Online Wills Terms of Use

Arken.legal Online Will System Terms and Conditions

You should read these terms and conditions carefully – by registering to use the Arken.legal Online Will System you confirm that you accept the terms and conditions and agree to be bound by them.

In these terms and conditions:
“We”, “Us” or “Our” refer to Arken.Legal (UK) Limited of General Wolfe House, 83 High
Street, Westerham, Kent TN16 1PG.
“You” or “Your” means you, the individual, firm, practice, partnership, company or organization
who registers with us to use the System for the purposes of the Service.
“Additional Monthly Payment” means the additional amount, if any, payable by you in
accordance with Schedule 1 hereto.
“Client” or “Clients” means the individual or individuals using the Service.
“Commencement Date” means the date of our receipt of your payment to us
following completion and submission of your completed Registration Questionnaire.
“Confidential Information” shall include, but not be limited to, all information which is not publicly known including the business, finances, technology, trade secrets, and any other commercially sensitive information of either party regardless of its nature.
“Content” means all information and material contained on the Site and within the System and the Service, including, without limitation, code, data, text, software, photographs, pictures, graphics, questionnaire and document output.
“Database” means the database utilized by the System.
“Direct Debit Instruction” means the direct debit mandate signed by you authorising us to collect due payment under this license direct from your bankers.
“Hosting Service” means the provision of storage space for the Site to be provided by us such hosting services to be available to the internet 24 hours a day, 7 days a week.
“Intellectual Property Rights” means all copyright, design right, registered designs, patents, trade and service marks, rights in relation to databases, know how, rights in confidential information, and all other intellectual property rights throughout the world, whether registered or unregistered, and including all rights to applications, pending registrations, renewals and reversions.
“License” means the license granted pursuant to these terms and conditions.
“Minimum Monthly Payment” means the minimum monthly amount payable by you for the use of the System in accordance with Schedule 1 hereto.
“Registration Questionnaire” means the online questionnaire completed by you to register to use the System to offer the Service.
“Server” means the web server owned or licensed by us to provide the Hosting Service.
“Service” means the online Will Writing System for England and Wales offered by you to your clients for the creation of Wills.
“Site” means our website www.arken.legal or www.onlinewillservice.com as the case may be.
“Standard Terms and Conditions” means the model client facing terms and conditions offered by us without responsibility as part of the System and which you may elect to adopt in the provision of the Service.
“System” means the Arken Online Will System used to provide the Service.
“Unit Royalty” means the amount payable for each Will in accordance with Schedule 1 hereto. “URL Link” means your Uniform Resource Locator link to the Service.
“Your Data” means the information and data provided to us by you or inputted by you into the Service.

1. TERM AND EXTENT OF LICENCE
1.1. During the continuance of the payment of the Minimum Monthly Payment and the Additional Monthly Payment, We grant to you a non-exclusive and non-transferable licence from the Commencement Date to use the System for the purposes of the Service.
1.2. The Licence granted under Clause 1.1 shall commence on the Commencement Date and unless terminated under Clause 5 of this Licence shall remain in force for three months from the Commencement Date and shall be automatically renewable for successive periods of three months unless not less than three (3) months prior written notice of termination is given by one party to the other.
1.3. For the avoidance of doubt, the licence granted under clause 1.1 of this Licence does not entitle you to make the System or Service available from or via any third party website unless we give our prior written consent.
1.4. You shall not nor shall you permit others to decompile, reverse engineer or disassemble the System or any part save to the extent, if at all, permitted by law.
1.5. You shall not assign or sub-licence the benefit of this licence to a third party and you will ensure that the System is used in strict conformity with its terms.

