• MINDBEAT TERMS AND CONDITIONS
  1. Provision of Services and Licence

1.1 In consideration of the payment by the Client (also referred to in these Terms and Conditions as “You” or “Your”) of the Fees (set out and defined in a Statement of Works which, together with these Terms and Conditions shall constitute a legal binding agreement and contract between You and Us), and subject to the terms and conditions herein, Mindbeat (also referred to as “We” or “Us” or “Our” in these Terms and Conditions) will:

1.1.1 grant You and all of Your authorised users with access to the Software (as set out in the Appendix hereto) for the duration of the agreed period during which We shall provide the Services hereunder to You (“the Term”);

1.1.2 To provide You with the Services set out in a Statement of Works for the duration of the Term.

1.2 “The Services” will be set out in a Statement of Works provided in advance of Us providing You will access to the Software.

1.3 You may request additional software functionality from time to time and We may, at Our sole and absolute discretion, decide to develop such additional functionality at no additional cost.

1.4 We will take a daily backup of Your database and keep the backup for 30 days thereafter.

1.5 We will encrypt all http connections using SSL certificates of reputable providers and to keep the certificates up to date.

1.6 We will encrypt passwords so as render the passwords illegible to all users including Our and Your members of staff.

1.7 We will encrypt database backups and databases at rest so as to render their content inaccessible in the event of unauthorised access of the file system.

1.8 Nothing in this Agreement shall render Us liable for loss and/or damage, whether direct or indirect, sustained by You and/or any of Your authorised users and/or whosoever else by reason of any failure, breakdown, interruption or reduction in quality of the Software or the Services provided in terms of this Agreement and/or the unauthorised access of any data, whatsoever and whosoever shall be the cause thereof and for however long it may last, unless any such failure, breakdown, interruption or reduction in quality of the Software or the Services and/or unauthorised access or interception of any data is attributable solely to Our fault and/or negligence.

1.9 Mindbeat grants you a revocable, non-exclusive, non-transferable, limited license to download, install and use the website strictly in accordance with the terms of this Agreement.

• 10 You agree not to, and you will not permit others to:

1.10.1 License, sell, rent, lease, assign, distribute, transmit, host, outsource, disclose or otherwise commercially exploit the website or make the platform available to any third party.

1.10.2 Modify, make derivative works of, disassemble, decrypt, reverse compile or reverse engineer any part of the website.

1.10.3 Remove, alter or obscure any proprietary notice (including any notice of copyright or trademark) of Mindbeat or its affiliates, partners, suppliers or the licensors of the website.

1.11 These Terms & Conditions apply only to the Services. The Services may contain links to other websites not operated or controlled by Mindbeat. We are not responsible for the content, accuracy or opinions expressed in such websites, or any losses arising from or caused by such websites, and such websites are not investigated, monitored or checked for accuracy or completeness by Us. Please remember that when you use a link to go from the Services to another website, Our Terms & Conditions are no longer in effect. Your browsing and interaction on any other website, including those that have a link on our platform, is subject to that website’s own rules and policies. Such third parties may use their own cookies or other methods to collect information about You.

1.12

Any licence granted will be subject to the following conditions of transfer:

1.12.1   Where no sessions have been used from our Unlimited Coaching service, the entire licence (including all the unlimited months of coaching) will be transferrable to a new user during the programme period.

1.12.2   Where some sessions from our Unlimited Coaching service have been used, only those remaining whole (complete) calendar months of unlimited coaching will be transferrable to a new licence to be utilised within the programme period.

1.12.3   For Limited Coaching sessions, We will permit the transfer of any remaining (unused) sessions and remaining time on the annual membership to a new user..

1.13 Membership period is valid for 12 months from the launch date (ie., the commencement) of the specific programme. Membership will provide individuals with access to Mindbeat and to coaching sessions at membership rates.

1.14 All fees and costs for each programme will be payable in advance of any sessions being used. In any event, all invoices rendered must be paid in full with 30 days of the date of such invoice.

1.15 In the event that any session(s) are cancelled within 48 hours of their confirmed time, they will be ‘lost’ (ie. they will not be usable) unless the coach, exercising his or her absolute discretion, offers a replacement session. The coach’s decision in such respect will be final.

2. Service Availability and Scheduled Downtimes  

2.1 We will provide You with a monthly uptime percentage of at least 95% (“Service Availability”). If We do not meet this Service Availability, and if You meet Your obligations under this Agreement, then You shall be eligible to receive financial refunds by way of Service Credit for the Downtime as described below. We will attempt to provide continuous availability and access to the Software and Services. In the event that the Service Provider is unable to provide access for reasons beyond our control, we will communicate the reasons for the downtime and expected duration. These periods of downtime could be due to third parties that the Software and Services depend on.

2.2 No period of Service degradation or inoperability will be included in calculating Availability to the extent that such downtime or degradation is due to any of the following (“Exceptions”):

2.2.1 You or any of Your authorised users’ misuse of the Services;

2.2.2 The failure of Your or Your authorised users’ internet connectivity;

2.2.3 Delays on Your part or Your authorised users in uploading, sharing or processing data to the Software;

2.2.4 Matters which affect Your workspace, whether caused by third parties or otherwise including external applications.

2.2.5 Internet or other network traffic problems, whether caused by third parties (e.g. DDoS attack) or otherwise, other than problems arising in or from networks actually or required to be provided or controlled by Us; or

2.2.6 Scheduled Downtime as set forth in Clause 3.4 (below).

2.3 We shall notify You at least 24 hours in advance of all scheduled outages of the Services in whole or in part (“Scheduled Downtime”). All such scheduled outages shall: (a) last no longer than one hour; (b) be scheduled to occur at a time which will cause little inconvenience to either Party; and (c) occur no more frequently than once per week; unless otherwise agreed by the Parties. We shall request Your prior approval for longer Scheduled Downtime which approval You agree not to unreasonably withhold or delay.

