1.1 The definitions and rules of interpretation in this clause apply in this Agreement.
those employees, agents and independent contractors of the Customer who are authorised by the Customer to use the Services and the Documentation.
a day other than a Saturday, Sunday or public holiday in England when banks in London are open for business.
"Change of Control"
shall be as defined in section 1124 of the Corporation Tax Act 2010, and the expression change of control shall be construed accordingly.
information that is proprietary or confidential and is either clearly labelled as such or identified as Confidential Information in clause 11.
Means a code, telephone number, email and/or any other identifier and/or address from which a Message is sent and/or received;
Means the monetary value paid by the Customer to Boomerang and from which Boomerang will deduct payment for Messages sent by the Customer and service components selected by the Customer;
the data owned by the Customer and inputted by the Customer, Authorised Users, or Boomerang specifically on the Customer's behalf for the purpose of the Customer using the Services or facilitating the Customer's use of the Services.
All and/or any documentation, manuals, information and/or data (and/or any part thereof including all updates and/or modifications) made available to the Customer by Boomerang from time to time in relation to and/or in connection with the Services and the user instructions in relation to the Services.
the date of this Agreement.
the fees (and/or any part of them) payable by the Customer to Boomerang for the Services.
“Intellectual Property Rights”
All and/or any patents, utility models, rights to inventions, copyright and related rights, trade marks and service marks, trade names and domain names, rights in get-up, goodwill and the right to sue for passing off or unfair competition, rights in designs, rights in computer software and data, database rights, rights to preserve the confidentiality of information (including know-how and trade secrets) and any other intellectual property rights, including all applications for (and rights to apply for and be granted), renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist, now or in the future, in any part of the world.
Means an MMS, SMS, email, instant message, voice message and voice calls, data transmission, social media message and/or any other message (including the content of that message) and/or messaging process conveyed by use of the Services.
"Normal Business Hours"
9.00 am to 5.00 pm local UK time, each Business Day.
Means a software module which is specifically described and designated in writing as a plug-in by Boomerang and which is provided by Boomerang to the Customer and which is designed to carry out certain functions and which can be installed by the Customer into the Customer’s computer systems.
“Policy" or “Policies”
Boomerang's policies attached in Schedule 2 together with any other policies introduced by Boomerang of which the Customer is notified relating to the Services, as these may be updated or amended by notification to the Customer from time to time.
Means the 12 month period starting from the last day of the Subscription Term and then each 12 month period beginning on the anniversary of the last day of the Subscription Term.
Means all and/or any of the services provided by Boomerang (including any services relating to Plug-Ins) and visible in the organisation settings section of your Boomerang account here: https://boomerangui.com/organisation-settings ;
The software applications (including any Plug-Ins) provided by Boomerang as part of the Services.
Shall mean the 12 month period from and including the Effective Date together with any subsequent Renewal Terms.
“Third Party Suppliers”
Means all and/or any third party suppliers including network operators who provide or supply goods and/or services to or for Boomerang’s use in order to assist and/or facilitate Boomerang in Boomerang’s provision of the Services.
Means the use case or cases which are specifically agreed in writing between Boomerang and the Customer which identify the specific scope and nature of the use of the Services and Documentation that can be made by the Customer and which are set out in the Service Profile.
1.2 Clause, schedule and paragraph headings shall not affect the interpretation of this Agreement.
1.3 A person includes an individual, corporate or unincorporated body (whether or not having separate legal personality). A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.
1.4 Unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular. Unless the context otherwise requires, a reference to one gender shall include a reference to the other genders.
1.5 A reference to a statute or statutory provision is a reference to it as it is in force as at the date of this Agreement.
1.6 A reference to a statute or statutory provision shall include all subordinate legislation made as at the date of this Agreement under that statute or statutory provision.
1.7 A reference to writing or written includes faxes and email provided that if any notices are given by the Customer under this agreement which relate to major circumstances or events regarding the operation of this Agreement including any claims relating to material breach of this Agreement and/or termination of this Agreement then any email notices shall also be confirmed at the same time by fax and/or letter.
1.8 References to clauses and schedules are to the clauses and schedules of this Agreement; references to paragraphs are to paragraphs of the relevant schedule to this Agreement.
1.9 Any words following the terms including,include, in particular, for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.
2. Authorised Users
2.1 Subject to the Customer purchasing and using the Services in accordance with and subject to the terms and conditions of this Agreement, Boomerang hereby grants to the Customer a non-exclusive, non-transferable right to permit the Authorised Users to use the Services and the Documentation during the Subscription Term solely for the Customer's internal business operations regarding Use Cases that are agreed in writing with Boomerang.
2.2 The Customer undertakes that:
2.2.1 the maximum number of Authorised Users in the Service Profile that it authorises to access and use the Services and the Documentation shall not exceed the agreed number of Authorised Users;
2.2.2 it will not allow or suffer any user subscription to be used by more than one individual Authorised User unless it has been reassigned in its entirety to another individual Authorised User, in which case the prior Authorised User shall no longer have any right to access or use the Services and/or Documentation;
2.2.3 each Authorised User shall keep a secure password for his use of the Services and Documentation, that such password shall be changed no less frequently than monthly and that each Authorised User shall keep his password confidential;
2.2.4 it shall maintain a written, up to date list of current Authorised Users and provide such list to Boomerang within 5 Business Days of Boomerang's written request at any time or times;
2.2.5 it agrees that it and all Authorised Users will follow and comply with all instructions, guidelines and/or provisions of the Documentation in relation to the use of the Services;
2.2.6 it agrees that Boomerang’s records regarding Customer’s use of the Services shall be accepted at all times as correct (save for manifest error) and that if there are any issues regarding the Services then the Customer shall permit Boomerang to audit the use of the Services in order to gather information and establish the facts relating to such issues. Boomerang shall in any event have the right to audit Customer’s use of the Services provided that such audit may be conducted no more than once per quarter, at Boomerang's expense, and this right shall be exercised with reasonable prior notice, in such a manner as not to substantially interfere with the Customer's normal conduct of business;
2.2.7 if any of the audits referred to in clause 2.2.6 reveal that any password has been provided to any individual who is not an Authorised User, then without prejudice to Boomerang's other rights, the Customer shall promptly disable such passwords and Boomerang shall not issue any new passwords to any such individual; and
2.2.8 if any of the audits referred to in clause 2.2.6 reveal that the Customer has underpaid Fees to Boomerang, then without prejudice to Boomerang's other rights, the Customer shall pay to Boomerang an amount equal to such underpayment as calculated in accordance with the prices referenced in the Service Profile within 10 Business Days of the date of the relevant audit.
2.3 The Customer shall not access, store, distribute or transmit any material, information, documentation, messages and/or viruses (including any destructive and/or disabling code) during the course of its use of the Services that:
2.3.1 is used in any way for, in relation to and/or in connection with emergency services (including 999 and 112 calls and/or where there could be a risk of personal injury or death) except to the extent that such use is expressly and specifically agreed by Boomerang and is stated in the Service Profile;
2.3.2 is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;
2.3.3 facilitates illegal activity;
2.3.4 depicts sexually explicit images;
2.3.5 promotes unlawful violence;
2.3.6 is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability;
2.3.7 is in breach of any agreement with any user, customer or client or any laws, regulations or other provisions that are applicable to the Customer, users, customers or clients in any territory; and/or
2.3.8 in a manner that is otherwise illegal or causes damage or injury to any person or property.
Boomerang reserves the right, without liability (of whatever nature and/or howsoever arising) and/or prejudice of whatever nature to any of its other rights to the Customer, to disable the Customer's access to any material that breaches the provisions of this clause.
2.4 The Customer shall not except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties and except to the extent expressly permitted under this Agreement:
184.108.40.206 attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Software and/or Documentation (as applicable) in any form or media or by any means;
220.127.116.11 attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Software;
2.4.2 access all or any part of the Services and Documentation in order to build a product or service which competes (directly or indirectly) with the Services and/or the Documentation;
2.4.3 use the Services and/or Documentation to provide services to third parties;
2.4.4 subject to clause 22.1, license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services and/or Documentation available to any third party except the Authorised Users; and/or
2.4.5 attempt to obtain, or assist third parties in obtaining, access to the Services and/or Documentation, other than as provided under this clause 2; and
2.4.6 shall not use any Plug-Ins apart from expressly authorised by Boomerang and shall follow all of Boomerangs instructions and directions regarding use of such Plug-Ins including any restrictions set out in the Service Profile.
