Short Form SOW Terms
TERMS AND CODITIONS (US/EMEA)
"Acceptance" means written, oral or other acceptance (including the provision of a purchase order number by Client) by Client of a Proposal or Statement of Work for the Services or Deliverables.
"Ad-hoc Services" means one-off custom market research or bespoke consultancy services provided by Kantar which are not Continuous Services.
“Affiliate” means any legal entity that directly or indirectly: (i) is Controlled by that party; (ii) Controls that party; or (iii) is under substantially common Control and in relation to Kantar is trading as “Kantar” from time to time and under the common Control of Kantar, (but excluding any operating entities trading as Europanel).
“Agreement” means these terms and conditions together with the applicable SOW and any appendices constitutes the entire agreement between the parties. In the event of a conflict; these terms and conditions prevail over those in the Proposal or SOW.
"Client" means the party to whom the Kantar provides the Services as per the applicable Statement of Work.
“Client Data” means any Materials provided by the Client to Kantar.
“Confidential Information” means all information, data or material of whatsoever nature in any form, which either party, discloses to the other pursuant to this Agreement (including the Proposal and anything the receiving party creates which is derived from or based upon the information, data or materials disclosed to it by the disclosing party).It shall not include any information or materials which: (a) is in or enters into the public domain (other than as a result of disclosure by the receiving party or any third party to whom the receiving party disclosed such information); (b) were already in the lawful possession of the receiving party prior to the disclosure by the disclosing party; (c) are subsequently obtained by the receiving party from a third party who is free to disclose them to the receiving party; or (d) are required to be disclosed by law or regulatory authority.
“Continuous Services” means custom continuous tracking market research or consultancy services and which are not Ad-hoc or Multi-Customer Services provided by Kantar.
“Control” (including “Controlled by” and “under common Control”) as used means the ownership, directly or indirectly, of a majority of the voting shares of such entity or is the ability (directly or indirectly) to appoint a majority of the directors of such entity or the authority to direct the management or policies of such entity, by contract or otherwise. An entity that otherwise qualifies under this definition will be included within the meaning of “Affiliate” even though it qualifies after the execution of this Agreement.
"Data Protection Legislation” means all laws and regulations, including laws and regulations of the European Union (“EU”), the European Economic Area (“EEA”) and their member states, Switzerland and the United Kingdom, applicable to the Processing of Personal Data under the Contract.
"Deliverables" means the specific tangible documentation, work product and other materials that are created solely for Client and expressly identified as such in a SOW and delivered to Client by or on behalf of Kantar while performing the Services, excluding all Multi-Customer Services and Respondent Data.
"Feedback" means all suggestions, comments recommendations, improvements or any other feedback based on the Services and Deliverables provided by Client to Kantar.
“GDPR” means EU General Data Protection Regulation 2016/679 and the terms: “Controller”, “Data Subject”, “Personal Data”, and “Processing” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.
“Intellectual Property Rights” or “IPR” means all trade secrets, patents and patent applications, rights to inventions, copyright (including rights in computer software)and related rights, moral rights, database rights, semiconductor topography rights, utility models, rights in designs, trademarks, service marks, trade or brand names, internet domain names, rights in know-how, rights in confidential information, rights in inventions (whether patentable or not) rights in goodwill or to sue for passing off, and all other intellectual property and proprietary rights and other similar or equivalent rights or forms of protection in each case whether registered or unregistered and including all applications (or rights to apply) for, for renewals and extensions of, such rights as may now or in the future exist anywhere in the world.
“Kantar Materials” means (i) Materials belonging to Kantar which exists at the date of execution of an SOW or issuance of a Client purchase order; (ii) Materials developed by or on behalf of Kantar independently during the term of an SOW which are not Deliverables and have not been created solely for performance of the Services to Client; (iii) Proposals and designs for studies incorporated in a SOW; (iv) data and content developed or collected by or licensed to Kantar prior to or outside the scope of this Agreement or having a generic nature or otherwise being of general applicability to Kantar’s business; and (v) Respondent Data. All copies, reproductions, improvements, modifications, adaptations, translations, Feedback and all other derivative works of, based on or otherwise using any Kantar Materials are themselves also Kantar Materials. As between Kantar and Client, Kantar shall own all Intellectual Property Rights in and to Kantar Materials.
“Materials” means information, output, documents, reports, data, programmes, plans, products, advertising materials (including appended data, information databases, calculated scores and specialized database applications), software, algorithms, source code, object code, research tools, product taxonomies and dictionaries, analytical techniques and frameworks, methodologies, norms, formulae, works, questionnaires and template questionnaires, systems, computer programs, including application software, platforms, enhancements, supporting documentation and other work processes and information, whether in hard copy or digital format.
“Multi-Customer Services” means the non-custom continuous market research service using Kantar Materials and provided by Kantar to one or more clients.
