Terms & Conditions for Thyme-IT UK
This Licence Agreement is between:
- Thyme-IT Limited, whose registered office is at 6 Queen’s Terrace, Aberdeen, AB10 1XL, United Kingdom trading as Thyme-IT (“Thyme-IT”), who sells licenced access to software relating to the collection of customs entry information and the transmission of such information to HM Revenue & Customs and other third parties (the “Thyme-IT Software”); and
- The Customer (also referred to as “you” and “your” herein) named in section A above, who is purchasing licenced access to the Thyme-IT Software directly from Thyme-IT.
This Agreement shall comprise of these Terms and Conditions together with the accompanying Customer-specific details set out at sections A to D above. The Customer shall be deemed to have accepted this Agreement upon signing section D above and returning same to Thyme-IT.
3. PERIOD AND TERMINATION
This Agreement is effective until terminated by either party on giving the other party not less than thirty (30) days written notice after the Initial Term. Thyme-IT reserves the right to terminate the licence with immediate effect in the event of a payment default or in the event of any breach by you of this Agreement which is not remedied within fourteen (14) days written notice by Thyme-IT. You agree, upon termination to cease all use of the Thyme-IT Software and to destroy any copies of the Thyme-IT Software and documentation in your possession and to provide written certification of such destruction to Thyme-IT.
4. LICENSED SOFTWARE
Thyme-IT grants the Customer a non-exclusive licence to access and use the Thyme-IT Software in accordance with the documentation under the terms of this Agreement. The Thyme-IT Software is in “use” on a computer when it is loaded into temporary memory (i.e. RAM) or installed into permanent memory (e.g. hard disk, CD-ROM, or other storage device) of that computer or when it is accessed on an internet website. If the Thyme-IT Software has been provided to you, you may make copies of it solely for backup purposes. You must reproduce and include the copyright notice on the backup copy.
5. OWNERSHIP AND COPYRIGHT
Thyme-IT shall at all times retain ownership, copyright and all other proprietary rights of the Thyme-IT Software and all subsequent copies or any modifications regardless of form. You may not load the Thyme-IT Software into any computer, use the Thyme-IT Software or copy the Thyme-IT Software without the licence of Thyme-IT.
Except as provided in this Agreement, you may not use, copy, modify, distribute, lease, sub-licence, transfer, translate, decompile, reverse engineer, or disassemble the Thyme-IT Software or any portion of the Thyme-IT Software or its associated documentation.
6. CUSTOMER DATA AND DATA PROTECTION
The Customer shall own all right, title and interest in and to all of the data inputted by the Customer for the purpose of using the Thyme-IT Software or facilitating the Customer’s use of the Thyme-IT Software which may include one or more digital certificates and their associated passwords which may be required to communicate securely with a customs authority (“Customer Data”) and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of all Customer Data.
Thyme-IT shall follow its standard archiving procedures for Customer Data, as such procedures may be amended by Thyme-IT in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy against Thyme-IT shall be for Thyme-IT to use its reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by Thyme-IT in accordance with its archiving procedure. Without limitation to any other provision of this Agreement, Thyme-IT shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party or otherwise.
Thyme-IT shall, in providing the services, comply with its standard privacy and security policies relating to the privacy and security of Customer Data, as such policies may be amended from time to time by Thyme-IT in its sole discretion.
To the extent that the Customer Data contains any personal data, both parties will comply with all applicable requirements of the Data Protection Act 2018, EU General Data Protection Regulation (EU) 2016/679 (the GDPR) and all other applicable data protection and data privacy laws and regulations including the EU Privacy & Electronic Communications Directive 2002/58/EC (to include any relevant amendments, transpositions, successors or replacements to those laws), European Commission decisions, binding EU and national guidance and all national implementing legislation (“Data Protection Laws”). This clause 6 is in addition to, and does not relieve, remove, or replace, a party’s obligations or rights under the Data Protection Laws. The terms “controller”, “data subject”, “personal data”, “process”, “processes”, “processing”, and “processor”, shall have the meaning attributed to them under Data Protection Laws.