2.5 The Customer shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Services and/or the Documentation and, in the event of any such unauthorised access or use, promptly notify Boomerang.
2.6 The rights provided under this clause 2 are granted to the Customer only, and shall not be considered granted to any subsidiary or holding company of the Customer.
3. Additional Services
3.1 Subject to clause 3.2, the Customer may, from time to time during any Subscription Term, purchase additional services in excess of the Services originally ordered under this Agreement and Boomerang shall grant access to such additional services and/or any additional authorised users in accordance with and subject to the provisions of this Agreement.
3.2 If the Customer wishes to purchase additional services, the Customer shall notify Boomerang in writing. Boomerang shall evaluate such request for additional services and/or authorised users and respond to the Customer with approval or rejection of the request.
4.1 Boomerang shall, during the Subscription Term, provide the Services and make available the Documentation to the Customer on and subject to the terms of this Agreement.
4.2 Boomerang shall use commercially reasonable endeavours to make the Services available 24 hours a day, seven days a week, except for:
4.2.1 planned maintenance carried out during the maintenance window which is outside of Normal Business Hours;
4.2.2 unscheduled maintenance performed outside Normal Business Hours, provided that Boomerang has used reasonable endeavours to give the Customer at least 2 hours’ notice in advance; and/or
4.2.3 in circumstances where Boomerang believes that Services need to be maintained and/or suspended due to urgent actions required by Boomerang to safeguard and/or secure the Services and/or ensure the continued proper operation of the Services (including any emergency situations, denial of service attacks and/or changes made by any Third Party Suppliers (including network operators) and in such circumstances Boomerang will give the Customer as much notice as reasonably practicable.
4.3 Boomerang will allocate Communication Addresses to the Customer as Boomerang deems necessary or desirable. This will depend (in part) upon the nature and type of Services that are required by the Customer, the availability of Communication Addresses, the business operations and practices of Third Party Suppliers (including network operators) and the directions and guidelines of regulators. The Customer hereby acknowledges and agrees that in certain circumstances Boomerang may need to change the Communication Addresses (for example telephone numbers) which it has allocated to the Customer including when Third Party Suppliers (including network operators) have issues regarding the transmission and/or receipt of Messages (for example texts) from Communication Addresses (for example telephone numbers) which have been allocated to the Customer. In such circumstances Boomerang will provide the Customer with as much notice as reasonably practicable regarding any such changes to Communication Addresses.
4.4 Boomerang will notify the Customer about significant updates to the Documentation that have been made no less frequently than the later of once every quarter and/or in the next version release of that Documentation. If Boomerang believes that there are significant and material issues that need to be notified to the Customer in relation to the Documentation then Boomerang will notify the Customer of such issues from time to time and as and when Boomerang deems necessary.
4.5 Boomerang may, as part of the Services and subject to agreement regarding the terms, content and price of the services, provide the Customer with Boomerang's basic customer support services during Normal Business Hours in accordance with Boomerang's Policy in effect at the time that the Services are provided. Boomerang may amend the Policy in its sole and absolute discretion from time to time. The Customer may purchase enhanced support services separately at Boomerang's then current rates.
5. Customer data
5.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
5.2 Boomerang shall follow its archiving procedures for Customer Data as set out in Boomerang’s Policy as such document may be amended by Boomerang in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's exclusive remedy shall be for Boomerang to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by Boomerang in accordance with the archiving procedure described in Boomerang’s Policies. Boomerang shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except to the extent that those third parties have been sub-contracted by Boomerang to perform services related to Customer Data maintenance and back-up).
5.3 Boomerang shall, in providing the Services, comply with its Policy relating to the privacy and security of the Customer Data.
5.4 If Boomerang processes any personal data on the Customer's behalf when performing its obligations under this Agreement, the parties hereby record their intention and agreement that the Customer shall be the data controller and Boomerang shall be a data processor. The obligations of the data controller and the data processor are set out in Schedule 1. In any such case:
5.4.1 the Customer acknowledges and agrees that the personal data may be transferred or stored within the EEA or the country where the Customer and/or the Authorised Users and/or recipients are located in order to carry out the Services and Boomerang's other obligations under this Agreement;
5.4.2 the Customer shall ensure at all times that the Customer is entitled to process and transfer the relevant information and personal data to Boomerang and that Boomerang can lawfully use, process and transfer the relevant information and personal data in order to provide the Services and/or in relation to this Agreement;
5.4.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their irrevocable and explicit consent to such use, processing, and transfer as required by all applicable data protection legislation. In particular, the Customer agrees that Messages must only be delivered to recipients and third parties who have given their prior explicit consent to the quantity, frequency and type of Messages to be delivered via the Services. Customer shall have informed recipients and/or third parties beforehand and on an ongoing basis about their right at any time to opt-out of receiving Messages and will comply at all times with such instructions from recipients and/or third parties; and
5.4.4 each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage and the Customer will at all times keep the information and personal data which it uses in relation to the Services up to date and not keep it for any longer than is necessary under applicable data protection legislation.
6. Third party providers
6.1 The Customer acknowledges that the Services may enable or assist it to access the website content of, correspond with, use, download and purchase products and services from third parties via third-party websites and applications and that the Customer does so solely at its own risk.
6.2 Boomerang makes no representation or commitment and shall have no liability or obligation whatsoever in relation to the content or use of, or correspondence with and/or downloading in relation to any such third-party website and/or applications, or any transactions completed, and any contract entered into by the Customer, with any such third party.
6.4 The Customer agrees and acknowledges that the Services provided are dependent upon the goods and/or services of Third Party Suppliers (including network operators) and, as such, if those third party providers change the way that they operate, their terms and conditions and/or the structure or ways in which they charge for their services (for example by introducing different message lengths or storage volume restrictions etc.) then this will have an impact on the Services and, as such, Boomerang reserves the right to change, amend and/or update the way in which it provides the Services to the Customer (including in relation to pricing) in order to reflect the way that Boomerang has been impacted by such third party changes and in such circumstances Boomerang will provide no less than 7 days prior written notice to the Customer of such changes provided that in the case of immediate or changes at short notice by such Third Party Suppliers, Boomerang will provide the Customer with as much notice as reasonably practicable.
6.5 The Customer hereby agrees, acknowledges and accepts that Third Party Suppliers (including network operators) may apply service restrictions and limitations from time to time in relation to and/or in connection with the Services. Such restrictions and limitations may include:
(i) imposing restrictions upon the length of a message (for example the number of characters). Where the Message content exceeds any limit the Message may be delivered and may be abbreviated based on the maximum characters allowed);
(ii) blocking Messages where the content of the Message is repeated across high volumes of messages or high volumes are submitted to the same recipient or recipients; and/or
(iii) blocking Messages based on the originating / sender id associated to or with the Message and/or amending the originating / sender Id associated to or with the Message, preventing any replies being returned to Boomerang.
Pricing and payment terms and monies due, owing or payable to Boomerang shall be in accordance with this Agreement regardless of any restrictions and limitations that may be imposed by, relate to and/or be connected with Third Party Suppliers (including network operators).
6.6 The Customer hereby expressly agrees that it will indemnify Boomerang for all costs, charges, fees and losses (of whatever nature and howsoever arising) that are claimed by any Third Party Suppliers (including network operators) and/or regulatory bodies and organisations (of whatever nature) and/or third parties from and/or against Boomerang in relation to the Customer’s use of the Services and/or the services provided by Third Party Supplier (including network operators) to the Customer.
7. Boomerang's obligations
7.1 Boomerang undertakes that the Services will be performed substantially in accordance with the Documentation and with reasonable skill and care.
