Terms of Service

OFFICELY ORDER FORM

Services: Scheduling employee office days (the "Services"). 

Services Fees: fees are calculated in accordance with the plan chosen by the Customer.

 Initial Service Term: 1 month


This Services Order Form is a binding, legal agreement between the Company that accesses and uses the Services and HotelFlex Ltd (trading as Officely) (the “Company”, “us”, or “our”) for the provision of the Services, and is subject to the Terms of Service set out below.  

By accessing and using the Services , you represent that (1) you have read, understand, and agree to be bound by the terms of use, (2) you have the authority to enter into the terms of use personally or on behalf of the Company, and to bind that Company to the terms of use.

If you subscribe to the services for a term (the “Initial Term”), then the terms will be automatically renewed for additional periods of the same duration as the Initial Term at Company’s then-current fee for such services unless you opt out of the auto-renewal.

TERMS OF SERVICE

Last Updated 17/09/20

1. SAAS SERVICES AND SUPPORT

1.1. Subject to the Services Order Form above and these Terms of Service (including any Exhibits to it) as amended from time to time), Company will use commercially reasonable efforts to provide the Services to the Customer during the Term (as defined in Section 5.1 below).

1.2. As part of the registration process, Customer will identify an administrative username and password for Customer’s Company account. Company reserves the right to refuse registration of, or cancel passwords it deems inappropriate.

1.3. Customer recognises that Company is always innovating and finding ways to improve the Services with new features and services. Customer therefore agreesthat the Services may change from time to time and no warranty, representation or other commitment is given in relation to the continuity of any functionality of the Service.

1.4. Subject to the terms hereof, Company will provide Customer with reasonable technical support services in accordance with the terms set forth in Exhibit A.

2. RESTRICTIONS AND RESPONSIBILITIES

2.1. Company hereby grants to Customer a non-exclusive, non-transferable, non-sublicensable right to access and use the Services during the Term in accordance with the Agreement, solely for Customer's internal business purposes.

2.2 Customer will not, directly or indirectly (except to the extent permitted by any applicable law which is incapable of exclusion by theagreement of the parties): reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlyingstructure, ideas, know-how or algorithms relevant to the Services or any software, documentation or data related to the Services (“Software”); modify,translate, or create derivative works based on the Services or any Software(except to the extent expressly permitted by Company or authorised within theServices); license, sell, rent, lease, transfer, assign, distribute, display,disclose or otherwise commercially exploit the Services and any Software (except to the extent expressly permitted by Company or authorised within theServices);  use the Services or any Software for timesharing or servicebureau purposes or otherwise for the benefit of a third party; or remove anyproprietary notices or labels. With respect to any Software that is distributed or provided to Customer for use on Customer premises or devices, Company herebygrants Customer a non-exclusive, non-transferable, non-sublicensable licence touse such Software during the Term only in connection with the Services.

2.2. Customer shall comply with all applicable technology control and export laws and regulations.  

2.3. Customer represents, covenants, and warrants that Customer will use the Services only in compliance with the terms and conditions of the Agreement, andall applicable laws and regulations. Customer hereby agrees to indemnify and hold harmless Company against any damages, losses, liabilities, settlements and expenses (including without limitation costs and attorneys’ fees) in connection with any claim or action that arises from any actual or alleged breach of theterms and conditions of the Agreement, and/or any applicable laws andregulations, or otherwise from Customer’s use of Services. Although Company hasno obligation to monitor Customer’s use of the Services, Company may do so andmay prohibit any use of the Services it believes may be (or alleged to be) inviolation of the Agreement.

2.4. Customer shall be responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access or otherwise use the Services, including, without limitation, modems, hardware, servers, software, operatingsystems, networking, web servers and the like (collectively, “Equipment”).Customer shall also be responsible for maintaining the security of theEquipment, Customer account, passwords (including but not limited toadministrative and user passwords) and files, and for all uses of Customeraccount or the Equipment with or without Customer’s knowledge or consent.