2.4 For the purposes of this part of the Agreement, the following terms shall have the following meanings:

2.4.1 “Downtime” is based on two factors: the number of minutes the Services were unavailable, and the percentage of users that were affected. If the Services are down, We use server monitoring software to measure the server side error rate, ping test results, web server tests, TCP port tests, and website tests. At the end of each month, We add “downtime” periods together to calculate the overall monthly “downtime period”. Calculating “downtime” can be difficult, but We aim to keep it simple by tying our SLA guarantee to a single monthly uptime number. Note that “Downtime” doesn’t affect everyone at the same time or in the same way: the Services could be experiencing an outage, but Your workspace is unaffected, and vice versa.  Some scenarios don’t count towards downtime (See Exceptions in Clause 2.2 above).

2.4.2 “Monthly Uptime” is the percentage of total possible minutes the Services were available to You. Here’s how we calculate this: Total possible minutes – downtime minutes = monthly uptime

2.4.3 “Scheduled Downtime” – Sometimes We need to perform maintenance to keep the Services working smoothly. If Scheduled Downtime is necessary, We’ll give you 24 hours advance notice. In a calendar year, Scheduled Downtime won’t exceed 10 hours.

2.4.4 “Service Credit” – If We fall short of Our 95% uptime guarantee, We’ll refund You 100 times the amount Your workspace paid during the period the Services were down in the form of “Service Credits”. When You reach your renewal date, or if You add new users, We’ll first draw from Your credit balance before charging You . Note that “Service credits” can’t be exchanged for cash. They’re capped at a maximum of 30 days of paid service.

2.5 This Agreement excludes the following performance issues:

2.5.1 Issues caused by factors outside of Our reasonable control;

2.5.2 Issues that resulted from any actions or inaction by You or a third-party;

2.5.3 Issues that resulted from Your equipment and/or third-party equipment (not within the primary control of the Services)

2.5.4 Issues that arise from Our suspension or termination of Your right to use the Services in accordance with our Terms of Service.

2.6 We will use reasonable efforts to provide a fix, work around, or to patch severe bugs within twenty-four (24) hours after the bug is replicated, and confirmed as a bug, by Us.

2.7 We will easily make accessible a ‘chat widget’ to listen to any feedback and support queries that any users might have. The widget also exposes our knowledge base of frequently asked questions, for users to be able to self-serve.

2.8 In order to be eligible to submit a claim with respect to any incident, You must have satisfied your obligations arising out of this Agreement.  You must first have notified Us of the incident within five (5) business days following an incident by submitting a Notice to “[email protected]”. You must provide all reasonable details regarding the claim, including but not limited to, detailed description of the incident, the duration of the incident, the number of affected users and the locations of such users and any attempts made by You to resolve the incident. You must submit the claim to us by email to [email protected], providing sufficient evidence to support the claim, by the end of the month following the month in which the incident which is the subject of the claim occurs (for example, incident occurs on January 15th, You provide Notice on January 20th, You must provide sufficient evidence to support claim by February 28th).

3. Customer’s Declarations and Obligations 

3.1 You shall be solely responsible for all user identification and password allocation, change and management of the data to be used by You and Your authorised users on the Software and Services.

3.2 Your are required to provide Us with such data as may be necessary and required to carry out the Service and access to the Software. If this is not provided, then You acknowledge that the Software and the Services shall not be accessible or be limitedly available for access and use through no fault on Our part.

3.3 You undertake:

3.3.1 Not to copy, reproduce, translate, adapt, vary or modify the Software nor to communicate the same to any third party without Our prior written consent;

3.3.2 To limit the access to and use of the Software to Your authorised users;

3.3.3 To supervise and control access to and use of the Software by Your authorised users in accordance with the terms of this Agreement;

3.3.4 Not to provide or otherwise make available the Software in whole or in part in any form to any other person without Our prior written consent.

3.3.5 To dedicate sufficient time and resources towards the implementation of the Software, the migration of data and the configuration of such Software, and to provide Us with such commitment and support as shall be necessary to complete such migration and configuration.

3.4 You shall be responsible to ensure compliance with the provisions of the General Data Protection Regulation (EU Regulation 2016/679) (hereinafter the ‘GDPR’) in respect of any personal data processed through or with the use of the Software. In particular, You undertake to:

3.4.1 Obtain the necessary consent and/or authorisations from all Your authorised users and/or other users You shall authorise, including employees (the “Data subjects”) to use the Software and Services for the collection, recording, organisation, structure, storage, use, disclosure, dissemination or otherwise of their personal data including, where required, their sensitive data, (the “Data”) to Us;

3.4.2 To inform the Data Subjects of their rights arising out of the law regulating Data

Protection as a result of their authorised use of the Software and Services;

3.4.3 To inform the Data Subject that the Software and the Data processed through or with the use of the Software may be hosted in third countries (i.e. outside Malta but within the European Union);

3.4.4 To inform the Data Subjects of their right to obtain a copy of the Users’ Confidential Data (as defined in 8.3 (a) below) collected by the Software within thirty (30) days from termination of employment with You or termination of their authorised use granted by Yourself (whichever is the earlier).

4. Fees 

4.1 In consideration for the obligations undertaken by Us, including routine support and maintenance by Us, You agree to pay Us the Fees set out in any and all Statement(s) of Works and all other sums otherwise payable under this Agreement and any Statement(s) of Works.