7.2 The undertaking at clause 7.1 shall not apply to the extent of any non-conformance which is caused by use of the Services contrary to Boomerang's instructions, or modification or alteration of the Services by any party other than Boomerang or Boomerang's duly authorised contractors or agents. If the Services do not conform with the foregoing undertaking, Boomerang will, at its expense, use its reasonable commercial endeavours to correct any such non-conformance promptly, or provide the Customer with an alternative means of accomplishing the desired performance. Such correction or substitution constitutes the Customer's sole and exclusive remedy for any breach of the undertaking set out in clause 7.1. Notwithstanding the foregoing, Boomerang:
7.2.1 does not warrant that the Customer's use of the Services will be uninterrupted or error-free and/or that the Services, Documentation and/or the information obtained by the Customer through the Services will meet all and/or any of the Customer's requirements; and
7.2.2 is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the Services and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities; and
7.2.3 is not responsible for checking, advising upon, notifying and/or ensuring that the use of the Services by the Customer will achieve the benefits (of whatever nature) that the Customer is seeking to achieve and/or that use of the Services by the Customer is in accordance with and complies with any rules, regulations and/or codes which the Customer is subject to including any advertising, financial services and/or data protection laws and regulations.
7.3 This Agreement shall not prevent or hinder Boomerang from entering into similar agreements with third party customers or others, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under this Agreement.
8. Customer's obligations
8.1 The Customer shall provide Boomerang:
8.1.1 with all reasonable co-operation, information and assistance in relation to this Agreement. In particular, it will appoint a representative who shall have the authority to contractually bind the Customer on all matters relating to this Agreement and the Customer shall use reasonable endeavours to ensure the continuity of the Customer’s representative;
8.1.2 with all necessary access to such information as may be required by Boomerang in order to provide the Services, including but not limited to Customer Data, security access information and configuration services; and
8.1.3 prior to the date of this Agreement with a written list of delivery destinations and territories where the Customer intends to send Messages to and/or receive Messages from using the Services and this shall be listed in the Service Profile. The Customer hereby agrees that if the Customer subsequently sends Messages to and/or receives Messages from destinations and territories which are not in in the list in the Service Profile then the Customer will pay Boomerang the relevant additional charges and/or fees in relation to using the Services and/or Messages regarding those destinations and territories. The Customer and Boomerang may agree to update the destinations and territories in the Service Profile at any time subject to the Customer paying the relevant charges and fees regarding such updates (where such charges and fees will be higher than if the Customer had listed those destinations and territories in the Service Profile at the start of this Agreement).
8.2 The Customer shall at all times:
8.2.1 comply with all applicable laws and regulations with respect to its activities under this Agreement;
8.2.2 comply the with Policies set out in this Agreement
8.2.3 carry out all other Customer responsibilities set out in this Agreement in a timely and efficient manner. In the event of any delays in the Customer's provision of such assistance as agreed by the parties, Boomerang may adjust any agreed timetable or delivery schedule as reasonably necessary;
8.2.4 ensure that the Authorised Users use the Services and the Documentation in accordance with the terms and conditions of this Agreement and the Customer shall be responsible for any Authorised User's breach of this Agreement and/or misuse, unauthorised use and/or damage to the Services by Authorised Users.
8.2.5 hereby grant Boomerang all licences, consents and permissions to process, store, transmit and/or copy information and data (including Messages) as Boomerang may require from time to time in relation to performing its obligations in relation to this Agreement;
8.2.6 obtain and shall maintain all required and/or necessary licences, consents, and permissions that may be required for Boomerang, its contractors and agents to perform their obligations under this Agreement, including without limitation the Services. This will include Customer obtaining permissions or consents from the relevant users and/or third parties where required and complying with local laws including in relation to data protection and privacy;
8.2.7 ensure that its network and systems are fully operational and in proper working order and comply with the relevant specifications provided by Boomerang from time to time;
8.2.8 be entirely responsible for procuring and maintaining and monitoring its network connections and telecommunications links from its systems to Boomerang's data centres and networks, and all problems, conditions, delays, delivery failures and all other loss or damage arising from and/or relating to the Customer's network connections or telecommunications links and/or issues caused by or arising from the Customer’s use of the internet; and
8.2.9 inform Authorised Users and/or third parties that Customer is the provider of the Services to them as between Boomerang and Customer, and Customer hereby agrees that Customer is solely responsible for any Messages that are originated from and/or transmitted to end users and/or third parties using the Services.
9. Charges and payment
9.1 The Customer shall pay the Fees to Boomerang for the Services in accordance with this clause 9 and the Service Profile.
9.2 Fees are based (in part) upon charges that are charged by Third Party Suppliers (including network operators) and so are not subject to discounts or credits. Third Party Suppliers (including network operators) will charge Boomerang for various services which Boomerang will in turn charge the Customer for which shall include: (i) Messages transmitted but not received for whatever reason; and (ii) long messages which are billed as separate Messages; (iii) Messages which are billed according to the encoding of the characters contained in the body of the Message and the network technology used by the destination Third Party Supplier (including network operators). For example, a single part, billable message, may contain a maximum of 160 GSM encoded characters and a multi-part message is billed in segments of 153 characters. A single part message containing Unicode characters may contain only 70 characters and (iv) Boomerang reserves the right to change the methods by which it charges for services (including billing in units for different types of Services).
9.3 The Customer shall on the Effective Date provide to Boomerang accurate, valid, up-to-date and complete payment details (which may include credit card, paypal, direct debit, standing order and/or any other payment method and process) and/or approved purchase order information acceptable to Boomerang and any other relevant accurate, valid, up-to-date and complete contact and billing details and, if the Customer provides:
9.3.1 its payment details to Boomerang, the Customer hereby expressly authorises Boomerang to bill the Customer using such payment details on the Effective Date for the Fees payable in respect of the Subscription Term and any Renewal Term periods; and
9.3.2 its approved purchase order information to Boomerang, Boomerang shall invoice the Customer:
18.104.22.168 on the Effective Date for the Fees payable in respect of the Initial Subscription Term; and
22.214.171.124 subject to clause 14.1, at least 30 days prior to each anniversary of the Effective Date for the Fees payable in respect of the next Renewal Term, and the Customer shall pay each invoice according to the payment notice period set out in the Service Profile.
9.4 If Boomerang has not received payment within 7 days after the due date, and without prejudice to any other rights and remedies of Boomerang:
9.4.1 Boomerang may after providing 5 Business Days’ written notice to the Customer, without any liability (of whatever nature and howsoever arising) to the Customer, disable the Customer's password, account and access to all or part of the Services and Boomerang shall be under no obligation to provide any or all of the Services while the invoice(s) concerned remain unpaid; and
9.4.2 interest shall accrue on a daily basis on such due amounts at an annual rate equal to 5% over the then current base lending rate of HSBC Bank plc from time to time, commencing on the due date and continuing until fully paid, whether before or after judgment.
9.5 All amounts and fees stated or referred to in this Agreement:
9.5.1 shall be payable in the currency agreed with Boomerang;
9.5.2 are non-cancellable and non-refundable;
9.5.3 are exclusive of value added tax (where applicable), which shall be added to Boomerang's invoice(s) at the appropriate rate.
9.6 If, at any time whilst using the Services, the Customer exceeds the amount of storage space specified in the Documentation and/or incurs additional charges by not complying with the Policies, Boomerang shall (at Boomerang’s absolute discretion) charge the Customer, and the Customer shall pay, Boomerang's then current excess data usage, management and/or storage fees and fees due as a result of not complying with the Policies. Boomerang's excess data usage, management and/or storage fees current as at the Effective Date are set out in the Service Profile .
9.7 Boomerang shall be entitled to increase the fees payable in respect of the additional Services purchased pursuant to clause 3 and/or the excess storage fees payable pursuant to clause 9.6 at the start of each Renewal Term upon no less than 30 days' prior notice to the Customer and the Service Profile shall be deemed to have been amended accordingly.
9.8 All invoices will be compiled from Boomerang’s records and will be deemed to be correct unless disputed by the Customer within 20 days of the date of the invoice with details of the reasons for the dispute.
9.9 In the event that Customer disputes any invoice in relation to any charges made by a Third Party Supplier (including a network operator) then Customer shall pay that invoice but Boomerang will investigate the nature of the dispute and raise this with the relevant Third Party Supplier (including a network operator) and if that Third Party Supplier (including any network operator) refunds any amounts then Boomerang will refund the appropriate amounts (less Boomerang fees and charges) to the Customer.
9.10 Where the Customer is a credit customer payment must be made for subscription fees, Message charges and any other charges or fees within 14 days of Boomerang’s invoice.
