
Affiliate means, with respect to a party, an entity that (directly or indirectly) controls, is controlled by or is under common control with, such party, where control refers to the power to direct or cause the direction of the management policies of another entity, whether through ownership of voting securities, by contract or otherwise.
Applicable Law means law that applies to Mercer as the provider of UK Actuarial Services and Spanish, Portuguese and French Broking Services and any other obligations, guidance or codes of practice that Mercer is subject to in respect of the provision of those services.
Client means the entity designated “Client” in the master services agreement,save that it shall mean the relevant Affiliate of that entity (the Client Recipient) in respect of Services that Affiliate receives from a Mercer Affiliate under a Statement of Work.
Controller means the natural or legal person which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
Data Protection Laws means the EU GDPR, the UK GDPR and all other mandatory laws and regulations of the European Union, the European Economic Area and their member states and the United Kingdom, including the United Kingdom Data Protection Act 2018 and any data protection laws substantially amending, replacing or superseding the EU GDPR or the UK GDPR, applicable to the parties’ Processing of Personal Data under the Agreement.
Data Subject means the individual to whom Personal Data relates.
Data Subject Request means a Data Subject's request to access, correct, amend, transfer or delete that person's Personal Data consistent with that person’s rights under Data Protection Laws.
EEA means European Economic Area and, in connection with the use of the EEA Standard pursuant to clause 12, Switzerland.
EU GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation).
Mercer means the entity designated “Mercer” in the master services agreement, save that it shall mean the relevant Affiliate of that entity (the Mercer Provider) in respect of Services that Affiliate provides under a Statement of Work.
Personal Data means any information relating to an identified or identifiable natural person provided by or on behalf of Client to Mercer as part of the Services; an identifiable natural person, is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person.
Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data, transmitted, stored or otherwise Processed.
Processing, Processed or Process means any operation or set of operations which is performed by either party as part of, or in connection with, the Services upon Personal Data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
Processor has the meaning given in the Data Protection Laws.
Regulator means any supervisory authority with authority under Data Protection Laws over the Processing of Personal Data.
Services means all the services performed under the Agreement.
Spanish, Portuguese and French Broking Services has the meaning given in clause 4.1.
Standard Contractual Clauses means any agreement for the transfer of personal data to third countries approved by the European Commission, the United Kingdom Government or the United Kingdom Information Commissioner’s Office (as applicable), including the agreement in the form annexed to the European Commission's decision of 4 June 2021.
Statement of Work means a statement of work entered into by a Client Recipient and a Mercer Provider under a master services agreement.
Sub-processor means a subcontractor engaged by Mercer or its Affiliates that will Process Personal Data as part of the performance of the Services where Mercer acts as a Processor.
UK GDPR means the EU GDPR as adopted and amended by the national law of the United Kingdom.
Workforce Products means the following Mercer products: (1) Mercer remuneration and policy surveys and guides (other than Sirota), (2) the Global Data Acquisition Program and (3) Mercer Comptryx.
3. Relationship with the Agreement
3.1. In the event of a conflict between the terms of the Agreement and the terms of this DPA, the terms of this DPA shall prevail.
4. Processing of Personal Data
4.1. Roles of the Parties
4. 1. 1.The parties acknowledge and agree that (to the extent applicable):
Client and Mercer each act as Controllers in connection with the Processing of Personal Data in relation to any actuarial services provided in the United Kingdom under the Agreement by a member of the Institute and Faculty of Actuaries (the “UK Actuarial Services”);
Client and Mercer each act as Controllers in connection with the Processing of Personal Data in relation to any insurance broking services provided in Spain, Portugal and France (the “Spanish, Portuguese and French Broking Services”);
Client and Mercer each act as Controllers in connection with the Processing of Personal Data in relation to the provision of the Workforce Products;
Mercer acts as Controller when Processing Personal Data for the following business and operational purposes: (1) managing our client relationship; (2) carrying out fraud, anti-money laundering, sanctions and any other checks and investigating and prosecuting fraud, money laundering or sanctions violations in connection with the establishment and maintenance of a client relationship and provision of services; (3) where required for compliance with legal and regulatory obligations; (4) the defence or potential defence of legal claims or complaints; and (5) for data analytics as described at clause 13.
