By clicking “Okay”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Okay

Standard Terms and Conditions

Background

These Terms and Conditions shall apply to the provision of the services performed by ProspectBase UK Ltd with registered number: 15492457 whose registered office is: Wessex House, Teign Road, Newton Abbot, Devon, TQ12 4AA, UK (“Provider” or “Service Provider”) to you (“Client”).  No other terms and conditions shall apply to the provision of Services unless agreed upon in writing between Provider and the Client.

1. Definitions and Interpretation

1.1 In these Terms and Conditions, unless the context otherwise requires, the following expressions have the following meanings:

“Applicable Laws” means all laws, statutes, regulations, and similar instruments from time to time in force applicable to the Parties, the Services, and to the Contract;

“Business Day” means, any day (other than Saturday or Sunday) on which ordinary banks are open for their full range of normal business in the United Kingdom;

“Client” means the party procuring the Services from the Service Provider under the Contract;

“Client Materials” means any and all information, documents, and other materials provided by the Client to the Service Provider in relation to the provision of the Services;

“Commencement Date” means the date on which the Contract shall enter into effect, as set out in Clause 2 (Basis of Contract);

“Confidential Information” means, in relation to either Party, information which is disclosed to that Party by the other Party pursuant to or in connection with the Contract (whether orally or in writing or any other medium, and whether or not the information is expressly stated to be confidential or marked as such);

“Contract” means the contract entered into by the Service Provider and the Client for the provision of Services in accordance with and on the basis of these Terms and Conditions, any Schedules, relevant documents such as the Data Processing Agreement (“DPA”) mentioned in clause 10.4, and any appropriate Order or Statement of Work (“SOW”) connected with, and/or appended or attached to these Terms and Conditions;

“Data Protection Legislation” means all applicable legislation in force from time to time in the United Kingdom (or other region as appropriate) applicable to data protection and privacy including, but not limited to, the GDPR (EU) 2016/679, the UK GDPR (as defined in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018; the Data Protection Act 2018 (and regulations made thereunder); CCPA (& CPRA revisions), CASL, CAN-SPAM and the Privacy and Electronic Communications Regulations 2003 (“PECR”) as amended;

“Fees” means any and all sums due under the Contract from the Client to the Service Provider in consideration of the Services, as set out in Clause 5 (Fees, Payment, and Records);

“Intellectual Property Rights” means patents, rights to inventions, copyright and related rights, trade marks, business names, domain names, design rights, database rights, rights subsisting in software, rights to use confidential information and the right to protect the same, and any and all other intellectual property rights, whether registered or unregistered, including applications and the right to apply for (and be granted) renewals or extensions of, and rights to claim priority from, any such rights and any and all equivalent rights or other forms of protection subsisting now or in the future anywhere in the world;

“Order” means the Client’s order for the Services as set out on Provider’s order form attached with these T&Cs, or as provided by the Client on a purchase order, insertion order (“IO”) or relevant Statement of Work (“SoW”) in conjunction with these terms and conditions or other terms and conditions as agreed between the Client and Service Provider where applicable;

“Services” means the services to be provided by the Provider to the Client in accordance with the Contract, as fully defined in the Specification;

“Specification” means the full description and specification of the Services as agreed in writing by the Client and the Service Provider.

2. Interpretation in these Terms and Conditions

Headings are for convenience only and shall not affect their interpretation. Words imparting the singular number shall include the plural and vice-versa.

3. Services

3.1 With effect from the commencement date stated in these Terms and Conditions (“T&Cs”) and in consideration of the Fees being paid in accordance with these T&Cs, the Provider shall provide the Services to the Client.

3.2 The Provider shall use reasonable care and skill in its performance of the Services and shall ensure compliance with applicable laws and relevant codes of practice.

3.3 The Provider shall use its best and reasonable endeavours to perform the Services; however, time will not be of the essence in the performance of these obligations.

3.4 The Service Provider shall act in accordance with all reasonable instructions issued by the Client. With regards to such instructions requiring the Provider to process Personal Data (as defined by the UK GDPR), Client acknowledges and accepts that it is the Data Controller and Provider is a Data Processor.