9.11 Where the Customer is a pre-payment customer: (i) the Customer shall pre-purchase Credits as may be agreed between the parties and Boomerang will allocate the corresponding number of Credits accordingly; (ii) the Credits are only valid for the Subscription Term and fees incurred over and above the pre-paid Credits will be paid by Customer to Boomerang and payable according to the payment notice period set out in the Service Profile; (iii) Customer is solely responsible for pre-payment Credits purchased and must ensure it has sufficient Credits to for its requirements from time to time and Boomerang shall not be liable or responsible if the Customer has insufficient Credits for its requirements and/or exceeds the number of pre-paid credits; and (iv) if Customer changes its subscription it will be invoiced by Boomerang for the new subscription and this must be paid by Customer according to the payment notice period set out in the Service Profile.
9.12 Customer hereby expressly agrees that it will indemnify Boomerang for all costs, charges and fees (of whatever nature and howsoever arising) that are claimed by any Third Party Suppliers (including network operators) from Boomerang in relation to Customer’s use of the Services.
9.13 After the first 12 months of this Agreement Boomerang may increase any of the Fees on giving the Customer no less than 30 days’ notice of any such increase and the Customer may terminate this Agreement within 30 days of receiving any such notice of any increase by giving notice to take effect no sooner than the date on which the increase in Fees was to become effective.
10. Proprietary rights
10.1 The Customer acknowledges and agrees that Boomerang and/or its licensors own all right, title and interest (including all Intellectual Property Rights) in relation to and/or in connection with the Services (including the Communication Addresses) and the Documentation (and all modifications, updates and/or changes to all of the foregoing).
10.2 Except as expressly stated herein, this Agreement does not grant the Customer any rights to, or in, any Intellectual Property Rights and/or or any other rights or licences in respect of the Services or the Documentation.
10.3 Boomerang confirms that it has all the rights in relation to the Services and the Documentation that are necessary to grant all the rights it purports to grant under, and in accordance with, the terms of this Agreement.
11. Confidentiality and compliance with policies
Each party may be given access to Confidential Information from the other party in order to perform its obligations under this Agreement. A party's Confidential Information shall not be deemed to include information to the extent that it:
11.1.1 is or becomes publicly known other than through any act or omission of the receiving party;
11.1.2 was in the other party's lawful possession before the disclosure;
11.1.3 is lawfully disclosed to the receiving party by a third party without restriction on disclosure;
11.1.4 is required to be disclosed by law, by any court of competent jurisdiction or by any regulatory or administrative body.
11.2 Each party shall hold the other's Confidential Information in confidence and, unless and to the extent required by law, not make the other's Confidential Information available to any third party, or use the other's Confidential Information for any purpose other than the implementation of this Agreement.
11.3 Each party shall take all reasonable steps to ensure that the other's Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of this Agreement.
11.4 Neither party shall be responsible and/or liable for any loss, destruction, alteration and/or disclosure (of whatever nature and howsoever arising) of Confidential Information caused (directly or indirectly) by the acts and/or omissions of any third party that is not under a written duty of confidentiality to the relevant party hereto.
11.5 The Customer acknowledges that details of the Services, and the results of any performance tests of the Services, constitute Boomerang's Confidential Information.
11.6 Boomerang acknowledges that the Customer Data is the Confidential Information of the Customer.
11.7 No party shall make, or permit any person to make, any public announcement and/or statement (whether in writing or otherwise) concerning this Agreement without the prior written consent of the other parties (such consent not to be unreasonably withheld or delayed), except as required by law, any governmental or regulatory authority (including, without limitation, any relevant securities exchange), any court or other authority of competent jurisdiction provided that Boomerang may refer to the Customer and this deal and/or transaction on Boomerang’s website and/or in Boomerang promotional documentation and materials.
11.8 The above provisions of this clause 11 shall survive termination of this Agreement, however arising.
11.9 In performing its obligations under this Agreement the Customer shall comply with the Policies.
12. Use of Services
12.1 The Services must not in any circumstances be used for emergency services (e.g 999 calls or 112 calls) and/or in circumstances where, should there be any issues with the Services (for example delays with Messages) any party or person could suffer death or personal injury provided that such use may be allowed by Boomerang where this is expressly and specifically set out and agreed in the the Service Profile. If, notwithstanding this prohibition (and even if such use is expressly permitted in the Service Profile), the Customer will be entirely responsible for such use and such use shall be at the Customer’s own risk and the provisions of this clause 12 shall also apply to such use.
12.2 The Customer shall be entirely responsible for and shall defend, indemnify and hold harmless Boomerang against claims, actions, proceedings, losses, damages, expenses and costs (including without limitation court costs and reasonable legal fees) arising out of or in connection with any claims brought against Boomerang by any third parties in relation to or in connection with the Customer’s use of the Services and/or this Agreement (including the sending and/or receiving of any Messages and/or in relation to the content of any Messages) provided that:
12.2.1 the Customer is given notice of any such claim by Boomerang;
12.2.2 Boomerang provides reasonable co-operation to the Customer in the defence and settlement of such claim, at the Customer's expense; and
12.2.3 the Customer is given sole authority to defend or settle the claim provided that the terms and/or consequences of settlement do not in any way adversely affect Boomerang.
12.3 Boomerang shall defend the Customer, its officers, directors and employees against any damages awarded against Customer as a result of any third party claim that the Services or Documentation infringes any third party Intellectual Property Rights provided that:
12.3.1 Boomerang is given prompt written notice of any such claim;
12.3.2 the Customer provides reasonable co-operation to Boomerang in the defence and settlement of such claim, at Boomerang's reasonable expense; and
12.3.3 Boomerang is given sole authority to defend or settle the claim.
12.4 In the defence or settlement of any claim, Boomerang may procure the right for the Customer to continue using the Services, replace or modify the Services so that they become non-infringing or, if such remedies are not reasonably available, terminate this Agreement on 14 Business Days' notice to the Customer without any additional liability or obligation to pay liquidated damages or other additional costs to the Customer.
12.5 In no event shall Boomerang, its employees, agents and sub-contractors be liable to the Customer to the extent that the alleged infringement is based on:
12.5.1 a modification and/or change of the Services and/or Documentation by anyone other than Boomerang;
12.5.2 the Customer's use of the Services and/or Documentation in a manner contrary to the instructions given to the Customer by Boomerang and/or in a manner contrary to any of the terms and conditions of this Agreement; and/or
12.5.3 the Customer's use of the Services or Documentation after notice of the alleged or actual infringement from Boomerang or any appropriate authority.
12.6 The foregoing state the Customer's sole and exclusive rights and remedies, and Boomerang's (including Boomerang's employees', agents' and sub-contractors') entire obligations and liability, for infringement of any Intellectual Property Rights.
13. Limitation of liability
13.1 This clause 13 sets out the entire liability of Boomerang (including any liability for the acts or omissions of its employees, agents and sub-contractors) to the Customer:
13.1.1 arising under or in connection with this Agreement;
13.1.2 in respect of any use made by the Customer of the Services and Documentation or any part of them; and
13.1.3 in respect of any representation, statement or tortious act or omission (including negligence) arising under or in connection with this Agreement.
13.2 Except as expressly and specifically provided in this Agreement:
13.2.1 the Customer assumes the entire responsibility for results and outcomes obtained from the use of the Services and the Documentation by the Customer, including for benefits and/or conclusions drawn from such use;
13.2.2 Boomerang shall have no liability for delayed or failed delivery of any Message and/or any reply to any Message including where such delay or failure is due to user error, Third Party Suppliers (including network operators) and/or processing and/or transmission errors;
13.2.3 Boomerang shall have no liability for any damage caused by errors or omissions in any information, instructions or scripts provided to Boomerang by the Customer in connection with the Services, or any actions taken by Boomerang at the Customer's direction;
13.2.4 the Customer hereby expressly accepts and acknowledges that Boomerang will not be liable or responsible (in whatever way and howsoever arising) for:
(i) the operation and processing by Third Party Suppliers (including network operators) of Messages. The results of actions by Third Party Suppliers (including network operators) may include Messages being delayed, not being transmitted to recipients and/or not being received by recipients;
(ii) the correct operation of equipment, services, Communication Addresses and/or resources of senders and recipients of Messages (for example ensuring that user mobile phones and/or other devices are switched on). The results of this may include Messages being delayed or not being transmitted to and/or from recipients and/or not being received by recipients;
(iii) Customer and/or end user error, misuse (whether intentional or unintentional) and/or unauthorised use of the Services;
(iv) the Customer selection and/or use of the Services including where Customer’s use of the Services is for purposes for which the Services were not designed and/or for which they were not intended to be used; and/or
(v) any losses of whatever nature (and whether direct and/or indirect) which relate to or are connected with the Customer not achieving its anticipated benefits or advantages by using the Services.