3. CONFIDENTIALITY; PROPRIETARY RIGHTS

3.1. Each party undertakes that it shall not at any time during this Agreement, and for a period of two years after terminationor expiry of this Agreement, disclose to any person any confidential information concerning the business, affairs, customer, clients or suppliers orthe other party or of any member of the group of companies to which the other party belongs, except as permitted by clause 3.2 below.

3.2 Notwithstanding clause 3.1, each party may disclose the other party's confidential information:

     (a) to its employees, officers, representatives, contractors, subcontractors or advisers who need to know such information forthe purposes of exercising the party's rights or carrying out its obligations under or in connection with this Agreement. Each party shall ensure that its employees, officers, representatives, contractors, subcontractors or advisersto whom it discloses the other party's confidential information comply withthis clause 3; and

     (b) as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority.

3.3 No party shall use any other party's confidential information for any purpose other than to exercise its rights and perform itsobligations under or in connection with this Agreement.

3.4. Customer shall own and retain all right, title and interest in and to the Customer Data, and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.

3.5. Company shall own and retain all right, title and interest in and to (a) the Services and Software, all improvements, enhancements or modifications thereto,(b) any software, applications, inventions or other technology developed in connection with Services or support, and (c) all intellectual property rightsrelated to any of the foregoing.

3.6. Notwithstanding anything to the contrary, Company shall have the right to collect and analyse data and other information relating to the provision, useand performance of various aspects of the Services and related systems andtechnologies (including, without limitation, information concerning Customer Data and data derived therefrom), and Company will be free (during and after the Term) to (i) use such information for the purpose of providing the Services; (ii) use such information and data to improve and enhance theServices and for other development, diagnostic and corrective purposes inconnection with the Services and other Company offerings, and (iii) disclosesuch data solely in aggregate or other de-identified form in connection withits business. No rights or licences are granted except as expressly set forthherein.

4. PAYMENT OF FEES

4.1. Customer will pay Company the then applicable Service Fees . Company reservesthe right to change the Service Fees or applicable charges and to institute new charges and Service Fees at the end of the Initial Service Term or then-currentrenewal term, upon thirty (30) days prior notice to Customer (which may be sentby email). If Customer believes that Company has billed Customer incorrectly,Customer must contact Company no later than 60 days after the closing date onthe first billing statement in which the error or problem appeared, in order toreceive an adjustment or credit. Inquiries should be directed to Company’scustomer support department.

4.2. Company may choose to bill through an invoice, in which case, full payment for invoices issued in any given month must be received by Company ten (10) days after the mailing date of the invoice. Unpaid amounts are subject to interest at an annual rate of 4% over the then-current base lending rate of BarclaysBank Plc from time to time on any outstanding balance, or the maximum permittedby law, whichever is lower, commencing on the due date for payment and continuing until payment is received in full by Company, plus all expenses of collection,and may result in immediate termination of the Service. Customer shall beresponsible for all taxes associated with Services other than applicable taxesbased on Company’s net income.

4.3. For the purpose of calculating the Service Fees, the term "Additional Revenue" means any revenue generated by Customer arising from Customer's use of the Services (prior to the addition of taxes).

5. TERM AND TERMINATION

5.1. Subject to earlier termination as provided below, the Agreement is for the Initial Service Term, and shall be automatically renewed for additional periodsof the same duration as the Initial Service Term (collectively, the “Term”),unless either party gives the other party at least ten (10) days’ notice inwriting to terminate the Agreement at the end of the then current term. A reason for this termination does not need to be given.

5.2. Without prejudice to any other rights or remedies available to it, Company may, without liability, immediately disable Customer's account for the Services orprevent access by Customer to the Services for any breach by Customer of this Agreement.