4.2 We reserve the right to revise and update our charging rates and Fees from time to time. Any such amendment will be communicated to and agreed with You before becoming effective.

4.3 Any sum/s due to Us in terms of this Agreement shall be due and payable sixty (30) days after receipt by You of Our invoice.

4.4 We reserve the right to charge You interest in respect of the late payment of any sum due under this Agreement, effective 30 days from the invoice date. Such interest shall not exceed the rate set out in Article 986 of Chapter 16 of the Laws of Malta (currently 8% per annum).

5. Representations and Warranties

5.1 We and You represent and warrant that:

5.1.1 this Agreement, when executed and delivered, shall be a valid and binding obligation and enforceable in accordance with its terms;

5.1.2 the execution, delivery, and performance of this Agreement has been duly authorized by it and this Agreement constitutes the legal, valid, and binding agreement of it and is enforceable against it in accordance with its terms, except as the enforceability thereof may be limited by insolvency, reorganizations, moratoriums, and similar laws affecting creditors’ rights generally;

5.1.3 there is no outstanding litigation, arbitrated matter or other dispute to which it is a

party which, if decided unfavourably to it, would reasonably be expected to have a potential or actual material adverse effect on its ability to fulfil its obligations under this Agreement.

5.2. We represent and warrant that:

5.2.1 the Services to be performed under this Agreement shall be performed in a competent and professional manner and in accordance with the highest professional standards and industry best practice;

5.2.2 the coaches sourced and provided by Us, whilst independent third parties, have been assessed and vetted by Us to ensure that they have the experience and are qualified to perform the tasks involved with providing the Services in an efficient and timely manner;

5.2.3 we will use our best efforts to ensure that no computer viruses, malware, or similar items (collectively “Viruses”) are introduced into Your computer and/or network environment while performing the Services. Nothing in the foregoing shall render Us responsible for any Viruses introduced into Your computer and/or network environment otherwise than through Our fault and/or negligence;

5.2.4 we have a data protection policy in place to safeguard and guarantee the security of the Services provided under this Agreement and the protection of Your data collected and processed through Your use of the Software and retained by Us on Your behalf.  We shall use the same standard of care to protect the Your data as it would with its own information; however, nothing in the foregoing shall render Us responsible for a security breach and/or any third-party access to the information described in this clause, unless this is a result of the fault, negligence or fraudulent misconduct on Our part; and

5.2.5 the Software, Services and any other work performed by Us hereunder shall be Our own work, and shall not infringe upon any copyright, patent, trade secret, or other proprietary right, or misappropriate any trade secret, of any third party, and that We have neither assigned nor otherwise entered into an agreement by which We purport to assign or transfer any right, title, or interest to any technology or intellectual property right that would conflict with Our obligations under this Agreement.  We shall indemnify You and save harmless and those for whom at law We are responsible, from claims, actions, causes of actions, demands, costs, damages and liabilities including legal fees which You may suffer or incur as a result of or arising from any alleged infringement of any patent or copyright resulting from Your use of the Software.  We shall obtain for You the right to continued use of the affected Software or replace or modify the same so that the infringement is eliminated, or provide You with a refund of the Fees paid.

5.3 The website is provided to you “AS IS” and “AS AVAILABLE” and with all faults and defects without warranty of any kind. To the maximum extent permitted under applicable law, Mindbeat, on its own behalf and on behalf of its affiliates and its and their respective licensors and service providers, expressly disclaims all warranties, whether express, implied, statutory or otherwise, with respect to the website, including all implied warranties of merchantability, fitness for a particular purpose, title and non-infringement, and warranties that may arise out of course of dealing, course of performance, usage or trade practice. Without limitation to the foregoing, Mindbeat provides no warranty or undertaking, and makes no representation of any kind that the website will meet your requirements, achieve any intended results, be compatible or work with any other software, , systems or services, operate without interruption, meet any performance or reliability standards or be error free or that any errors or defects can or will be corrected.

5.4 Without limiting the foregoing, neither Mindbeat nor any Mindbeat’s provider makes any representation or warranty of any kind, express or implied: (i) as to the operation or availability of the Mindbeat.app website, or the information, content, and materials or products included thereon; (ii) that the website will be uninterrupted or error-free; (iii) as to the accuracy, reliability, or currency of any information or content provided through the website; or (iv) that the website, its servers, the content, or e-mails sent from or on behalf of Mindbeat are free of viruses, scripts, trojan horses, worms, malware, timebombs or other harmful components.

5.5 Some jurisdictions do not allow the exclusion of or limitations on implied warranties or the limitations on the applicable statutory rights of a consumer, so some or all of the above exclusions and limitations may not apply to you.

6. Data Processing and Confidentiality

6.1. Subject to the provisions of clause 6.1A below, You, as a data controller, , will provide to Us the data set out in the table in Appendix B hereto and You are binding Us, as the data processor, and We undertake to act in compliance with the provisions of the General Data Protection Regulation (EU Regulation 2016/679) (hereinafter the ‘GDPR’), to act in conformity with any directive, order or request for information from the Information & Data Protection Commissioner in Malta, or any other competent Data Protection Authority in any other part of the EEA, and in particular:

6.1.1 To act only on instructions received from You in terms of any applicable law or regulation;

6.1.2 To take all necessary measures referred to in Article 32 of the GDPR, namely to “implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk” in order to protect the personal data that is processed against accidental destruction or loss or unlawful forms of processing thereby providing adequate level of security that gives regard to the:

1. Technical possibilities available;
2. Cost of implementing the security measures;

iii. Special risks that exist in the processing of personal data;

1. Sensitivity of the personal data being processed.

6.1A In the event that We create personal data relating to any recipient of our Services who are Your employees, We shall be the data controller and, in the event that such personal data is transferred to You, You shall be the data processor.  As such, therefore, the parties (that is, We and You) both undertake to act in compliance with the provisions of the GDPR, to act in conformity with any directive, order or request for information from the Information Commissioner’s Office of the UK, or any other competent Data Protection Authority in any other part of the EEA in relation to any personal data that each respective party controls or processes, as the case may be.

