Page 6 of 11
SCC Hardware Support & Maintenance Agreement 2021 [AV11]
9.8 Where SCC is unable to access the Site and/or the Hardware for
any reason (other than due to the default of SCC) and as a result
is unable or is delayed from providing the Services, SCC shall not
be deemed to have breached any of the terms of the Contract.
9.9 The Charges have been set by SCC on the basis of the
exclusions and restrictions of liability in this Clause 9 and
would be higher without those provisions. In the
circumstances, the Customer agrees that those provisions are
reasonable and will accept the risk and/or insure accordingly.
9.10 Except as otherwise specifically provided in this Support and
Maintenance Agreement, SCC hereby excludes to the fullest
extent permissible in law, all conditions, warranties, terms and
stipulations, express (other than those set out in this Support
and Maintenance Agreement) or implied, statutory, customary
or otherwise which, but for such exclusion, would or might
subsist in favour of the Customer.
10. INTELLECTUAL PROPERTY
10.1 All Intellectual Property Rights in or in relation to the Services
(including any manuals and operating documentation relating
thereto) or in any materials (including software) provided by
SCC during the course of supplying the Services shall vest in
SCC or its suppliers as the case may be. The Customer shall
have no title to or interest in any such Intellectual Property
Rights except to the extent specifically set out in this Support
and Maintenance Agreement.
11. CONFIDENTIALITY
11.2 The Parties will keep confidential any and all Confidential
Information that they may acquire pursuant to the Contract.
11.2 Neither Party will use the Confidential Information for any
purpose other than to perform its obligations under the
Contract. Each Party will ensure that its officers and employees
comply with the provisions of this Clause 11.
11.3 The Customer acknowledges that SCC does not have any
knowledge of the quantity or value of the data or software used
by the Customer in utilising the Services. The Customer shall
take all reasonable steps to mitigate the risks of data and
software loss inherent in its use of the Services. The Customer
agrees that SCC shall not be liable for loss of Customer data or
software to the extent that the Customer data or software has
changed since the time that SCC was last required to perform
a backup pursuant to this Agreement.
11A. DATA PROTECTION
11A.1 In this Clause, the terms “Controller”, “Personal Data”,
“Processed”, “Processor”, “Processing” and “Data
Subject” have the meanings given to them in the Data
Protection Legislation.
11A.2 The Parties acknowledge that the Customer is a Controller and
SCC is a Processor in relation to the Personal Data processed
by SCC pursuant to the Contract.
11A.3 The Personal Data which could be Processed by SCC in
performing the Services (including where the Processing is
related to the storage and transfer of data used by the
Customer in the course of carrying on its business within its
equipment, systems or applications which SCC services, hosts
or provides compute infrastructure for) will be specified in the
Contract or, where not so specified, could relate to any
individual anywhere in the world with whom the Customer and
its users are communicating, doing business, providing a
service to, employing (either potentially or historically) and
anyone related to such individuals or other individuals. Unless
specified in the Contract, the Personal Data could be any type
of personal data or special category of sensitive Personal Data
that is Processed in connection with such systems, equipment
or applications or on emails, information or other documents
sent to or from the Customer or its users or created by them,
all as determined by the Customer or the Customer's users. The
Personal Data will be Processed for the duration of the
Contract. Where the Customer requests, the Parties may agree
to set out in a schedule to the Contract the specific subject
matter and duration, nature and purpose of particular
Processing activities underthe Contract, the type of Personal
Data being Processed and the specific categories of the Data
Subjects concerned.
11A.4 SCC shall:
(a) Process the Personal Data only on the documented instructions
of the Customer as set out in the Contract, in order to perform
its obligations under the Contract and shall ensure it takes steps
to ensure that its personnel only Process the Personal Data on
documented instructions from the Customer as set out in the
Contract, unless required to do otherwise by applicable law;
(b) ensure that its personnel who are authorised to Process
Personal Data are under obligations of confidentiality that are
enforceable by SCC;
(c) take all measures required pursuant to Article 32 of GDPR;
(d) assist the Customer, by appropriate technical and
organisational measures, insofar as this is possible, for the
fulfilment of the Controller’s obligation to respond to requests
for exercising the Data Subject’s rights under Chapter III of
GDPR;
(e) assist the Customer in ensuring compliance with the obligations
pursuant to Articles 32-36 of GDPR taking into account the
nature of the Processing and the information available to SCC;
(f) at the written election of the Customer, either delete or return
the Personal Data (including all copies of it) at any time upon
request by the Customer or promptly upon termination or
expiry of the Contract; and
(g) make available to the Customer all information necessary to
demonstrate compliance with the obligations in Article 28 of
GDPR and allow for and contribute to audits, including
inspections, conducted by the Customer or another auditor
mandated by the Customer.
11A.5 The Customer shall:
(a) ensure it has all necessary authority to Process Personal Data
and to disclose or make available such Personal Data to SCC
and to allow SCC to conduct the relevant Processing activities
required in order to provide the Services for the Customer, in
each case in accordance with all applicable Data Protection
Legislation; and
(b) be responsible for ensuring that appropriate technical and
organisational measures are in place for all Personal Data
Processed within the Customer's IT environment by the
Customer and SCC. The Parties agree that it is not appropriate
for SCC to be responsible for determining appropriate technical
and organisational measures related to the Customer's IT
environment wherever it may be located unless the
implementation of such measures are within the scope of the
Services to be provided by SCC.
11A.6 The Customer acknowledges and agrees that, taking into
account the nature, scope, context and purposes of the
processing of Personal Data that may be carried out by SCC in
the course of the provision of the Services provided under the
Contract, it is not appropriate for SCC to implement and SCC
shall not implement, unless expressly agreed by SCC in the
Contract or via the Change Control Procedure, specific back-up,
pseudonymisation or encryption measures in respect of
Personal Data Processed by SCC when performing the Services.
11A.7 The Customer consents to the Processing of Personal Data by
SCC’s affiliate company Specialist Computer Centres Vietnam
Company Limited, for the purpose of providing out of hours
support or for assistance with other services sub-contracted by
SCC to Specialist Computer Centres Vietnam Company Limited
on the terms located at the following hyperlink
https://www.scc.com/wp-content/uploads/2018/06/Data-