The parties acknowledge that if Thyme-IT processes any personal data on the Customer’s behalf when performing its obligations under this Agreement, the Customer is the controller and Thyme-IT is the processor for the purposes of the Data Protection Laws and the scope, nature, and purpose of processing by Thyme-IT, the duration of the processing and the types of personal data and categories of data subject are as follows:
Scope, nature, and purpose of processing
The scope, nature and purpose of the processing is the provision of the Thyme-IT Software and related services by Thyme-IT to Customer under the Agreement in connection with obtaining information related to customs entries and the transmission of such information to the relevant customs authorities (or facilitation thereof) for customs clearance purposes.
Duration of the processing
The duration of the processing corresponds to the duration of the Agreement.
Types of Personal Data may include
Identity data including first name, surname, username or similar identifiers, EORI codes, PPS numbers, VAT and customs identifiers. Contact data including address, email address and telephone numbers. Transaction data including details about customs entries. Profile data including the data subject’s username and password.
Categories of data subject
The Customer’s employees and agents (including temporary or casual workers). The Customer’s customers and potential customers. Employees and agents of the Customer’s customers and potential customers. Consignors and consignees on customs transactions carried out by Customer’s customers.
Without prejudice to the generality of the parties’ requirement to comply with the Data Protection Laws, the Customer will ensure (and hereby warrants and represents to Thyme-IT) that it has all necessary and appropriate consents and privacy notices in place and that it has identified a lawful basis to permit the lawful transfer of all personal data to Thyme-IT for the duration and purposes of this Agreement so that Thyme-IT may lawfully use, process and transfer the personal data in accordance with this Agreement on the Customer’s behalf.
Without prejudice to the generality of the parties’ requirement to comply with the Data Protection Laws, Thyme-IT shall, in relation to any personal data processed in connection with the performance by Thyme-IT of its obligations under this agreement:
a. process that personal data only on the documented written instructions of the Customer unless Thyme-IT is required pursuant to the Data Protection Laws to process such personal data. Where Thyme-IT is relying on the Data Protection Laws as the basis for processing personal data, Thyme-IT shall promptly notify the Customer of this before performing the processing required by the Data Protection Laws unless those Data Protection Laws prohibit Thyme-IT from so notifying the Customer;
b. not transfer any personal data outside of the United Kingdom and the European Economic Area unless the following conditions are fulfilled:
The Customer or Thyme-IT has provided appropriate safeguards in relation to the transfer; the data subject has enforceable rights and effective legal remedies; Thyme-IT complies with its obligations under the Data Protection Laws by providing an adequate level of protection to any personal data that is transferred; and Thyme-IT complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data;
c. ensure all personnel who have access to and/or process personal data are obliged to keep such data confidential;
d. assist the Customer, at the Customer’s cost, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Laws with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
e. notify the Customer without undue delay on becoming aware of a personal data breach;
f. at the written direction of the Customer, delete or return personal data and copies thereof to the Customer on termination of the agreement unless required by the Data Protection Law to store the personal data (and for these purposes the term “delete” shall mean to put such data beyond use); and
g. maintain complete and accurate records and information to demonstrate its compliance with this clause 6 and immediately inform the Customer if, in the opinion of Thyme-IT, an instruction infringes the Data Protection Laws.
Each party shall ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the other party, to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it).
The Customer consents to Thyme-IT appointing Oracle as third-party processors of personal data under this Agreement. Thyme-IT confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement incorporating terms which are substantially similar to those set out in this clause 6. The Customer also consents to Thyme-IT appointing further entities as third-party processors of personal data under this Agreement as required by Thyme-IT from time to time, provided that Thyme-IT shall notify the Customer of any such appointments, and it shall enter into a written agreement incorporating terms which are substantially similar to those set out in this clause 6. As between the Customer and Thyme-IT, Thyme-IT shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this clause 6.
Notwithstanding any other provision of this Agreement, where the Customer has appointed another third party (whether such party is acting as consignor for the Customer or otherwise) to assist it in obtaining information related to customs entries and the transmission of such information to the relevant authorities for customs clearance purposes, and notifies such third party (“the Customer’s Community Service Provider”) then the parties agree:
h. Thyme-IT shall transfer Customer Data to the Customer’s Community Service Provider in line with this Agreement and any other written directions provided by the Customer.
i. To the extent that Customer Data provided by Thyme-IT to the Customer’s Community Service Provider contains personal data, the Customer is acting as controller and the Customer’s Community Service Provider is acting as processor.