6.2 Furthermore, We shall maintain delivery of the Services in compliance with the following security standards:

6.2.1 Staff, Personnel and Sub-Contractors:

1. systems and staff/personnel must be capable of processing Your personal data in accordance with Your documented instructions and not beyond;
2. all staff/personnel processing Your personal data must be trained on the obligations and requirements of processing contained in the GDPR;

• we shall inform You in writing if any aspect of the processing of Your personal data is being/is to be sub-contracted to third parties. Procedures must be in place in order to inform You in writing of all such cases;

1. any sub-contractor (such as independent third party coaches) is to be bound by the same level of data protection obligations towards Us as We are to You; and
2. procedures must be in place in order to inform You in writing of any sub-processors and employees that may no longer be engaged by Us.

6.2.2 Security Measures:

1. Your personal data shall be continuously stored within the EU. If not, You will be immediately provided with information relating to Your personal data’s storage location or future storage location.
2. If possible, Your personal data shall be processed and stored in an encrypted manner.

iii. Email correspondence with You which contained any personal data shall be encrypted.

1. Your personal data shall be anonymised by Us where necessary.
2. Processing systems and services shall maintain, throughout the validity of this Agreement, the confidentiality, integrity, availability and resilience of Your personal data.
3. Restrictive measures must be in place in order to ensure that You shall remain sole controller of Your personal data and that We shall remain processor of Your personal data.

vii. Logs of access to Your personal data are to be kept by Us  where applicable for at least one (1)year.

viii. We shall allow and assist You and/or Your delegate to carry out audits and/or inspections in accordance with applicable data protection legislation in order to ensure Our compliance with data protection legislation.

1. We and we shall procure that all and any independent third party contractors engaged by Us abide by our IT Security Policy (or similar) which is available upon request.

6.3 Pursuant to Article 32 of the GDPR, You shall ensure that We can implement the security measures that must be taken, and that these measures are actually implemented as indicated by You.

6.4. We undertake to respond immediately to every request for verification submitted by You in relation to processing of personal data regulated by this Agreement and to inform You immediately with:

6.4.1 Requests for personal data regulated by this Agreement, by individuals (right of access requests) and also from third parties, including requests from law enforcement authorities;

6.4.2 Any accidental loss, security breach or unauthorised access to personal data regulated under this Agreement and any legal proceedings initiated on the basis of an alleged breach of the Act.

6.5 If it becomes necessary to do so, We shall notify the Information and Data Protection Commissioner of Malta of any breach of security of Your personal data within seventy-two (72) hours of becoming aware of it and in the manner specified by applicable data protection legislation.

6.6 We shall be ready and able to assist the Information and Data Protection Commissioner of Malta in the event that an audit to Our processing system of personal data is required by him/her and to demonstrate all of Our personal data protection processes and records as required for the purpose of such an audit.

6.7 Provided that any additional data privacy audits that may be requested by You, and which are not required by the Information and Data Protection Commissioner, shall be effected at Your sole and exclusive charge (including any opportunity charge).

6.8 Personal data relating to any authorised users added by You shall remain accessible to that authorised user for a period of up to thirty (30) days from when it was last used, following which it shall be permanently and irretrievably deleted.

6.9 It shall remain your right at any moment during such period to request Us, by means of a written notice, to preserve and retain any personal data for a longer period, provided that the release of such personal data will only be effected to the authorised users to which it relates, or to any other person when so ordered by a competent data protection authority or court or tribunal.

6.10 Any of Your personal data which is held by Us can be erased at Your request, by means of a written notice transmitted by a verified source on Your end.

6.11 Except where an audit is imposed on You by a Regulatory body which is authorised to do so, You may conduct an audit for the following security purposes, but not more than twice in any calendar year and for a period of twelve (12) months from the termination of this Agreement:

6.11.1 to review the integrity, confidentiality and security of Your person data;

6.11.2 to verify the accuracy and completeness of any information delivered or required by this Agreement;

6.11.3 to review Our compliance with the applicable Data Protection Legislation; and/or

6.11.4 to ensure that We are complying with any security standards and obligations set out in this Agreement.

6.12 You should use reasonable endeavours to ensure that the conduct of each audit does not unreasonably disrupt Us or delay the provision of the Services.

6.13 Subject to Your obligations of confidentiality, We shall on demand provide You (and/or its agents or representatives) with all reasonable co-operation and assistance in relation to each audit, including:

6.13.1 all information requested by You within the permitted scope of the audit;

6.13.2 reasonable access to any sites controlled by Us and to any equipment used (whether exclusively or non-exclusively) in the performance of the Services;

6.13.3 access to any system of Ours which processes or supports the processing of Your personal data; and

6.13.4 access to Our Personnel.

6.14 You shall endeavour to provide at least fifteen (15) Working Days’ notice of Your intention to conduct an audit.

6.15 Where any audit reveals any actual or potential failure or weakness, then You shall notify Us of such actual or potential failure. We shall promptly notify You of any changes which We propose to make in order to correct such failure or weakness. Subject to Your approval, We shall implement such changes in accordance with the timetable agreed with You or, otherwise, as soon as reasonably possible.