13.2.5 all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this Agreement; and
13.2.6 the Services and the Documentation are provided to the Customer on an "as is" basis. The Customer must check and satisfy itself that it is entitled to use the Services in its selected jurisdictions for the purposes which it requires and ensure that it complies at all times with all rules and regulations regarding the purposes and ways in which it uses the Services in its selected jurisdictions (including all rules and regulations relating to data protection and privacy).
13.3 Nothing in this Agreement limits and/or excludes the liability of Boomerang:
13.3.1 for death or personal injury caused by Boomerang's negligence;
13.3.2 for fraud or fraudulent misrepresentation; and/or
13.3.3 for events or circumstances to the extent to which they cannot be excluded or limited by law.
13.4 Subject to clause 13.2 and 13.3:
13.4.1 Boomerang shall not be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for any loss of profits (whether direct and/or indirect), loss of business, loss of anticipated savings, depletion of goodwill and/or similar losses and/or loss or corruption of data or information;
13.4.2 Boomerang shall not be liable for any special, indirect and/or consequential loss, costs, damages, charges or expenses however arising under this Agreement; and
13.4.3 Boomerang's total maximum aggregate liability in contract (including in respect of the indemnity at clause 12.3), tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of this Agreement shall be limited to GBP£10,000.
13.5 The parties hereby expressly agree that the terms and conditions of this agreement (including those in clause 13) are reasonable and that each party has had the opportunity to negotiate these terms and take legal advice on them and the allocation of responsibility between the parties is reflected in the charges and that each party has entered into this agreement in its own respective commercial interests.
13.6 Neither party shall make any statements or claims which conflict with and/or are inconsistent and/or contrary to clause 13.6.
13.7 All references to "Boomerang" in this clause 13 shall, for the purposes of this clause and clause 13 only, be treated as including all employees, officers, subcontractors and agents of Boomerang, all of whom shall have the benefit of the exclusions and limitations of liability set out in this clause 13.
14. Term, Termination & Suspension
14.1 This Agreement shall, unless otherwise terminated as provided in this clause 14, continue for the Subscription Term and, thereafter, this Agreement be automatically renewed for successive Renewal Terms, unless:
14.1.1 either party notifies the other party of termination, in writing, at least 30 days before the end of the applicable Subscription Term or any applicable Renewal Term, in which case this Agreement shall terminate upon the expiry of the applicable Subscription Term or Renewal Term; or
14.1.2 otherwise terminated in accordance with the provisions of this Agreement;
14.2 Without affecting any other right or remedy available to it, either party may terminate this Agreement with immediate effect by giving written notice to the other party if:
14.2.1 the other party fails to pay any amount due under this Agreement on the due date for payment and remains in default not less than the payment notice period stated in the Service Profile after being notified in writing to make such payment;
14.2.2 the other party commits a material breach of any other term of this Agreement which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 30 days after being notified in writing to do so;
14.2.3 the other party suspends, or threatens to suspend, payment of its debts or is unable to pay its debts as they fall due or admits inability to pay its debts or is deemed unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986 and/or becomes insolvent and/or enters into any process or procedure which is similar to and/or equivalent to insolvency;
14.2.4 any event occurs, or proceeding is taken, with respect to the other party in any jurisdiction to which it is subject that has an effect equivalent or similar to any of the events mentioned in clause 14.2.3; and/or
14.3 Boomerang may (without any liability of whatever nature and howsoever arising), suspend forthwith some or all of the Services to the Customer upon notice to the Customer if:
14.3.1 Boomerang is entitled to terminate this Agreement;
14.3.2 Boomerang is instructed or requested to do so by any governmental body or agency, an emergency services organisation, any competent authority and/or Court;
14.3.3 Any Third Party Supplier (including a network operator) ceases to provide services and/or changes the way it operates, does business and/or charges for its services;
14.3.4 Boomerang believes that it is necessary or desirable to do so for legal or other regulatory reasons including in relation to any issues relating to data protection and/or privacy laws and regulations;
14.3.5 The Customer is about to undergo any Change of Control; and/or
14.3.6 Boomerang believes or becomes aware that Customer or an Authorised User has breached the terms of this Agreement, is attempting to breach the terms of this Agreement and/or is planning to do so and/or Boomerang believes that the Customer is using the Services in such a way that could lead to Boomerang suffering or incurring liability and/or losses.
14.4 Any suspension of the Services by Boomerang shall entitle Boomerang to terminate this Agreement. Any suspension of the Services by Boomerang shall not exclude or affect any other right or remedy to which Boomerang may be entitled under this Agreement and the Customer shall still be obliged to pay all charges and fees that may be due, payable and/or owing in relation to this Agreement.
14.5 If the Service is suspended then Boomerang shall reinstate such Service as soon as reasonably practicable after the event giving rise to such suspension has been resolved or lifted to Boomerang’s reasonable satisfaction. If the Service is re-instated then Boomerang may charge a reconnection fee.
On termination of this Agreement for any reason:
14.5.1 all licences granted under this Agreement shall immediately terminate;
14.5.2 each party shall return and make no further use of any equipment, property, Documentation and other items (and all copies of them) belonging to the other party;
14.5.3 Boomerang may destroy or otherwise dispose of any of the Customer Data in its possession unless Boomerang receives, no later than ten days after the effective date of the termination of this Agreement, a written request for the delivery to the Customer of the then most recent back-up of the Customer Data. Boomerang shall use reasonable commercial endeavours to deliver the back-up to the Customer in such format and on such media as Boomerang selects within 30 days of its receipt of such a written request, provided that the Customer has, at that time, paid all fees and charges outstanding at and resulting from termination (whether or not these are due for payment at the date of termination). The Customer shall pay all reasonable expenses incurred by Boomerang in returning or disposing of Customer Data; and
14.5.4 any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the agreement which existed at or before the date of termination shall not be affected or prejudiced.
15. Force majeure
Boomerang shall have no liability to the Customer under this Agreement if it is prevented from or delayed in performing its obligations under this Agreement, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes (whether involving the workforce of Boomerang or any other party), failure of a utility service or transport or telecommunications network, acts and/or omissions of Third Party Suppliers (including network operators), acts of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant, machinery and/or the internet, fire, flood, storm and/or acts or omissions of third parties, provided that the Customer is notified of such an event and its expected duration. Nothing in this clause shall entitle the Customer to delay, withhold and/or not pay any monies that may be due, owing and/or payable to Boomerang.
If there is an inconsistency between any of the provisions in the main body of this Agreement and the Schedules, the provisions in the main body of this Agreement shall prevail.
No variation of this Agreement shall be effective unless it is in writing and signed by the parties (or their authorised representatives).
No failure or delay by a party to exercise any right or remedy provided under this Agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.
19. Rights and remedies
Except as expressly provided in this Agreement, the rights and remedies provided under this Agreement are in addition to, and not exclusive of, any rights or remedies provided by law.
20.1 If any provision (or part of a provision) of this Agreement is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, the other provisions shall remain in force.
20.2 If any invalid, unenforceable or illegal provision would be valid, enforceable or legal if some part of it were deleted, the provision shall apply with whatever modification is necessary to give effect to the commercial intention of the parties.
21. Entire agreement
21.1 This Agreement, and any documents referred to in it, constitute the whole agreement between the parties and supersede any previous discussions, negotiations, proposals, product information, arrangements, agreements, understandings, and/or course of trade or conduct (whether in writing or otherwise) between them relating to the subject matter they cover.
21.2 Each of the parties expressly acknowledges and agrees that in entering into this Agreement it does not rely on any undertaking, promise, assurance, statement, representation, warranty or understanding (whether in writing or not) of any person (whether party to this Agreement or not) relating to the subject matter of this Agreement, other than as expressly set out in writing in this Agreement.
21.3 Any terms and conditions contained in any Customer purchase order, agreement and/or document shall be invalid and shall not be relevant to this Agreement unless expressly agreed to in writing by Boomerang and signed by Boomerang.
21.4 All dates and times that are given in relation to the Services are estimates only and Boomerang shall have no liability in relation to meeting such times and dates.