2. YOUR OBLIGATIONS
2.1. You undertake and agree that you will at all times during the continuance of this licence and, where applicable, following termination, observe and perform the terms and conditions of this licence.
2.2. You warrant that the information provided by you in the Registration Questionnaire is correct and that none of such information and/or data, including banner, brand or logo, will breach any third party intellectual property rights or be intended or presented to as to mislead as to your identity, any you undertake and agree that you will:
2.2.1. Maintain and update such information as may be required from time to time;
2.2.2. Keep your password and log on details secure;
2.2.3. Complete and return the Direct Debit Instruction to us by first class post forthwith;
2.2.4. Maintain a PayPal or Stripe business account (which will be required in all cases except for the Interview Only service option) and ensure that the correct details are provided in the Registration Questionnaire;
2.3. Where the Service option(s) you have selected requires payment from your client, you agree that you will, at your expense, correctly set up, test and maintain your PayPal business account.
2.4. You undertake to make all payments to us in accordance with the terms of this licence. If your bank account details change you must notify us immediately and complete and return to us a new Direct Debit instruction.
2.5. You will bring to our attention immediately any improper or wrongful use of the System.
2.6. You will notify us immediately should you become aware of any System error which renders document output of the Service defective.
2.7. You will ensure that, except in respect of the Premier Service, in processing Wills the System is only used by your authorized personnel who shall be competent and suitably qualified Will writers.
2.8. The generation of a Will using the System and/or the Service does not constitute legal advice on our part, and we cannot accept responsibility for the appropriateness of any such Will. It is your responsibility to review the Will Questionnaire and the Will document to ensure that the Will document generated is correct. Where, at your sole discretion, you choose to allow your clients to use the Premier Service, which will generate a Will without you reviewing it, we do not accept responsibility for the correctness or appropriateness of any such Will.
2.9. In using the System and providing the Service, you must at all times act honestly and ethically, in accordance with the standards of god business practice and in accordance with the laws of England and Wales.
2.10. You must not do anything that would bring our good name or reputation or that of the System or Service into disrepute.
2.11. You accept that it is your responsibility to satisfy yourself as to the efficacy and appropriateness of the Standard Terms and Conditions should you elect to use them. In the event that you choose to upload and use your own or other client facing Terms and Conditions in the place of the Standard Terms and Conditions you undertake that such shall not be inconsistent with the terms and conditions of this licence.
2.12. As between you and your client you accept full responsibility for the content and appropriateness of any document produced by the System or produced from any information provided by the System and will indemnify us in respect thereof.2.13. It is your responsibility to retain PDF copies of documents produced by the System and to file and store the same as you see fit. We reserve the right to delete documents and data from the database or server after six (6) months.
2.14. It is your responsibility to retain PDF copies of documents produced by the System and to file and store the same as you see fit. Note that documents and data will not be retained on the database or server for longer than six (6) months.
2.15. You shall bear your own costs and expenses in relation to and incurred in performing your obligations under this license.
2.16. You will cease to use the URL link immediately on the termination of this licence.
2.17. You will not incur any liability on our behalf.

3. OUR OBLIGATIONS
3.1. During the continuance of the Licence, we will:
3.1.1. provide or procure technical maintenance of the System;
3.1.2. provide a telephone support line available to you during the hours of 09.00 and 17.00 Monday to Friday (with the exception of Public or Bank Holidays). For the avoidance of doubt, the support line is only available to you and not to your clients;
3.1.3. arrange the Hosting Service with UK web hosting company AWS or such other suitable third party hosting provider as we may decide from time to time;
3.1.4. rectify any material errors in the System as soon as possible after becoming aware or being notified (by you or a third party) of the same. We reserve the right to suspend the Service while any such errors are rectified; and
3.1.5. comply with all current data protection legislation and our Online Wills Data Protection Policy (“Data Protection Policy”) available at Schedule 2 and our Online Wills Data Security Policy (“Data Security Policy”) Available at Schedule 3 as may be amended by us at our sole discretion from time to time.

4. RESERVATION OF RIGHTS
4.1. We reserve the right to:
4.1.1. Suspend the System at our sole discretion at any time;
4.1.2. Withdraw the System for any reason and at any time, subject to the provisions of Clause 5.2;
4.1.3. to change these terms and conditions without notice at any time; and
4.1.4. to vary the amount of the Minimum Monthly Royalty and/or Unit Royalty on giving you at least one (1) months written notice.