“Proposal” means the written proposal and/or quotation (exclusive of VAT unless otherwise stated) provided by the Kantar to the Client, which proposal shall be valid for acceptance for 1 month from the date of issue.
“Public Statement” means to make any advertising, marketing, press releases, correspondence with any third parties or similar external communications that contain the whole or any part of the Deliverables or Services.
“Respondents” means individuals responding to market research questions and stimuli and otherwise providing various services to Kantar for the benefit of Kantar’s clients.
“Respondent Data” means all Materials provided by Respondents including answers to survey questions.
“Services” means Ad-hoc Services, Continuous Services, Multi-Customer Services (as the case may be) as specified in the applicable Statement of Work.
“Statement of Work” or “SOW” means the statement of work or Proposal document which sets out the Services or Deliverables purchased by Client and their related fees.
“Subcontractor” means any third party to whom Kantar has delegated any function or obligation to provide the Services or Deliverables to Client excluding Kantar’s Affiliates.
“Term” means the agreed minimum period of the Services as outlined in the applicable Statement of Work.
In these terms and conditions, a reference to the singular includes plural and vice versa (unless the context otherwise requires) and the words and expressions “other”, “including” and “in particular” (or any similar word or expression) do not limit the generality of any preceding words.
1 Term and Termination
This Agreement shall commence once Kantar starts providing Services or Deliverables and shall continue in effect until the earlier of (i) three (3) years or (ii) until terminated in accordance with this Section 1. Either party may terminate this Agreement immediately for cause, if: (a) a party breaches a material obligation of this Agreement and fails to remedy the breach within thirty (30) days of written notice being given to the breaching party. Either Party may terminate this Agreement without cause: (i) with three (3) months written notice for Ad-Hoc Services; or (ii) with six (6) months written notice for Continuous Services and Multi-Customer Services following the expiration of the initial subscription period. If Kantar is unable to or finds it impracticable to continue any Multi-Customer Services or any part of it, Kantar shall be entitled to terminate this Agreement by serving thirty (30) days’ notice at any time. Upon the termination of this Agreement or a SOW, Client shall continue to owe and shall remain liable for any and all Services rendered, Deliverables delivered and any pre-approved out of pocket expenses incurred (on behalf of Client) by Kantar for which Client has not yet rendered payment, including, without limitation, non-cancellable third party charges for services that Kantar has obtained or committed to obtain on Client’s behalf prior to the effective date of termination.
2 Payment of Fees
2.1 Continuous Services and Multi-Customer Services payment of the basic annual fees will be made in quarterly instalments in advance, commencing on the date of Acceptance. For Ad-hoc Services invoicing of the fees shall be based upon the term of the Services as follows: a) SOW’s with a term of less than 2 months 50% on Acceptance and 50% on completion; b) SOW’s with a term of between 2 and 6 months 50% on Acceptance, 40% on commencement of fieldwork and 10% on completion; and c) SOW’s with a term of more than 6 months in equal monthly instalments on the 1st of each month.
2.2 All invoices shall be due on the invoice date and shall be subject to payment within 30 days. Any late payment shall entitle Kantar to charge interest at a rate of 1.5% per month or the maximum permitted by law, whichever is higher t. Client shall pay the interest promptly on demand. Except where already included within the agreed fees; the Kantar shall be entitled to recover reasonable expenses incurred pursuant to the provision of the Services. Any such expense recharge invoices will include a breakdown. Client reserves the right to request on an ad-hoc basis copy receipts for any individual items greater than $250.
2.3 If any amount payable to Kantar is subject to any forms of tax, charge, duty, withholding, deduction, rate, levy and governmental charge (whether national or local) in the nature of tax whatsoever and whenever created, enacted or imposed by any governmental, state, federal, local municipal or other body, together with all related fines, penalties, interest, charges and surcharges , that amount shall be increased so as to ensure that the net amount received by Kantar shall, after tax, be equal to that which would have been received had the payment and any increased payment not been subject to tax.
3 Change, Delay or Cancellation
If Client requests changes to the Services or Deliverables, Kantar reserves the right to revise the fees and timelines accordingly. If a Service is terminated early in accordance with Section 1 above by Client, the final invoice will include, the balance of the fees for the remainder of the subscription period plus any reasonable costs and expenses committed by the Kantar prior to the change in Service, or any set-up costs not yet invoiced. Client is responsible for the prompt delivery to Kantar of all Client Data reasonably required by Kantar to provide the Services and Deliverables. If Client fails to comply with this Section, Client shall be liable for the consequential delays and any additional costs and expenses incurred by the Kantar to provide the Services and Deliverables.