3.5 Provider acknowledges and accepts that by determining how to process Personal Data in accordance with Client’s instructions using its own tools and procedures and processes to perform the Services, it is a Data Controller in this specific capacity fulfilling its obligations to perform the Services as set out in this Contract.

4. Client Obligations

4.1 The Client shall use its best and reasonable endeavours to provide the Provider with access to any, and all relevant information, materials, properties, and other matters which are required to enable the Provider to provide the Services.

4.2 The Client shall use its best and reasonable endeavours to acquire any permissions, consents, licences, or other matters which are required to enable the Provider to provide the Services.

4.3 The Provider shall not be liable for any delay or failure to provide the Services where such delay or failure is due to the Client’s failure to comply with this Clause 4.

4.4 The Client will at all times comply with Applicable Laws, and immediately inform the Provider if it believes, for any reason, it can no longer comply, or has not complied with Applicable Laws

5. Fees

5.1 The fees (“Fees”) for the Services are set out on the Order.

5.2 In addition to the Fees, the Provider shall be entitled to charge the Client interest for late payment of fees at an annual rate of 8%+ base rate.

5.3 The Fees are exclusive of any applicable VAT and other taxes or levies which are imposed or charged by any competent authority.

6. Variation

6.1 If the Client wishes to vary any details of the Services it must notify the Provider in writing as soon as possible.  The Provider shall endeavour to make any required changes the Client agrees to pay any additional fees related to its request. Provider may accept variation requests at its sole discretion.

6.2 If, due to circumstances beyond its control, the Provider has to make any change in the Services or the arrangements relating to the provision thereof, it shall notify the Client immediately.  The Provider shall endeavour to keep any such changes to a minimum and shall seek to offer the Client arrangements as close to the original as is reasonably possible in the circumstances.

7. Payment

7.1 The Provider shall invoice the Client for the Fees each month in arrears for the provision of the Services rendered;

7.2 The Client shall pay the Fees due within 30 days of the date of the Provider’s invoice.

7.3 Time for payment shall be of the essence of the Contract between the Provider and the Client.

7.4 If the Client fails to make payment within the period in sub-Clause 7.2, the Provider shall have the right to suspend any further provision of the Services until the balance due has been paid in full. The Provider may also cancel any future services which may have been ordered by, or otherwise arranged with, the Client if (a) the client has not paid all outstanding fees in full within 60 days of the date of the oldest invoice, or (b) the Client fails to make future payments on time and in full.

7.6 All payments must be made in £ GBP Sterling unless otherwise specified on an appropriate Order or as agreed in writing between the Provider and the Client.

8. Confidentiality

8.1 Each Party undertakes that, except as provided by sub-Clause 8.2 or as authorised in writing by the other Party (such authorisation not to be unreasonably withheld), it shall, at all times during the term of the Contract and for a minimum of three (3) years after its termination or expiry:

a) keep confidential all Confidential Information;

b) not disclose any Confidential Information to any other party;

c) not use any Confidential Information for any purpose other than as contemplated by the Contract; and

d) ensure that (as applicable) none of its employees, directors, officers, agents, or sub-contractors does any act which, if done by that Party, would be a breach of the provisions of this Clause 8.

8.2 Subject to sub-Clause 8.3, either Party may disclose any Confidential Information to:

a) any sub-contractors, substitutes, or suppliers;

b) any governmental or other authority or regulatory body; or

c) any employee or officer of that Party or of any of the aforementioned persons, parties, or bodies.

8.3 Disclosure under sub-Clause 8.2 may be made only to the extent that it is necessary for the purposes contemplated by the Contract, or as required by law. In each case, the disclosing Party must first inform the recipient that the Confidential Information is confidential. Unless the recipient is a body described in sub-Clause 8.2(b) or is an authorised employee or officer of such a body, the Party disclosing the Confidential Information under sub-Clause 8.2 must obtain and submit to the other Party a written undertaking from the recipient to keep the Confidential Information confidential and to use it only for the purposes for which the disclosure is made.