5. TERMINATION
5.1. Either party may terminate this licence upon giving written notice to us in accordance with the terms of Clause 1.2.
5.2. If we exercise our right to withdraw the System, we will give you three (3) months prior written notice of such withdrawal.
5.3. We may terminate this licence with immediate effect if you are in breach of any of its terms and conditions, including, without prejudice to the generality of the foregoing, the non- payment or late payment of any payments due to us.
5.4. In the event of termination under Clause 5.2 your liability to pay the Minimum Monthly Royalty will cease at the end of such three (3) month notice period.
5.5. In the event of termination under Clause 5.3 we may, at our sole discretion, permit access to the system for a period of ten (10) working days to enable you to process any outstanding Will applications submitted and paid for by Clients.
5.6. In the event of termination under the provisions of Clause 5.3 you shall remain liable to us for (i) any unpaid Additional Monthly Royalty to the date of termination or such extended date, if any, granted by us in accordance with Clause 5.4, and (ii) the Minimum Monthly Royalty for the remainder of the licence term.

6. WARRANTIES AND IPR
6.1. We warrant that:
6.1.1. we have full right and power to grant this licence; and
6.1.2. the System does not infringe any industrial of Intellectual Property Rights of a third party.
6.2. You shall not acquire any right title or interest in any Intellectual Property Rights in the System or any part thereof or in any methodology, techniques, knowhow, methods or general business or technical knowledge used or developed by us in the creation of the System or in any content supplied by us which shall remain our property.
6.3. Other than the express warranties contained in this Clause 6, we make no other representations or warranty of any kind, express or implied, regarding the System, including, but without limitation, warranties of satisfactory quality or fitness for a particular purpose.
6.4. We do not warrant the functionality or compatibility of the System with any particular browser or operating environment.
6.5. We do not warrant the completeness, legality, effectiveness under law or otherwise or appropriateness of the Standard Terms and Conditions.
6.6. We do not warrant that the availability of the System or the Service will be uninterrupted or error free.

7. NON RECOURSE
7.1. You shall have no claim against us arising from any third party actions brought against you arising from the use of the System or Service or the content of any documentation created by the System.
7.2. You assume sole responsibility and entire risk as to the suitability of the System in the provision of the Service, results obtained therefrom, and any decision made or actions taken based on information or data contained in or generated by the System and/or Service. You acknowledge that in our providing and maintaining the System:
(a) we cannot under any circumstances be regarded as supplying tax, legal or accounting advice, which you yourself must provide or procure;
(b) you are not relieved of any responsibility, including to any third party, for the preparation, content, accuracy and review of Wills created; and
(c) it is not intended nor can it be relied upon as a substitute for your proper professional judgement in the circumstances.

8. LIMITATION OF LIABILITY
8.1. Whilst we will take such measures as are consistent with good industry practice to reasonably ensure that the System is fit for purpose and free from viruses, Trojan horses and worms, we do not accept liability for:
(a) the transmission of any virus, Trojan horse, worm or other routine or device;
(b) any inaccuracy of information provided as part of the System or the Service;
(c) the content of any documentation created by the System; or
(d) failure in the sending or delivery of emails.
8.2. We accept no responsibility for the appropriateness of any document produced by the System or for the proper execution of any document.
8.3. We are not liable under, or in relation to, these terms and conditions or the System or Service (whether such liability arises due to negligence, breach of contract, misrepresentation or for any other reason) for any:
8.4. Subject to 8.3 above our aggregate maximum liability to you in contract, tort or otherwise (including liability for negligence or breach of statutory duty) under or in connection with these terms and conditions shall be limited to a sum equal to three (3) months Minimum Monthly Royalty.
8.5. We shall have no liability whatsoever for any liability you may incur to any third party for:
(a) loss of profits;
(b) loss of sales or turnover;
(c) loss of business;
(d) loss of, or loss of use of, or corruption of data;
(e) loss of, or loss of use of, any computer or other equipment or plant;
(f) loss of or damage to reputation;
(g) loss of opportunity;
(h) loss or corruption of information;
(i) loss of anticipated savings;
(j) loss or wasted time;
(k) indirect loss or damage;
(l) consequential loss or damage; or
(m) special loss or damage,
even if we shall have been advised of the possibility of any such loss and for the purposes of this clause the term “loss” includes a partial loss or reduction in value as well as a complete or total loss.