Kantar may subcontract the Services or part of the Services to a Subcontractor provided that Kantar shall be primarily responsible for the performance of the Services by any Subcontractor. Nothing in this Agreement shall be construed to create a contractual relationship between Client and any Subcontractor, nor any obligation of Client to pay or to ensure payment of any money due any Subcontractor. Respondents shall not be considered Subcontractors of Kantar in connection with this Agreement and Client agrees that given the nature of the Services, Kantar shall not be liable for the acts of Respondents. If Client designates a specific subcontractor, then Kantar shall not be responsible for the accuracy, completeness or quality of the work of that subcontractor.
Each party represents and warrants that: (a) it has the authority to enter into this Agreement and that the performance of its obligations hereunder will not breach any other contract by which it is bound; and (b) it will comply with all applicable laws, regulations, rules, codes and judicial orders. Kantar represents and warrants that: (a) it complies with the Kantar Code of Business Conduct; (b) use of the Kantar Materials as provided by Kantar to Client, used in the manner contemplated by the SOW and in accordance with the terms of this Agreement, will not infringe any third party IPR if used in accordance with the terms of this Agreement and the applicable SOW. Client represents and warrants that: (a) use of the Client Data by Kantar as provided by Client to Kantar in the manner contemplated by the SOW will not infringe the IPR of any third party; (b) it has or will obtain or grant in writing (email being sufficient) from either Client, Client’s agent or other Client-authorized third party (as applicable) all necessary consents and approvals required for Kantar to provide the Services and Deliverables, including the right for Kantar to use a tracking pixel to measure the advertising and otherwise provide the Services and to use the data provided to or collected by Kantar as part of the Services and Deliverables; (c) Client shall be solely responsible for soliciting advertisers, if applicable, trafficking of the advertising and providing recruitment inventory; (d) it will implement language and establish a consent process that complies with all applicable laws; (e) for any effectiveness studies to be conducted by Kantar under a SOW, Client will be in compliance with all applicable laws, rules, orders and regulations, including, without limitation, those related to consumer privacy; and (f) Client Data provided to Kantar by or on behalf or Client (and, if applicable, its advertisers) advertising, promotional and marketing activities in connection with the use of the Services, shall not be deceptive, misleading, obscene, defamatory, illegal, unethical or otherwise violate the rights of a third party, and shall comply with all applicable laws, rules, orders and regulations. Except for the express warranties in this agreement, each party hereby disclaims all warranties, whether express, implied, statutory or other, under or in connection with this agreement or any subject matter hereof.
6 Ownership and Public Statements
6.1 Client has and reserves and retains, sole and exclusive ownership of all right, title and interest in and to the Client Data, including all IPR arising or relating to the Client Data. Client Data is the Confidential Information of Client. Client grants Kantar a license to use, perform, display, execute, distribute, transmit, modify (including create derivative works), import, Client Data solely for the purposes of performing the Services. Client hereby grants Kantar a perpetual, worldwide, royalty-free, irrevocable license to copy, distribute, resell, modify and otherwise use the Client Data in connection with the provision of Services and Deliverables. Kantar may not disclose Client Data in a manner which identifies Client, except to a publisher with whom Client has chosen to use the Services. All other rights in and to the Client Data are expressly reserved by Client.
6.2 Kantar has and reserves and retains, sole and exclusive ownership of all right, title and interest in and to the Kantar Materials and Multi-Customer Services, including all IPR arising or relating to Kantar Materials and Multi-Customer Services. Kantar may use Materials resulting from the Services or collected in the course of or in connection with providing the Services or Deliverables for; (i) its own internal purposes, as part of its own databases and for purposes connected with its business, including for purposes of establishing industry norms, conducting case studies and industry; (ii) Kantar’s MarketNorms database and other aggregate statistics; (iii) Kantar’s provision of products or services to publishers; or (iv) as required by law or legal process. Kantar grants Client a worldwide, non-sublicenseable, non-transferable, royalty free license to Kantar Materials incorporated in the Deliverables or otherwise necessary for Client to use the Services and Deliverables solely for (i) internal purposes and not for publication or other distribution or communication to the public (unless expressly authorised in writing by Kantar); and (ii) solely for the purposes of the relevant project and in the manner envisaged by the SOW. All other rights in and to the Kantar Materials and Multi-Customer Services are expressly reserved by Kantar.
6.3 Except as otherwise set out in this Section 6, in relation to Kantar’s Ad-Hoc Services and Continuous Services, Client shall, upon receipt by Kantar of full payment for the Services and Deliverables under the applicable SOW, be the sole and exclusive owner of all right, title and interest in and to the Deliverables, including all IPR therein. Client will be entitled to use the Deliverables for its bona fide and proper internal business purposes. Client agrees and acknowledges that neither Kantar nor its personnel shall retain any IPR in the Deliverables. Client acknowledges and agrees it will not use any Deliverables for public relations, sales or marketing purposes in conjunction with Kantar’s name or brand without Kantar’s prior permission in writing. Client will not publish or disclose the Deliverables to any third parties in any manner which exaggerates, distorts or misrepresents the information or data provided by Kantar or in a manner likely to harm Kantar’s reputation.