21.5 Nothing in this clause shall exclude or limit any liability or responsibility in relation to any fraudulent misrepresentations.
22.1 Subject to clause 22.2, neither party shall without the prior written consent of the other party (such consent not to be unreasonably withheld or delayed), assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement.
22.2 Boomerang may at any time assign, transfer, sub-contract and/or deal in any other manner with all and/or any of its rights or obligations under this Agreement in respect of or to: (i) any Boomerang group company or connected company; and/or (b) to any successor or assignee of Boomerang through any merger or acquisition of assets, provided that Boomerang shall remain primarily liable to the Customer for the performance of Boomerang’s obligations in this Agreement. A Boomerang group company shall include any other person controlling, controlled by or under common control with Boomerang where “control” and related terms means the ability to direct the affairs of Boomerang whether by means of the holding of shares, or the possession of voting power, by virtue of any powers conferred by its constitutional or corporate documents or otherwise.
23. No partnership or agency
Nothing in this Agreement is intended to or shall operate to create a partnership between the parties, or authorise either party to act as agent for the other, and neither party shall have the authority to act in the name or on behalf of or otherwise to bind the other in any way (including, but not limited to, the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).
24. Third party rights
This Agreement does not confer any rights on any person or party (other than the parties to this Agreement and, where applicable, their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.
25.1 Any notice required to be given under this Agreement shall be in writing and shall be delivered by hand or sent by pre-paid first-class post or recorded delivery post to the other party at its address set out in this Agreement, or such other address as may have been notified by that party for such purposes, or sent by fax to the other party's fax number as set out in this Agreement.
25.2 A notice delivered by hand shall be deemed to have been received when delivered (or if delivery is not in business hours, at 9 am on the first business day following delivery). A correctly addressed notice sent by pre-paid first-class post or recorded delivery post shall be deemed to have been received at the time at which it would have been delivered in the normal course of post. A notice sent by fax shall be deemed to have been received at the time of transmission (as shown by the timed printout obtained by the sender).
26. Set Off
The Customer hereby waives any and all existing and future set offs against any of the Fees and agrees to pay the Fees and any other sums due hereunder regardless of any set off or cross claim that the Customer may have against Boomerang and/or any third party.
27. Governing law and Jurisdiction
This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales and each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims) and provided that Boomerang shall be entitled to enforce its rights and remedies (including its intellectual property rights) both within and/or outside England against the Customer and unless otherwise provided for in the Service Profile.
A period of 12 months from and including the Effective Date 
Nature and Number of Authorised Users: Unlimited
Emergency Use: This is not permitted except as follows and subject to the following conditions  Not applicable
Payment Notice Period: means 30 Days 
Plug-In Restrictions: Not Applicable 
Use Cases: Digital messaging 
Territories that Messages are to be sent to and/or received from using the Services are:
Globally where services are available 
Law: The provisions of the governing law and jurisdiction shall be as set out in this Agreement 
Schedule 1– GDPR PROCESSOR CLAUSES
1.1. Definitions: In this Clause, the following terms shall have the following meanings:
(a) "controller", "processor", "data subject", "personaldata" and "processing" (and " process") shall have the meanings given in Applicable Data Protection Law; and
(b) "Applicable Data Protection Law" shall mean: (i) prior to 25 May 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data; and (ii) on and after 25 May 2018, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
1.2. Relationship of the parties: The Customer (the controller) appoints Boomerang as a processor to process the personal data that is the subject of this Agreement (the "Data"). Each party shall comply with the obligations that apply to it under Applicable Data Protection Law.
1.3. Purpose limitation: Boomerang shall process the Data as a processor as necessary to perform its obligations under this Agreement and strictly in accordance with the documented instructions of the Customer (the "Permitted Purpose"), except where otherwise required by any EU (or any EU Member State) law applicable to the Customer. In no event shall Boomerang process the Data for its own purposes or those of any third party.
1.4. International transfers: Boomerang shall not transfer the Data (nor permit the Data to be transferred) outside of the European Economic Area ("EEA") unless (i) it has first obtained the Customer's prior written consent; and (ii) it takes such measures as are necessary to ensure the transfer is in compliance with Applicable Data Protection Law. Such measures may include (without limitation) transferring the Data to a recipient in a country that the European Commission has decided provides adequate protection for personal data, to a recipient that has achieved binding corporate rules authorisation in accordance with Applicable Data Protection Law, or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission.
1.5. Confidentiality of processing: Boomerang shall ensure that any person that it authorises to process the Data (including the customer's staff, agents and subcontractors) (an " Authorised Person") shall be subject to a strict duty of confidentiality (whether a contractual duty or a statutory duty), and shall not permit any person to process the Data who is not under such a duty of confidentiality. Boomerang shall ensure that all Authorised Persons process the Data only as necessary for the Permitted Purpose.
1.6. Security: The processor shall implement appropriate technical and organisational measures to protect the Data (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorised disclosure of, or access to the Data (a " Security Incident"). Such measures shall have regard to the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. Such measures shall include, as appropriate:
(a) the encryption of personal data;
(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
1.7. Subprocessing: The Customer agrees that Boomerang may engage third parties to process personal data in order to assist Boomerang to deliver the services on behalf of the Customer provided that: (i) Boomerang provides at least 30 days' prior notice of the addition or removal of any subprocessor (including details of the processing it performs or will perform), which may be given by posting details of such addition or removal at the following URL: https://boomerangmessaging.com/sub-processors (ii) Boomerang imposes data protection terms on any subprocessor it appoints that protect the Data to the same standard provided for by this Clause; and (iii) Boomerang remains fully liable for any breach of this Clause that is caused by an act, error or omission of its subprocessor. If the Customer refuses to consent to Boomerang's appointment of a third party subprocessor on reasonable grounds relating to the protection of the Data, then either Boomerang will not appoint the subprocessor or the Customer may elect to suspend or terminate this Agreement.
1.8. Cooperation and data subjects' rights: Boomerang shall provide all reasonable and timely assistance (including by appropriate technical and organisational measures) to the Customer to enable the Customer to respond to: (i) any request from a data subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure and data portability, as applicable); and (ii) any other correspondence, enquiry or complaint received from a data subject, regulator or other third party in connection with the processing of the Data. In the event that any such request, correspondence, enquiry or complaint is made directly to Boomerang, Boomerang shall promptly inform the Customer providing full details of the same.
1.9. Data Protection Impact Assessment: If Boomerang believes or becomes aware that its processing of the Data is likely to result in a high risk to the data protection rights and freedoms of data subjects, it shall promptly inform the Customer and provide the Customer with all such reasonable and timely assistance as the Customer may require in order to conduct a data protection impact assessment and, if necessary, consult with its relevant data protection authority.
1.10. Security incidents: Upon becoming aware of a Security Incident, Boomerang shall inform the Customer without undue delay and shall provide all such timely information and cooperation as the Customer may require in order for the Customer to fulfil its data breach reporting obligations under (and in accordance with the timescales required by) Applicable Data Protection Law. Boomerang shall further take all such measures and actions as are necessary to remedy or mitigate the effects of the Security Incident and shall keep the Customer informed of all developments in connection with the Security Incident.
1.11. Deletion or return of Data: Upon termination or expiry of this Agreement, Boomerang shall (at the Customer 's election) destroy or return to the Customer all Data (including all copies of the Data) in its possession or control (including any Data subcontracted to a third party for processing). This requirement shall not apply to the extent that Boomerang is required by any EU (or any EU Member State) law to retain some or all of the Data, in which event Boomerang shall isolate and protect the Data from any further processing except to the extent required by such law until deletion is possible.
1.12. Audit: Boomerang shall permit the Customer (or its appointed third party auditors) to audit Boomerang's compliance with this Clause, and shall make available to the Customer all information, systems and staff necessary for the Customer or its third party auditors) to conduct such audit. Boomerang acknowledges that the Customer (or its third party auditors) may enter its premises for the purposes of conducting this audit, provided that the Customer gives it reasonable prior notice of its intention to audit, conducts its audit during normal business hours, and takes all reasonable measures to prevent unnecessary disruption to Boomerang's operations. Boomerang reserves the right to charge a daily rate for professional services during an onsite audit. The Customer will not exercise its audit rights more than once in any twelve (12) calendar month period, except (i) if and when required by instruction of a competent data protection authority; or (ii) the Customer believes a further audit is necessary due to a Security Incident suffered by Boomerang.