9. YOUR DATA
9.1 As between you and us, you will own all Intellectual Property Rights and other rights, title and interest in and to Your Data and you will have sole responsibility for the legality, reliability, integrity, accuracy, quality and security of Your Data.
9.2 You warrant that you have all necessary rights, consents and licences to provide Your Data to us in accordance with the Agreement and that use of Your Data will not infringe the Intellectual Property Rights or other rights of any third party.
9.3 We will follow archiving procedures for Your Data as set out in our back-up policy (as may be amended by us at our sole discretion from time to time) a copy of which is available upon request (“Back-Up Policy”). In the event of any loss or damage to Your Data caused by us, your sole and exclusive remedy will be for us to use reasonable commercial endeavours to restore the lost or damaged data from the latest back-up of Your Data maintained by us in accordance with our Back-Up Policy. We will not be responsible for any loss, destruction, alteration or disclosure of Your Data caused by any third party (except those third parties sub-contracted by us to perform maintenance and back-up services of Your Data).
9.4 It is your responsibility to maintain your own record and copies of Your Data and of any Documents and TR Reports created via the Service as required by any applicable laws and your own internal data retention policies.
9.5 In providing the Service, we will comply with the Data Protection Legislation as defined in the most recent Data Protection Policy available on the Arken website (www.arken.legal). Where there is any inconsistency between the terms of the Data Protection Policy and any term of the Agreement, the terms of the Data Protection Policy shall take precedence only in respect of the processing of Your Data. References to “include”, “includes” and “including” shall be read as being followed by “without limitation” so as to provide a non- exhaustive list of examples.
9.6 You acknowledge that, except in relation to any Third Party Services, in the processing of any personal data contained in Your Data, the intention is that you will be the data controller and we will be the data processor of such personal data (as these terms are defined in Data Protection Legislation) and in any such case:
9.6.1 you will ensure that you are entitled to transfer the relevant personal data to us so that we may lawfully use, process and transfer the personal data in accordance with the Agreement;
9.6.2 you will ensure that the relevant Clients and other third parties have been informed of such use, processing and transfer as required by Data Protection Legislation;
9.6.3 we will process the personal data only in accordance with the Agreement;
9.6.4 both parties will take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.

10. GENERAL
10.1. These terms and conditions are the only terms and conditions applying to our supply of the System or to the Service and apply to the exclusion of any other express or implied conditions including any terms and conditions to which any order of yours may purport to be subject.
10.2. In these terms and conditions, the introduction and the schedules, any reference:
(a) to any statute or statutory provision includes a reference to that statute or statutory provision as amended, extended or reenacted and to any regulation, order, instrument or subordinate legislation under the relevant statute or statutory provision;
(b) to the singular includes a reference to the plural and vice versa;
(c) to any gender includes a reference to any other genders;
(d) to clause numbers or schedules shall be those in these terms and conditions. 10.3. No delay or forbearance by us in enforcing any provisions of these terms and conditions shall be construed as a waiver of such provision or any agreement thereafter not to enforce the said provision on that or any other occasion or another provision on another occasion.
10.3. We shall not be liable for any delay or failure to perform our obligations pursuant to this licence resulting from circumstances or events outside of our control or if such delay or failure is due to force majeure.
10.4. The System does not provide legal advice nor represent a legal advisory service.
10.5. If any provisions of these terms and conditions is found void and unenforceable, it will not affect the validity of the remainder of the provisions which shall remain valid and enforceable.
10.6. Where two or more legal entities constitute you, their liability shall be joint and severable.
10.7. These terms and conditions shall be governed by the laws of England and Wales.
10.8. Headings used in these terms and conditions are for ease of reference only and shall not affect its interpretation.

