1. DEFINITIONS AND INTERPRETATION
1.1 In this Agreement, unless the context otherwise requires, the following terms have the following meanings:
“Agreement” - means this GDPR365 Licence Agreement, the Data Processing Addendum and any other documents expressly referenced in these;
“Authorised Users” - means those employees, agents and independent contractors of the Customer who are authorised by the Customer to access and use the Solution;
“Business Day” - means Monday to Friday excluding any public holidays in England;
“Business Hours” - means 9 am – 5.00pm on a Business Day;
“Confidential Information” - means any and all information in any form or medium obtained by or on behalf of either party from or on behalf of the other party in relation to this Agreement which is expressly marked as confidential or which a reasonable person would consider to be confidential, whether disclosed or obtained before, on or after the date of this Agreement, together with any reproductions of such information or any part of it;
“Customer Data" - means any data inputted into the Solution by or on behalf of the Customer and/or otherwise created through use of the Solution by the Customer;
“Data Protection Legislation” - means any applicable law, statute, regulation or sub-ordinate legislation and all policies, codes of conduct, direction, policy rule or order issued by any regulatory body having jurisdiction over a party that is from time to time in force, relating to data protection, privacy and the processing of personal data, including:
- Data Protection Act 1998;
- Privacy and Electronic Communications (EC Directive) Regulations 2003;
- the GDPR from the date the GDPR applies (as set out in Article 99 Entry into force and application) and/or
- any corresponding or equivalent national laws or regulations from the date that they come into force;
“Documents” - means any customised documentation generated by the Solution following the input of Customer Data into the Solution and which is based on a Template including reports and notices;
“Effective Date” - means the date the Customer clicks to accept this Agreement;
“Fees” - means the fees payable by the Customer to GDPR365 for the relevant Subscription Plan subscribed to by the Customer, as set out on the Website and/or otherwise notified by GDPR365 to the Customer and as may be amended by GDPR365 from time to time;
“Force Majeure Event” - means any circumstance not within GDPR365’s reasonable control including, without limitation:
- acts of God, flood, drought, earthquake or other natural disaster;
- epidemic or pandemic;
- terrorist attack, civil war, civil commotion or riots, war, threat of or preparation for war, armed conflict, imposition of sanctions, embargo, or breaking off of diplomatic relations;
- nuclear, chemical or biological contamination or sonic boom;
- any law or any action taken by a government or public authority;
- collapse of buildings, fire, explosion or accident;
- any labour or trade dispute, strikes, industrial action or lockouts; and
- interruption or failure of a utility service;
“GDPR365” - means Compliance Technology Solutions BV trading as GDPR365 (company no. 70798281) whose registered office is at Lepelstraat 14, 1018 XM, Amsterdam, The Netherlands;
“GDPR” - means the European General Data Protection Regulation (EU) 2016/679;
“Intellectual Property Rights” - means any and all copyright and related rights, trade marks and service marks, trade names and domain names, rights under licences, rights in get-up, rights to goodwill or to sue for passing off, patents, rights to inventions, rights in designs, rights in computer software, database rights, rights in confidential information (including know-how and trade secrets) and any other intellectual property rights, in each case whether registered or unregistered and including all applications (or rights to apply) for, and renewals or extensions of, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world;
“Liability” - means liability in or for breach of contract, breach of duty, torts (including negligence and intentional torts), misrepresentation, restitution or any other cause of action whatsoever relating to or arising under or in connection with this Agreement;
“Personal Data” - has the meaning set out in the GDPR;
“Service” - means the subscription service provided by GDPR365 to the Customer under this Agreement which includes use of the Solution via the Website and as more particularly described in clause 3;
“Solution” - means the SaaS solution provided by GDPR365 via the Website to assist organisations with GDPR compliance;
“Subscription Plan” - means a subscription plan for the Service as described on the Website and as may be amended from time to time by GDPR365;
“Subscription Term” - means a subscription term of 12 months commencing on the Effective Date and on each subsequent anniversary;
“Template” - means a template document available within the Solution and which can be customised through the input of Customer Data to create a Document;
“Term” - means the term of the Agreement as set out in clause 2;
“Virus” - means any thing or device (including any solution, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer solution, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices;
“Website” - means the GDPR365 website located at www.gdpr365.comor such other website address as notified by GDPR365 from time to time.