1.13. Indemnity: Each party (the "Indemnifying Party") shall indemnify the other (the " Indemnified Party") from and against all loss, cost, harm, expense (including reasonable legal fees), liabilities or damage (" Damage") suffered or incurred by the Indemnified Party as a result of the Indemnifying Party's breach of the data protection provisions set out in this Clause, and provided that: (i) the Indemnified Party gives the Indemnifying Party prompt notice of any circumstances of which it is aware that give rise to an indemnity claim under this Clause; and (ii) the Indemnified Party takes reasonable steps and actions to mitigate any ongoing Damage it may suffer as a consequence of the Indemnifying Party's breach.
Schedule 2- Policies
BOOMERANG FAIR AND ACCEPTABLE USE POLICY
The obligations in this policy are (and in each case will be interpreted as being) placed upon the Customer and Authorised Users and end users and the Customer and Authorised Users and end users must comply with the obligations in this policy.
This Fair and Acceptable Use Policy (“FAUP”) applies to all users of Services provided by Boomerang, including third party services based on the Services. References to “us”, “we” and “our” are to any company within the Boomerang group of companies that provides those Services. The FAUP sets out certain rules and requirements governing use of the services provided by Boomerang. Capitalised terms used but not defined in this FAUP shall have the meaning given in this Agreement.
We may revise this FAUP at any time by posting the revised version on the Website. You are expected to check this page from time to time and to take note of any changes made.
The obligations in this policy are (and in each case will be interpreted as being) placed upon the Customer and Authorised Users and end users and the Customer and Authorised Users and end users must comply with the obligations in this policy. Updates to this Policy are published at https://boomerangmessaging.com/privacy/
This policy explains how we collect, use, share and protect your personal information. There may be other privacy policies that apply to certain services we provide. You will find such policies in the terms of your contract with Boomerang.
We can get your personal information when you:
We may also collect information about you from other organizations, if this is appropriate. These include fraud-prevention agencies, business directories and credit reference agencies. We may also collect information about you from other companies and our business partners..
This, in turn, helps us make our website relevant to your interests and needs. We may use a persistent cookie (a cookie that stays linked to your browser) to record your details so we can recognise you if you visit our website again.
The information we collect about you depends on the products and services you use and the way you navigate our website. It includes (but isn’t limited to) the following:
Generally, we use all the data that you provide to us or that we collect from you to provide our products and services to you, to enable you to access and use our products and services, to deliver your communications to their intended destination, and to analyse our customers’ use of our products and services, to improve our products and services, and to detect fraudulent or unlawful activity in connection with Boomerang accounts.
We may use and analyse your information to:
15. We use transactional message data processed through your account to generate reports and to provide an itemised bill of your messaging activity.
We’ll store your information for as long as we have to by law. If there’s no legal requirement, we’ll only store it for as long as we need it. We’ll also keep some personal information for a reasonable period after the provision of products and services has finished – just in case you decide to use our services again.
Unless you give us your permission, we won’t share your customer content, customer account data, or customer usage data with third parties, except as described below:
We do not share your data (including, but not limited to, the personal data of your end users) with third parties for their direct marketing purposes, unless you give us your consent to do so
Please note that all Boomerang customer account data is stored on servers and equipment located in the UK. In performing its duties as a service provider Boomerang may need to pass customer content (transactional message data) to suppliers located outside of the UK.
We do not knowingly collect any personal information directly from children. If we discover we have received any personal information from a child in violation of this policy, we will take reasonable steps to delete that information as quickly as possible. If you believe we have any information from or about anyone a child, please contact email@example.com.
We work to recognised security standards and constantly review and improve our measures to protect your personal information from unauthorized access, accidental loss, disclosure or destruction.
We work with suppliers who have the appropriate security controls in place to protect your data from unauthorized access, accidental loss, disclosure or destruction. These organisations won’t be entitled to use your personal information for their own purposes.
We use appropriate measures to protect your data based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note though that no service is completely secure. So, while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
We work to help our customers protect their data, by providing access confidential data such as usernames and passwords securely and we provide access to security controls within the Boomerang UI application and across the Boomerang messaging gateway that allows customers to overwrite any sensitive data such as messages content and communication addresses.
Communications over the Internet (such as emails) are not secure unless they’ve been encrypted. Your communications may go through a number of countries before being delivered – as this is the nature of the Internet. We can’t accept responsibility for any unauthorized access or loss of personal information that’s beyond our control.
You can write to us at any time to get a copy of the personal information we hold about you and we will process your request as quickly as possible. If you believe we’re holding inaccurate information about you, please contact us at firstname.lastname@example.org
If you no longer want to receive marketing messages from us please write to us at this email address or use the unsubscribe option provided in the relevant email.
Please note that even if you opt out of promotional communications, we may still send you messages relating to access to and use of the services and products and things like updates to our terms of service or privacy notices, security alerts, and other notices.
To request deletion of your Boomerang account, email us at email@example.com Deleting your Boomerang account will result in you permanently losing access to your account and all customer data to which you previously had access through your account. Please note that certain data associated with that account may nonetheless remain on Boomerang’s servers in an aggregated or anonymized form that does not specifically identify you. Similarly, data associated with your account that we are required by law to maintain will also not be deleted.
INFORMATION SECURITY POLICY
The obligations in this policy are (and in each case will be interpreted as being) placed upon the Customer and Authorised Users and end users and the Customer and Authorised Users and end users must comply with the obligations in this policy.
An overall risk assessment of the information systems should be performed at least annually. Risk assessments must identify, quantify and prioritize the risks according to relevant criteria for acceptable risks.
Risk assessments are to be carried out when implementing changes impacting information security. Recognized methods of assessing risks should be employed
An appointed officer with the requisite knowledge and experience will be responsible for ensuring that the risk management processes are coordinated in accordance with the policy.
The same officer is responsible for ensuring that risk assessments are implemented in accordance with the policy.
Risk management is to be carried out according to pre-approved criteria.
Risk assessments must be approved.
All risks must be recorded and tracked and a mitigation strategy must be formulated to address each risk, as per a Risk Management policy.
If a risk assessment reveals unacceptable risks, measures must be implemented to reduce the risk to an acceptable level.
"Assets" include both information assets, process assets and physical assets.
Information and infrastructure should be classified according to security level and access control.
Assets should be classified as one of three categories for confidentiality:
Sensitive : Information of a sensitive variety where unauthorised access (including internally) may lead to considerable damage for individuals, the company or their interests.
Internal : Information which may harm the company or be inappropriate for a third party to gain knowledge of. An appointed officer with the requisite knowledge and experience decides who may access and how to implement that access.
Open : Other information is open.
The company shall carry out risk analyses in order to classify information based on how critical it is for operations (criticality).
Routines for classification of information and risk analysis must be developed.
Users administrating information on behalf of the company should treat said information according to classification.
Sensitive documents should be clearly marked.
A plan for electronic storage of essential documentation should be developed.
Information that is vital for operations should be accessible independent of which systems the informati on was created or processed in.
Security responsibility and roles for employees and contractors should be described.
A confidentiality agreement should be signed by employees, contractors or others who may gain access to sensitive and/or internal information.
IT regulations should be accepted for all employment contracts and for s ystem access for third parties.
The IT regulations refer to the organisation’s information security requirements and the users' responsibility for complying with these regulations.
The IT regulations should be reviewed regularly with all users and with all new staff.
All employees and third-party users should receive adequate training and updating regarding the Information security policy and procedures. The training requirements may vary.
Breaches of the Information security policy and accompanying guidelines will normally result in sanctions (documented in the organisation’s handbook)
Information systems and other assets should only be utilised for their intended purpose. Necessary private usage is permitted.
Private IT equipment may only be connected where explicitly permitted. All other use must be approved in advance by the IT department.
Use of IT infrastructure for personal commercial activities is under no circumstances permitted.
All employees and third-party users are responsible for the security of their information systems and assets (PCs, laptops, mobile devices, documentation etc.). Electronic devices containing sensitive information must not be left unattended for long periods while signed-on. Employees must keep passwords secure and must not share accounts. Authorised users are responsible for the security of their passwords and system accounts.
The responsibility for termination or change of employment should be clearly defined in a separate routine with relevant circulation forms.
