OneAffiniti General Terms of Service

Effective: August 9, 2021

This General Terms of Service Agreement (“Agreement”) is entered into between OneAffiniti (as defined in clause 21 below) and the entity that is identified on the Registration form (“You” or “Your”). This Agreement is made up of (i) the Terms and Conditions (“T&Cs”) set out below, which govern Your access and use of the Services provided by OneAffiniti, and (ii) the Registration Form which You have completed to request Services from OneAffiniti. You agree that the person who has completed the Registration Form on Your behalf is authorised to bind You to the T&Cs. Capitalised terms used in this Agreement are defined in clause 21.

By submitting a Registration Form to OneAffiniti or using the Services, You accept and agree to be bound by the Agreement.

  1. The Services
    1. You appoint OneAffiniti to provide the Services in accordance with this Agreement.
    2. OneAffiniti grants You a non-exclusive, worldwide, non-transferable licence to access and use the Services in accordance with the Agreement during the Term, for Your internal business purposes only.
    3. You acknowledge and agree that You have entered into and are bound by these T&Cs when a duly authorised person, acting on Your behalf, completes and submits the Registration Form (which refers to these T&Cs) on Your behalf and, in any event, You agree to be bound by these T&Cs as soon as you access and use the Services. You are responsible for ensuring that each person acting on Your behalf that has access and use of the Services has been provided with, and complies with, the T&Cs.
    4. You acknowledge and agree that certain features of the Services are provided by or interoperate with third party service providers or through third party software applications. Your use of these other services may be subject to separate terms between You and that third party. OneAffiniti does not guarantee the continued availability of Services provided by third party service providers and may cease providing them without entitling You to any refund, credit, or other compensation from OneAffiniti.
  2. Term
    1. The Agreement commences on the Effective Date and will continue in effect until terminated in accordance with clause 17.
  3. Changing the T&Cs and Services

    1. OneAffiniti may make changes to, or remove certain Services, or features and functionalities of the Services from time to time. To the extent practicable, OneAffiniti will give You 30 days’ notice in writing of changes that are material to Your use of the Services.OneAffiniti may change the T&Cs at any time, effective immediately upon OneAffiniti giving 30 days’ notice in writing. OneAffiniti will treat Your ongoing use of the Services after the 30 day notice period as acceptance of the changed Services and T&Cs. If You do not agree to the changed Services, this Agreement will be terminated in accordance with clause 17.
  4. Marketing Material
    1. In providing the Services, OneAffiniti will produce and deliver Marketing Materials on Your behalf and, where You have elected, conduct Lead Qualification and/or Lead Generation.
    2. If Your access to and use of the Services is funded (in whole or in part) by a Sponsor, the Marketing Materials or Linked Pages will contain Sponsor Content. You represent and warrant that sending Marketing Materials containing Sponsor Content to Subscribers does not breach any other agreement or Law applicable to You.
    3. If Your access to and use of the Services is not funded by a Sponsor, the Marketing Materials or Linked Pages will not contain Sponsor Content.
    4. It is Your responsibility to review the Marketing Materials before these are delivered to Subscribers. You must notify OneAffiniti as soon as possible and in any event within 48 hours of OneAffiniti submitting the Marketing Material to You if You do not want OneAffiniti to deliver the Marketing Material on Your behalf. If You do not contact OneAffiniti within the 48 hour period, we will deliver the Marketing Materials on Your behalf.
    5. OneAffiniti does not endorse any of the goods or services that are promoted, visible, accessible or transacted through the Marketing Material.
    6. You cannot request changes to, or remove OneAffiniti trade marks, logo, copyright or other proprietary notices or labels from, the Marketing Material or reject the Marketing Material for these reasons. If Your access to and use of the Services are funded by a Sponsor, You cannot request changes to Sponsor Content in the Marketing Material.
    7. OneAffiniti makes no warranty or representation of any kind regarding the accuracy, quality, integrity and legality of the Services and provides them on an “as is” basis. You agree that use of and reliance on any part of the Services by You or a Subscriber is at Your and the Subscriber’s own risk and OneAffiniti excludes to the full extent permitted by applicable Laws, all responsibility in relation to Your and the Subscriber’s use of and reliance on any part of the Services.
    8. You are solely responsible for Your relationship with Your Subscribers and any products or services (including any financial services) You provide to Your Subscribers. Despite conducting any Lead Qualification and/or Lead Generation at Your request, OneAffiniti does not guarantee that a Subscriber will act on or follow through with any sales or transactions of products and services or the availability of a product or service contained in the Marketing Materials or Linked Pages. You agree that You are solely responsible for and OneAffiniti excludes to the full extent permitted by applicable Laws, all responsibility in relation to the conduct of any sales and transactions or prospective sales and transactions resulting from the Marketing Materials or Linked Pages, including any payments disputes by a Subscriber or any breach of an agreement or offer between You and a Subscriber.
    9. You acknowledge and agree that nothing provided as part of the Services will be taken to constitute legal, financial or tax advice.
    10. OneAffiniti agrees to make every reasonable effort to ensure, but OneAffiniti does not guarantee, that Marketing Materials sent through the Services will look consistent across all email platforms.
  5. Subscriber Lists
    1. You warrant that the Subscriber Lists are owned by You, or You have the right to use them and provide them to OneAffiniti for our use; have been compiled in accordance with all applicable Laws; and do not infringe any Intellectual Property Rights, Privacy Laws or other rights of any third party.
    2. You will ensure that all information in the Subscriber Lists is and remains accurate and up to date.
    3. You will ensure that the Subscriber Lists do not contain any government related identifiers, financial account numbers, health information, criminal records or other sensitive or special category information, as defined by applicable Privacy Laws.
    4. You will ensure that the Subscriber Lists do not contain any Distribution Email Addresses (as defined below), email addresses or other Personal Information copied or scraped from the Internet, newsgroups, purchased, loaned, or rented lists, or email addresses or other Personal Information that were obtained without either (a) consent from the email recipient that complies with Anti-Spam Laws and Privacy Laws or (b) another lawful basis for collection and disclosure to OneAffiniti for the purpose of providing the Services. “Distribution Email Addresses” means an email address associated with a distribution list that enables a person to send an email to multiple recipients by sending that email to the single email address associated with the distribution list.
    5. You may unsubscribe any Subscribers from receiving Marketing Materials at any time.
    6. You agree that OneAffiniti may use and update the information in the Subscriber Lists from time to time for the purposes of ensuring the contact details, including email addresses, provided in the Subscriber Lists are valid and You agree to cease sending Marketing Materials to Subscribers that have unsubscribed to the Marketing Materials.
    7. Except as otherwise permitted under this clause 5, OneAffiniti will not disclose Your Subscriber Lists to a Sponsor without Your prior consent (which may be oral or in writing).
    8. Where the Services are funded (in whole or in part) by a sponsor, You agree to provide to us details of Your sales and transactions (which may include Subscriber Personal Information) (“Sales and Transactions Data”) for the purpose of validating the effectiveness and performance of those Services. You further agree that we may share such Sales and Transactions Data with the relevant Sponsor for these purposes. You will be informed separately if this obligation does not apply to You.
    9. With your prior consent, OneAffiniti may share information about any leads generated through the provision of Services (which may include information about Your Subscriber List) with Sponsors where:
      1. it is necessary to enable a Sponsor to verify the effectiveness of any part of the Services it is sponsoring; and/or
      2. the Sponsor requires such information as a condition of sponsoring or continuing to sponsor any part of the Services

      and in the event of either (a) or (b) the sharing of such information is only for the purpose of validating the performance of that part of the Services which the Sponsor is sponsoring and appropriate contractual protections are in place between OneAffiniti and the Sponsor in respect of such sharing.