1.2 Clause, schedule and paragraph headings shall not affect the interpretation of these Terms.
1.3 A person includes an individual, corporate or unincorporated body (whether or not having separate legal personality) and that person's legal and personal representatives, successors or permitted assigns.
1.4 A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.
1.5 Words in the singular shall include the plural and vice versa.
1.6 A reference to one gender shall include a reference to the other genders.
1.7 A reference to a statute or statutory provision is a reference to the same as from time to time amended, extended, re-enacted or consolidated and includes any subordinate legislation for the time being in force made under it.
1.8 References to “clauses” and “Schedules” are to the clauses of, and schedules to, this Agreement.
1.9 Any phrase introduced by the terms “including”, “include”, “in particular” or any similar expression, shall be construed as illustrative and shall not limit the sense of the words preceding those terms.
1.10 A reference to “writing” or “written” includes in electronic form and similar means of communication.
2.1 The Agreement shall commence on the Effective Date and shall continue for Subscription Terms unless and until terminated in accordance with the terms of this Agreement.
2.2 Either party may terminate this Agreement upon providing not less than 30 days’ written notice to the other party, such notice not to expire prior to the end of the then current Subscription Term. In the event the Customer terminates prior to the end of a Subscription Term, the Customer shall be liable to pay the Fees for the remainder of that Subscription Term.
3.1 During the Term and subject to the terms and conditions of this Agreement, GDPR365 shall provide the Service.
3.2 As part of the Service, GDPR365 grants to the Customer a limited, non-exclusive, non-transferable and non-sub-licensable licence to access and use the Solution and the Templates for its own internal business purposes.
3.3 The Customer acknowledges and accepts that the Solution is hosted by GDPR365’s trusted third party hosting service provider(s) based within the European Union.
3.4 The Agreement only permits access to the Solution by persons who are Authorised Users. In relation to the Authorised Users, the Customer undertakes that:
3.4.1 the maximum number of Authorised Users that it authorises to access and use the Service shall not exceed the number of users permitted under the Subscription Plan subscribed to by the Customer;
3.4.2 each Authorised User shall keep a secure password for his/her use of the Service and shall keep the password secure and confidential;
3.4.3 it shall maintain a written, up to date list of current Authorised Users and provide such list to GDPR365 upon a written request at any time. The Customer shall notify GDPR365 immediately of any Authorised User that should no longer have access to the Solution and of any new Authorised User.
3.5 The Customer acknowledges and agrees that it is responsible for all acts and omissions of an Authorised User and for ensuring their compliance with the terms of this Agreement.
3.6 The Customer shall not access, store, distribute or transmit via the Solution any Viruses, or any material during the course of its use of the Service that:
3.6.1 is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;
3.6.2 facilitates illegal activity;
3.6.3 depicts sexually explicit images;
3.6.4 promotes unlawful violence;
3.6.5 is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability; or
3.6.6 is otherwise illegal or causes damage or injury to any person or property;
and GDPR365 reserves the right, without liability or prejudice to its other rights to the Customer, to disable the Customer's access to the Solution in the event of any breach of the provisions of this clause.
3.7 The Customer shall not attempt to:
3.7.1 except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties and except to the extent expressly permitted under this Agreement:
(a) copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Solution (as applicable) in any form or media or by any means; or
(b) de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Solution;
3.7.2 access all or any part of the Solution in order to build a product or service which competes with the Solution and/or any of the Templates;
3.7.3 use the Solution to provide services to third parties;
3.7.4 license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Solution and/or any Templates available to any third party except the Authorised Users;
3.7.5 attempt to obtain, or assist third parties in obtaining, access to the Solution, other than as provided under this clause 3;
3.7.6 use or knowingly permit the use of any security testing tools in order to prove, scan or attempt to penetrate the security of the Solution; and/or
3.7.7 use or launch, or knowingly permit the use or launch of, any automated system, including “robots”, “spiders” or “offline readers” that access the Solution in a manner that sends more messages to the Solution in a given period of time than a human can reasonably produce in the same period by using a conventional online web browser.