SCHEDULE 1
A Unit Royalty is due:

(a) In respect of the Instructions Only service, on submission of the Will Interview Questionnaire (whether completed or partially completed) by your client,
(b) (in respect of the Premier Service, on submission and payment by your client,
(c) In respect of the Superior and Superior Plus Service, on completion of the Will by you or on importation of the information from the Will Interview Questionnaire into an appropriate Arken desktop system.

The amounts payable by you for the use of the System:
Unit Royalty: £7 per document produced by the System above any documents included in the minimum monthly payment amount, or as agreed by us in writing
Minimum Monthly Payment: £200 per calendar month for each instance of the Service (or pro- rata for part if a month on account of Unit Royalty payments payable monthly in advance by Direct Debit) such amount to include 7 documents, or as agreed by us in writing
Additional Monthly Payment: such monthly sum which shall be payable for Unit Royalties in excess of the Minimum Monthly Payment in the preceding month payable monthly in arrears by Direct Debit.
All sums are exclusive of VAT which shall be added at the rate current from time to time.
These amounts may be varied under the provisions of Clause 4.1.4 of these terms and conditions.

SCHEDULE 2
Online Wills Data Protection Policy
1 DEFINITIONS AND INTERPRETATION
1.1 In this Policy all capitalised terms shall have the same meanings as in the Online Wills Terms and Conditions as well as the following meanings:
“Data Controller” means You and/or Authorised Users.
“Data Processor” means Us.
“Data Processor Personnel” means the Data Processor and/or each of its Sub-Processors and the officers, employees, agents, consultants, representatives and other personnel of each of the Data Processor and each Sub-Processor.
“Data Protection Legislation” means the European Directives 95/46 and 2002/58/EC (as amended by Directive 2009/139/EC) and any legislation and/or regulation implementing or made pursuant to them including but not limited to the Data Protection Act 1998, or which amends, replaces, re-enacts or consolidates any of them (including the General Data Protection Regulation, EU 2016/67), and including, where applicable, the guidance and codes of practice issued by the supervisory authorities (including the Information Commissioner).
“Good Industry Practice” means (in relation to any activity and under any circumstances) exercising the same skill, expertise and judgment and using facilities and resources of a similar or superior quality as would be expected from a person who: (a) is skilled and experienced in providing the services in question, seeking in good faith to comply with his or her contractual obligations and seeking to avoid liability arising under any duty of care that might reasonably apply; (b) takes all proper and reasonable care and is diligent in performing his or her obligations; and (c) complies with all applicable law.
“Request” means a subject access request or request to erase or correct Personal Data.
“Security Breach” means any actual loss, unauthorised or unlawful destruction, alteration, or unauthorised disclosure of, or access to the Personal Data (accidental or otherwise) and/or any other irregularity in processing the Personal Data.
“Sensitive Personal Data” has the meaning given to it in the Data Protection Legislation.
“Sub-Processor” means any sub-contractor to which the Data Processor has sub-contracted, or in the future may sub-contract, any of its obligations under Arken’s Standard Terms and Conditions and in performing such obligations the sub-contractor will receive and process Personal Data including UKFast, Amazon Web Services, Microsoft Azure, Active Campaign, Google Analytics, Zendesk, Cloudflare, Mailgun, Auth0, Segment or as otherwise notified by the Data Processor in writing from time to time.
“Working Days” means Monday to Friday, excluding Public and Bank Holidays, in England &
Wales.
1.2 For the purposes of this Policy Data Subject, Personal Data, Processing, transfer (in the context of Personal Data transfers) and appropriate technical and organisational measures shall be interpreted in accordance with the implementation of Directive 95/46/EC, or other applicable Data Protection Legislation, in the relevant jurisdiction.