    10. Nothing in this Agreement restricts OneAffiniti’s right to share aggregate or anonymised information with Sponsors as set out in clause 12.5.
    11. You acknowledge and agree that OneAffiniti may disclose Your Subscriber Lists to OneAffiniti third party service providers for the purposes of the Agreement which may include: (a) helping to deliver, administer, host and support the Services, functions and activities, (b) maintaining the Sites, Linked Pages, Marketing Materials and corresponding databases, and/or (c) conducting data analysis, serving advertising, providing IT services, data processing, storage and backup and telemarketing services.
    12. In respect of Lead Generation, we will match leads to You based on criteria (that we determine) and You agree to: (a) add to Your marketing database the leads that we match to You and (b) where leads are provided by a third party supplier, comply with any conditions imposed by such third party supplier on the use of such leads (which we will communicate to you). If you do not agree to comply with the third party supplier’s conditions, you will not be permitted to use the leads and, if you have already received them, you must delete them from your systems and confirm that you have done so.
    13. Save as set out in this clause 5, OneAffiniti acknowledges that Subscriber Lists will remain Your property and all Intellectual Property Rights in the Subscriber Lists remain vested in You. You grant OneAffiniti the right to use, disclose, reproduce and access the Subscriber Lists for the purposes of the Agreement.
    14. You are solely responsible for protecting Your Subscriber Lists against unexpected data corruption or loss. OneAffiniti accepts no responsibility for any data loss that affects Your Subscriber Lists.
  6. Subscriber Derived Data
    1. You acknowledge and agree that OneAffiniti may, through the use of cookies, web beacons and other related technologies, track and monitor Your Subscribers’ engagement with the Marketing Materials and collect, segment, analyse and compile statistical, behavioural and performance based data (which may contain Personal Information, interests and preferences of Subscribers), resulting from the provision of the Services.
    2. OneAffiniti is the Data Controller in respect of the data (including any Personal Information) created or compiled as a result of OneAffiniti’s activities in clause 6.1 (“Derived Data”). The Derived Data is the sole and exclusive property of OneAffiniti or its licensors. To the extent that information in the Subscriber Lists is incorporated into the Derived Data, You grant to OneAffiniti an irrevocable, worldwide, non-exclusive, royalty-free and licence-fee free licence (with a right to sublicence) to use, disclose, reproduce and access such Subscriber List information for the purposes set out in this clause 6.
    3. You acknowledge and agree that OneAffiniti may (in its capacity as a Data Controller) use, disclose and otherwise Process the Derived Data for any or all of the following purposes:
      1. to evaluate the effectiveness of the Services or any marketing campaign(s);
      2. to undertake direct marketing or serve display advertising to Subscribers (which may be carried out on Your behalf, or by OneAffiniti (for sponsored Services) on behalf of a Sponsor);
      3. to report on the estimated buying intentions of Subscribers;
      4. to personalise and offer a better experience for Subscribers;
      5. to optimise and improve the Services for You and generally for other clients; and
      6. OneAffiniti may disclose the Derived Data to any person (including Sponsors and third party service providers) in connection with any of the above activities.
    4. OneAffiniti may combine the Derived Data with data from other reputable data sources or publicly available sources.
  7. Your Use of the Services
    1. You agree to use the Services in a manner consistent with the Agreement and applicable Laws.
    2. You are responsible for providing Your own internal facilities (including if applicable, terminal, server, software, SQL database licenses, modem and telecommunications facilities or services) necessary for accessing the Services. OneAffiniti accepts no responsibility for any deficiency in Your internal access facilities or services.
    3. You must have an Account in order to access the Services. You will appoint a primary contact representative for the Agreement (“Primary Contact”). You authorise the Primary Contact to handle all issues under the Agreement on Your behalf.
    4. You must ensure that Your Account information is accurate and up to date at all times. You must keep confidential and secure any passwords or other security credentials used to access and use the Services. You agree to take reasonable steps, including implementing reasonable security measures to ensure that no authorised person gains access to the Service and there is no unauthorised use of the Services.
    5. You agree that Your use of the Services including access to the Sites and Your Account will be for lawful purposes only. You further agree that You will not:
      1. post or transmit any material which violates or infringes in any way upon the rights of others, which is unlawful, threatening, abusive, defamatory, invasive of privacy or publicity rights, vulgar, obscene, profane, hateful, or racially or ethnically or otherwise objectionable;
      2. encourage conduct that is criminal, would give rise to civil liability or would otherwise violate any Law;
      3. impersonate a person or entity or falsely state their affiliation with a person or entity;
      4. upload, post, transmit or otherwise make available any content that infringes the rights of another party including rights under Privacy Laws, trademark, copyright and other Intellectual Property Rights;
      5. advertise or perform any commercial or other form of solicitation that is in breach of any Law or not authorised by OneAffiniti under the Agreement;
      6. reproduce, communicate or send Marketing Material (including images and photographs) at all or through another service including email, without express, written consent;
      7. engage in conduct that is misleading or deceptive or likely to mislead or deceive any Subscriber or make any false or misleading statement in connection with a product or service of a Sponsor;
      8. make any representations regarding OneAffiniti, on OneAffiniti’s behalf, or about any of the Services without the prior written consent of OneAffiniti;
      9. engage in any activity that interferes with or disrupts the Services or attempt to gain unauthorised access to the Services (including the servers and networks that are connected to the Services), including uploading, transmit or otherwise make available any harmful or malicious code, files, scripts, agents, programs, or the like designed or intended to have, or capable of performing or facilitating, any of the following functions: disrupting, disabling, harming, corrupting, or otherwise impeding in any manner the security, integrity, operation or functionality of, or providing unauthorised access to, a computer system, database or network (or other device on which such code is stored or installed) including but not limited to viruses, worms, time bombs and Trojan horses;
      10. distort, interfere with or disrupt the integrity or performance of the Services or third party data contained in the Services;
      11. attempt to modify, copy, adapt, reproduce, disassemble, decompile or reverse engineer any computer programs used to deliver the Services.
    6. You agree to notify OneAffiniti immediately of any complaints, claims, disputes or requests for access, rectification, or deletion received from any person, including any Subscriber, regulator, attorney general or government agencies or bodies, relating to:
      1. the Services;
      2. the transmission of electronic messages in connection with the Services; or
      3. a Subscriber’s Personal Information, and

      You agree to take all reasonable steps to assist OneAffiniti with resolving such complaints or claims.