5.3. In addition to any other remedies it may have, either party may also terminate theAgreement immediately on written notice (or without notice in the case ofnon-payment), if the other party (i) materially breaches any of the terms orconditions of the Agreement which breach is irremediable or (if such breach isremediable) fails to remedy the breach within ten (10) days of being notifiedin writing to do so, or (ii) is unable to pay its debts (within the meaning ofsection 123 of the Insolvency Act 1986) or becomes insolvent, or is subject toan order or a resolution for its liquidation, administration, winding-up ordissolution (otherwise than for the purposes of a solvent amalgamation orreconstruction), or has an administrative or other receiver, manager, trustee,liquidator, administrator or similar officer appointed over all or anysubstantial part of its assets, or enters into or proposes any composition orarrangement with its creditors generally, or is subject to any analogous eventor proceeding in any applicable jurisdiction. Customer will pay in full for theServices up to and including the last day on which the Services are provided. Uponany termination (i) all licences granted under the Agreement shall immediatelyterminate and Customer's right to access and use the Services will end, and(ii) (subject to the terms and conditions of the DPA) Company will make allCustomer Data available to Customer for electronic retrieval for a period ofthirty (30) days, but thereafter, Company may, but is not obligated to, deletestored Customer Data. All sections of the Agreement which by their natureshould survive termination will survive termination, including, withoutlimitation, accrued rights to payment, confidentiality obligations, warrantydisclaimers, and limitations of liability.

6. WARRANTY AND DISCLAIMER

6.1 Company shall use reasonable efforts consistent withprevailing industry standards to maintain the Services in a manner whichminimises errors and interruptions in the Services and shall perform the Services in a professional and workmanlike manner. Services may be temporarilyunavailable for scheduled maintenance or for unscheduled emergency maintenance,either by Company or by third-party providers, or because of other causesbeyond Company’s reasonable control, but Company shall use reasonable effortsto provide advance notice in writing or by e-mail of any scheduled service disruption.

6.2 Company does not warrant that the Services will beuninterrupted or error free; nor does it make any warranty as to the resultsthat may be obtained from use of the Services. Except as expressly set forth inthis section, the services are provided “AS IS” and Company disclaims andexcludes from the Agreement to the fullest extent permitted by applicable lawall warranties, representations, conditions and all other terms of any kindwhatsoever, express or implied by statute or common law or otherwise,including, but not limited to, implied warranties of merchantability andfitness for a particular purpose and non-infringement.

7. LIMITATION OF LIABILITY

7.1 Nothing in the Agreement excludes the liability of eitherparty for death or personal injury caused by its negligence, or for fraud orfraudulent misrepresentation.

7.2 Subject to clause 7.1, Company and its suppliers (includingbut not limited to all equipment and technology suppliers), officers,affiliates, representatives, contractors and employees shall not be responsibleor liable with respect to any subject matter of the Agreement or terms andconditions related thereto under any contract,  tort (includingnegligence), for breach of statutory duty, or otherwise: (a) for error or interruptionof use of the Services or for loss, alteration, or inaccuracy or corruption ofdata (including Customer Data) or cost of procurement of substitute goods,services or technology; (b) for any loss (whether direct or indirect) ofprofits, revenue, business, or goodwill; (c) for any indirect, exemplary,incidental, special or consequential loss, costs, damages, charges or expenses;(d) for any matter beyond Company’s reasonable control; or (e) for any amountsthat, together with amounts associated with all other claims, exceed the feespaid by Customer to Company for the Services under the Agreement in the 12months prior to the act that gave rise to the liability, in each case, whetheror not Company has been advised of the possibility of such damages.

8. MISCELLANEOUS

8.1 Company may useCustomer's name, logo, and related trade marks in any of Company's publicity ormarketing materials for the purpose of highlighting that Customer uses theServices, and alongside any testimonials that Customer has agreed to give.

8.2 Company shallhave no liability to Customer under the Agreement if it is prevented from ordelayed in performing its obligations under the Agreement by any act, event oromission beyond its control, including (without limitation): strikes, lock-outsor other industrial disputes; failure of a utility service or transport ortelecommunications network; act of God, fire, flood, or storm; war, riot, orcivil commotion; malicious damage; compliance with any law or governmentalorder, rule, regulation or direction; accident; breakdown of machinery; ordefault of suppliers or sub-contractors. Company shall notify Customer of anysuch event and (where possible) its expected duration.