2 PROCESSING PERSONAL DATA
2.1 In providing the Services, the Data Processor shall process Personal Data on behalf of the Data Controller. The type of Personal Data to be Processed, and the categories of Data Subjects are set out in Annex 2 (Details of Personal Data Processed).
2.2 Both parties will comply with all applicable requirements of Data Protection Legislation. This Policy is in addition to, and does not relieve, remove or replace, a party’s obligations under Data Protection Legislation.

3 RESTRICTIONS ON USE OF PERSONAL DATA
3.1 In processing Personal Data on behalf of the Data Controller, the Data Processor shall:
3.1.1 process the Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or the proper performance of its obligations under the Agreement or as is required by law or any regulatory body. The Data Processor may only correct, delete or block the Personal Data processed on behalf of the Data Controller as and when instructed to do so by the Data Controller or, if applicable, a Data Subject;
3.1.2 process the Personal Data only in accordance with the written instructions from the Data Controller or as otherwise lawfully and reasonably notified in writing (including via email) by the Data Controller to the Data Processor during the term of the Agreement (and the Data Controller hereby instructs the Data Processor to process that Personal Data as required to perform its obligations under the Agreement). If the Supplier is required to process the Personal Data for any other purpose by European Union or Member State law, the Data Processor will inform the Data Controller of this legal requirement to the extent permitted to do so by European Union or Member State law; and
3.1.3 ensure that Personal Data is only processed by Data Processor Personnel who are reasonably required to do so in order to enable the Data Processor to comply with its obligations under the Agreement.
3.2 The Data Processor shall ensure that any Data Processor Personnel to whom Personal Data is disclosed are obliged to keep the Personal Data confidential.
3.3 The Data Controller specifically authorises the appointment of any Sub-Processor identified in this Policy, Annex 1 or Annex 2 and generally authorises the Data Processor to appoint further or alternative Sub-Processors. Where the Data Processor appoints or replaces a Sub- Processor it shall:
3.3.1 notify the Data Controller not less than 30 days in advance of any intended changes concerning the addition or replacement of such Sub-Processors. If the Data Controller wishes to object to such changes, it must do so within 30 days of receiving such notice, by notifying the Data Processor in writing accompanied by its reasons for such objection. Following any such objection, the Data Processor may engage with the Data Controller to provide alternatives or assurances in relation to such change. If the Data Controller (acting reasonably in relation to its legal or regulatory compliance obligations) continues to object to such changes the Data Controller may, within 30 days of receipt of the original notice, terminate on written notice without penalty the relevant services directly affected by that change. Where the Data Controller does not provide such written notice of such termination, or continues to use such services following the change, it shall be deemed to have accepted such change;
3.3.2 remain fully liable for all acts or omissions of any Sub-Processor engaged by it (and such engagements shall be on such Sub-Processors’ terms of business which incorporate data protection obligations which are the same or not less onerous in their effect as those set out in this Policy.
3.4 The Data Processor shall not acquire any right, title or interest in and to any of the Personal Data disclosed to it by the Data Controller.

4 SECURITY PROVISIONS
4.1 In processing Personal Data on behalf of the Data Controller, the Data Processor shall implement and shall ensure that it has in place at all times appropriate technical and organisational measures to prevent unlawful or unauthorised processing, accidental or unlawful destruction, damage, accidental loss, alteration, unauthorised disclosure of or access to the Personal Data in accordance with the compliance principles contained in Annex 1 and the Data Protection Legislation.
4.2 As soon as reasonably practicable following a request from the Data Controller, the Data Processor shall provide to the Data Controller all information reasonably necessary to demonstrate and ensure compliance with Clause 4.1 save that the Data Processor shall not be obliged to disclose specific security information which would jeopardise the security of the Software, Service or the Personal Data.
4.3 The Data Processor shall back up the Personal Data in accordance with its Back-Up Policy.