except as set out in clauses 4.1(a)(i), (ii), (iii) and (iv), Mercer acts as a Processor with respect to Personal Data; and
in the event that, during the course of the Agreement, in response to emerging guidance or legislation Mercer considers that its categorisation for any Processing carried out under the Agreement should change: (i) from Controller to Processor; or (ii) from Processor to Controller, Mercer shall provide written notice of this change to Client and the parties agree that the terms under this DPA relating to the new status shall apply to all Processing from date of receipt of such notice.
4. 1. 2.Client has engaged Mercer to provide certain services as detailed in the Agreement.
4.2. Client's Processing of Personal Data – General Obligations
4. 2. 1.In respect of the parties’ Processing, Client shall:
comply with Data Protection Laws and ensure that any instructions it issues to Mercer shall comply with Data Protection Laws; and
have sole responsibility for the accuracy, quality, and legality of Personal Data, and the means by which Client acquired Personal Data and shall establish the legal basis for Processing under Data Protection Laws.
4. 2. 2.Client warrants that:
the disclosure of Personal Data to Mercer is limited to what is necessary in order for Mercer to perform the Services; and
such Personal Data is accurate and up-to-date at the time that it is provided to Mercer.
4. 2. 3.Client shall:
collect Personal Data in a manner compliant with Data Protection Laws, including by providing all notices and obtaining all consents as may be required under Data Protection Laws in order for Mercer to lawfully and fairly Process Personal Data in connection with the provision of the Services and as otherwise contemplated by this DPA and the remainder of the Agreement. Privacy notices detailing Mercer’s Processing as a Controller can be found at https://uk.mercer.com/data-protection.html; and
notify Mercer upon becoming aware that Personal Data has become inaccurate or out of date.
4.3. Mercer's Processing of Personal Data – General Obligations
4. 3. 1.Where Mercer Processes Personal Data as a Controller, Mercer shall only Process Personal Data:
to the extent that it is reasonably necessary for the purposes of providing any UK Actuarial Services or Spanish, Portuguese and French Broking Services or Workforce Products and as required by Applicable Law; and
as otherwise set out in the Agreement (including this DPA).
4. 3. 2.Where Mercer Processes Personal Data as a Processor, it shall comply with the Data Protection Laws as they apply to Mercer as a Processor and only Process Personal Data in accordance with Client's instructions or as required by law. Client instructs Mercer to Process Personal Data to perform the Services and as described in the DPA and the remainder of the Agreement including Processing initiated by Data Subjects in their use of the Services where applicable.
4. 3. 3.This DPA and the Agreement are Client’s complete and final instructions to Mercer for the Processing of Personal Data. Mercer shall not be bound by additional or alternate instructions except pursuant to the parties’ mutual written agreement.
4. 3. 4.Without prejudice to Client’s obligations under clause 4.2(a)(i), Mercer shall inform Client if, in its reasonable opinion, an instruction issued by Client infringes Data Protection Laws and shall, without liability, be entitled to stop Processing Personal Data in accordance with such infringing instruction. The parties acknowledge and agree that a failure or delay by Mercer to identify that an instruction infringes Data Protection Laws shall not cause Mercer to be in breach of this Agreement nor relieve Client from its liability under this Agreement.
4.4. Compliance with Data Protection Laws
In respect of the Personal Data for which Client and Mercer each act as Controllers, Client and Mercer shall each comply with their respective obligations as Controllers under Data Protection Laws, except to the extent that this DPA allocates responsibility for compliance with a particular requirement under Data Protection Laws to one party.
4.5. Purpose; Categories of Personal Data and Data Subject
The purpose of Processing of Personal Data by Mercer is the performance of the Services pursuant to the Agreement. The types of Personal Data and categories of Data Subject Processed by Mercer, when acting as a Processor, under this DPA are further specified in Attachment 1 (Data Processing Details Addendum) to this DPA.