8.3 If any provisionof the Agreement is found to be unenforceable or invalid, that provision willbe limited or eliminated to the minimum extent necessary so that the Agreementwill otherwise remain in full force and effect and enforceable.

8.4 If there is aninconsistency between any of the provisions in the main body of the Agreementand the Exhibits, the provisions in the Exhibits shall prevail to the extent ofthe inconsistency.

8.5 The Agreement isnot assignable, transferable or sublicensable by Customer except with Company’sprior written consent. Company may transfer and assign any of its rights andobligations under the Agreement without the consent of Customer.

8.6 The Agreement(including the Exhibits and any documents referred to in it) constitutes theentire agreement between the parties and is the complete and exclusivestatement of the mutual understanding of the parties and supersedes and cancelsall previous written and oral agreements, communications and otherunderstandings relating to the subject matter of the Agreement. All waivers andmodifications must be in a writing signed by both parties, except as otherwiseprovided herein.

8.7 No failure ordelay by either party to exercise any right or remedy provided under theAgreement shall constitute a waiver of that or any other right or remedy, norshall it prevent or restrict the further exercise of that or any other right orremedy.

8.8 No agency,partnership, joint venture, or employment is created as a result of theAgreement and Customer does not have any authority of any kind to bind Companyin any respect whatsoever.

8.9 The Agreementdoes not confer any rights on any person or party (other than the parties tothe Agreement), under the Contracts (Rights of Third Parties) Act 1999 orotherwise.

8.10 Applicable lawsmay require that some of the information or communications Company sends toCustomer should be in writing. When using the Services, Customer accepts thatcommunication with Company will mainly be electronic and Company may provideinformation to Customer by posting notices on the Services. All notices underthe Agreement will be in writing and will be deemed to have been duly givenwhen received, if personally delivered; when receipt is electronicallyconfirmed, if transmitted by facsimile or e-mail; the day after it is sent, ifsent for next day delivery by recognised overnight delivery service; and uponreceipt, if sent by certified or registered mail, return receipt requested,provided that Company may give notice to Customer at either the e-mail orpostal address Customer provides to Company, or any other way Company deemsappropriate. The foregoing notice provisions do not apply to the termination ofthe Agreement, or to the service of any proceedings or other documents in anylegal action or dispute resolution.

8.11 The Agreement andany dispute or claim arising out of or in connection with it or its subjectmatter or formation (including non-contractual disputes or claims) shall begoverned by and construed in accordance with the law of England and Wales.

8.12 Each partyirrevocably agrees that the courts of England and Wales shall have exclusivejurisdiction to settle any dispute or claim arising out of or in connectionwith the Agreement or its subject matter or formation (includingnon-contractual disputes or claims).

8.13 Company has theright to revise and amend these Terms of Service from time to time. Changes tothese Terms of Service are effective when they are posted on this page, andCustomer will be subject to the Terms of Service in force at the time that itmakes use of the Services (unless otherwise agreed by the parties in writing).

EXHIBIT A

Support Terms

Company will provide Technical Support to Customer via bothtelephone and electronic mail on weekdays during the hours of 9:00 am UK timethrough to 5:00 pm, with the exclusion of Bank Holidays in the UK (“Support Hours”).

Company will usecommercially reasonable efforts to respond to all Helpdesk tickets within one(1) business day

EXHIBIT B

Data Processing Addendum

HOTELFLEX DATAPROCESSING ADDENDUM

1.  BACKGROUND

1.1. TheCustomer and HotelFlex Limited ("HotelFlex", "the Company", "we", "us", or "our") entered into the Agreement (as defined below) for theprovision of the Services (as defined in the Agreement) from HotelFlex to theCustomer.