6.4 With respect to data that is publicly available on social media and other non-traditional media, including but not limited to: use of user and other third party content in social media and on other websites such as Facebook; and websites of editorial content providers of sponsored stories and branded content, such as Buzzfeed; and editorial content used on blogs, other advertorial content (“Social Media”), neither party shall be restricted (as between the parties) regarding the use of aggregated Social Media. Deliverables may include and be based upon aggregated Social Media. Notwithstanding anything herein to the contrary: (i) Social Media is not the property of Kantar or Client; (ii) Kantar does not make any representations or warranties regarding Social Media, including its accuracy and completeness.
6.5 Client is not entitled to receive Respondent Data. In a study using certain Kantar products, in each case as determined by Kantar in its sole discretion, Client may be entitled to receive aggregated final results of the applicable study, subject to applicable privacy laws and any other limitations on use in this Agreement and may also receive qualitative conclusions that are determined from, derived from or based upon the aggregated Respondent Data in a manner that does not identify any particular individual. Any Personal Information in the Respondent Data is not the property of Kantar or Client.
6.6 Client agrees and acknowledges that it must inform Kantar in writing prior to the commencement of any work by Kantar, if Client intends to make any Public Statement. If upon completion of the Services and Deliverables, Client wants to make a Public Statement, then Client must present the Public Statement for Kantar’s review and written approval of such external use of the Services and Deliverables. If Client makes a Public Statement in breach of this Section 6.6, including study findings that are incorrect, distorted or incomplete in Kantar’s opinion, Kantar shall have the right to make its own release of any or all study findings for clarification purposes, without being in breach of this Agreement.
6.7 The parties shall be entitled: (i) to list the other as its’ supplier or client in marketing/promotional material; or (ii) to share and use with panel partners and Respondents the other party’s name, trademarks, logos, or Materials solely to obtain consent for the use of Respondent Data including Personal Information (as defined in the DPS at Exhibit B); except for this right, neither party shall have the right to use the other party’s name, trademarks, logos, or slogans without obtaining the prior written consent of such party.
7.1 If a party receives or acquires Confidential Information directly or indirectly under this Agreement, it shall be referred to as the “Receiving Party”; if a party discloses Confidential Information under this Agreement it shall be referred to as the “Disclosing Party”. During and after the term of this Agreement, the Receiving Party shall (i) hold the Disclosing Party’s Confidential Information in confidence using the same degree of care that it uses to protect its own Confidential Information (but in no event less than a reasonable degree of care), (ii) use the Disclosing Party’s Confidential Information solely in connection with performing its obligations hereunder, and (iii) not disclose or make available any of the Disclosing Party’s Confidential Information to any employee or other third-party without the prior written consent of the Disclosing Party except to a limited number of its employees, consultants, subcontractors and legal advisors who have a need to know the Disclosing Party’s Confidential Information in order to perform its obligations under this Agreement. Additionally, the Receiving Party may disclose the financial terms of this Agreement to its legal and business advisors and to potential investors provided such third parties agree to maintain the confidentiality of the Confidential Information. Each party shall ensure that any individual or entity receiving Confidential Information for or on behalf of the Receiving Party will be bound by terms at least as protective of the Disclosing Party’s Confidential Information as those contained in this Agreement. Receiving Party will notify the Disclosing Party promptly of any unauthorized use or disclosure of the Disclosing Party’s Confidential information and provide reasonable assistance to the Disclosing Party and its licensors in the investigation and prosecution of such unauthorized use or disclosure. Whenever requested by a Disclosing Party and in any event upon the expiration or termination of this Agreement, a Receiving Party shall immediately, at its own expense, return to the Disclosing Party all manifestations of the Disclosing Party’s Confidential (except: (i) as otherwise required by applicable law; (ii) if the return or destruction of such Confidential Information is not commercially reasonable or feasible; or (iii) in accordance with its internal document retention and back-up policies, in which case, the Receiving Party obligations in this Section 7 shall continue until such time as such Confidential Information is returned or securely destroyed) or at Disclosing Party’s option destroyed, at its own expense, all such Confidential Information as the Disclosing Party may designate and deliver to Disclosing Party a certification, in writing signed by an officer of the Receiving Party, that all such Confidential Information has been destroyed.