6.16 Any failure on Our part to remedy such actual or potential security failure or weakness identified by any audit carried out under this clause shall allow You to take remedial action.

6.17 The Parties acknowledge that each Party may be exposed to or acquire communication or data of the other Party that is confidential, privileged communication not intended to be disclosed to third parties.

6.18 For the purposes of this Agreement, the term “Confidential Information” shall mean all information and documentation relating to a Party, including all information that:

6.18.1 has been marked “confidential” or with words of similar meaning, at the time of disclosure by such entity;

6.18.2 if disclosed orally or not marked “confidential” or with words of similar meaning, was subsequently summarized in writing by the disclosing entity and marked “confidential” or with words of similar meaning;

6.18.3 with respect to Your information and documentation, whether marked “Confidential” or not, consists of Your information and documentation included within any of the following categories:

1. customer, employee, supplier, or contractor lists;
2. employee information including but not limited to contact details, country of residence, line manager details and performance data;

iii. information regarding administrative, financial, or marketing activities;

1. pricing information;
2. program design and documentation;

6.18.4 any Confidential Information derived from information of a Party.

6.18.5 The term “Confidential Information” does not include any information or documentation that was:

1. already in the possession of the receiving entity without an obligation of confidentiality;
2. developed independently by the receiving entity, as demonstrated by the receiving entity, without violating the disclosing entity’s proprietary rights;

iii. obtained from a source other than the disclosing entity without an obligation of confidentiality; or,

1. publicly available when received, or thereafter became publicly available (other than through any unauthorized disclosure by, through or on behalf of, the receiving entity).

6.19 The Parties agree to hold all Confidential Information in strict confidence and not to copy, reproduce, sell, transfer, or otherwise dispose of, give or disclose such Confidential Information to third parties other than employees, agents, or subcontractors of a Party who have a need to know in connection with this Agreement or to use such Confidential Information for any purposes whatsoever other than the performance of this Agreement.  The Parties agree to advise and require their respective employees, agents, and subcontractors of their obligations to keep such information confidential.

6.20 Each Party shall use its best efforts to assist the other Party in identifying and preventing any unauthorized use or disclosure of any Confidential Information. Without limitation of the foregoing, each Party shall advise the other Party immediately in the event either Party learns or has reason to believe that any person who has had access to Confidential Information has violated or intends to violate the terms of this Agreement and each Party will cooperate with the other Party in seeking injunctive or other equitable relief against any such person.

6.21 We acknowledge that breach of Our obligation of confidentiality may give rise to irreparable injury to You, which damage may be inadequately compensable in the form of monetary damages.  Accordingly, You may seek and obtain injunctive relief against the breach of the foregoing undertakings, in addition to any other legal remedies which may be available, to include, at Your sole election, the immediate termination, without penalty to You, of this Agreement in whole or in part.

6.22 Notwithstanding any of the foregoing, We shall incur no liability for damages arising due to Your fault, negligence, culpable act or omission.

6.23 By using Mindbeat’s artificial intelligence coaching platform Sam AI Coaching, the Client confirms its agreement to permit Mindbeat to retain and process all data collected and recorded as a result of the use of Sam AI Coaching.  Mindbeat confirms that all such data shall be always subject to Mindbeat’s obligations of confidentiality and compliance with all applicable and relevant data protection and privacy laws.

6.24 The provisions of Clauses 6.8, 6.9, 6.17, 6.18, 6.19, 6.20, 6.21, 6.22 and 6.23 shall survive the termination of this Agreement for a period of three (3) years.

6.25 The provisions of this Section shall not apply in the event that We are legally compelled to disclose such Confidential Information upon a legitimate request being made by the Maltese Courts or any other relevant authority.

7. Coaching Session Terms and Conditions

7.1 Please give 24 hour notice for any cancellations or reschedules. We will make users aware of this stipulation when they book a session and they will receive a warning if they try and reschedule outside of this deadline. If less than 24 hour notice is given the session will be lost.

7.2 Users should attend all 3 coaching sessions within 10 weeks of registration. Any sessions that are not taken within this time will be lost.

7.3 We do not issue refunds for unused sessions.

7.4 We have taken all reasonable steps to ensure that the coaches engaged to provide the Services on our behalf are genuinely self-employed, independent consultants or contractors and, as such fall outside UK HMRC IR35 provisions.

7.5 All fees quoted and agreed are exclusive of any VAT (either EU, UK or any other jurisdictions’ goods and services taxes) or local taxes if applicable.  In any event, we are committed to charging ‘flat’ or ‘fixed’ fees without any ‘hidden extras’ or additional charges, where at all possible.  In the event that any additional requirements arise, we will agree the scope and potential cost with you clients before any additional fees are incurred.

8. Proprietary Rights

8.1 You acknowledge and agree that all copyright and other intellectual property rights in the Software and Services were created by Us and shall remain Our sole property. By Virtue of this Agreement, You shall only be granted access to and use the Software and the Services and nothing in this Agreement shall alter these rights and no title to, or ownership of, the Software and Services is transferred to You.

8.2 You acknowledge that, in the course of performing the Services, We may use software and related processes, instructions, methods, and techniques that have been previously developed by Us (collectively, the “Pre-existing Materials”) and that same shall remain Our sole and exclusive property and the provisions in paragraph 8.1 above shall apply hereto.

8.3 Your information contained in any of Our repositories (the “Customer Data”, which shall also be known and treated by Us as Confidential Information) shall be and remain Your sole and exclusive property.  You hereby authorise Us (and any independent third party contractor engaged by Us) to access this Customer Data for the sole and exclusive purpose of providing access to the Software and the Services, and authorise Us to store, record, transmit, maintain, and display Customer Data only to the extent necessary in the provisioning of the Services. For the Purposes of this Clause “Customer Data” shall include:

8.3.1 ‘Users’ Confidential Data’ such as coaching notes, diagnostic exercises completed by the user, etc.