1.2. In theevent that HotelFlex Processes personal data (each as defined below) containedin Customer Data of individuals located in the United Kingdom or EEA (asdefined below), or if the Customer is established in the United Kingdom or EEA,this Data Processing Addendum (the "DPA") shall be supplemental to the Agreement and shall apply tothe Processing of such personal data. In the event of a conflict between any ofthe provisions of this DPA and the provisions of the Agreement, the provisionsof this DPA shall prevail.

1.3. Bothparties will comply with all applicable requirements of the Data ProtectionLaws (as defined below). This DPA is in addition to, and does not relieve,remove or replace, a party's obligations under the Data Protection Laws.

1.  DEFINITIONS

1.1. Unless otherwise set out below, each capitalised term in this DPAshall have the meaning set out in the Agreement, and the following capitalisedterms used in this DPA shall be defined as follows:

1.1.1. "Agreement" means the agreemententered into between the Company and the Customer for the provision of theService, comprising the Order Form and the Terms of Service (including theExhibits to it);

1.1.2. "Controller" has the meaninggiven in the Data Protection Laws;

1.1.3. "CustomerPersonal Data" means the personal data (asdefined in the Data Protection Laws) described in ANNEX 1 and any otherpersonal data that HotelFlex processes on behalf of the Customer in connectionwith HotelFlex's provision of the Service;

1.1.4. "Data Protection Laws" means:

1.1.4.1. to theextent the UK GDPR applies, the law of the United Kingdom or of a part of theUnited Kingdom which relates to the protection of personal data; and

1.1.4.2. to theextent the EU GDPR applies, the law of the European Union or any member stateof the European Union to which the Customer or HotelFlex is subject, whichrelates to the protection of personal data..

1.1.5. "Data Subject" has the meaning givenin the Data Protection Laws;

1.1.6. “EU GDPR” means the General DataProtection Regulation ((EU) 2016/679);

1.1.7.  "European Economic Area" or "EEA" means the MemberStates of the European Union together with Iceland, Norway, and Liechtenstein;

1.1.8. "Processing" has the meaninggiven in the Data Protection Laws, and "Process" shall be interpreted accordingly; Data Protection LawsGDPR;

1.1.9. "Security Incident" means any accidentalor unlawful destruction, loss, alteration, unauthorised disclosure of, oraccess to, any Customer Personal Data;

1.1.10. "Standard Contractual Clauses"means the Standard Contractual Clauses (processors) approved by EuropeanCommission Decision on 4 June 2021 or any subsequent version thereof releasedby the European Commission (which will automatically apply);

1.1.11. "Subprocessor" means any Processorengaged by HotelFlex that agrees to receive from HotelFlex and Process anyCustomer Personal Data; and

1.1.12. "Supervisory has the meaning given to itin section 3(10) (as supplemented by section 205(4)) of the Data Protection Act2018.

1.  DATA PROCESSING

1.1. Instructions for Data Processing. HotelFlex will onlyProcess Customer Personal Data in accordance with the Customer's instructions,unless Processing is required by Data Protection Laws to which HotelFlex issubject, in which case HotelFlex shall, to the extent permitted by DataProtection Laws, inform the Customer of that legal requirement beforeProcessing that Customer Personal Data. The Agreement (subject to any changesto the Services agreed between the Parties), including this DPA, shall be theCustomer's complete and final instructions to HotelFlex in relation to theprocessing of Customer Personal Data.

1.2. Processing outside the scope of this DPA or the Agreement willrequire prior written agreement between the Customer and HotelFlex onadditional instructions for Processing.

1.3. Requiredconsents. Where required by applicable Data ProtectionLaws, the Customer warrants that it will ensure that it has obtained/willobtain all necessary consents for the Processing of Customer Personal Data byHotelFlex in accordance with the Agreement, and agrees to indemnify HotelFlexfor any direct losses arising out of a breach of this clause.