  8. Payment Terms
    1. If Your access to and use of the Services are fully funded by a Sponsor, Subscription Fees are not payable. If Your access to and use of the Services are not fully funded by a Sponsor, You agree to pay a monthly Subscription Fee to OneAffiniti in advance.
    2. Fees and Charges are calculated in accordance with the OneAffiniti’s current pricing schedule. OneAffiniti may vary its Fees and Charges at any time by giving You at least 30 days’ notice in writing. If You do not agree with the variation, You may terminate this Agreement in accordance with clause 17.1.
    3. You are responsible for reviewing the pricing schedule, features and limits associated with the Services. You must provide the required direct debit authority for payment to be made by direct debit and You agree to keep Your direct debit details accurate and up to date.
    4. Unless indicated otherwise, all Fees and Charges are exclusive of all applicable taxes and duties, which must be paid by You.
  9. Intellectual Property Rights
    1. All Intellectual Property Rights in the materials comprising the Services, Marketing Materials, Linked Pages, any Site, and Derived Data created as a result of OneAffiniti’s activities in clause 6.1, are the sole and exclusive property of OneAffiniti or its licensors. Nothing in the Agreement grants or assigns to You any Intellectual Property Rights in the Services, Marketing Materials, Linked Pages, Derived Data or any Site.
    2. You agree not to copy, alter, modify, reproduce or distribute any part of the materials comprising the Services, Marketing Materials, Linked Pages, Derived Data or any Site, unless expressly permitted under the Agreement.
    3. You must not use or distribute any OneAffiniti or another person’s logo, trade mark, service mark, domain name or other distinctive brand features (unless expressly permitted under the Agreement and in materials specifically approved by OneAffiniti) without the prior written consent of OneAffiniti. You acknowledge that You have no right to access the software code, including the object code, intermediate code and source code of the Sites or the Services, either during or after the Term.
    4. You agree that OneAffiniti may use Your business name, logo, trade mark and testimonials for its promotion and marketing purposes in its sole discretion without restriction and without payment to You. You grant OneAffiniti a worldwide, non-exclusive, royalty-free and licence-fee free licence to use such content in this way, providing that OneAffiniti does not use Your business name, logo and trade marks for promotion or marketing purposes in a way which would clearly detract from Your good name and reputation. You warrant that You own, or have the right to use such content, and that OneAffiniti’s use of such content does not infringe the rights of any third party.
    5. Each party will, to the best of its ability, not do or permit to be done any act or thing which might in any way impair the goodwill or other rights of the other party in their Intellectual Property Rights or which may otherwise prejudice or damage the other party’s Intellectual Property Rights.
  10. Confidential Information
    1. Each party must keep the other party’s Confidential Information (including the terms of this Agreement) confidential, and neither party will disclose or allow any written or electronically recorded Confidential Information to be copied other than for the purposes of this Agreement, as the other party expressly agrees, or as required by law.
    2. Each party may only disclose the Confidential Information of the other party to persons that have undertaken to maintain the confidentiality of the Confidential Information in accordance with this clause 10.
    3. Each party must immediately notify the other party of any actual or potential breach of confidentiality, disclosure or unauthorised use of the other party’s Confidential Information and take all reasonable steps to prevent or stop such actual or potential breach, disclosure or unauthorised use.
    4. At any time during the Term or on termination of the Agreement for any reason, a disclosing party may request a receiving party to destroy or hand over to the disclosing party anything in the receiving party’s control that belongs to the disclosing party or is a disclosing party’s Confidential Information.
  11. Third Party Content
    1. The Services or Sites may contain Third Party Content. OneAffiniti accepts no responsibility for Third Party Content. You acknowledge and agree that OneAffiniti is not liable for any loss or damage which may be incurred by You as a result of the availability of Third Party Content, or as a result of Your reliance on the completeness, accuracy or existence of any advertising, products or other materials on, or available from, third party websites or resources. OneAffiniti does not endorse any of the goods or services that are promoted, visible, accessible or transacted through the Services or Sites.
  12. Privacy
    1. When You provide Personal Information (such as Subscriber Lists) to OneAffiniti in connection with this Agreement, the following provisions will apply:
      1. Compliance with Privacy Laws: You acknowledge and agree (except where otherwise expressly stated) that You are the Data Controller in respect of such Personal Information and You will comply with all applicable Privacy Laws in respect of Your Processing of the Personal Information;
      2. Notice: You warrant and represent that, prior to disclosing any Personal Information to OneAffiniti, You will have given Data Subjects information (by way of a notice) describing how and why their Personal Information will be Processed and such notice will include as a minimum:
        1. a description of the purposes for the Processing, which must include direct marketing, analytics, profiling and any other purposes permitted under this Agreement, including those in clause 6.3 (collectively the “Purposes”);
        2. a description of any recipients of the Personal Information, including Your service providers (such as OneAffiniti), and the purposes for which those recipients will use the Personal Information;
      3. Consent: You warrant and represent that You will have obtained all necessary consents from Data Subjects for the Processing of their Personal Information for the Purposes and that You will maintain a record of such consents and make it available to OneAffiniti upon request;
      4. Data quality: You will ensure the Personal Information is accurate and kept up to date and You will notify OneAffiniti of any updates to the Personal Information as soon as possible;
      5. Security: You will ensure that You have appropriate security measures in place to safeguard the Personal Information that is Processed in connection with this Agreement, including when transmitting the Personal Information to OneAffiniti;
      6. Data subject rights: You will notify us promptly if You receive any communications from Data Subjects exercising their rights under applicable Privacy Laws, including (i) their right of access, rectification, erasure, or objection to Processing, (ii) their right to object to direct marketing, or (iii) their right to withdraw consent to Processing. The parties will work together to ensure compliance with such communications;
      7. Data breach: You will notify us promptly if You have a breach of security that leads to the destruction, loss, unauthorised disclosure of or access to the Personal Information being Processed in connection with this Agreement (“Security Incident”) and together You and OneAffiniti will discuss any steps to be taken to mitigate or remediate the Security Incident so as to minimise the impact on Data Subjects and this Agreement; and
      8. Demonstrating compliance: You will maintain complete and accurate information to demonstrate Your compliance with this clause 12, including copies of notices given and consents obtained (collectively “Records”). You will make such Records available to OneAffiniti upon request, together with any other information reasonably requested by OneAffiniti to demonstrate Your compliance with this clause
    2. International transfers:
      1. If it is necessary to transfer Personal Information from one country or territory to another in connection with any part of this Agreement, You and OneAffiniti will work together in good faith to comply with any Privacy Laws that apply to such transfer, including executing any necessary transfer agreements without undue delay.
      2. Where the transfer of Personal Information is from the European Economic Area (“EEA”), the UK or Switzerland to a country outside the EEA, UK, or Switzerland (that is not subject to an adequacy decision under applicable laws), the parties agree that:
        1. the then current EU Standard Contractual Clauses (controller to processor) will automatically apply to the transfer of Personal Information in respect of which You are the Data Controller and OneAffiniti is the Data Processor; and
        2. the then current EU Standard Contractual Clauses (as at June 2021 this is Set II controller to controller) will automatically apply to the transfer of Personal Information in respect of which both You and OneAffiniti are each Data Controllers.