4.6. Limitation on Disclosure
Mercer shall not disclose Personal Data to any third parties without Client’s prior consent, except as required by law or permitted by the Agreement. Without limiting the generality of the foregoing, Mercer may disclose Personal Data to Processors and Sub-processors (including Mercer Affiliates acting in such capacities) engaged as described in clause 10.
4.7. Confidentiality
Mercer shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data and are subject to binding confidentiality obligations.
5. Data Subject Rights; Other Complaints and Requests
5.1. Data Subject Requests
5. 1. 1.If Mercer receives a Data Subject Request (whether as a Processor or a Controller):
Mercer shall, to the extent permitted by law, promptly notify Client upon receipt of a Data Subject Request. Following receipt of a Data Subject Request, Mercer may contact the relevant Data Subject to acknowledge receipt of the Data Subject Request and to notify the Data Subject that it has referred the Data Subject Request to Client, but Mercer shall otherwise not respond to any Data Subject Request without Client’s prior written instructions;
Client shall handle the Data Subject Request in accordance with Data Protection Laws; and
Mercer shall provide such commercially reasonable assistance as Client may reasonably request to help Client fulfil its obligations under Data Protection Laws to respond to Data Subject Requests. Client shall be responsible for any reasonable costs arising from Mercer’s provision of such assistance.
5.2. Other Complaints and Requests
5. 2. 1.Mercer shall, to the extent permitted by law, promptly notify Client upon receipt of any complaint or request (other than Data Subject Requests or enquiries of Regulators described in clause 6) relating to: (a) Client’s obligations under Data Protection Laws; or (b) Personal Data.
5. 2. 2.Unless otherwise agreed between the parties, Client shall handle the relevant request or complaint in accordance with Data Protection Laws.
5. 2. 3.Mercer shall provide such commercially reasonable assistance as Client may reasonably request in relation to such complaint or request. Client shall be responsible for any reasonable costs arising from Mercer’s provision of such assistance.
6. Cooperation with Regulators and Conduct of Claims
6.1. Mercer shall notify Client of all enquiries from a Regulator that Mercer receives which relate to the Processing of Personal Data, unless prohibited from doing so at law or by the Regulator.
6.2. Unless a Regulator requests in writing to engage directly with Mercer or the parties (acting reasonably and taking into account the subject matter of the request) agree that Mercer shall handle a Regulator request itself, Client shall:
6. 2. 1.be responsible for all communications or correspondence with the Regulator in relation to the Processing of Personal Data; and
6. 2. 2.keep Mercer informed of such communications or correspondence to the extent permitted by law.
7. Security
7.1. Mercer shall take the technical and organisational measures set out in Attachment 2 (Security Measures) to protect the confidentiality, integrity, availability and resilience of Mercer systems which are involved in Processing Personal Data.
7.2. Client has assessed the level of security appropriate to the Processing in the context of its obligations under Data Protection Laws and agrees that the security measures set out in Attachment 2 (Security Measures) are consistent with such assessment.
7.3. Mercer certifies that: (i) it has not and will not create back doors (non-transparent access capabilities) or similar programming that could be used to access its systems and/or the Personal Data; (ii) it has not and will not change its business processes in a way which facilitates unauthorised access to its systems and/or the Personal Data; and (iii) applicable law does not require Mercer to create or maintain back doors or to facilitate unauthorised access to its systems and/or the Personal Data or for Mercer to be in possession of or to hand over to any third party keys to decrypt the Personal Data.
7.4. Client shall take appropriate technical and organisational measures to protect the security of the Personal Data, including ensuring that Personal Data is securely transferred to Mercer.
8. Security Breach Management and Notification
8.1. Mercer shall:
8. 1. 1.notify Client without undue delay upon becoming aware of the occurrence of a Personal Data Breach and provide Client with the following information as it becomes available:
a description of the nature of the Personal Data Breach, including where possible the categories and approximate number of Data Subjects concerned;
the name and contact details of the Mercer contact from whom more information can be obtained; and
a description of the measures taken or proposed to be taken to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects.