3.8 The Customer shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Solution and, in the event of any such unauthorised access or use, shall promptly notify GDPR365 in writing.
3.9 Access to the Solution is licensed and not sold. The Customer shall not, by virtue of this Agreement or otherwise, acquire any rights whatsoever in the Solution aside from the limited licenses granted under this Agreement. GDPR365 and its licensors shall retain all right, title and interest in and to the Solution and all Intellectual Property Rights in the Solution as well as any modifications or enhancements made to the Solution.
4. GDPR365’S OBLIGATIONS
4.1 GDPR365 undertakes that the Service will be provided with reasonable skill and care.
4.2.1 does not warrant that the Customer's use of the Service will be uninterrupted or error-free or that the Service, Solution, Templates and/or the information obtained by the Customer through the Service, including Documents, will meet the Customer's requirements; and
4.2.2 does not warrant that the Solution, the Templates and/or any Documents comply with Data Protection Legislation and/or any other applicable laws. GDPR is not a legal advisor and the Customer is solely responsible for obtaining its own legal advice as to whether the Solution, the Templates and any Documents comply with Data Protection Legislation and other applicable laws;
4.2.3 is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the Service and the Solution may be subject to limitations, delays and other problems inherent in the use of such communications facilities.
4.2.4 GDPR365 shall use commercially reasonable endeavours to make the Service available 24 hours a day, seven days a week, except for planned maintenance and unscheduled maintenance.
4.3 GDPR365 will, as part of the Service, provide the Customer with GDPR365's standard customer support during Business Hours as further detailed by GDPR365 on the Website and as may be amended from time to time.
4.4 GDPR365 warrants that it has and will maintain all necessary licences, consents, and permissions necessary for the performance of its obligations under this Agreement.
5. CUSTOMER’S OBLIGATIONS
5.1 The Customer shall provide GDPR365 with:
(a) all necessary co-operation in relation to this Agreement; and
(b) all information as may be reasonably required by GDPR365;
in order for GDPR365 to provide the Service.
5.2 The Customer warrants that:
5.2.1 all user information including information regarding Authorised Users is accurate and that such information will be updated as necessary to maintain its completeness and accuracy;
5.2.2 it will comply with all applicable laws and regulations with respect to its activities under this Agreement;
5.2.3 it will ensure Authorised Users use the Service in accordance with the terms and conditions of this Agreement and the Customer shall be responsible for any Authorised User’s breach of this Agreement;
5.2.4 it will establish adequate operational back-up systems and procedures to ensure recovery and continuity of its systems and operations in the event of a failure of the Solution;
5.2.5 it will ensure that its network and systems comply with the relevant specifications provided by GDPR365 from time to time;
5.2.6 it will use current industry standard anti-malware protection solutions to reduce the risk of passing Viruses into the Solution; and
5.2.7 it will be solely responsible for procuring and maintaining its network connections and telecommunications links.
6. CUSTOMER DATA
6.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
6.2 In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for GDPR365 to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by GDPR365. GDPR365 shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party.
6.4 In the event that GDPR365 processes any Personal Data on behalf of the Customer during performance of the Service, GDPR365 shall do so in accordance with the terms of the Data Processing Addendum.
7. FEES AND PAYMENT
7.1 The Customer shall pay the Fees to GDPR365 in accordance with this clause 7 and without any deduction, discount, counterclaim, set-off or withholding.