      3. Details set out in this Agreement regarding the Processing of Personal Information (including the Description of Processing set out in Schedule 1) shall form the basis of the description of the transfer required under the applicable Standard Contractual Clauses referred to above.
      4. The Security Measures that will apply to the controller to processor Standard Contractual Clauses will be as set out in Schedule 2.
      5. Any Standard Contractual Clauses that apply pursuant to this clause 12.2 will be incorporated into this Agreement by reference. If required by a regulator, tribunal or court to physically execute the Standard Contractual Clauses, the parties will work together in good faith to do so without undue delay.
      6. With respect to any other transfers from other countries not identified above, where local laws require transfer clauses or their equivalent to be put in place, the parties agree to act in good faith to address such requirements promptly.
    3. OneAffiniti as Data Controller: When OneAffiniti Processes Personal Information as a Data Controller under this Agreement (including in relation to Derived Data), it will Process such Personal Information in accordance with its Privacy Notice.
    4. OneAffiniti as Data Processor: If OneAffiniti’s Processing of Personal Information as a Data Processor in connection with the provision of the Services is legally required to comply with the GDPR, then the provisions set out in Schedule 1 will apply.
    5. Sharing information with Sponsors: If You receive any sponsored Services, we may share with the Sponsor certain aggregated or anonymised information about Your participation in those sponsored Services. This information will not identify You at an individual level and may comprise any or all of the following:
      1. information about Your use of the sponsored Services, including (without limitation) information derived from Your registration and onboarding, campaign preferences, sales and transactions, and/or survey activities, and
      2. information we obtain about You from third party sources which we use to enhance or augment our understanding about You.
  13. Spam and Telemarketing
    1. You agree that You are solely responsible for ensuring that a Subscriber has consented to receiving the Marketing Materials or Lead Qualification or for ensuring that a lawful basis exists for OneAffiniti to perform the Services, and You must only import, access or use Subscriber Lists with Subscribers who have consented to receiving the Marketing Materials or Lead Qualification or for whom another lawful basis exists for such processing and transfer. Consent under this clause must comply with the applicable Anti-Spam Laws or Outbound Calling Laws. You must retain records of any consent received and will provide such records to OneAffiniti promptly on request.
    2. Subject to clause 13.1, each party agrees to comply at all times with its obligations under the applicable Anti-Spam Laws or Outbound Calling Laws.
  14. Warranties
    1. Each party represents and warrants to the other party that as at the Effective Date:
      1. it has full corporate power to execute, deliver and perform its obligations under the Agreement, and doing so will not violate any other agreement to which it is a party;
      2. the Agreement constitutes a legal, valid and binding obligation on it enforceable in accordance with its provisions by appropriate legal remedy;
      3. there are no actions, claims, proceedings or investigations pending or threatened against it or by it of which it is aware, and which may have a material effect on the subject matter of the Agreement; and
      4. it has all licences, authorisations, consents, approvals and permits required by all applicable Laws in order to perform its obligations under the Agreement, including relating to Your provision of financial services where applicable, and otherwise complies with all Laws applicable to the performance of those obligations.
  15. Limitation of Liability
    1. You agree that Your access to and use of the Services is at Your own discretion and Your own risk. The Services are provided ‘as is’ and ‘as available’. To the extent permitted by Law, neither OneAffiniti nor any of its affiliates, employees, representatives or agents make any representation or warranty about the Services in respect of its accuracy, reliability, fitness for purpose or non-infringement.
    2. You acknowledge that there are certain risks inherent in using the internet and electronic communications generally, which are out of OneAffiniti’s control and for which OneAffiniti is not responsible. OneAffiniti does not guarantee that Services provided will be free of delays, uninterrupted, error free or free of viruses or bugs. OneAffiniti accepts no responsibility or liability for any loss or damage that You may incur, including any damage to software or hardware, delivery failures, system malfunction, or loss of Subscriber Lists, arising from Your access to or use of the Services.
    3. OneAffiniti accepts no responsibility or liability for any claims made by You, successful or otherwise, under a Sponsor’s Marketing Development Funds arrangement (“MDF”). You are solely responsible for meeting Your obligations under a Sponsor’s MDF, including but not limited to providing proof of performance requirements as required by the Sponsor.
    4. OneAffiniti excludes, to the maximum extent permitted by Law, all direct and indirect liability or consequential loss or damage, or any loss of profit, revenue, business or goodwill that may arise as a result of Your access to or use of the Services however arising under any theory of liability, including negligence.
    5. Nothing in the Agreement excludes or limits OneAffiniti’s liability that may not be lawfully excluded or limited by applicable Law. Accordingly, only the limitations that are lawful in Your jurisdiction apply to You and OneAffiniti’s liability is limited to the maximum extent permitted by Law.
    6. OneAffiniti excludes, to the maximum extent permitted by Law all implied rights, remedies, guarantees, conditions and warranties of or in favour of You or a third party in respect of goods and services related to Your use of the Services and in particular, if any term, condition or warranty is implied into the Agreement and cannot be excluded, then warranty will be limited to, at OneAffiniti’s option, to:
      1. in the case of goods, any one or more of the replacement of the goods or the supply of equivalent goods or the payment of the cost of replacing the goods or of acquiring equivalent goods; and
      2. in the case of services, the supplying of the services again (directly or indirectly) or the payment of the cost of having the services supplied again.
    7. OneAffiniti limits its aggregate liability, whether in contract, tort (including negligence), under any Law or otherwise, under or in connection with the Agreement and the Services to $500.
  16. Indemnity
    1. You agree to unconditionally indemnify and keep indemnified OneAffiniti and its related bodies corporate, affiliates, employees, agents and representatives against any claims, damages, loss, demands, costs or expenses, or liabilities of any nature arising out of or in connection with Your breach of the Agreement or Your access to and use of Services, including:
      1. breach of any applicable Laws or industry codes of practice by You, including relating to Your provision of financial services where applicable, breach of the Privacy Laws, the Anti-Spam Laws or the Outbound Calling Laws;
      2. Personal Information provided by You to OneAffiniti under or in connection with the Agreement;
      3. claims by any third parties, or actions by any regulator, attorney general or government agencies or bodies in connection with:
        1. their use of and reliance on any of the Services; and
        2. in connection with the collection, use or disclosure of the Subscriber Lists or any Personal Information included in such Subscriber Lists.
  17. Termination
    1. Either party may terminate the Agreement at any time by giving the other party 14 days’ notice in writing. In the event of termination by OneAffiniti under this clause only, OneAffiniti will provide a refund of any Fees and Charges already paid by You for which the Services will not be provided but OneAffiniti is not obliged to provide a refund of any Fees and Charges in respect of Services it has provided to You.
    2. OneAffiniti may terminate the Agreement or suspend Your access to or use of the Services, immediately upon the provision of written notice to You, if:
      1. You have breached any provision of the Agreement and that breach is not capable of being remedied or is not remedied within 14 days of OneAffiniti notifying You of that breach;
      2. You suffer any form of Insolvency (to the extent we are permitted by law);
      3. Your access to and use of the Services ceases for any reason to be funded by a Sponsor or You no longer wish to pay for the Services;
      4. You remove all Subscriber Lists from the Services and do not log into Your Account for more than 3 months;
      5. You cease to hold the relevant licence, authorisation, consent, approval or permit required to perform Your obligations under the Agreement;
      6. Any Fees and Charges are unpaid; or