8.2. Client shall notify Mercer without undue delay upon becoming aware of the occurrence of a Personal Data Breach involving Mercer, or Mercer’s systems or facilities, personnel, Processors or Sub-processors.
8.3. The parties agree to coordinate in good faith on developing the content of any related public statements and any required notices to the affected Data Subjects and/or the relevant Regulators in connection with a Personal Data Breach, provided that nothing in this clause 8.3 shall prevent either party from complying with its obligations under Data Protection Laws.
9. Return and Deletion of Client Data
9.1. Subject to clause 13, on termination of the Agreement for any reason, or upon written request from Client at any time, Mercer shall cease Processing any Personal Data, and (at Client's direction) return to Client or delete (in accordance with Mercer’s document retention and deletion policies), any Personal Data in Mercer's possession or control, except as required by law or as required in order to defend any actual or possible legal claims.
9.2. Client acknowledges and agrees that Mercer shall have no liability for any losses incurred by Client arising from or in connection with Mercer’s inability to perform the Services as a result of Mercer complying with a request to delete or return Personal Data made by Client pursuant to clause 9.1.
10. Mercer Processors and Sub-processors
10.1. Appointment of Processors and Sub-processors
Client acknowledges and agrees that: (a) Mercer may engage Processors (where Mercer acts as Controller) and Sub-processors (where Mercer acts as Processor) in connection with the provision of the Services; and (b) such Processors and Sub-processors may include Mercer Affiliates.
10.2. Sub-processing Agreement
Mercer shall ensure that its contract with any Sub-processor imposes on the Sub-processor obligations that are equivalent to the obligations to which Mercer is subject under this DPA.
10.3. List of Current Sub-processors and Notification of New Sub-processors
A list of current Sub-processors is available at https://www.uk.mercer.com/data-protection.html. At that location Client may subscribe to receive notifications regarding Mercer’s use of any new Sub-processor not included in such list (“New Sub-processors”) for the Processing of Personal Data. Notification of a New Sub-processor shall be issued to subscribed Clients prior to such New Sub-processor being authorised to Process Personal Data in connection with the provision of the Services.
10.4. Objection Right for New Sub-processors
Client may object to Mercer's use of a New Sub-processor where there are reasonable grounds to believe that the New Sub-processor will be unable to comply with the terms of this DPA or the Agreement. If Client objects to Mercer’s use of a New Sub-processor, Client shall notify Mercer promptly in writing within ten (10) days after notification regarding such Sub-processor. Client’s failure to object in writing within such time period shall constitute approval to use the New Sub- processor. Client acknowledges that the inability to use a particular New Sub-processor may result in delay in performing the Services, inability to perform the Services or increased fees. Mercer will notify Client in writing of any change to Services or fees that would result from Mercer’s inability to use a New Sub-processor to which Client has objected. Client may either execute a written amendment to the Agreement implementing such change or exercise its right to terminate the Agreement in accordance with the termination provisions thereof. Such termination shall not constitute termination for breach of the Agreement. Mercer shall have a right to terminate the Agreement if Client unreasonably objects to a Sub-Processor, or does not agree to a written amendment to the Agreement implementing changes in fees or Services resulting from the inability to use the Sub-processor at issue.
10.5. Responsibility for Sub-processors
Mercer shall be responsible and liable for the acts, omissions or defaults of its Sub-processors in the performance of obligations under this DPA or otherwise as if they were Mercer’s own acts, omissions or defaults.