8.4 Either Party may use any Confidential for any purpose, or disclose it to any other party, where that Confidential Information is or becomes public knowledge through no fault of that Party.

8.5 When using or disclosing Confidential Information under sub-Clause 8.4, the Party using or disclosing that Confidential Information must ensure that it does not use or disclose any part of that Confidential Information which is not public knowledge.

8.6 The provisions of this Clause 8 shall continue in force in accordance with their terms, notwithstanding the termination or expiry of the Contract for any reason.

9. Termination

9.1 Either party may terminate this Contract for convenience by providing the other party with at least thirty (30) days' written notice.

9.3 Either Party may terminate the provision of the Services immediately if:

a) a material breach is committed by either party of its obligations under these T&Cs; or

b) a party becomes the subject of a bankruptcy order or takes advantage of any other statutory provision for the relief of insolvent debtors.

c) a party enters into a voluntary arrangement under Part 1 of the Insolvency Act 1986, or any other scheme or arrangement is made with its creditors; or

d) a party convenes any meeting of its creditors, enters into voluntary or compulsory liquidation, has a receiver, manager, administrator or administrative receiver appointed in respect of its assets or undertakings or any part thereof, any documents are filed with the court for the appointment of an administrator in respect of the filing party, notice of intention to appoint an administrator is given by notifying party or any of its directors or by a qualifying floating charge holder (as defined in para. 14 of Schedule B1 of the Insolvency Act 1986), a resolution is passed, or petition presented to any court for the winding up of either party or for the granting of an administration order in respect of either party, or any proceedings are commenced relating to the insolvency or possible insolvency of either party.

10. Data Protection and Intellectual Property

In this Clause 10, the terms “personal data”, “processing”, “data subject”, “controller”, “processor”, and “personal data breach” shall have the meanings defined in Article 4 of the UK GDPR, and the terms “Data Processor” and “Data Controller” shall have the same meanings as “processor” and “controller” respectively. The term “domestic law” means the law of the United Kingdom or a part thereof.

10.2 The Parties shall both comply with all applicable data protection requirements set out in the Data Protection Legislation. This Clause 10 shall not relieve either Party of any obligations set out in the Data Protection Legislation and does not remove or replace any of those obligations.

10.3 For the purposes of the Data Protection Legislation and for this Clause 10, the Client shall be the “Data Controller”, and the Service Provider shall be the “Data Processor”, and as also defined in sub-Clause 3.5.

10.4 The scope, nature, and purpose of the processing; the duration of the processing; the type(s) of personal data; and the category or categories of data subject shall be set out in Schedule 2.

10.5 Both Data Controller and Data Processor shall (without prejudice to the generality of sub-Clause 10.2) ensure all necessary consents and notices required are in place to enable the lawful transfer and receipt of personal data to and from one another, and for the lawful processing of personal data by the Data Processor for the purposes described in Schedule 1 and for its provision of Services under this Contract.

10.6 The Data Processor shall (without prejudice to the generality of sub-Clause 10.2), with respect to any personal data processed by it in relation to its performance of any of its obligations under the Contract:

a) process the personal data only on the written documented instructions of the Data Controller unless the Data Processor is otherwise required to process such personal data by domestic law. The Data Processor shall promptly notify the Data Controller before carrying out such processing unless it is prohibited from doing so by that law;

b) ensure that it has in place appropriate technical and organisational measures to protect the personal data from unauthorised or unlawful processing, accidental loss, damage, or destruction. Such measures shall be appropriate and proportionate to the potential harm resulting from such events and to the nature, scope, and context of the personal data and processing involved, considering the current state of the art in technology and the cost of implementing those measures.