      7. OneAffiniti reasonably believes that suspending or terminating Your use of the Services is necessary for security reasons, to preserve the proper continued operations of the Services or where Your actions may cause legal liability for OneAffiniti or any other persons.
    3. You may terminate the Agreement immediately upon the provision of written notice to OneAffiniti if OneAffiniti has breached any provision of the Agreement and that breach is not remedied within 14 days of You notifying OneAffiniti of that breach.
    4. Subject to clause 17.1, OneAffiniti will not be obliged to provide any refund or credit for any Fees and Charges paid prior to the termination of the Agreement.
    5. Termination of the Agreement is without prejudice to any rights and obligations of the parties accrued up to and including the date of termination. On termination of the Agreement:
      1. all rights and licences granted to You will terminate immediately;
      2. You must immediately cease to access and use the Services;
      3. You will return all property of OneAffiniti which may have been provided during the Term within five (5) days of notice being issued by OneAffiniti; and
      4. You will remain liable for any accrued Fees and Charges which become due for payment before or after termination.
    6. Rights and obligations that are not specifically limited to the period of the Agreement will continue despite the ending of the Agreement, including the provisions in clause 10 (Intellectual Property Rights and clause 10 (Confidential Information).
  18. Force Majeure
    1. A party will not be liable for any failure or delay in the performance of its obligations under the Agreement if that failure or delay is due to circumstances beyond that party’s control (“Force Majeure”). Any party who is, by reason of Force Majeure, unable to perform any obligation or condition under the Agreement must notify the other party as soon as possible specifying:
      1. the cause and extent of such non-performance;
      2. the date of commencement of non-performance; and
      3. the means proposed to be adopted to remedy or abate the Force Majeure.
    2. A party who is, by reason of Force Majeure, unable to perform any obligation or condition under the Agreement must:
      1. use all commercially reasonable endeavours to remedy or abate the Force Majeure as quickly as possible;
      2. resume performance as quickly as possible after cessation of the Force Majeure; and
      3. notify the other party when the Force Majeure has terminated or abated to an extent which permits resumption of performance to occur.
    3. Subject to any other termination provisions a non-performance by either of the parties of any obligation or condition under the Agreement will be excused during the time and to the extent that such performance is prevented, wholly or in part, by an event of Force Majeure of which notice has been given under clause 18.1.
    4. The period of time during which performance of any obligation or condition is prevented by Force Majeure will be added to the time provided in the Agreement for performance of that obligation or condition and to the time required for the performance of any act dependent on that obligation or condition.
  19. General
    1. In relation to the subject matter of the Agreement, the Agreement is the whole agreement between the parties and supersedes all oral and written communications by or on behalf of any of the parties.
    2. If there is any inconsistency between any of the documents that comprise the Agreement, the order of priority for the purposes of construction is as follows (where the provisions of the Registration Form prevail over the other documents to the extent of the inconsistency, and so on):
      1. Registration Form;
      2. these T&Cs and the Schedule;
      3. any other document references or comprised in the These T&Cs.
    3. Notices may be given by email. You agree that OneAffiniti may give notice by sending an email to the address provided by You in the Registration Form or as later notified by You. You are responsible for ensuring the email address You have provided to OneAffiniti is a current and monitored email account. You may send notices to OneAffiniti at notices@oneaffiniti.com.
    4. A party’s failure or delay to exercise a power or right does not operate as a waiver of that power or right. The exercise of a power or right does not preclude its future exercise or the exercise of any other power or right. The waiver of a provision of the Agreement or a party’s consent to a departure from a provision by another party will be ineffective unless in writing executed by the parties.
    5. You may not assign or transfer any rights to any other person without OneAffiniti’s prior written consent.
    6. Nothing in the Agreement merges, extinguishes, postpones, lessens or otherwise prejudicially affect any rights, power or remedy that a party may have against another party or any other person at any time.
    7. Nothing in the Agreement creates a relationship of partnership, joint venture, agency or employment between the parties.
    8. If a part of the Agreement is found by a court of competent jurisdiction to be illegal, void, or unenforceable, that part is taken to be deleted from the Agreement and will not affect the enforceability of the remaining provisions, unless the deletion would change what OneAffiniti intends to be the effect of the Agreement.
    9. This Agreement together with any dispute or claim arising out of or in connection with this Agreement or its subject matter or formation will be governed by and interpreted in accordance with the law of the country, state or territory in which the OneAffiniti entity executing this Agreement is located. For Finnigan Investments (Australia) Pty Limited (Australia, New Zealand and Singapore) this shall be New South Wales, Australia Law and the Agreement will be subject to the non-exclusive jurisdiction of the Courts of Australia. For OneAffiniti Limited (UK and European Economic Area) this shall be English law and the Agreement will be subject to the non-exclusive jurisdiction of the English Courts. For OneAffiniti LLC (US and Canada) this shall be the laws of the state of Texas, United States and the Agreement will be subject to the non-exclusive jurisdiction of the courts located in Austin, Travis County, Texas, USA.
    10. In entering into the Agreement, each party has not relied on any warranty or representation (whether oral or written) in relation to the subject matter of the Agreement made by any person and has relied entirely on its own enquiries in relation to the subject matter of the Agreement. This clause does not apply to warranties and representations that the Agreement expressly sets out.
    11. Where the Agreement gives any party a right or power to consent or approve in relation to a matter under the Agreement, unless otherwise set out in the Agreement, that party may withhold any consent or approval or give consent or approval conditionally or unconditionally. The party seeking consent or approval must comply with any conditions the other party imposes on its consent or approval.
  20. Dispute Resolution
    1. If a dispute arises out of or relates to the Agreement, or the breach, termination, validity or subject matter thereof, the parties agree, following the process set out below, to endeavour in good faith to settle the dispute by negotiation between the parties, and where such negotiation fails then mediation in accordance with the Resolution Institute, ACN 008 651 232 Mediation Rules before having recourse to arbitration or litigation.
      1. a party claiming that a dispute has arisen, must give written notice to the other party specifying the nature of the dispute.
      2. on receipt of the notice specified in clause 19.1(a), the parties must within seven (7) days of receipt of the notice seek to resolve the dispute by a meeting between the CEO or managing director or equivalent of the parties, or their respective nominees.
      3. if the dispute is not resolved within seven (7) days or such further period as the parties agree then the dispute is to be referred to the Resolution Institute, ACN 008 651 232 for mediation.
      4. the mediation is to be conducted in accordance with the Resolution Institute Mediation Rules as amended from time and time by the Resolution Institute and which are available from the Resolution Institute which set out the procedures to be adopted, the process of selection of the mediator and the costs involved and which terms are deemed incorporated into the Agreement.
    2. This clause will not preclude either party from seeking injunctions or other interim measures in any court of competent jurisdiction, subject to clause 19.9.
    3. The parties agree to keep any mediation arising out of the Agreement including the subject matter of the mediation and the evidence heard during the mediation, confidential.
    4. The parties agree to conduct the mediation in a convenient location to be agreed. In the absence of agreement by the parties, the location of the mediation will be Sydney NSW, Australia.
    5. Despite the existence of a dispute, the parties must continue to perform all their respective obligations under the Agreement.
  21. Definitions
    1. Definitions
      In the Agreement, unless the context otherwise requires:

      1. Account” means an online account made available to You by OneAffiniti to enable You to access and use the Services;
      2. Anti-Spam Laws” means all applicable Laws in relevant jurisdictions regulating the transmission of electronic messages;
      3. Confidential Information” means all trade secrets, ideas, know-how, concepts, methods of working, management, operations, procedures, financial and business information whether in writing or otherwise relating to the parties, but does not include information that is in the public domain for reasons other than unauthorised disclosure;
      4. Data Controller” means the entity which determines the purposes and means of the Processing of Personal Information or any other meaning given to that term or any similar term in any applicable Privacy Laws, including the term “responsible party”;
      5. Data Processor” means the entity which processes Personal Information on behalf of the Data Controller or any other meaning given to that term or any similar term in any applicable Privacy Laws;
      6. Data Subject” means an identified or identifiable natural person or any other meaning given to that term or any similar term in any applicable Privacy Laws and includes Subscribers;
      7. Derived Data” has the meaning set out in clause 6.2;
      8. Effective Date” means the earlier of the date You submit a valid and complete Registration Form requesting Services from OneAffiniti or the date You commence using the Services;
      9. Fees and Charges” means the Subscription Fee and any other applicable fees and charges payable by You to OneAffiniti from time to time for the Services;
      10. Insolvency” means You are, or are at the risk of being unable to pay Your debts as they become due, and includes any form of bankruptcy or administration;
      11. Intellectual Property Rights” means all existing and future property, rights, title and interests (both legal and beneficial) in intellectual property throughout the world, including property, rights, title and interests in relation to any copyright, patents, inventions, designs, trademarks, domain names, trade secrets, know-how, and all other intellectual property as defined in Article 2 of the convention establishing the World Intellectual Property Organisation 1967 (whether registered or unregistered), and any application or right to apply for registration of any of those property, rights, title and interests;
      12. Laws” means any and all applicable laws, regulations, statutes, directives and/or legally binding rules, orders and other requirements of any international, federal, state, provincial or local governmental authority (and any amendments or successors thereto). Where relevant to Your obligations, when assessing “applicability”, You will take into account the Laws relating to both the jurisdiction where You are using the Services and the jurisdiction where Your Subscriber resides;
      13. Lead Generation” means the generation of marketing leads, including through the purchase of leads from third party suppliers and/or the generation of leads by OneAffiniti;
      14. Lead Qualification” means contact, which may be by email or phone, with Your Subscriber in relation to a good or service contained in the Marketing Materials or Linked Pages, to determine whether the Subscriber is likely to follow through with any sales or transactions of goods or services;
      15. Linked Pages” means any webpages produced by OneAffiniti as part of the Services that may be linked in the Marketing Material;
      16. Marketing Material” means marketing material produced by OneAffiniti as part of the Services, which may include content, information, display advertising, promotions, coupons, links to Linked Pages, Sponsor Content and other Third Party Content;
      17. OneAffiniti (also we, us, our)” means the OneAffiniti entity in the territory where You are located. If You are in Australia, New Zealand or Singapore, this is Finnigan Investments (Australia) Pty Limited ABN 70 155 747 765, of Suite 1007, Level 10, 109 Pitt Street, Sydney New South Wales, Australia. If You are in the United Kingdom or the European Economic Area, this is OneAffiniti Limited of Herschel House, 58 Herschel Street, Slough SL1 1PG, United Kingdom. If You are in Canada or the USA, this is OneAffiniti, LLC, a Delaware, USA limited liability company.
      18. Outbound Calling Laws” means all applicable Laws in relevant jurisdictions regulating outbound telemarketing calls;
      19. Permitted Recipients”: The parties to this Agreement, the employees of each party, any third parties engaged to perform obligations in connection with this Agreement, which in the instance of OneAffiniti, will mean, without limitation, all those third parties set out in clause 5.8.
      20. Personal Information” means any information relating to an identified or identifiable natural person (an identifiable natural person being someone who can be identified directly or indirectly by reference to unique identifiers or other personal factors) or any other meaning given to that term or any similar term in any applicable Privacy Laws;
      21. Privacy Laws” means any and all applicable laws, regulations, statutes, directives and/or legally binding rules, orders and other requirements of any international, federal, state, provincial or local governmental authority (and any amendments or successors thereto) relating to the processing of personal data/information, data protection and/or privacy to which a party to the Agreement is subject and which are applicable to the Services. Where relevant to Your obligations, when assessing “applicability”, You will take into account the Privacy Laws relating to both the jurisdiction where You are using the Services and the jurisdiction where Your Subscriber resides;
      22. Processing” and its derivatives includes any operation or set of operations which is performed on Personal Information or on sets of Personal Information, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, or any other meaning given to that term or any similar term in any applicable Privacy Laws;
      23. Registration Form” means any form, including an electronic form, You complete in requesting Services from OneAffiniti, together with the information provided in them and any variations to the Registration Form agreed by OneAffiniti. All Registration Forms are taken to incorporate and will be subject to and governed by these T&Cs;
      24. Site” means a website owned and operated by OneAffiniti, including oneaffiniti.com;
      25. Sponsor” means any entity that engages OneAffiniti to include their content or links into the Marketing Material or Linked Pages delivered by OneAffiniti on Your behalf as part of the Services;
      26. Sponsor Content” means content, information or links that promote Sponsor products or services;
      27. Services” means any services that You are provided with by OneAffiniti under this Agreement, including the development and provision of Marketing Materials and Linked Pages; the digital marketing and analytics services provided as software available as a service via a Site for delivery of Marketing Materials on Your behalf; the provision of insights about Subscribers; the conduct of Lead Qualification (if selected); the conduct of Lead Generation (if selected); and other services made available by OneAffiniti, accessible via a Site, or OneAffiniti’s third party service providers;
      28. Subscriber” means an individual about whom You Process Personal Information and to whom You send Marketing Material, or otherwise engage or communicate with via the Services;
      29. Subscriber Lists” means the lists of Subscribers You upload to the Site, provide to OneAffiniti, or make available to OneAffiniti to receive Marketing Materials, but does not include any Derived Data;
      30. Subscription Fee” means if applicable, the monthly fee payable by You in advance to OneAffiniti for Your access to and use of the Services;
      31. Term” means the period as defined in clause 2 of these T&Cs and includes any renewed Terms;
      32. Third Party Content” means content, information, data, text, graphics, images, videos, audio, links, advertising, or other materials incorporated into the Services, Marketing Material, Linked Pages or Sites that are not owned by OneAffiniti or are Sponsor Content;
      33. You” or “Your” means the entity entering into the Agreement, as identified on the Registration Form.
    2. Interpretation
      In the Agreement unless the context otherwise requires:

      1. words importing the singular include the plural and vice versa;
      2. words importing a gender include every gender;
      3. a reference to a party, clause, schedule or appendix is a reference to a party and appendix to and a clause and schedule of the Agreement and a reference to the Agreement includes any schedule and appendix;
      4. an expression importing a natural person includes a body corporate, partnership, joint venture, association or other legal entity;
      5. a reference to a party to a document includes that party’s legal personal representatives, successors and permitted assigns;
      6. a covenant or agreement on the part of or for the benefit of two or more persons binds or benefits them jointly and severally;
      7. a reference to any statute or regulation includes all statutes and regulations amending, consolidating or replacing them and reference to a statute includes all regulations, proclamations, ordinances and by-laws issued under that statute;
      8. a reference to a document includes an amendment or supplement to, or replacement of, that document; and
      9. no rule of construction applies to the disadvantage of a party because that party was responsible for the preparation of the Agreement.

Effective: 9 August 2021

Schedule 1 – Data Protection

The obligations in this Schedule apply only when OneAffiniti is Processing Personal Information as a Data Processor on Your behalf (as the Data Controller) in connection with the provision of the Services.

This Schedule does not apply to any Processing of Personal Information carried out by OneAffiniti acting as a Data Controller.

  1. Instructions: OneAffiniti will only Process the Personal Information in accordance with Your instructions and the Description of Processing (set out in paragraph 2 below), including with regard to transfers of personal data to third countries. You instruct us to Process the Personal Information to provide the Services and as otherwise permitted in the Agreement. The Agreement comprises Your complete instructions to us regarding the Processing of the Personal Information. Any additional or alternate instructions must be agreed between the parties in writing, including the costs (if any) associated with complying with such instructions. OneAffiniti is not responsible for determining if Your instructions are compliant with applicable Law, however, if we are of the opinion that any of Your instructions infringe applicable Laws, we will notify You as soon as reasonably practicable and we will not be required to comply with such infringing instruction.
  2. Description of Processing
    Purpose for the processingPersonal Information will be processed by OneAffiniti for the purpose of providing Services.
    DurationPersonal Information will be processed in accordance with OneAffiniti’s retention policy and the terms of the Agreement.
    Nature of the processingThe Processing may involve any operation(s) performed on the Personal Information, whether or not by automated means, including the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
    Type of personal dataThe provision of the Services may involve the Processing of Personal Information comprised within Subscriber Lists, including:

    • contact details (e.g. name, email address, telephone number)
    • employment details (e.g. job title, company)
    Categories of data subjectsThe provision of Services may involve the Processing of Personal Information about Subscribers and marketing prospects provided by You to OneAffiniti in connection with the Services (if any).
  3. Confidentiality and disclosures: OneAffiniti will ensure that persons authorised by us to Process the Personal Information have committed themselves to appropriate obligations of confidentiality. We will only disclose the Personal Information to third parties (including our affiliates and subprocessors) for the purpose of:
    1. complying with Your instructions;
    2. as required in connection with the Services and as permitted by the Agreement; and
    3. as required to comply with Privacy Laws, or an order of any court, tribunal, regulator or government agency with competent jurisdiction to which OneAffiniti, its affiliates and/or subprocessors is subject. OneAffiniti will (to the extent permitted by Law) inform You in advance of any disclosure of the Personal Information and will reasonably co-operate with You to limit the scope of such disclosure to what is legally required.
  4. Data subject rights: OneAffiniti will, as required in connection with the Services and to the extent reasonably practicable, assist You to respond to requests from Data Subjects exercising their rights under Privacy Laws in respect of the Personal Information (including the right of access, rectification, erasure or objection to Processing). We reserve the right to charge You for providing such assistance if the cost of assisting You exceeds a nominal amount. We will notify You as soon as practicable of any request we receive from Data Subjects relating to the exercise of their rights under applicable Privacy Laws during the term of this Agreement (to the extent such request relates to the Personal Information).
  5. Security measures: Taking into account industry standards, the costs of implementation, the nature, scope, context and purposes of the Processing and any other relevant circumstances relating to the Processing of the Personal Information, OneAffiniti will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including as appropriate, the use of encryption; the ability ensure the confidentiality, integrity, availability and resilience of processing systems; the ability to restore access to Personal Information in the event of an incident; and a process for testing and assessing the effectiveness of security measures. These technical and organisational measures will include, as a minimum, those set out in Schedule 2.
    In assessing the appropriate level of security, OneAffiniti will take account of the risks that are presented by the Processing of the Personal Information, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Personal Information transmitted, stored or otherwise processed.
  6. Subprocessing: You consent to OneAffiniti engaging and using subprocessors (which may be other affiliates or third parties, and includes the subprocessors listed at https://www.oneaffiniti.com/legal/subprocessors/, where required in connection with this Agreement PROVIDED that :
    1. OneAffiniti or the relevant affiliate puts in place a contract in writing with the subprocessor(s) that imposes data protection obligations that are materially similar to those set out in this Schedule 1; and
    2. OneAffiniti remains responsible to You for the performance of a subprocessor’s data protection obligations in respect of Your Personal Information.

    We will inform You (by any reasonable means which may include posting a notice online or notifying You by email) if we intend to add or replace a subprocessor and give You an opportunity to object on reasonable, objective and substantive grounds that are based on data protection concerns and are notified to us within 14 days of the change being notified to You. We will work together in good faith to try to resolve the objection and if we cannot resolve it, then the matter will be handled in accordance with the dispute resolution provision in the Agreement.