8.3.2 ‘Aggregate User Data’ such as user activity report and average scores of users on diagnostics they regularly use (eg. if they all complete a leadership diagnostic, the customer can view reports of the average score in a department of 10 people +)

8.4 We shall be able to provide You with an export of the Aggregate User Data (as defined above) (in CSV format or other suitable digital format as agreed between the Parties), without charge, upon Your request and upon termination of this Agreement. An export of the Users’ Confidential Data (as defined above) (in CSV format or other suitable digital format as agreed with the User), may be provided to the particular authorised user without charge, upon such authorised user’s request and no longer than thirty (30) days from the termination of that particular user’s account and You hereby agree and acknowledge that You shall not be entitled to a copy / export any of such Users’ Confidential Data. Furthermore, You hereby agree to inform all authorised users of their right to such export copy of the Users’ Confidential Data.

8.5 Except as expressly set forth herein, no license is granted by either Party to the other with respect the Confidential Information, Pre-existing Materials, or Customer Data.  Nothing in this Agreement shall be construed to grant to either Party any ownership or other interest, in the Confidential Information, Pre-existing Materials, or Customer Data, except as may be provided under a license specifically applicable to such Confidential Information, Pre-existing Materials, or Customer Data.

8.6 The provisions of this Section shall survive the termination of this Agreement.

9. Liability & Indemnity

9.1 Unless otherwise provided by law, We shall not be responsible for lost profits, revenues, or data, financial losses or indirect, special, consequential, exemplary or punitive damages.

9.2 To the extent permitted by law, our total liability and of our suppliers for any claims relating to this agreement and/or to Our services, including for any implied warranties is limited to the amount You paid to Us to use Our services.

9.3 For the avoidance of any doubt, the exclusion of liability shall not apply in the event of any loss of personal data which is attributed directly to Our actions or inactions, evidence of which is to result from an audit carried out in line with the principles set out in Clause 7 hereof.

9.4 Notwithstanding the foregoing Clauses 9.1-9.3, We will not be liable for any loss or damage that is not reasonably foreseeable, or which does not arise, directly or indirectly from Our negligence.

9.5 You shall indemnify and keep indemnified and harmless Us from and against all actions, claims, demands, losses, damages, costs (including all legal and judicial costs incurred by Us) and expenses for which We shall become liable, and arising directly or indirectly from Your use of Our services, including the use by your authorised users.

9.6 We agree to indemnify and hold You harmless against all losses, claims and expenses, damages and charges in respect of a breach by Us of any of Our data protection obligations as contained in these clauses or in the applicable data protection legislation and resultant form any action or inaction by Us. The indemnity provided in this clause shall survive the termination of this Agreement for a maximum period of five (5) years to be reckoned from the effective date of such termination, and We shall be protected by the appropriate insurance cover taken out by Us and containing a cross-liability clause and adequate limit of indemnity so as to cover any potential loss, claim expense, damages and charges or for any liability whatsoever arising following the breach of any of these clauses.

9.7 For the avoidance of doubt, in relation to tax matters outside the UK and beyond the jurisdiction of UK HMRC, we shall not be liable under any circumstances for any fine, payment, loss, expense, damage, delay, costs or compensation (whether direct, indirect or consequential) which may arise or be suffered or incurred by You or any third party.

9.8 If requested, We shall cooperate with You in the defence and settlement of the claim which shall be notified to Us by You.

10. Termination

10.1 If either Party materially breaches any of its duties or obligations hereunder or set out in any Statement of Works,  and such breach is not cured, or the breaching Party is not diligently pursuing a cure to the nonbreaching Party’s sole satisfaction, within thirty (30) calendar days after written notice of the breach, then the nonbreaching Party may terminate this Agreement for cause as of a date specified in such notice.

10.2 Either Party may at any time by notice in writing to the other terminate this Agreement in its entirety as from the date of service of such notice if the other:

10.2.1 shall enter into any compromise or arrangement with or for the benefit of its creditors; or

10.2.2 shall cease or threaten to cease to carry on all or substantially all of its business or shall stop payment of debts generally save, in either case, for the purposes of a solvent reconstruction or amalgamation; or

10.2.3 a resolution shall be passed or an application shall be presented, or an order shall be made, for its liquidation and consequential winding up or an application shall be presented for an administration order in respect of it; or

10.2.4 is unable to pay its debts in accordance with Section 214 (5) of the Maltese Companies Act 1995 or in accordance with any other applicable law to which either party may be subject; or

10.2.5 if an official receiver or administrative receiver or administrator or similar officer is appointed over the whole or a substantial part of its undertaking, property or assets.

10.3 Upon the termination of this Agreement, You agree to pay Us all undisputed amounts due and payable hereunder within 60 days of termination.

10.4 Upon termination of this Agreement, each Party shall:

10.4.1 promptly return to the other Party, or certify the destruction of any of the following of the other Party held in connection with the performance of this Agreement or the Services:

1. all Confidential Information ( save the User’s Confidential Data as defined above where a final export of this data shall be provided by Us directly to the individual User after the User would have been notified of the termination of this Agreement by You and shall certify the destruction of such data within thirty (30) from termination of this Agreement; and,
2. any other data, programs, and materials; and

10.4.2 return to the other Party, or permit the other Party to remove, any properties of the other Party then situated on such Party’s premises.  In the case of the Aggregate User Data (as defined above), We shall, immediately upon termination of this Agreement, provide you with a final export of the Aggregate User Data and shall certify the destruction of any of the Aggregate User Data within Our possession.  The Parties agree to work in good faith to execute the foregoing in a timely and efficient manner.  This Clause 10.4 shall survive the termination of this Agreement.