7.2 Receiving Party agrees to implement all appropriate technical and organizational security measures in order to protect Personal Information (as defined in the Data Protection Schedule ("DPS") appended to this Agreement as Exhibit B) against accidental or unlawful destruction, against unauthorized or unlawful disclosure or access, and against accidental loss, alteration, or damage. The terms of the DPS shall govern the parties' obligations in relation to the treatment of Personal Information. In the event of an actual or threatened breach of these confidentiality provisions, the parties agree that the non-breaching party will have no adequate remedy at law and shall be entitled to seek immediate injunctive relief and any other equitable relief, without the necessity of showing actual monetary damages. The rights and obligations of the parties under this Agreement expire three (3) years after the effective date of expiration or termination; provided that with respect to Confidential Information that constitutes a trade secret under the laws of any jurisdiction, such rights and obligations will survive such expiration or termination until, if ever, such Confidential Information loses its trade secret protection other than due to an act or omission of the Receiving Party or its representatives.
8 Liability and Indemnity
8.1 Neither party will be liable to the other party (or to any person or entity claiming through the other party) for any special, incidental, indirect, consequential, exemplary or punitive damages or any lost profits arising out of or in any manner connected with this Agreement or the subject matter hereof, regardless of the form of action and whether or not such party has been informed of or otherwise might have anticipated the possibility of such Damages. In no event shall Kantar’s aggregate liability arising out of or relating to this Agreement regardless of the basis (including breach of contract, tort (including negligence) or otherwise) on which a Party is entitled to claim Damages from the other Party exceed the cumulative amount of payments received or due to Kantar from Client under the relevant SOW in the twelve (12) month period immediately preceding the date upon which the cause of action first arose. The limitations of liability set forth in this Agreement shall not apply to Damages for any liability that cannot be limited or excluded by law.
8.2 If conclusions, findings, Deliverables or recommendations (“Conclusions”) are required of Kantar as part of the Services, such Conclusions are solely and exclusively an opinion and are based on variable assumptions used in the field of market research and forecasting and are based on a controlled test environment. While Conclusions are the result of careful analysis and thorough work procedures, Conclusions constitute a single factor among many to be considered by Client. Conclusions are prepared for Client’s internal use only and Kantar expressly disclaims any liability for any use of or reliance on Conclusions by any third parties. In no event shall Kantar be liable to Client (or any third parties) for any Damages whatsoever with respect to any Conclusions made by Kantar in relation to the Services. Client hereby acknowledges that it shall be solely responsible for the consequences of any action taken by it based on Conclusions or the interpretation of such Conclusions
8.3 Where the Services involves testing or using Client’s products, samples or test materials (including prototypes) and/or third party products supplied by Client, Client warrants, represents and undertakes that (i) any content, packaging or labelling shall comply with all relevant laws in all relevant territories; and (ii) Client shall be solely responsible for either providing any Respondent consent or approving any draft Respondent consent prepared by Kantar which may be required for the products, samples or test materials in question. Kantar shall not be liable in any circumstances for the use of, loss of or damage to any such products, samples or test materials, once they have been supplied to Respondents.
8.4 Kantar shall indemnify, defend and hold harmless Client from and against any and all third party claims, lawsuits, actions, liabilities, and expenses (including taxes, fees, fines, penalties, interest, reasonable expenses of investigation and attorneys’ fees and disbursements) as incurred (collectively “Damages”) arising out of or in connection with: (i) any claim that: the Kantar Materials as provided by Kantar to Client and Client’s authorized use of the Kantar Materials infringes (whether directly, contributorily, by inducement or otherwise), misappropriates or violates a party’s or other entities IPR; or (ii) any breach of any obligation for which Kantar is responsible as employer of its employees.
8.5 Client shall indemnify, defend and hold harmless Kantar from and against any and all Damages directly or indirectly arising out of or in connection with any claim that: (i) the Client Data provided by Client to Kantar and Kantar’s authorized use of the Client Data infringes (whether directly, contributorily, by inducement or otherwise), misappropriates or violates a party’s or other entities IPR; (ii) any breach of any obligation for which Client is responsible as employer of its employees; (iii) any breach arising from Client’s or its personnel’s use of the Services or Deliverables for a different purpose or outside the terms of this Agreement; or (iv) testing or using such Client products, samples or test materials under Section 8.3.
8.6 Liability under this indemnity clause is conditional on the Indemnitee complying with this Section 8.6. If an indemnified party (“Indemnitee”) seeks indemnification under this Agreement, the Indemnitee shall (i) give prompt notice to the indemnifying party (“Indemnitor”) of a claim and the Indemnitor shall assume the defense of such claim; (ii) grant authority to Indemnitor to defend or settle any related action or claim and (iii) provide at Indemnitor’s expense, such information, co-operation and assistance to Indemnitor as may be reasonably necessary for Indemnitor to defend or settle the claim or action. An Indemnitee’s failure to give prompt notice shall not constitute a waiver of the Indemnitee’s right to indemnification and shall affect Indemnitor’s indemnification obligations only to the extent that Indemnitor’s rights are materially prejudiced by such failure or delay. Indemnitee may participate, at its own expense, in any defense and settlement directly or through counsel of its choice and Indemnitor shall not, without the prior written consent of the Indemnitee, enter into any settlement agreement on terms that would diminish the rights provided to the Indemnitee or increase the obligations assumed by the Indemnitee under this Agreement.