1.  TRANSFER OF PERSONAL DATA

1.1. Authorised Subprocessors. The Customer agrees thatHotelFlex may use Segment LLC, Google LLC, Intercom Inc, Active Campaign LLC,Retool Inc, Mixpanel Inc, Datahog LLC, Stripe Inc, Datadog Inc, SlackTechnologies LLC as Subprocessors to Process Customer Personal Data, togetherwith additional subcontractors when required from time to time, which theCustomer hereby approves in advance.

1.2. Save as set out in clauses 4.1, HotelFlex shall not permit, allowor otherwise facilitate Subprocessors to Process Customer Personal Data unlessHotelFlex enters into a written agreement with the Subprocessor which imposesthe same obligations on the Subprocessor with regards to their Processing ofCustomer Personal Data as are imposed on HotelFlex under this DPA.

1.3. Liability of Subprocessors. HotelFlex shall at alltimes remain responsible for compliance with its obligations under the DPA andwill be liable to the Customer for the acts and omissions of any Subprocessoras if they were the acts and omissions of HotelFlex.

1.4. Transfers of Personal Data. To the extent that theProcessing of Customer Personal Data by HotelFlex involves the export of suchCustomer Personal Data to a third party to a country or territory outside theUnited Kingdom or the EEA, other than (i) a country or territory ensuring anadequate level of protection for the rights and freedoms of Data Subjects inrelation to the Processing of personal data as determined by the EuropeanCommission, or (ii) where the third party is a member of a compliance schemerecognised as offering adequate protection for the rights and freedoms of DataSubjects as determined by the European Commission, such export shall begoverned by the Standard Contractual Clauses between the Customer as exporterand such third party as importer. For this purpose, the Customer appointsHotelFlex as its agent with the authority to complete and enter into theStandard Contractual Clauses as agent for the Customer on its behalf for thispurpose.

1.5. In theevent of any conflict between any terms and conditions of the StandardContractual Clauses and this DPA, the Standard Contractual Clauses shallprevail.

1.  DATA SECURITY, AUDITS AND SECURITY NOTIFICATIONS

1.1. HotelFlex Security Obligations. Taking into account thestate of the art, the costs of implementation and the nature, scope, contextand purposes of Processing, as well as the risk of varying likelihood andseverity for the rights and freedoms of natural persons, HotelFlex shallimplement appropriate technical and organisational measures to ensure a levelof security appropriate to the risk, including the measures set out in ANNEX 2.

1.2. Security Audits. The Customer may, upon reasonable notice, audit(by itself or using independent third party auditors) HotelFlex’s compliancewith the security measures set out in this DPA (including the technical andorganisational measures as set out in ANNEX 2) no more than once per year,including by conducting audits of HotelFlex’s data processing facilities. Uponrequest by the Customer, HotelFlex shall make available all informationreasonably necessary to demonstrate compliance with this DPA.

1.3. Security Incident Notification. If HotelFlex or anySubprocessor becomes aware of a Security Incident, HotelFlex will (a) notifythe Customer of the Security Incident within 72 hours of becoming aware of theSecurity Incident, (b) investigate the Security Incident and provide suchreasonable assistance to the Customer (and any law enforcement or regulatoryofficial) as required to investigate the Security Incident, and (c) take stepsto remedy any non-compliance with this DPA.

1.4. HotelFlex Employees and Personnel. HotelFlex shall treat theCustomer Personal Data as the Confidential Information of the Customer, andshall ensure that any employees or other personnel have agreed in writing toprotect the confidentiality and security of Customer Personal Data.

1.  ACCESS REQUESTS AND DATA SUBJECT RIGHTS

1.1. DataSubject Requests. Save as required (orwhere prohibited) under applicable law, HotelFlex shall notify the Customer ofany request received by HotelFlex or any Subprocessor from a Data Subject inrespect of their personal data included in the Customer Personal Data, andshall not respond to the Data Subject.

1.2. HotelFlex shall provide the Customer with the ability to correct,delete, block, access, or copy the Customer Personal Data in accordance withthe functionality of the Service.