5 RESTRICTION ON TRANSFER OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
5.1 The Data Processor shall not transfer Personal Data outside the EEA without the express prior written consent of the Data Controller (and the Data Controller hereby instructs and authorises the Data Processor to transfer Personal Data outside the EEA where required for the provision of the Services, including but not limited to where Personal Data is accessed by or on behalf of the Data Controller from outside the EEA, and where the Data Controller has been notified that an authorised Sub-Processor is located or stores or accesses Personal Data
outside the EEA).
5.2 Where the Data Controller gives consent to a transfer outside the EEA, the Data Processor shall take such steps as may reasonably be required by the Data Controller on an ongoing basis to ensure there is adequate protection for such Personal Data in accordance with applicable Data Protection Legislation, which may include the Data Processor (or, where applicable, the Data Processor’s affiliate, Sub-Processor or other relevant third party) entering into the standard contractual clauses set out in the European Commission’s Decision 2010/87/EU of 5 February 2010 for the transfer of Personal Data to processors established in third countries (“Standard Contractual Clauses” with the Data Controller (as determined by the Data Controller) in the form prescribed by the European Commission (as may be amended by agreement of the Parties for compliance with applicable Data Protection Legislation requirements).

6 ASSISTANCE WITH COMPLIANCE
6.1 The Data Processor shall comply (and undertakes to ensure that the Data Processor Personnel do likewise) at all times with the requirements of the Data Protection Legislation and shall perform its obligations under the Agreement in such a way as to assist the Data Controller in complying with its obligations under the Data Protection Legislation taking into account the nature of the Processing and the information available to the Data Processor.
6.2 The Data Processor will at the cost of the Data Controller permit and arrange all reasonable access and assistance required for audits (including but not limited to inspection) by the Data Controller (and/or its auditors, representatives and/or any supervisory or government body, including the Information Commissioner (excluding where any representative is a competitor of the Data Processor)) in relation to compliance with this Policy subject to reasonable and appropriate confidentiality undertakings being given by the Data Controller’s auditors or representatives to inspect and audit the Data Processor’s Processing activities.
6.3 The Data Processor will assist the Data Controller, at the Data Controller’s cost, if it receives a Request from a Data Subject in relation to his or her Personal Data (insofar as this is possible).
6.4 The Data Processor will assist the Data Controller in respect of any complaint received by it from a Data Subject about the processing of his or her Personal Data and providing (at the same time) the Data Controller with details and a copy of the complaint.
6.5 The Data Processor shall, where lawfully permitted, promptly notify the Data Controller of any communication from a regulatory authority in respect of a matter which concerns the Data Controller.
6.6 The Data Processor will promptly and properly deal with and respond to any and all reasonable requests and enquiries made by the Data Controller relating to its processing of the Personal Data.
6.7 The Data Processor will maintain records of processing activities carried out on behalf of the Data Controller containing the information prescribed in applicable Data Protection Legislation (including but not limited to the type of Personal Data processed and the purposes for which they are processed). The Data Processor shall make these records available to the Data Controller and supervisory authorities if and when required by such parties.
6.8 The Data Processor shall notify the Data Controller as soon as reasonably practicable upon it becoming aware that it is or is likely to become unable to comply with either its obligations under the Agreement or Data Protection Legislation, and/or the Data Controller’s requirements or instructions (whether specific or general) regarding the processing of the Personal Data.
6.9 If the Data Processor suspects or becomes aware of a Security Breach, it shall:
6.9.1 without undue delay on becoming aware of a Security Breach notify the Data Controller;
6.9.2 provide the Data Controller (as soon as is possible, and in no circumstance more than 24 hours after receiving a limited request) with such information that the Data Controller may reasonably request and that is available for collection relating to the Security Breach:
6.9.3 unless otherwise agreed with the Data Controller in writing, take action to stop the Security Breach, investigate the Security Breach and to identify, prevent and mitigate the effects of the Security Breach and to carry out any recovery or other action reasonably ne cessary to remedy the Security Breach; and
6.9.4 not release or publish any filing, communication, notice, press release, or report concerning the Security Breach without the Data Controller’s prior written approval (except where it is required to do so by applicable law).

Annex 1

1 Access control to premises and facilities
We will ensure or require of our Sub-Processors that controls are maintained to prevent unauthorised physical access to our Sub-Processors premises, datacentres or facilities holding personal data but have no obligation to provide security or back-ups of data other than as stated in Arken’s Standard Terms and Conditions.