(A) The obligations in this Agreement which by their nature survive termination or expiration of this Agreement shall so survive, including without limitation, the ownership rights and limitations on use of Deliverables, each party’s indemnity obligation and the limitations of liability sections of this Agreement. (B) Any contractual notice given hereunder shall be in writing by certified mail; not by email, but, non-contractual consents and approvals required may be requested and given by email communication. In the case of the notice to the Kantar, notices shall also be copied to the Kantar’s General Counsel and CFO. (C) Except for any payment obligations, neither party shall be liable for failure to perform its obligations hereunder due to conditions beyond its reasonable control, including, but not limited to, fires, storms, riots, strikes, disease, shortages of materials, lock-outs, wars, floods, civil disturbances, terrorism, governmental control, restriction or prohibition whether local or national, network failures, labor disputes, cyber-attacks, and malicious acts of third parties. In such circumstances the affected party shall be entitled to a reasonable extension of the time for performing such obligations. (D) The parties agree that they have not entered into this Agreement in reliance upon any statement, representation, covenant, warranty, undertaking or understanding (whether negligently or innocently made) of any person (whether party to this Contract or not) except as expressly set out in this Agreement. (E) If any provision of this Agreement is or becomes illegal, invalid or unenforceable under the law of any jurisdiction, that shall not affect or impair: (i) the legality, validity or enforceability in that jurisdiction of any other provision of this Contract; or (ii) the legality, validity or enforceability under the law of any other jurisdiction of that or any other provision of this Contract. (F) No term of this Contract shall be enforceable by a third party. (G) Each party shall be and act as an independent contractor and not as a partner, joint venture or agent of the other in such party’s performance hereunder. (H) New York law governs this Contract and in the event of a dispute the parties agree to submit to the jurisdiction of the State of New York courts, which shall be exclusive, except with respect of the enforcement of any judgment, where it shall be non-exclusive. (I) Electronic execution of this Agreement shall be acceptable and binding. (J) The rights and remedies provided for in this Agreement are cumulative and shall be in addition (not in lieu of) to any other rights and remedies provided by law or in equity. (K) Neither party may assign or transfer any part of this Agreement without the written consent of the other party, except assignment of the Agreement in its entirety or in part to an: (i) Affiliate; (ii) a party’s successor pursuant to a merger, reorganization, consolidation or sale; or (iii) an entity that acquires all or substantially all of a party’s assets. If the assignment is made by either party to a competitor, then the parties agree that the non-assigning party may terminate this Agreement on not less than thirty (30) days written notice to the assignee and the assignor. The assigning party will provide reasonable assistance to the non-assigning party during the transition period. (L) If there is a conflict between the terms of this Agreement and the terms of a SOW, or an exhibit to this Agreement the order of precedence is as follows: (i) Exhibit B DPS; (ii) this Exhibit A; and then (iii) any SOW. (M) This Agreement constitutes the complete understanding of the parties and supersedes all prior or contemporaneous agreements, discussions, negotiations, promises, proposals, representations and understandings (whether written or oral) between the parties, with regard to the subject matter of this Agreement. Client specifically acknowledges that it did not enter into this Agreement in reliance upon any agreement promise, representation or understanding made by or on behalf of Kantar that is not contained in this Agreement.
Data Processing Schedule
This Data Protection Schedule (“DPS”) forms part of the Statement of Work between Kantar and its Affiliates (“Kantar”) and its Client and their Affiliates (“Client”) (the “Agreement”). The parties acknowledge that they are entering into this DPS pursuant to the provisions of the Agreement. The parties further acknowledge and agree that the provisions of the Agreement shall apply to this DPS as though such provisions were set out in their entirety in this DPS and if the terms of this DPS and the Agreement conflict, the terms of this DPS shall take precedence. Capitalized terms not defined in this DPS shall have the meaning defined in the Agreement.
In this DPS, the following terms shall have the meanings set out below:
“CCPA” means California Consumer Privacy Act; and the terms “Business”, “Collecting”, “Consumer”, “Processing”, “Selling”, “Service Provider”, “Sharing”, “Third Party”, “Unique Identifier” shall have the same meaning as in the CCPA or equivalent term in any applicable Data Protection Laws
“Data Protection Laws” means all applicable laws and regulations, including but not limited to laws and regulations of the United States and the CCPA (“US”); the United Kingdom (“UK”); the European Union and the GDPR (“EU”), the European Economic Area (“EEA”) and their Member States and Switzerland, applicable to the Collecting, Processing, Selling of Personal Information under the Agreement;
“GDPR” means EU General Data Protection Regulation 2016/679 and the terms: “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Processing”, “Processor”, and “Supervisory Authority” shall have the same meaning as in the GDPR or equivalent term in any applicable Data Protection Laws;
“Independent Auditor” means an auditor from PWC, Deloitte, KPMG or Ernst & Young or another mutually agreeable internationally recognized auditing firm;
“Personal Information” means any data or information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household; or as otherwise defined in any applicable Data Protection Laws;
“Sub-processor” means any third party appointed to Process Personal Information in connection with the Agreement.