1.3. GovernmentDisclosure. HotelFlex shall notify theCustomer of any request for the disclosure of Customer Personal Data by agovernmental or regulatory body or law enforcement authority (including anydata protection supervisory authority) unless otherwise prohibited by law or alegally binding order of such body or agency.

1.4. DataSubject Rights. Where applicable, andtaking into account the nature of the Processing, HotelFlex shall use allreasonable endeavours to assist the Customer by implementing any other appropriatetechnical and organisational measures, insofar as this is possible, for thefulfilment of the Customer’s obligation to respond to requests for exercisingData Subject rights laid down in the GDPR.

1.5. DataProtection Impact Assessment and Prior Consultation. To the extent required under applicable Data Protection Laws,HotelFlex shall provide reasonable assistance to the Customer with any dataprotection impact assessments and with any prior consultations to anySupervisory Authority of the Customer, in each case solely in relation toProcessing of Customer Personal Data and taking into account the nature of theProcessing and information available to HotelFlex.

1.  TERMINATION

1.1. Subject to clause 7.2 below, the Customer may in its absolutediscretion notify HotelFlex in writing within thirty (30) days of the date oftermination of the Agreement to require HotelFlex to delete and procure thedeletion of all copies of Customer Personal Data Processed by HotelFlex.HotelFlex shall, within ninety (90) days of the date of termination of theAgreement:

1.1.1.comply with any such written request; and

1.1.2.use all reasonable endeavours to procure that its Subprocessorsdelete all Customer Personal Data Processed by such Subprocessors,

1.1.3.and, where this clause 7.2 applies, HotelFlex shall not berequired to provide a copy of the Customer Personal Data to the Customer.

1.2. HotelFlexand its Subprocessors may retain Customer Personal Data to the extent requiredby applicable laws and only to the extent and for such period as required byapplicable laws and always provided that HotelFlex shall ensure theconfidentiality of all such Customer Personal Data and shall ensure that suchCustomer Personal Data is only Processed as necessary for the purpose(s)specified in the applicable laws requiring its storage and for no otherpurpose.

ANNEX 1

Details ofthe Processing of CUSTOMER Personal Data

This ANNEX 1 includescertain details of the processing of Customer Personal Data.

Subject matter and durationof the Processing of Customer Personal Data

The subject matter and theduration of the Processing of the Customer Personal Data are set out in theAgreement and this DPA.

The nature and purpose ofthe Processing of Customer Personal Data

The Customer Personal Datawill be subject to the following basic Processing activities: transmitting,collecting, storing, and analysing data in order to provide the Services to theCustomer, and any other activities related to the provision of the Services oras specified in the Agreement.  

The types of CustomerPersonal Data to be Processed

The types of CustomerPersonal Data to be Processed concern the following categories of data: namesof Customer personnel; contact information (including email addresses andtelephone numbers) of Customer personnel and of end users of services of theCustomer; online identifiers of end users of services of the Customer.

The categories of DataSubject to whom the Customer Personal Data relates

The categories of DataSubject to whom the Customer Personal Data relates concern: employees and otherpersonnel of the Customer.

The obligations and rightsof the Customer

The obligations and rightsof the Customer are as set out in the Agreement and this DPA.

ANNEX 2

Technical and Organisational Security Measures

HotelFlex maintainsinternal policies and procedures, or procures that its Subprocessors do so, which are designed to:

  • secure any Customer Personal Data Processed by HotelFlex against accidental orunlawful loss, access or disclosure;
  • identify reasonably foreseeable and internal risks to security and unauthorised access to the Customer Personal Data Processed by HotelFlex;
  • minimise security risks, including through risk assessment and regular testing.

HotelFlex will, and willuse reasonable efforts to procure that its Subprocessors will, conduct periodicreviews of the security of its network and the adequacy of its informationsecurity program as measured against industry security standards and its policiesand procedures.

HotelFlexwill, and will use reasonable efforts to procure that its Subprocessorsperiodically will, evaluate the security of its network and associated servicesto determine whether additional or different security measures are required respond to new securityrisks or findings generated by the periodic reviews.