j. The Customer is solely responsible for putting all necessary legal agreements in place with the Customer’s Community Service Provider so as to allow Thyme-IT to provide it with Customer Data as directed by the Customer, and Thyme-IT shall have no liability of any kind to the Customer for any loss or damage howsoever arising, as a result of its provision of Customer Data to the Customer’s Community Service Provider.
k. The Customer shall be solely responsible for ensuring compliance with the Data Protection Laws in respect of permitting any transfers of Customer Data from Thyme-IT to the Customer’s Community Service Provider (including regarding any transfers of Customer Data to territories outside of the European Economic Area) and in this regard the Customer shall indemnify and keep Thyme-IT indemnified in respect of any loss or damage suffered by Thyme-IT (including its directors, employees and agents) arising as a result of any claim that Thyme IT has breached any Data Protection Laws through the provision of Customer Data to the Customer’s Community Service Provider.
Notwithstanding any other provision of this Agreement, where Thyme-IT transmits Customer Data directly to the relevant customs authorities for customs clearance purposes, then the parties agree:
l. Thyme-IT shall transfer Customer Data to the relevant customs authorities in line with this Agreement and any other written directions provided by the Customer.
m. To the extent that Customer Data provided by Thyme-IT to the relevant customs authorities contains personal data, the Customer is acting as controller and the customs authority is acting as processor.
n. The Customer is solely responsible for putting all necessary legal agreements in place with the customs authorities so as to allow Thyme-IT to provide it with Customer Data as directed by the Customer, and Thyme-IT shall have no liability of any kind to the Customer for any loss or damage howsoever arising, as a result of its provision of Customer Data to the customs authorities.
o. The Customer shall be solely responsible for ensuring compliance with the Data Protection Laws in respect of permitting any transfers of Customer Data from Thyme-IT to the customs authorities (including regarding any transfers of Customer Data to territories outside of the United Kingdom and the European Economic Area) and in this regard the Customer shall indemnify and keep Thyme-IT indemnified in respect of any loss or damage suffered by Thyme-IT (including its directors, employees and agents) arising as a result of any claim that Thyme-IT has breached any Data Protection Laws through the provision of Customer Data to the customs authorities.
Neither party may assign, sub-lease or otherwise transfer its rights under this agreement to any third party, without the other’s prior written agreement. Thyme-IT reserves the right to charge a fee for any assignment or transfer to which it may consent.
8. LIMITED WARRANTY/LIMITATION OF LIABILITY
Thyme-IT warrants that the Thyme-IT Software will be free from material defects under normal use for a period of thirty (30) days from the date of installation on the Customer’s computer or date of first use by the Customer if the Thyme-IT Software is accessed on an internet website.
Thyme-IT’s entire liability and your exclusive remedy for a breach of this warranty shall be, at Thyme-IT’s option, either (a) return of the price paid, or (b) repair or replacement of the Thyme-IT Software (or part thereof) that does not meet the above limited warranty.
The warranty above is void if the failure of the Thyme-IT Software has resulted from accident, abuse, misapplication, misuse, or other use contrary to Thyme-IT’s instructions. Any replacement Thyme-IT Software will be warranted for the remainder of the original warranty period or thirty (30) days, whichever is longer.
Thyme-IT does not warrant, guarantee, or make any representation regarding the use of, or the result of the use of, the Thyme-IT Software in terms of correctness, accuracy, reliability, currentness, or otherwise, and the customer relies on the Thyme-IT Software and results solely at its own risk. In particular, Thyme-IT will not be liable in the event that the customer makes an invalid declaration to any customs authority (or takes any action which results in such an invalid declaration being made).
The above is the only warranty of any kind, either express or implied, that is made by Thyme-IT in respect of the Thyme-IT Software and/or this agreement and any services related to it, and Thyme-IT expressly disclaims all other warranties express, implied or statutory, including, without limitation, warranties of merchantability, fitness for a particular purpose, and infringement, warranties arising from course of dealing, usage of trade or otherwise.
Neither Thyme-IT nor anyone else who has been involved in the creation, production, or delivery of the Thyme-IT software or any services hereunder shall be liable for any direct, indirect, consequential, or incidental damages of any kind including any damages relating to loss or corruption of data or loss of the use of any software or data, loss of profits, contracts or sales or wasted management or staff time arising out of the use, the results of the use, or inability to use such Thyme-IT Software or services even if Thyme-IT has been advised of the possibility of such damages or claim.