7.2 The Customer shall provide to GDPR365 valid, up-to-date and complete contact and billing details.
7.3 The Fees shall be paid monthly by direct debit unless agreed otherwise by GDPR365.
7.4 In the event that the Customer wishes to upgrade to a different Subscription Plan it shall notify GDPR365 and pay any necessary further Fees (where applicable). The Customer shall only be permitted to downgrade its Subscription Plan at the end of a Subscription Term for the subsequent Subscription Term. ,In the event of any downgrade. GDPR365 shall not be obliged to refund any Fees already paid by the Customer.
7.5 If GDPR365 has not received payment of any sums due under this Agreement by the due date, and without prejudice to any other rights and remedies of GDPR365:
7.5.1 GDPR365 may, without liability to the Customer, suspend the Service and disable the Customer's and all Authorised User’s access to all or part of the Solution and GDPR365 shall be under no obligation to provide any or all of the Service to the Customer while the invoice(s) concerned remain unpaid; and
7.5.2 interest shall accrue on a daily basis on such due amounts at an annual rate equal to 3% over the then current base lending rate of GDPR365's bankers in the UK from time to time, commencing on the due date and continuing until fully paid, whether before or after judgment.
7.6 All amounts and fees stated or referred to in this Agreement:
7.6.1 shall be payable in pounds sterling or Euros as stipulated by GDPR365;
7.6.2 are non-cancellable and non-refundable;
7.6.3 are exclusive of value added tax, which shall be added to GDPR365's invoice(s) at the appropriate rate.
7.7 GDPR365 shall be entitled to review and increase the Fees annually at the end of a Subscription Term in line with any increase in the Consumer Price Index (CPI) in the preceding 12 months.
7.8 GDPR365 shall otherwise be permitted to increase the Fees upon not less than 90 days’ prior written notice to the Customer to be given prior to the start of the next Subscription Term.
8. INTELLECTUAL PROPERTY RIGHTS
8.1 The Customer acknowledges and agrees that GDPR365 and/or its licensors own all Intellectual Property Rights in the Solution and the Templates.
8.2 In relation to the Templates, the Customer is permitted to use the Templates to create customised documents for its own internal business purposes only and shall not distribute the Templates to a third party.
8.3 GDPR365 warrants that it has all the rights in relation to the Solution and the Templates that are necessary to grant all the rights it purports to grant under, and in accordance with, the terms of this Agreement.
9.1 Each party may be given access to Confidential Information from the other party in order to perform its obligations under this Agreement. A party's Confidential Information shall not be deemed to include information that:
9.1.1 is or becomes publicly known other than through any act or omission of the receiving party;
9.1.2 was in the other party's lawful possession before the disclosure;
9.1.3 is lawfully disclosed to the receiving party by a third party without restriction on disclosure; or
9.1.4 is independently developed by the receiving party, which independent development can be shown by written evidence.
9.2 Subject to clause 9.4, each party shall hold the other's Confidential Information in confidence and not make the other's Confidential Information available to any third party, or use the other's Confidential Information for any purpose other than the implementation of this Agreement.
9.3 Each party shall take all reasonable steps to ensure that the other's Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of this Agreement.
9.4 A party may disclose Confidential Information to the extent such Confidential Information is required to be disclosed by law, by any governmental or other regulatory authority or by a court or other authority of competent jurisdiction, provided that, to the extent it is legally permitted to do so, it gives the other party as much notice of such disclosure as possible and, where notice of disclosure is not prohibited and is given in accordance with this clause 9.4, it takes into account the reasonable requests of the other party in relation to the content of such disclosure.
9.5 Neither party shall be responsible for any loss, destruction, alteration or disclosure of Confidential Information caused by any third party.