  7. Data Incidents: OneAffiniti will notify You without undue delay after becoming aware of a breach of its security provisions set out in this Schedule (Data Protection) that has resulted in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to the Personal Information processed by OneAffiniti in connection with the Services (“Data Incident”). OneAffiniti will provide You with any available and relevant information regarding the Data Incident and will take such measures as OneAffiniti considers reasonable and appropriate to mitigate and/or remediate the Data Incident. The parties agree to reasonably cooperate with each other in respect of the investigation and remediation of the Data Incident. Partner agrees to take such measures as are reasonable to mitigate its costs and expenses (if any) in relation to the Data Incident.
  8. Reasonable assistance: Taking into account the nature of the Processing and the information available to OneAffiniti, we will provide You with reasonable assistance in ensuring compliance with any legal obligation You may have to carry out data protection impact assessments and/or consult with data protection supervisory authorities prior to Processing the Personal Information. OneAffiniti reserves the right to charge You a reasonable fee for the provision of assistance under this paragraph.
  9. Deletion/return: At Your choice, OneAffiniti will (as soon as practicable) delete or return to You the Personal Information after the end of the provision of the Services and delete any copies, unless applicable Law requires us to store the Personal Information.
  10. Information to demonstrate compliance: OneAffiniti will, upon reasonable prior written request from You (such request not to be made more frequently than once in any twelve month period), make available to You such information as is necessary to demonstrate OneAffiniti’s compliance with its obligations under this Schedule.
  11. Audit: If You reasonably consider that the information provided under paragraph 10 above is not sufficient to demonstrate OneAffiniti’s compliance, You (or another person mandated by You) may audit or inspect our relevant processing activities in order to ascertain our compliance. Your right to audit or inspect is subject to the following conditions:
    1. You will give us reasonable prior written notice of any audit or inspection of at least thirty (30) days (unless a shorter period is required by Privacy Laws or an order of a supervisory authority);
    2. audits or inspections will not be carried out more frequently than once in any twelve month period (unless required by applicable Privacy Laws or an order of a supervisory authority);
    3. You will carry out the audit or inspection during normal business hours without creating a business interruption to OneAffiniti;
    4. where the audit or inspection is carried out by a third party on Your behalf, such third party will be bound by similar obligations to those set out in the Agreement regarding confidentiality and is not a direct competitor of OneAffiniti. We reserve the right to require any such third party to execute a confidentiality agreement directly with us prior to the commencement of an audit or inspection; and
    5. except where the audit or inspection discloses a failure on our part to comply with our material obligations under this Schedule 1, You will pay all reasonable costs, charges and expenses incurred by OneAffiniti in complying with this Schedule 1.
  12. International transfers: You agree that, in connection with the provision of the Services, or in the normal course of business, OneAffiniti may make international transfers of Personal Information to its affiliates and subsidiaries and in such cases the provisions of clause 12.2 of the Agreement will apply.
    If applicable Privacy Laws impose different or additional obligations on the parties in respect of their roles as Data Controller and Data Processor, such applicable Privacy Laws shall prevail over any conflicting or incompatible obligations set out in this Schedule.

Effective: 9 August 2021

Schedule 2 – Security Measures

The obligations in this Schedule apply only when OneAffiniti is Processing Personal Information as a Data Processor on Your behalf (as the Data Controller) in connection with the provision of the Services.

This Schedule does not apply to any Processing of Personal Information carried out by OneAffiniti acting as a Data Controller.

Technical and Organization Measures. OneAffiniti has implemented and will maintain appropriate technical and organisation measures, internal controls and information security practices that are designed to safeguard data Processed by OneAffiniti under the Agreement, against accidental loss, destruction, or alteration; unauthorised disclosure or access; or unlawful destruction as follows:

Employee Screening, Training and Security

  1. Personnel. OneAffiniti takes reasonable steps to ensure its personnel have adequate skills, experience and training in the care and handling of Personal Information when providing the Services.
  2. Background checks. OneAffiniti conducts reasonable and appropriate background investigations on all personnel in accordance with applicable laws and regulations.
  3. Training. OneAffiniti’s compliance training program includes a requirement for employees and contractors to complete data protection training upon joining the organisation, as well as mandatory bi-annual data protection and privacy awareness training. This includes passing an annual assessment. The data protection training includes topics such as security awareness, data incident management and may also include materials specific to certain job functions.
  4. Confidentiality. OneAffiniti ensures its employees are obligated to maintain and protect the confidentiality of any Personal Information they handle pursuant to this Agreement.

Physical and Environmental Security

  1. Facility access. OneAffiniti ensures office areas where Personal Information may be Processed have physical entry controls.
  2. Data centers. OneAffiniti uses public cloud service providers e.g. Amazon Web Services (AWS) and Google Cloud Platform as sub processors when providing the Services. The public cloud services providers meet SOC 2 and ISO27001 compliance requirements.
  3. Physical controls. OneAffiniti has adopted a clear desk policy that requires no Personal Information be left unattended and requires personnel to lock their computer screen when away from desks. All print media that contains Personal Information is securely destroyed (e.g. by incineration or shredding) in accordance with our retention policy. All Personal Information held on hardware and exchangeable media must be securely destroyed before disposing of an old device. OneAffiniti ensures through regular training that personnel do not copy or transfer Personal Information onto any PC hard-drive, laptop, handheld device, exchangeable media or other technology.
  4. Subprocessors. OneAffiniti has established a third party compliance program that incorporates security in the evaluation of a vendor or subprocessor as well as ensuring the confidentiality, integrity and availability of data. OneAffiniti maintains contractual relationships with vendors in order to provide the Services in accordance with an agreed data protection agreement.

Technical Security

  1. Access control. OneAffiniti maintains a formal access control policy and employs a centralised access management system to control employee and contractor access to systems. Access is provided based on segregation of duties and the principle of least privilege. Access control includes the usage of username and a complex password and multifactor authentication. OneAffiniti adjusts access rights of personnel whenever they assume different responsibilities and revokes all access upon termination of employment or contract.
  2. Data transmission and encryption. OneAffiniti takes all reasonable steps to ensure that all Personal Information (stored in any form and media whether tangible or intangible) that would cause damage or distress to a data subject if lost, stolen or accessed by an unauthorised person, is encrypted, especially when in transit between systems. This includes implementing industry-standard encryption practices in the transmission of personal data (such as Transport Layer Security) and if technically feasible, encrypting personal data at rest and in transit.
  3. Data security protection. Appropriate data security measures are in place, including (without limitation): anti-virus and malware software is installed on information systems, the latest patches and security updates for software used are applied, network protection is provided via firewall with intrusion detection systems in place and logs for critical systems.
  4. Code review. OneAffiniti maintains a formal software development life cycle that includes security coding practices, including code reviews and engineering and product development change management practices.
  5. Data retention. OneAffiniti maintains a data retention and disposal policy.

Incident Response and Breach Notification

  1. Disaster recovery. OneAffiniti has taken steps to ensure the Services can continue to be provided in the event a disaster disrupts the normal mode of operation. Critical systems and services have been identified and a disaster recovery plan has been established. OneAffiniti takes regular back-ups, ensuring that critical systems can be restored with minimal data loss.
  2. Incident response. OneAffiniti has established incident response procedures, allowing for handling of incidents in a timely and controlled manner and in accordance with applicable law and obligations.
[src="'+e+'"]
[src="'+e+'"]
[src="https://app.calconic.com/api/embed/calculator/'+t.data.payload.id+'"]
[src="https://app.calconic.com/api/embed/calculator/'+t.data.payload.id+'"]