10.4.3 notwithstanding paragraphs (a) and (b) above, You hereby authorise Us to retain a copy of the Confidential Data in anonymised format which shall ensure that the Data Subject is not or no longer identifiable and authorise Us to process such anonymous information, including for statistical or research purposes.

10.5 You shall not be entitled to reimbursements of any fees paid to Us should You terminate the Agreement outside the circumstances set out in Clauses 10.1 and 10.2.

10.6 In the event that We do not adhere to Our data protection obligations mentioned in this Agreement or the applicable data protection legislation, without prejudice to all the other rights at law and under this Agreement available to You, including the right to immediately terminate this Agreement, and without prejudice to any other administrative or other fines, liabilities or expenses that may arise as a direct consequence of the breach, We shall become liable to a fine of up to twenty Euro (€20) for each day (excluding Saturdays, Sundays and public holidays) or part thereof where there is a delay in rectifying such non-adherence following written notification by Us of such breach, which fine shall amount to pre-liquidated damages that shall be offset against and deducted from any greater amount of damages that may be determined by a Court or adjudicating body in terms of law.

11. Applicable Law & Arbitration

11.1. The Parties agree that the validity, interpretation and enforcement of this Agreement, shall be governed exclusively by the laws applicable in the Republic of Malta.

11.2 The Parties agree to resolve any disagreement, dispute, claim, inconsistency or controversy relating to this Agreement, or breach, termination or invalidity thereof, arising between the Parties, amicably and within 15 days of it arising. If no solution is reached within the said 15-day period, either Party shall be entitled to initiate judicial proceedings in Malta thereafter.

11.3 In such event, the Parties agree that the Courts of the Republic of Malta shall have exclusive jurisdiction.

12. Miscellaneous

12.1 This Agreement and the documents referred to herein, constitute the entire agreement and understanding of the Parties with respect to the subject matter of this Agreement, and supersedes all prior understandings and agreements, whether oral or written, between or among the Parties hereto with respect to the subject matter hereof.

12.2 Either Party may not assign or transfer this Agreement or their respective rights and obligations arising herefrom except with the prior written consent of the other Party, which consent shall not be unreasonably withheld.  For the purposes of this Clause 12.2, any amalgamation and/or reconstruction effected by either Party, or any change in the majority or controlling shareholders of either Party shall be deemed and assignment of this Agreement.  The Parties shall not, however be precluded from assigning this Agreement to a parent or subsidiary company, provided that any such parent or subsidiary company has substantially the same majority or controlling shareholders as the original Party appearing on this Agreement.

12.3 This Agreement may be amended only by a written agreement executed by each of the Parties hereto.  No amendment of or waiver of, or modification of any obligation under this Agreement will be enforceable unless set forth in a writing signed by the Party against which enforcement is sought.  Any amendment effected in accordance with this section will be binding upon all Parties hereto and each of their respective successors and assigns.

12.4 No delay or failure to require performance of any provision of this Agreement shall constitute a waiver of that provision as to that or any other instance.  No waiver granted under this Agreement as to any one provision herein shall constitute a subsequent waiver of such provision or of any other provision herein, nor shall it constitute the waiver of any performance other than the actual performance specifically waived.

12.5 All references in this Agreement to a statutory provision shall be construed as including references to:

12.5.1 any statutory modification, consolidation or re-enactment thereof for the time being in force in Malta; and

12.5.2 all statutory instruments or orders made pursuant to that statutory provision.

12.6 Clause and Section headings in this Agreement and in the documents attached hereto are solely intended for ease of reference and do not restrict or otherwise affect the construction of any provision.

12.7 Where appropriate, words denoting the singular shall include the plural and vice versa.

12.8 Mindbeat uses “Cookies” to identify the areas of our website that you have visited. A Cookie is a small piece of data stored on your computer or mobile device by your web browser. We use Cookies to enhance the performance and functionality of our website but are non-essential to their use. However, without these cookies, certain functionality like videos may become unavailable or you would be required to enter your login details every time you visit the website as we would not be able to remember that you had logged in previously. Most web browsers can be set to disable the use of Cookies. However, if you disable Cookies, you may not be able to access functionality on our website correctly or at all. We never place Personally Identifiable Information in Cookies.

Appendix A

The Software

The Software consists of a web-based Enterprise e-Coaching and Mentoring platform which allows the You to offer Your authorised users, depending on the packages selected, services including but not limited to the following:

■ Diagnostics and goal setting: to build awareness, focus and a baseline from which to track change.

■ Drip-fed, bite size learning tracks and nudges, aligned to goals of each individual: to build skill, habits and real behaviour change in specific areas (eg Giving feedback, Delegation)

■ Coaching platform: to connect individuals with peers, senior managers and internal trainers through a user-friendly video interface that includes note taking, scheduling and messaging. If required.