9.6 GDPR365 acknowledges that the Customer Data is the Confidential Information of the Customer.
9.7 The above provisions of this clause 9 shall survive termination of this Agreement, however arising.
10.1 GDPR365 shall defend the Customer, its officers, directors and employees against any claim that the Solution infringes any Intellectual Property Rights (“Claim”) and shall indemnify the Customer for any amounts finally awarded against the Customer in judgment or settlement of such Claims, provided that:
10.1.1 GDPR365 is given prompt written notice of any such Claim;
10.1.2 the Customer provides reasonable co-operation to GDPR365 in the defence and settlement of such Claim; and
10.1.3 GDPR365 is given sole authority to defend or settle the Claim.
10.2 In the defence or settlement of any claim, GDPR365 may at its sole discretion, procure the right for the Customer to continue using the Solution, replace or modify the Solution so that it becomes non-infringing or, if such remedies are not reasonably available, terminate this Agreement without any additional liability or obligation to pay damages or other additional costs to the Customer.
10.3 In no event shall GDPR365, its employees, agents and sub-contractors be liable to the Customer including under clause 10.1, to the extent that the Claim is based on:
10.3.1 a modification of the Solution by anyone other than GDPR365;
10.3.2 the Customer's use of the Solution in breach of this Agreement; and/or
10.3.3 the Customer's use of the Solution after notice of the alleged or actual infringement from GDPR365 or any appropriate authority.
10.4 This clause 10 sets out the Customer's sole and exclusive rights and remedies, and GDPR365's (including GDPR365's employees', agents' and sub-contractors') entire obligations and liability for any Claim.
11. LIMITATION OF LIABILITY
11.1 Nothing in this Agreement excludes or limits the Liability of GDPR365:
11.1.1 for fraud or fraudulent misrepresentation;
11.1.2 for death or personal injury caused by GDPR365's negligence;
11.1.3 which it cannot exclude or limit as a matter of applicable law.
11.2 Except as expressly and specifically provided in this Agreement:
11.2.1 all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law including any warranties of satisfactory quality or fitness for purpose are, to the fullest extent permitted by applicable law, excluded from this Agreement; and
11.2.2 the Service is provided to the Customer on an "As Is" basis.
11.3 Subject to clause 11.1:
11.3.1 GDPR365 shall have no Liability for any loss of profits, loss of business, depletion of goodwill and/or similar losses; loss or corruption of data or information; pure economic loss; and/or any special, indirect or consequential loss, costs, damages, charges or expenses; in all cases however arising under this Agreement and whether direct or indirect, foreseeable or otherwise; and
11.3.2 the total aggregate Liability of GDPR365 arising out of or in connection with this Agreement (unless otherwise excluded or limited) shall be limited to 125% of the total Fees paid by the Customer to GDPR365 during the 12 months immediately preceding the date of the event giving rise to the Liability.
11.4 The exclusions and limitations of Liability under clause 11.3 have effect in relation to both any Liability expressly provided for under this Agreement and to any Liability arising by reason of the invalidity or unenforceability of any term of this Agreement.
12.1 Without affecting any other right or remedy available to it, either party may terminate this Agreement with immediate effect by giving written notice to the other party if:
12.1.1 the other party is in material breach of any of its obligations under this Agreement, and, where such material breach is capable of remedy, the other party fails to remedy such breach within a period of 30 days of being notified of such breach by the party; and/or
12.1.2 the other party gives notice to any of its creditors that it has suspended or is about to suspend payment; or if it shall be unable to pay its debts within the meaning of Section 123 of the Insolvency Act 1986; or an order is made or a resolution is passed for the winding-up of the other party or an administration order is made or an administrator is appointed to manage the affairs, business and property of the other party or a receiver and/or manager or administrative receiver is appointed in respect of all or any of the other party’s assets or undertaking; or circumstances arise which entitle the court or a creditor to appoint a receiver and/or manager or administrative receiver or administrator or which entitle the court to make a winding-up or bankruptcy order; or the other party takes or suffers any similar or analogous action to any of these events in this clause 12.1.2 in any jurisdiction.
12.2 Termination of this Agreement shall be without prejudice to any accrued rights or remedies of either party.
12.3 Termination of this Agreement shall not affect the coming into force, or continuance in force, of any provision which is expressly or by implication intended to come into or continue in force on or after such termination.