11. Audits and Requests for Information and Assistance
11.1. Client may audit Mercer’s compliance with its obligations under this DPA, subject to the following requirements:
Client may perform such audits once per year or more frequently if required by Data Protection Laws applicable to Client;
Client may use a third party to perform the audit on its behalf, provided the third party is mutually agreed to by Client and Mercer and executes a confidentially agreement acceptable to Mercer before the audit;
audits must be conducted during regular business hours, subject to Mercer’s policies, and may not unreasonably interfere with Mercer’s business activities;
Client must provide Mercer with any audit reports generated in connection with any audit at no charge unless prohibited by law. Client may use the audit reports only for the purposes of meeting its audit requirements under Data Protection Laws and/or confirming compliance with the requirements of this DPA. The audit reports shall constitute confidential information of the parties under the Agreement;
to request an audit, Client must submit a detailed audit plan to Mercer at least six (6) weeks in advance of the proposed audit date. The audit plan must describe the proposed scope, duration, and start date of the audit. Mercer will review the audit plan and inform Client of any concerns or questions (for example, any request for information that could compromise Mercer’s confidentiality obligations or its security, privacy, employment or other relevant policies). Mercer will work cooperatively with Client to agree on a final audit plan;
nothing in this clause 11.1 shall require Mercer to breach any duties of confidentiality owed to any of its clients or employees;
if the requested audit scope is addressed in an SSAE 18/ISAE 3402 Type 2, ISO, NIST or similar audit report performed by a qualified third party auditor within twelve (12) months of Client’s audit request and Mercer confirms there are no known material changes in the controls audited, Client agrees to accept those findings in lieu of requesting an audit of the controls covered by the report; and
all audits are at Client’s sole cost and expense. Any request for Mercer audit assistance requiring the use of resources different from or in addition to those required for provision of the Services will be considered an additional service for which reasonable additional fees may be charged. Mercer reserves the right to require Client’s written agreement to pay for such fees before providing such audit assistance.
11.2. Each party will be separately responsible for assessing the need to undertake, and the completion of, any data protection impact assessment, including any consultation with a Regulator, under Articles 35 and 36 of the EU GDPR or Articles 35 and 36 of the UK GDPR (as applicable)or otherwise in respect of its use or provision of the Services.
11.3. Where requested by Client, Mercer shall, at Client’s cost, provide Client with such assistance and information as may be reasonably required in order for Client to comply with any obligation to carry out a data protection impact assessment or consult with a Regulator pursuant to Articles 35 and 36 of the EU GDPR or Articles 35 and 36 of the UK GDPR (as applicable), respectively.
11.4. Where requested by Mercer, Client shall, at Mercer’s cost, provide Mercer with such assistance and information as may be reasonably required in order for Mercer to comply with any obligation to carry out a data protection impact assessment or consult with a Regulator pursuant to Articles 35 and 36 of theEU GDPR or Articles 35 and 36 of the UK GDPR (as applicable), respectively.
12. Transfers Outside of the Country of Origin
12.1. Subject to the remainder of this clause 12, Client consents to transfers of Personal Data from the EEA or United Kingdom to Mercer, Mercer’s Affiliates or Mercer’s and Mercer’s Affiliates’ respective Sub-processors based in countries outside the EEA or the United Kingdom.
12.2. Data Transfer Mechanisms where Mercer acts as a Processor
12. 2. 1.Where Mercer, acting as a Processor, transfers of Personal Data, either directly or via onward transfer, from the EEA or the United Kingdom to a recipient in a country not recognised by the European Commission or the United Kingdom Government (as applicable) or Data Protection Laws as providing an adequate level of protection for Personal Data, such transfer shall be covered by a framework recognised by the relevant authorities or courts as providing an adequate level of protection for Personal Data, including but not limited to Standard Contractual Clauses, or binding corporate rules (each a “Data Transfer Mechanism”).
12. 2. 2.Mercer is an affiliate of Marsh & McLennan Companies, Inc. “MMC” and “MMC Group” shall mean the corporate group of MMC. MMC has adopted processor binding corporate rules in the form of the Processor standard, a summary of which is available at https://www.uk.mercer.com/data-protection.html (the “EEA Standard”) in order to provide adequate safeguards for transfers of Personal Data from certain EEA MMC Group Affiliates to certain non-EEA MMC Group Affiliates.
12. 2. 3.MMC has adopted processor binding corporate rules in the form of the Processor standard, (the “UK Standard”) in order to provide adequate safeguards for transfers of Personal Data from certain United Kingdom MMC Group Affiliates to certain non-United Kingdom MMC Group Affiliates.
12. 2. 4.Where Mercer makes a transfer covered by the Standard Mercer warrants that:
it shall comply with all of the provisions of the EEA Standard and the UK Standard; and
it will promptly notify Client, if the data protection authority with competent jurisdiction in the EEA or United Kingdom territory where Client is established withdraws its approval of the EEA Standard or the UK Standard (as applicable).