Invoices will be raised by Thyme-IT and paid by Customer in accordance with the charges and payment terms as set out in section C above.
10. SOFTWARE SUPPORT SERVICES
Thyme-IT provides software support services which are available from 9.00am to 5.30pm Monday to Friday excluding United Kingdom bank and statutory holidays (“Standard Support Hours”). These support services are available via email and telephone helpdesk. Thyme-IT shall use all reasonable endeavours to ensure that the Thyme-IT Software is available and accessible to the Customer at all times other than scheduled downtime to facilitate backups and maintenance. Defects raised by Customer and confirmed as software errors by Thyme-IT will be corrected by Thyme-IT in a timely manner.
Each party may be given access to confidential information from the other party in order to exercise its rights and perform its obligations under this Agreement (“Confidential Information”). Thyme-IT’s Confidential Information includes the Thyme-IT Software (including details of any system functionality and how it operates to create, send, and receive responses for customs declarations). A party’s Confidential Information shall not include information that:
a. is or becomes publicly known other than through any act or omission of the receiving party;
b. was in the other party’s lawful possession before the disclosure;
c. is lawfully disclosed to the receiving party by a third party without restriction on disclosure; or
d. is independently developed by the receiving party, which independent development can be shown by written evidence.
Subject to the clause herein describing disclosures that are required by law or other authority as described below, each party shall hold the other’s Confidential Information in confidence and, unless required by law, not make the other’s Confidential Information available to any person (except to such party’s own employees and third-party contractors and then only to those who need to know the same and who are under confidentiality obligations substantially similar to those set forth hereunder, and whose handling and treatment of the Confidential Information is in accordance with this Agreement is such party’s full responsibility), or use the other’s Confidential Information for any purpose other than the performance of its obligations under this Agreement. Each party shall ensure that the other’s Confidential Information to which it has access is not disclosed or distributed by its employees in violation of these conditions.
A party may disclose Confidential Information to the extent such Confidential Information is required to be disclosed by law, by any governmental or other regulatory authority or by a court or other authority of competent jurisdiction, provided that, to the extent it is legally permitted to do so, it gives the other party as much notice of such disclosure as possible and, where notice of disclosure is not prohibited and is given in accordance with this clause, it takes into account the reasonable requests of the other party in relation to the content of such disclosure.
12. ENTIRE AGREEMENT
This Agreement constitutes the entire agreement between the parties. There are no other oral or written agreements or understandings which are not included in this Agreement. Any modification of this Agreement must be signed by both parties in writing.
13. FAIR AND REASONABLE PROVISIONS
Thyme-IT and the Customer expressly acknowledge and agree that the terms and conditions of this Agreement, including the limited warranty and limitation of liability in clause 8 have been agreed and that the fees payable hereunder have been specifically calculated on the basis of, and take into account, the said limited warranty and limitation of liability.
This Agreement shall be subject to and interpreted in accordance with the laws of England and Wales and subject to the exclusive jurisdiction of the Courts of England and Wales.
Any notices or other communication including billing which Thyme-IT is required to serve shall be sufficiently served if sent by electronic mail or post or facsimile to the address of the Customer set out herein.
16. FORCE MAJEURE
Neither of the parties shall be in breach or otherwise be liable to the other party in any manner whatsoever for any failure or delay in performing its obligations under this Agreement to the extent that it is prevented, hindered or delayed from or in performing such obligations as a result of circumstances beyond a that party’s reasonable control, including without limitation: acts of God, acts of government, floods, fires, earthquakes, civil unrest, acts of terror, strikes or other labour problems (other than those involving the parties employees), or delays, or denial of service attacks (“Force Majeure Event”) provided (i) that a party must give notice to the other party forthwith (upon becoming aware of the same) (ii) the affected party could not have avoided the effect of the Force Majeure Event by taking precautions which, having regard to all matters known to it before the occurrence of the Force Majeure Event and all relevant factors, it ought reasonably to have taken but did not take, and (iii) the affected party has used reasonable endeavours to mitigate the effect of the Force Majeure Event and to carry out its obligations under this Agreement in any other way that is reasonably practicable.