2. APPOINTMENT OF SERVICE PROVIDER.
The parties acknowledge and agree that for the purposes of this DPS and any applicable Agreement, where a party acts as a Service Provider with respect to Personal Information, and the other party acts as a Business that has the exclusive authority to determine the purposes and means of Processing of any Personal Information; Service Provider agrees it shall not Sell, Collect, retain, use, disclose or otherwise Process Personal Information other than for the purposes of performing the Services, obligations or actions for the benefit of Business that are specified in any Agreement or outside of the direct business relationship between Service Provider and Business; Service Provider certifies that it understands the obligations and restrictions placed on it as a Service Provider under any applicable Data Protection Laws.
3. COLLECTING, PROCESSING OR SELLING OF PERSONAL INFORMATION
3.1 Compliance with applicable Data Protection Laws. The parties acknowledge and agree that when Collecting, Selling or Processing Personal Information they will comply with their respective obligations under the applicable Data Protection Laws.
4. RIGHTS OF CONSUMERS AND DATA SUBJECTS
4.1 Consumer Request. The parties, shall, to the extent legally permitted, promptly notify the other party (and provide reasonable assistance to the other party where required) if it receives a request from a Consumer to exercise any right of: access; rectification; restriction or prohibition of Collecting, Processing or Selling; erasure/deletion; data portability, object to the Collecting, Processing, Selling, equal service and price; or not to be subject to an automated individual decision making; regarding Consumer’s Personal information (“DSAR”) or any other query received by one Party regarding the privacy practices of the other Party.
4.2 Assistance. Each party shall assist the other party by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of that party’s obligation to respond to a DSAR under Data Protection Laws. If a party, in performing its obligations under the Agreement, does not have the ability to address a DSAR, the other party shall upon request provide commercially reasonable efforts to assist that party in responding to such DSAR, if that party is legally permitted to do so and the response to such DSAR is required under Data Protection Laws. To the extent legally permitted, each party shall be responsible for its own costs arising from the provision of such assistance.
5.1 Confidentiality. The parties shall ensure that its personnel engaged in the Collecting, Processing or Selling of Personal Information are informed of the confidential nature of the Personal Information, have received appropriate training on their responsibilities and have executed written confidentiality agreements.
5.2 Reliability. The parties shall take commercially reasonable steps to ensure the reliability of any personnel engaged in the Collecting, Processing or Selling of Personal Information.
5.3 Limitation of Access. The parties shall ensure that access to Personal Information is limited to those personnel performing or using Services in accordance with the Agreement.
5.4 Data Protection Officer. To the extent required by Data Protection Laws, Kantar has appointed a data protection officer, Gillie Abbotts-Jones, General Counsel and Data Protection Officer, who is contactable at email@example.com.
A party processing the other party’s Personal Information must seek the written consent of the other party if it wishes to appoint Sub-processors in accordance with this Section 8. The party appointing a Sub-processor will have entered or will enter into a written agreement with each Sub-processor containing data protection obligations substantially similar to those in this Agreement with respect to the protection of Personal Information to the extent applicable to the nature of the Services provided by such Sub-processor.
7.1 Controls for the Protection of Personal Information. The parties shall maintain appropriate technical and organizational measures designed to protect the security (including protection against unauthorized or unlawful Collecting. Processing or Selling and against accidental or unlawful destruction, loss or alteration, unauthorized disclosure of, or access to, Personal Information), confidentiality and integrity of Personal Information. The parties shall regularly monitor compliance with these measures.