12. 2. 5.To mitigate risks to the rights and freedoms of the Data Subject, the parties agree that in the case of a transfer of Personal Data to a third country subject to a Data Transfer Mechanism as provided in Clause 12.2(a), the following provisions shall also apply:
Mercer shall ensure that the appropriate technical and organisational measures it implements and maintains address the risks associated with the transfer of Personal Data to the third country; and
Mercer warrants that it will promptly notify Client and, where possible and in cooperation with Client, the relevant Data Subject(s), about any legally binding request for disclosure of Personal Data received from a public or law enforcement authority or upon becoming aware of an actual or documented attempt by a public or law enforcement authority to access Personal Data, unless otherwise prohibited by applicable law. Such notification shall generally include information about the Personal Data requested or subject to the access attempt, the relevant public or law enforcement authority, the legal basis for the request or access attempt (if known to Mercer) and any response provided. If Mercer is prohibited from disclosing such information to Client or the relevant Data Subject(s) by applicable law, Mercer shall use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible.
12.3. Transfer where Mercer acts as a Controller
Where Mercer acts as a Controller and transfers Personal Data outside of the EEA or the United Kingdom or a country recognised by the European Commission or the United Kingdom Government (as applicable) as providing an adequate level of protection for Personal Data, Mercer will ensure that such transfers are covered by a Data Transfer Mechanism.
13. Analytics
13.1. Client agrees that during and after the term of the Agreement, Mercer may use (and share with third parties, such as auditors, who assist Mercer in connection with these purposes) any information, including Personal Data, it collects and uses in connection with the Services, together with information from its other clients, for data analytics purposes, including to create insights, reports and other analytics to improve the quality of and market Mercer’s advice, products and services. The output of such analytics will not identify particular clients or individuals.
13.2. Where the Services involve Mercer interacting directly with Data Subjects via platform use or otherwise, Mercer may carry out further analytics or direct marketing to Data Subjects conditional on Mercer directly providing such Data Subjects with appropriate notices or obtaining from them appropriate consents, as required by Data Protection Laws and Regulations.
14. Termination and General
14.1. This DPA will terminate when Mercer ceases to Process Personal Data, unless otherwise agreed in writing between the parties.
14.2. Liability
The parties agree that all liabilities between them under this DPA and any Standard Contractual Clauses entered into under clause 12.2 will be subject to the limitations and exclusions of liability and other terms of the Agreement, except that such limitations and exclusions of liability will not apply to any party’s liability to Data Subjects under the third party beneficiary provisions of the Standard Contractual Clauses to the extent limitation of such rights is prohibited by Data Protection Laws.
14.3. Exclusion of third party rights
Subject to clause 12.2, Data Subjects are granted third party rights under any Standard Contractual Clauses entered into under clause 12.2. Client Recipients and Mercer Providers who execute a Statement of Work under a master services agreement shall have rights solely in respect of the data processed under that Statement of Work. All other third party rights are excluded.
14.4. Governing Law
To the extent required by applicable Data Protection Laws (e.g., in relation to the governing law of any Standard Contractual Clauses entered into under clause 12.2), this DPA shall be governed by the law of the applicable jurisdiction. In all other cases, this DPA shall be governed by the laws of the jurisdiction specified in the Agreement in respect of the applicable Services.
ATTACHMENT 1
Data Processing Details Addendum
Controller
Client and the Client Affiliates that Process Personal Data for their own business purposes.
Processor
The Processor is Mercer.
Data Subjects
The Personal Data Processed may concern the following categories of Data Subject:
- current, former and potential employees, agents, directors, officers, self-employed contractors of the Client and their spouse and dependents;
- current, former and potential members of Client’s pension scheme and their beneficiaries.