c) ensure that any and all persons with access to the personal data (whether for processing purposes or otherwise) are contractually obliged to keep that personal data confidential;

d) not transfer any personal data outside of the UK without the prior written consent of the Data Controller (such consent to be freely provided upon entering into a Contract with Provider) and only if the following conditions are satisfied:

i. the Data Controller and/or the Data Processor has/have provided appropriate safeguards for the transfer of personal data;

ii. affected data subjects have enforceable rights and effective legal remedies;

iii. the Data Processor complies with its obligations under the Data Protection Legislation, providing an adequate level of protection to any and all personal data so transferred; and

iv. the Data Processor complies with all reasonable instructions given in advance by the Data Controller with respect to the processing of the personal data;

e) assist the Data Controller, at the Data Controller’s cost, in responding to any and all requests from data subjects and in ensuring its compliance with the Data Protection Legislation with respect to impact assessments, security, breach notifications, and consultations with supervisory authorities or other applicable regulatory authorities (including, but not limited to, the Information Commissioner’s Office);

f) notify the Data Controller without undue delay of any personal data breach of which it becomes aware;

g) on the Data Controller’s written instruction, delete (or otherwise dispose of) or return all personal data and any and all copies thereof to the Data Controller on termination or expiry of the Contract unless it is required to retain any of the personal data by domestic law;

h) maintain complete and accurate records of all processing activities and technical and organisational measures implemented necessary to demonstrate compliance with this Clause 10 and to allow for audits, including inspections, by the Data Controller and/or any reasonable party designated by the Data Controller. The Data Processor shall inform the Data Controller immediately if, in its opinion, any instruction infringes the Data Protection Legislation.

10.7 The Data Processor shall not sub-contract any of its obligations with respect to the processing of personal data under this Clause 10 to another processor without the prior written consent of the Data Controller (such consent not to be unreasonably withheld. In the event that the Data Processor appoints another processor, the Data Processor shall:

a) enter into a written contract with the other processor, which shall impose upon that other processor substantially the same obligations as are imposed upon the Data Processor by this Clause 10, which the Data Processor shall ensure shall reflect the requirements of the Data Protection Legislation at all times;

b) ensure that the other processor complies fully with its obligations under that agreement and the Data Protection Legislation; and

c) remain fully liable to the Data Controller for the performance of that other processor’s obligations and the acts or omissions thereof.

10.8 The Provider reserves all copyright and any other intellectual property rights (if any) which may subsist in the products of, or in connection with, the provision of the Services.  The Provider reserves the right to take such action as may be appropriate to restrain or prevent the infringement of such intellectual property rights.

11. Liability and Indemnity

11.1 The Provider will not by reason of any representation, implied warranty, condition or other term, or any duty at common law or under these T&Cs, be liable for any loss of profit or any indirect, special or consequential loss, damage, costs, expenses or other claims (whether caused by the Provider’s employees, agents or otherwise) in connection with its provision of the Services or the performance of any of its other obligations under these T&Cs or Contract or with the use by the Client of the Services supplied.

11.2 Nothing in the Contract shall limit or exclude either Party’s liability under or in relation to the Contract for any form of liability which cannot be limited or excluded by law (without prejudice to the generality of sub-Clause 11.1) including, but not limited to:

a) death or personal injury caused by negligence;

b) fraud or fraudulent misrepresentation;

c) for the wilful misconduct of either that Party or that of its employees or agents

11.3 The Provider shall not be liable to the Client or be deemed to be in breach of these T&Cs for any delay in performing, or any failure to perform, any of the Provider’s obligations if such delay or failure is due to any cause beyond the Provider’s reasonable control.

11.4 Subject to sub-Clause 11.2 (liabilities which cannot be limited or excluded by law) the total liability of the Service Provider to the Client under or in relation to the Contract for any and all related or unrelated acts or omissions, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall be limited to three (3) times the total value of the contract.

12. Force Majeure

Neither party shall be liable for any failure or delay in performing their obligations where such failure or delay results from any cause that is beyond the reasonable control of that party.  Such causes include, but are not limited to: power failure, Internet Service Provider failure, industrial action, civil unrest, fire, flood, storms, earthquakes, acts of terrorism, acts of war, governmental action or any other event that is beyond the control of the party in question.

13. Communications

13.1 All notices under these T&Cs shall be in writing and signed by, or on behalf of, the party giving notice (or a duly authorised officer of that party).