12.4 On termination of this Agreement for any reason:
12.4.1 the licence granted under this Agreement shall immediately terminate and GDPR365 shall be entitled to disable Customer’s use of the Solution;
12.4.2 GDPR365 may, upon expiry of 3 months from the date of termination, destroy or otherwise dispose of any of the Customer Data in its possession ; and
12.4.3 any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the Agreement which existed at or before the date of termination shall not be affected or prejudiced.
13. FORCE MAJEURE
13.1 If GDPR365 is subject to a Force Majeure Event, it shall not be in breach of this Agreement and shall be excused from performance under this Agreement while and to the extent it is unable to perform due to any Force Majeure Event.
13.2 If the circumstance of a Force Majeure Event continues for a period of 30 days or longer, either party shall have the right to terminate this Agreement upon written notice to the other.
14.1 A waiver of any right or remedy under this Agreement is only effective if given in writing and shall not be deemed a waiver of any subsequent breach or default. No failure or delay by a party to exercise any right or remedy provided under this Agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it preclude or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall preclude or restrict the further exercise of that or any other right or remedy.
15.1 If any provision (or part of a provision) of this Agreement is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, the other provisions shall remain in force.
15.2 If any invalid, unenforceable or illegal provision would be valid, enforceable or legal if some part of it were deleted, the provision shall apply with whatever modification is necessary to give effect to the commercial intention of the parties.
16. ENTIRE AGREEMENT
16.1 This Agreement and any documents referred to in it, constitute the whole agreement between the parties and supersede any previous arrangement, understanding or agreement between them relating to the subject matter of this Agreement.
16.2 Each of the parties acknowledges and agrees that in entering into this Agreement it does not rely on any undertaking, promise, assurance, statement, representation, warranty or understanding (whether in writing or not) of any person (whether party to this Agreement or not) relating to the subject matter of this Agreement, other than as expressly set out in this Agreement.
16.3 Neither party excludes or limits its liability for fraud or fraudulent misrepresentation.
17.1 The Customer may not assign, sub-licence, novate or transfer any right, benefit or interest and/or any of its obligations under this Agreement, without GDPR365’s prior written consent.
17.2 GDPR365 shall be entitled to assign, sub-licence, novate or transfer any right, benefit or interest and/or any of its obligations under this Agreement.
18. NO PARTNERSHIP
18.1 Nothing in this Agreement is intended to or shall operate to create a partnership between the parties, or authorise either party to act as agent for the other, and neither party shall have the authority to act in the name or on behalf of or otherwise to bind the other in any way (including, but not limited to, the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).
19. THIRD PARTY RIGHTS
19.1 This Agreement does not confer any rights on any person or party (other than the parties to this Agreement and, where applicable, their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.
20.1 Any notice required to be given under this Agreement shall be in writing and shall be delivered by hand or sent by pre-paid first-class post or recorded delivery post or email to the other party at such address as may have been notified by that party for such purposes.
20.2 A notice delivered by hand shall be deemed to have been received when delivered (or if delivery is not in Business Hours, at 9 am on the first Business Day following delivery). A correctly addressed notice sent by pre-paid first-class post or recorded delivery post shall be deemed to have been received at the time at which it would have been delivered in the normal course of post. A notice sent by email to the email address set out above shall be deemed to have been received on the day it is sent if that is a Business Day or otherwise on the next Business Day.
21.1 No changes may be made to this Agreement without the agreement in writing of each of the parties.
22. GOVERNING LAW AND JURISDICTION
22.1 This Agreement and any disputes or claims arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) are governed by, and construed in accordance with, the laws of England and Wales.
22.2 The parties submit to the exclusive jurisdiction of the English courts except that GDPR365:
22.2.1 has the right to sue in any jurisdiction in which the Customer is operating or has assets; and
22.2.2 has the right to sue for breach of its Intellectual Property Rights in any country where it believes that infringement or a breach of this Agreement relating to its Intellectual Property Rights might be taking place.