Categories of data
The Personal Data Processed may concern the following categories of data:
Details such as a Data Subject’s name, date of birth, gender, address, email address, telephone number, employer name, employee ID, employment and pensionable service status and periods, dates of absence, employment grade, employee performance, job title, salary and remuneration arrangements, nature and details of current and historic pension arrangements, pension amounts, pension contributions, employee benefit details, insurance cover, marital status, beneficiary details, bank details, national insurance number/national identification number/social security number, underwriting status, business travel information, educational background, passport number, driving licence number, details of power of attorney, pyschometric test results, number of dependents/beneficiaries and/or ill-health status.
Special categories of data (if appropriate)
The Personal Data Processed may concern the following special categories of data:
Details of a Data Subject’s sexual orientation, trade union membership, political affiliation, ill-health status and/or medical records/details.
Processing operations
The Personal Data Processed will be subject to the following basic Processing activities:
Mercer, acting as a Processor, will, depending on the scope of its engagement, Process the Personal Data to perform the Services, to comply with its statutory and regulatory obligations, and to maintain accounts and records. This will involve, among other things, the collection, storage, analysis and disclosure of Personal Data that Mercer receives from (or on behalf of) the Client in accordance with the Agreement.
Duration of Processing
The Personal Data will be processed for as long as required for the Processing activities set out above and as otherwise detailed in the DPA.
ATTACHMENT 2
Security Measures
In satisfaction of its obligation under clause 7.1 of this DPA, Mercer shall implement the following:
1. Organisational management and dedicated staff responsible for the development, implementation and maintenance of Mercer’s information security program.
2. Audit and risk assessment procedures for the purposes of periodic review and assessment of risks to Mercer’s organisation, monitoring and maintaining compliance with Mercer’s policies and procedures, and reporting the condition of its information security and compliance to internal senior management.
3. Data security controls which include at a minimum, but may not be limited to, logical segregation of data, restricted (e.g. role-based) access and monitoring, and utilisation of commercially available and industry standard encryption technologies for Personal Data that is:
transmitted over public networks (i.e. the Internet) or when transmitted wirelessly; or
at rest or stored on portable or removable media (i.e. laptop computers, CD/DVD, USB drives, back-up tapes).
4. Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g. granting access on a need-to-know and least privilege basis, use of unique IDs and passwords for all users, periodic review and revoking/changing access promptly when employment terminates or changes in job functions occur).
5. Password controls designed to manage and control password strength, expiration and usage including prohibiting users from sharing passwords and requiring that Mercer’s passwords that are assigned to its employees: (i) be at least eight (8) characters in length, (ii) not be stored in readable format on Mercer’s computer systems; (iii) must be changed every ninety (90) days; must have defined complexity; (v) must have a history threshold to prevent reuse of recent passwords; and (vi) newly issued passwords must be changed after first use.
6. System audit or event logging and related monitoring procedures to proactively record user access and system activity for routine review.
7. Physical and environmental security of data center, server room facilities and other areas containing Personal Data designed to: (i) protect information assets from unauthorised physical access, (ii) manage, monitor and log movement of persons into and out of Mercer facilities, and (iii) guard against environmental hazards such as heat, fire and water damage.
8. Operational procedures and controls to provide for configuration, monitoring and maintenance of technology and information systems according to prescribed internal and adopted industry standards, including secure disposal of systems and media to render all information or data contained therein as undecipherable or unrecoverable prior to final disposal or release from Mercer’s possession.
9. Change management procedures and tracking mechanisms designed to test, approve and monitor all changes to Mercer’s technology and information assets.
10. Incident / problem management procedures designed to allow Mercer to investigate, respond to, mitigate and notify of events related to Mercer’s technology and information assets.
11. Network security controls that provide for the use of enterprise firewalls and layered DMZ architectures, and intrusion detection systems and other traffic and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack.
12. Vulnerability assessment, patch management and threat protection technologies and scheduled monitoring procedures designed to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code.
13. Business resiliency/continuity and disaster recovery procedures designed to maintain service and/or recovery from foreseeable emergency situations or disasters.
Mercer reserves the right to revise the security measures set out in this Attachment 2 at any time, without notice, so long as any such revisions will not materially reduce or weaken the protection provided for Personal Data that Mercer Processes in the course of providing the Services to Client.