13.2 Notices shall be deemed to have been duly given:

a) when delivered by courier, other messenger, or registered mail during the normal business hours of the recipient;

b) when sent, if transmitted by fax or email and a successful transmission report or return receipt is generated;

c) on the fifth business day following mailing, if mailed by national ordinary mail; or

d) on the tenth business day following mailing, if mailed by airmail.

13.3 All notices under these T&Cs shall be addressed to the most recent address, email address or fax number notified to the other party.

14. No Waiver

14.1 No waiver by the Provider of any breach of these T&Cs by the Client shall be considered as a waiver of any subsequent breach of the same or any other provision.

14.2 No failure or delay on the part of either the Provider or the Client to exercise any right, power or privilege under these T&Cs shall operate as a waiver of, nor shall any single or partial exercise of any such right, power or privilege preclude any other or further exercise of any other right, power, or privilege.

15. Severance

In the event that one or more of these T&Cs is found to be unlawful, invalid, or otherwise unenforceable, that / those provisions shall be deemed severed from the remainder of these T&Cs (which shall remain valid and enforceable).

16. Law and Jurisdiction

16.1 These T&Cs (including any non-contractual matters and obligations arising therefrom or associated therewith) shall be governed by, and construed in accordance with, the laws of England and Wales.

16.2 Any dispute, controversy, proceedings or claim between the Seller and the Buyer relating to these T&Cs (including any non-contractual matters and obligations arising therefrom or associated therewith) shall fall within the jurisdiction of the courts of England and Wales.

SCHEDULE 1

This Schedule 1 sets out a description of the technical and organisational measures implemented by ProspectBase UK Ltd in accordance with the Applicable Laws.  ProspectBase UK Ltd takes information security and data protection seriously and these measures are designed to safeguard personal data during its processing. These measures ensure the security, confidentiality, integrity, availability and resilience of systems and services involved in the processing of Personal Data.

1. Data Minimisation: Collect and process only the necessary amount of personal data required for providing services. Limit the scope to non-sensitive personal data obtained from publicly available sources.

2. Purpose Limitation: Clearly define and document the purposes for which personal data is processed, ensuring it aligns with the services provided.

3. Data Retention: Establish and adhere to retention periods based on the necessity to provide services. Regularly review and securely dispose of data when it is no longer needed.

4. Data Resilience: Ensure back-up and recovery measures mitigate the potential loss or corruption of data to enable the restoration and availability of access to personal data in a timely manner.

5. Data Security Measures:

a. Implement encryption and pseudonymisation techniques to protect personal data during transmission and storage.

b. Maintain strict access controls (identification, authentication and authorisation) to limit access to personal data to authorised personnel only.

c. Regularly update and patch systems and software to mitigate security vulnerabilities.

d. Conduct regular security audits and risk assessments to identify and address potential security threats.

6. Data Subject Rights:

a. Provide mechanisms for data subjects to exercise their rights, including the right to access, rectification, erasure, and restriction of processing.

b. Designate an individual (or team) responsible for overseeing compliance with data subject rights and GDPR requirements.

7. Contractual Obligations: Ensure that contracts with clients and third-party vendors include GDPR-compliant clauses regarding data processing, security, and confidentiality.

8. Data Transfer Safeguards: Implement appropriate safeguards for international data transfers, such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs), when transferring personal data outside the UK or the EEA.

9. Staff Training: Provide regular training to employees on data protection principles, GDPR requirements, information security, acceptable IT usage and the company's relevant policies and procedures for handling personal data and maintaining a secure environment.

10. Incident Response Plan: Develop and maintain a comprehensive incident response plan to promptly detect, respond to, and report data breaches in accordance with GDPR requirements.

11. Privacy by Design and Default: Integrate privacy considerations into the design and implementation of systems, processes, and services from the outset. Default settings should prioritize the highest level of privacy protection for personal data.

12. Change Management.  Company manages changes to its corporate infrastructure, IT systems and applications using a change management program approved by senior leadership. Testing and business impact analysis occur where appropriate and all relevant software development adheres to the change management process and more broadly, to ensure the effectiveness of technical and organisational measures. Critical changes are approved and implemented by authorised personnel only.