Assets should be handed in at the conclusion of the need for the use of these assets.
Access rights should be changed or terminated at termination or change of employment. A routine should be present for handling alumni relationships.
Notification on employment termination or change should be carried out through the procedures defined in the personnel system.
IT equipment and information that require protection should be placed in secure physical areas. Secure areas should have suitable access control to ensure that only authorised personnel have access.
Data centres should be properly secured against damage caused by fire, water, explosions, vibrations, etc.
A nominated manager (e.g. the IT Manager) is responsible for approving physical access to technical computer rooms.
A designated manager will be responsible for the approval of physical access to secure areas other than technical computer rooms.
All of the company's offices and data centres should be secured according the appropriate classification, using adequate security systems, including suitable tracking/logging.
A clear desk policy for papers and removable storage media and a clear screen policy for information processing facilities should be adopted.
The clear desk and clear screen policy should take into account the information classifications, legal and contractual requirements and Code of Conduct.
Management should ensure that work performed by third parties in secure zones is suitably monitored and documented.
All personnel or third parties accessing data centres should be able to be identified and wear personal access cards. The ID cards are personal, and must not be transferred to a third party or to colleagues.
Access cards may be supplied to workmen, technicians and others after proper identification [and a signed confidentiality agreement].
Visitors to the data centres must be escorted and / or monitored, e.g. with cameras.
Visitors to the data centres must be signed in and out
Any member of staff receiving visitors at the Company offices are responsible for their supervision
All external doors and windows must be closed and locked at the end of the work day
Secure IT equipment must be protected against environmental threats (fires, flooding, temperature variations, etc.). Classification of equipment should be based on risk assessments.
Information classified as "sensitive" must not be stored on portable computer equipment (e.g. laptops, cell phones, memory sticks, etc.). If it is necessary to store this information on portable equipment, the information must be password protected and encrypted in compliance with guidelines from the IT department.
During travel, portable computer equipment should be treated as carry-on luggage.
Areas classified as "red" must be secured with suitable fire extinguishing equipment with appropriate alarms.
Fire drills shall be carried out on a regular basis.
Purchase and installation of IT equipment must be approved by the IT department.
Purchase and installation of software for IT equipment must be approved by the IT department.
The IT department should ensure documentation of the IT systems according to required standards.
Changes in IT systems should only be implemented if well-founded from a business and security standpoint.
The IT department should have emergency procedures in order to minimize the effect of unsuccessful changes to the IT systems.
Operational procedures should be documented. Documentation must be updated following all substantial changes.
Before a new IT system or service is put in production, plans and risk assessments should be in place to avoid errors. Additionally, routines for monitoring and managing unforeseen problems should be in place.
Duties and responsibilities should be separated in a manner reducing the possibility of unauthorised or unforeseen abuse of assets.
Development, testing and maintenance should be separated from operations in order to reduce the risk of unauthorised access or changes, and in order to reduce the risk of error conditions.
All contracts regarding outsourced IT systems should include:
Requirements for information security must be taken into consideration when designing, testing, implementing and upgrading IT systems, as well as during system changes. Routines must be developed for change management and system development/maintenance.
IT systems must be dimensioned according to capacity requirements. The load should be monitored in order to apply upgrades and adjustments in a timely manner. This is especially important for business-critical systems.
Computer equipment must be safeguarded against virus and other malicious code. This is the responsibility of a senior manager.
The IT department is responsible for carrying out regular backups and restore of these backups, as well as data storage on IT systems according to their classification.
Users must always save data and files on the network as opposed to the local hard disk. This ensures that regular backups must be taken and must be available for recovery purposes.
Users must be made aware that data saved on the local hard disk is not backed up by the IT Department/relevant IT resource.
Backups should be stored externally or in a separate, suitably protected area.
The IT department has the overall responsibility for protecting the internal network.
There should be an asset inventory containing all equipment connected to wired networks.
All access to networks should be logged.
There should be procedures in place for the management of removable storage media.
Implementation is the responsibility of each employee.
Storage media should be disposed of securely and safely when no longer required, using formal procedures.
Procedures and controls should be established for protecting exchange of information with third parties and information transfer. Third party suppliers must comply with these procedures.
The right to access personal e-mail and other personal data stored on company computer networks according to the Data Protection Act 1998 is available.
Storage and transfer of sensitive information should be encrypted or otherwise protected.
Information exchanged across public networks in connection with e-commerce, should be protected against fraud, contractual discrepancies, unauthorised access and changes.
The IT department should ensure that publicly accessible information, e.g. on web services, is adequately protected against unauthorised access.
Access and use of IT systems should be logged and monitored in order to detect unauthorised information processing activities.
Usage and decisions should be traceable to a specific entity, e.g. a person or a specific system.
The IT department should register substantial disruptions and irregularities of system operations, along with potential causes of the errors.
Capacity, uptime and quality of the IT systems and networks should be sufficiently monitored in order to ensure reliable operation and availability.
The IT department should log security incidents for all essential systems.
The IT department should ensure that system clocks are synchronized to the correct time.
The process for off-boarding customers should be clearly defined and approved.
All customer data should be removed from company systems in accordance with the requirements of the customer and disposed of securely.
Requests for retrieval of customer data should be carried in a timely manner that is proportionate to the request made.
Written guidelines for access control and passwords based on business and security requirements should be in place. Guidelines should be re-evaluated on a regular basis.
Guidelines should contain password requirements (frequency of change, minimum length, character types which may/must be utilised, etc.) and regulate password storage.
Users accessing systems must be authenticated according to guidelines.
Users should have unique combinations of usernames and passwords.
Users are responsible for any usage of their usernames and passwords. Users should keep their passwords confidential and not disclose them unless explicitly authorized to do so.
Access to information systems should be authorised by line management. This includes access rights, including accompanying privileges. Authorisations should only be granted on a "need to know" basis, and regulated according to role.
The line manager should alert the system administrator about granting access and changes in accordance with the directives from the IT Department.
The IT department is responsible for ensuring that network access is granted in accordance with access policy.
Users should only have access to the services they are authorised for.
The access to privileged accounts and sensitive areas should be restricted.
Users should be prevented from accessing unauthorised information.
Remote access to computer equipment and services is only permitted if the security policy has been read and understood.
Remote access to the company network may only take place through security solutions approved by the IT department.
Mobile units should be protected using adequate security measures.
Information classified as sensitive must be encrypted if stored on portable media, such as memory sticks, PDAs, DVDs and cell phones.
Definitions of operational requirements for new systems or enhancements to existing systems must contain security requirements.
Guidelines for administration and use of encryption for protecting information should be in place.
Systems developed for or by the company must satisfy definite security requirements, including data verification, securing the code before being put in production, and use of encryption.
All software should be thoroughly tested and formally accepted by the Operations Director and the IT department before being transferred to the production environment.
All breaches of security, along with the use of information systems contrary to routines, should be treated as incidents.
All employees are responsible for reporting breaches and possible breaches of security. Incidents should be reported to management.
Routines are to be developed for incident management and reporting. The routines should contain measures for preventing repetition as well as measures for minimizing the damage.
There should be routines in place for defining the cost of security incidents.
A process defining simple routines for collecting evidence should be in place.
Type of record
Suggested retention period
3 years after end of investigation
Any information private to any individual
Destroy when no longer required
CVs and job applications not hired
6 months after notification
5 years following end of employment
Employer's liability insurance certificate
General email correspondence
6 months unless likely that it will be need to retained for longer
Historical records relating to Boomerang
Medical and safety records
5 years following end of employment
Property records, trust deeds
6 years after redundancy
Sickness/sick pay records
Software and hardware inventory details
Tax records - self-employed or partnership
5 years from last tax date
Tax records – companies
6 years from last accounting period
Transactional message data
*Default is 2 years although transactional message data can be overwritten according to a customer’s specific requirements
 See clause 9 regarding payment of Fees
 See clause 3 regarding additional services
 See definition of Subscription Term and clause 2.1, 3.1, 4.1 and also cross references in various clauses in this Agreement to Subscription Term
 See definition of Authorised Users, clause 2 and clause 2.2.1
 See clauses 2.3.1, 12 and 14.3.2
 See clause 14.2.1
 See definition of “Plug-In”, “Services” and “Software” and also clause 2.4.6
 See definition of “Use Cases” and clause 2.1
 See clause 8.1.3
 See clause 27