Regular tracking and measurement of change: to measure and track behaviour change, progress and user activity. This includes feedback ratings from self and line manager

Appendix B

1. DATA PROTECTION 

• • 1 With respect to the parties’ rights and obligations under this Agreement, the parties acknowledge that Client (or, where applicable, the relevant Client Recipient) is the data controller and the Supplier is the data processor of any personal data that is processed by or on behalf of the Supplier in the course of performing its obligations under this Agreement (“Client Personal Data“).
  • 2 The table below sets out the subject matter and the duration of the processing, the nature and purpose of the processing under this Agreement, the types of Client Personal Data that the Supplier will process and the categories of data subject whose personal data is processed:

• 3 The Supplier must:
  1. process the Client Personal Data only in accordance with written instructions from the Client from time to time, including as set out in this Agreement, unless required to process the Client Personal Data for any other purpose by applicable laws of the UK, the European Union or other EU Member State to which the Supplier is subject, in which case, where legally permitted, the Supplier must inform the Client of this legal requirement before processing;
  2. notify the Client immediately if, in the Supplier’s opinion, an instruction for the processing of Client Personal Data given by the Client breaches any provision of the Data Protection Legislation;

• at no additional cost, keep or cause to be kept such information as is necessary to demonstrate compliance with its obligations under this clause 20, including a full and accurate record of all categories of processing activities carried out on behalf of the Client Recipients, and must, upon reasonable notice, make available to the Client or grant to the Client and the Client Auditors, and any applicable law enforcement authority (including any applicable supervisory authority), a right of access to, and to take copies of, any information or records kept by the Supplier pursuant to this clause 20;

1. implement appropriate technical and organisational measures to protect Client Personal Data against accidental or unlawful processing, loss, destruction, damage, alteration, or unauthorised disclosure or access, including the measures taken in accordance with the Data Protection Legislation, clause 21 and Schedule 8, and including so as to allow the Client Recipients to comply with their obligations under the Data Protection Legislation;
2. ensure that any staff or personnel (including Supplier Personnel) authorised to process the Client Personal Data are subject to a binding duty of confidentiality in respect of such data;
3. at no additional cost, provide such information and such assistance to the Client Recipients as the Client may reasonably require, and within the timescales reasonably specified by the Client, to allow the Client Recipients to comply with their obligations under the Data Protection Legislation, including assisting the Client Recipients to:
   1. comply with its own security obligations;
   2. discharge its obligations to respond to requests for exercising data subjects’ rights;

• comply with its obligations to inform data subjects and the applicable supervisory authority about personal data breaches;

1. carry out privacy impact assessments and audit privacy impact assessment compliance; and
2. consult with the applicable supervisory authority following a privacy impact assessment;

• not transfer any Client Personal Data to any third party (including any sub-contractors) without the prior written consent of the Client. Where the Client does consent to the Supplier engaging a sub-contractor to provide any part of the Supplier Solution, the Supplier must ensure the reliability and competence of such sub-contractor, its employees or agents who may have access to the Client Personal Data, and must include in any contract with such sub-contractor provisions in favour of the Client which are equivalent to those in this clause 20 and as are required by the Data Protection Legislation. For the avoidance of doubt, in accordance with clause 24.3, where a sub-contractor fails to fulfil its obligations under any sub-processing agreement or the Data Protection Legislation or otherwise causes the Supplier to be in breach of the obligations of this clause 20, the Supplier will remain fully liable to the Client for the failure of fulfilment of its obligations under this Agreement;
• notify the Client immediately in writing of any actual or suspected breach of this clause 20 on its part or that of the Supplier Personnel,  with further information about the breach provided in phases as information becomes available and provide full and prompt information and assistance to the Client and any applicable law enforcement authority (including any applicable supervisory authority) in relation to such breach at its cost;

1. notify the Client without undue delay in writing if it receives from any data subject whose personal data forms part of the Client Personal Data, or any applicable law enforcement authority (including any applicable supervisory authority):
   1. any communication seeking to exercise rights conferred on the data subject by the Data Protection Legislation;
   2. any complaint or any claim for compensation arising from or relating to the processing of Client Personal Data; or

• any communication from any applicable law enforcement authority (including any applicable supervisory authority).

• 4 The Supplier must not transfer any Client Personal Data outside of the UK or the European Economic Area (the “EEA“) without the Client’s express prior written consent. Where the Client does consent to the transfer of Client Personal Data outside of the UK or the EEA, the Supplier must comply with all applicable provisions of the Data Protection Legislation relating to the transfer of such personal data outside of the UK or the EEA, and undertakes to take all steps necessary to comply with those provisions, which may include the Supplier (or, where applicable, the Supplier’s affiliate, sub-processor or other relevant third party) entering into standard contractual clauses with the relevant Client Recipient(s) in the form set out in decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 (“Standard Contractual Clauses“) (as may be amended by agreement of the parties for compliance with the Data Protection Legislation).
• 5 In the event that the Adequacy Decision granted in respect of the Standard Contractual Clauses is invalidated or suspended, or any supervisory authority requires transfers of personal data pursuant to such Standard Contractual Clauses to be suspended, then the Client may, at its discretion, immediately require the Supplier to:
  1. Cease data transfers immediately, and implement an alternative adequacy mechanism (as authorised in writing by the Client); or
  2. return all Client Personal Data previously transferred, and ensure that a senior officer or director of the Supplier certifies to the Client that this has been done.
• 6 The Supplier must not retain any of the Client Personal Data for longer than is necessary to perform its obligations under this Agreement and upon the Client’s reasonable request, securely destroy or return all Client Personal Data, and delete existing copies of the Client Personal Data except to the extent that the applicable laws of the UK, the European Union or other EU Member State to which the Supplier is subject requires continued storage of the Client Personal Data.
• 7 The Supplier must comply at all times with, and assist the Client Recipients in complying with its applicable obligations under, the Data Protection Legislation. The Supplier must not perform its obligations under this Agreement in such a way as to cause the Client Recipients to breach any of its applicable obligations under the Data Protection Legislation.
• 8 For the purposes of this clause 19, “data controller“, “data processor“, “data subject“, “personal data“, “processing“, and “appropriate technical and organisational measures” will be interpreted in accordance with the Data Protection Legislation.