SCHEDULE 2

This Schedule 2 sets out a description of the scope, nature and purpose of processing; the duration of the processing, the type(s) of personal data and the categories of personal data processed by the Service Provider as part of its provision of Services under an appropriate Contract. For clarity, SCC modules ONE and FOUR may be applicable depending on the type of processing. The Service Provider has curated a database of contact information of employees and directors of businesses which it uses in its provision of Services. It is a Data Controller for this purpose. When a Client requests Services which require processing of Personal Data, the instructions it provides dictate the nature, scope and criteria for processing, The Service Provider is a Data Processor when processing Personal Data under such instructions received from any Client, but it is also a Data Controller is it determines which systems and tools to use when processing the Personal Data for its provision of Services.

1. Scope: Only necessary personal data (Business Contact Data) obtained from publicly available sources for providing the Services to the Client shall be processed.

2. Nature: “Processing” means: collecting, recording, organising, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating, aligning or combining, restricting, erasing or destroying. The technical and organisational measures in Schedule 1 ensure processing is compliant.

3. Purpose: to provide the Services as detailed on a Contract between the Service Provider and Client that may include one or some of the following, but may not be limited to direct marketing services or similar marketing and lead generation and demand generation services covering:

a. Content Syndication

b. ABM Display

c. Email Marketing

d. Tele-Marketing

e. Cost-per-click (“CPC”) or Cost-per-impression (“CPM”)

f. Data Concierge Services (such as: building, data hygiene, enhancement, rectification, verification etc.)

g. Brand Promotion

h. Intent Solutions.

4. Duration: Ongoing for as long as the Service Provider provides the Services to the Client; and, beyond such provision of services or termination of Contract where legally required (to comply with local laws).

5. Types and Categories of Personal Data:

a. Types: First Name, Surname, Job Title, Business Email address, Company/Employer, Company Phone Number, Mobile, Direct Dial Number, IP address, Social Handle (i.e. public LinkedIn handle), Cookie identifiers (where applicable)

b. Non-Personal Types (such as Firmographic or Technographic information: Job Function, Job Role, Department, Industry, Company Size, Revenue, Region, Country, HQ Location

c. Categories: Non-Sensitive Personal Data or Personally Identifiable Information (“PII”) as detailed in 5a and 5b, combined to form Business Contact Data of employees and directors of businesses

A.   LIST OF PARTIES

MODULE ONE: Transfer controller to controller

MODULE TWO: Transfer controller to processor

MODULE THREE: Transfer processor to processor

MODULE FOUR: Transfer processor to controller

Data exporter: The Service Provider

1. Primary Data Privacy Contact: Gareth Morris

Email Address: privacy@prospectbase.com

Data importer: The Client

2.         Primary Data Privacy Contact: the Client signatory on the Order Form or other Client representative as provided to the Service Provider as the main point of contact for Data    Privacy and Data Protection matters.

B.   DESCRIPTION OF TRANSFER

MODULE ONE: Transfer controller to controller

MODULE TWO: Transfer controller to processor

MODULE THREE: Transfer processor to processor

MODULE FOUR: Transfer processor to controller

Categories of data subjects whose personal data is transferred is provided Schedule 2 clause 5c

Categories/Types of personal data transferred is provided Schedule 2 clause 5a

No Sensitive Personal Data is transferred

The frequency of the transfer shall be on a continuous basis.

Nature of the processing is covered in Schedule 2 clause 2

Purpose(s) of the data transfer and further processing is covered in Schedule 2 clause 3

The period for which the personal data will be retained is covered in Schedule 2 clause 4

For transfers to (sub-) processors, the subject matter, nature and duration of the processing shall be the same as for transfers from the Data Processor (“data exporter”) to the Data Controller (“data importer”)

C.   COMPETENT SUPERVISORY AUTHORITY

MODULE ONE: Transfer controller to controller

MODULE TWO: Transfer controller to processor

MODULE THREE: Transfer processor to processor

The Information Commissioner’s Office (“ICO”) unless as otherwise required by applicable laws