7.2 Audit. The parties shall reasonably cooperate with each other in relation to any audit requests required by Data Protection Laws. Any such audit shall be subject to the confidentiality obligations set forth in the Agreement. Information and audit rights under this Section 7.2 arise only to the extent that the Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law (including, where applicable, article 28(3)(h) of the GDPR). The parties shall on request appoint an Independent Auditor, with such access, on reasonable written notice (minimum thirty (30) calendar days) and within normal working hours, to those records pertaining to Personal Information as may be reasonably required by the Providing Party to exercise its rights of audit as set out in this Section 7.2. Providing Party accepts that certain sensitive information in relation to IT and security will be redacted before being audited and may only be audited at the other Party’s premises. With the Receiving Party’s agreement, this audit may cover documents only or may include an onsite audit, subject to Providing Party notifying the Receiving Party of the identity of any onsite Independent Auditors and that any Independent Auditors have entered into appropriate confidentiality agreements, approved by the Receiving Party (such approval not to be unreasonably withheld or delayed). Providing Party shall use reasonable endeavours to minimize any disruption caused to the Receiving Party’s business activities because of such audit. No audit shall last more than five (5) working days each time unless a longer period is required to fulfil any request or comply with any requirement of any regulator. Audits shall take place no more than once in any calendar year unless and to the extent that the Providing Party (acting reasonably and in good faith) has reasonable grounds to suspect any material breach of this DPS by the Receiving Party, in which case the parties will agree a timescale for an audit. Costs of the audit, including appointment of the Independent Auditor, will be borne by Providing Party. Receiving Party shall be entitled to reasonable time to review and retain any audit report and to consult the Independent Auditor on the content, prior to the report being submitted to Providing Party. All confidential information of the Receiving Party obtained by Providing Party or an Independent Auditor pursuant to any audit shall be maintained in confidence by Providing Party and its Independent Auditor and may not be disclosed to any third party, including, without limitation, any other agents or representatives of Providing Party, except to the extent necessary to assert or enforce any of Providing Party’s rights under this DPS or is required to be disclosed by Data Protection Laws, by any regulatory or Supervisory Authority or by a court or other authority of competent jurisdiction provided that, to the extent it is legally permitted to do so, it gives Receiving Party as much notice of this disclosure as possible and, where notice of disclosure is not prohibited and is given in accordance with this section, it takes into account the reasonable requests of Receiving Party in relation to the content of this disclosure. Neither the Independent Auditor or Providing Party shall be permitted to perform penetration tests, vulnerability scans, or otherwise interrogate the other Party’s network or information technology systems. In no circumstances shall Providing Party or the Independent Auditor have access to (a) individual payroll and personnel files; (b) individual expenditure or records.
8. DATA INCIDENT MANAGEMENT AND NOTIFICATION
Both parties will maintain security incident management policies and procedures and shall notify the other party without undue delay and in line with the timelines required by applicable Data Protection Laws after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to the other Party’s Personal Information, transmitted, stored or otherwise Processed by them or its Sub-processors which results in any actual loss or misuse of Personal Information (a “Data Incident”). The responsible party shall make reasonable efforts to identify the cause of such Data Incident and take those steps as the other party deems necessary and reasonable in order to remediate the cause of such a Data Incident to the extent the remediation is within that party’s reasonable control. The parties shall have no liability to each other for costs arising from a Data Incident unless caused solely by a breach of their respective security obligations under this Section 8. If there is a Data Incident, Providing Party shall be responsible for notifying Consumers and any relevant regulatory or Supervisory Authorities. Before any such notification is made, Providing Party shall consult with and provide Receiving Party an opportunity to comment on any notification made in connection with a Data Incident.
9. RETURN AND DELETION OF DATA
Receiving Party shall, at any time on the request of Providing Party and upon expiration or termination of the Agreement, return all Personal information to Providing Party or at Providing Party’s request delete the same from its systems, so far as is reasonably practicable and other than any back-up copies which the Parties are required to retain for compliance with applicable laws or regulatory requirements provided that such copies are kept confidential and secure in accordance with the Agreement; and instruct their relevant employees, consultants, subcontractors, Sub-processors and legal advisors to do the same.
10. LIMITATION OF LIABILITY
Each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or related to a breach of its obligations under this DPS, whether in contract, tort or under any other theory of liability, is subject to the ‘Limitation of Liability’ section of the Agreement, and any reference in such section to the liability of a party means the aggregate liability of that party and all of its Affiliates under the Agreement.
11. DATA PROTECTION IMPACT ASSESSMENT
Upon Providing Party’s request, the Receiving Party shall provide Providing Party with reasonable cooperation and assistance, at Providing Party’s cost, needed to fulfil their obligation under Data Protection Laws to carry out a data protection impact assessment related to Providing Party’s use or performance of the Services, to the extent Providing Party does not otherwise have access to the relevant information, and to the extent such information is available to the other Party. Receiving Party shall provide reasonable assistance to Providing Party in the cooperation or prior consultation with the regulator or Supervisory Authority in the performance of its tasks relating to this Section 11, to the extent required under Data Protection Laws.
12. TRANSFER MECHANISMS FOR DATA TRANSFERS
If in the future, there are any transfers of Personal Data under this DPS from the European Union, the European Economic Area and/or their Member States, Switzerland or the United Kingdom to countries which do not ensure an adequate level of data protection within the meaning of applicable Data Protection Laws, then the Parties shall execute the Standard Contractual Clauses and append them to this DPS.