2 Access control to systems
Appropriate technical and organisational measures for user identification and authentication will be maintained in accordance with Good Industry Practice to prevent unauthorised access to IT systems.

3 Access control to data
Appropriate measures will be maintained in accordance with Good Industry Practice to prevent authorised users from accessing data beyond their authorised access rights and prevent the unauthorised modification or disclosure of data. Authorised users shall be subject to a strict duty of confidentiality (whether a contractual duty or a statutory duty).

4 Disclosure control
Appropriate measures will be maintained, including encryption, to prevent the unauthorised access, alteration or removal of data during transfer, and to ensure that all transfers are secure and are logged.

5 Data Processing
Data is processed automatically by the Service.

Annex 2
DETAILS OF PERSONAL DATA PROCESSED

Categories of Personal Data
Personal data which identify the data subject and their personal characteristics including names, addresses, contact details, age, sex, date of birth, marital status, details of dependants as may be included by you and/or Authorised Users in the use of the Service. The examples given are not exhaustive.

Special categories of data
Sensitive Personal Data including physical or mental health or condition, racial or ethnic origin, political opinions, religious or other beliefs of a similar nature, trade union membership, sexual life. The examples given are not exhaustive.

Categories of data subjects
Individuals relating to whom Personal Data is held or used. The data subjects are your clients.

Description of Processing Activities
Processing of any Personal Data is incidental to the Services provided by us. No access to changes to, or other processing of any Personal Data is carried out as part of the Service other than as may be required on your specific written instructions.

SCHEDULE 3
Online Wills Data Security Policy

Overview of the Arken Online Will Writing Service

Arken.legal’s Online Will Writing Service is a cloud service provided by Arken.legal (UK) Limited and its subsidiaries in England & Wales. Businesses can register to use the Service and are required to complete a profile, purchase subscriptions and pay relevant fees. Once subscribed, the user can use the service to draft and download completed documents.

Arken.legal provides intelligent questionnaires for the user to input information, make selections, and choose options relevant to their circumstances. There is a live interaction between the front end and the server to present to the user relevant questions based on previously entered information, selections made, and options chosen. Simultaneously, the service dynamically drafts the document and presents to the user on-screen in real time.

Data Security
Overview

Arken.legal is committed to maintaining the highest operational standards in systems and processes to protect personal data in accordance with good industry practice. Arken.legal takes a “defence in-depth” approach to protecting its systems and user’s data. Multiple layers of security controls protect access to data, including physical and network security, firewalls and intrusion protection systems.
Arken.legal engages industry leading suppliers to leverage their expertise, experience, global threat and intelligence to protect its systems.

You control access
As a user of Arken.legal’s Online Wills Service, you have flexibility and control over access to the service by your authorised users.

User authentication
User access to Arken.legal’s Online Wills Service is through a log-in and password. Users are responsible for maintaining the security of their own log-in information.

Data Encryption
Arken.legal uses the latest industry standard SSL and TLS 1.3 (Transport Security Layer) with HSTS (HTTP Strict Transport Security) for enhance security and all data is encrypted in transit.

Facilities
Arken.legal uses enterprise-grade hosting facilities that are PCI and ISO accredited and employs robust physical security controls to prevent physical access to the service and redundant power, air-conditioning and communications. Controls include 24/7/365 monitoring and surveillance, on-site security staff and regular on-going security audits.
User data is held in accordance with Arken.legal’s Privacy Policy (available on request). User’s data is held only in the United Kingdom with redundancy and back-up strategies in place to minimise risk of data loss or outages.

People and Access
Arken.legal maintains administration accounts on the Service restricted to application he alth monitoring and performing system or application maintenance.
Only authorised Arken.legal personnel have access to data which is strictly limited to essential personnel only and only from Arken.legal equipment.

Monitoring
Arken.legal continuously monitors event logs, notifications, and alerts from all systems to identify and manage threats.
Version 3. April 2020