Intestacy Lead Generator Terms and Conditions

ARKEN.LEGAL INTESTACY TOOL TERMS AND CONDITIONS

You should read these terms and conditions carefully – by registering to use the Arken.legal Intestacy Tool you confirm that you accept the terms and conditions and agree to be bound by them.

In these terms and conditions:

“We”, “Us” or “Our” refer to Arken.legal Limited of General Wolfe House, 83 High Street, Westerham, Kent TN16 1PG.

“You” or “Your” means you, the individual, firm, practice, partnership, company or organization who registers with us to use the System for the purposes of the Service.

“Client” or “Clients” means the individual or individuals using the Service.

“Commencement Date” means the date you first gain access to the Service whether under a free trial or under a paid subscription.

“Confidential Information” shall include, but not be limited to, all information which is not publicly known including the business, finances, technology, trade secrets, and any other commercially sensitive information of either party regardless of its nature.

“Content” means all information and material contained on the Site and within the System and the Service, including, without limitation, code, data, text, software, photographs, pictures, graphics, questionnaire and document output.

Free Trial means the right to use the Service for the Free Trial Period without charge under such terms as may be offered by us from time to time.

Free Trial Period means the duration of the Free Trial under such terms as may be offered by us from time to time.

“Hosting Service” means the provision of storage space for the Site to be provided by us such hosting services to be available to the internet 24 hours a day, 7 days a week.

“Intellectual Property Rights” means all copyright, design right, registered designs, patents, trade and service marks, rights in relation to databases, know how, rights in confidential information, and all other intellectual property rights throughout the world, whether registered or unregistered, and including all rights to applications, pending registrations, renewals and reversions.

“License” means the license granted pursuant to these terms and conditions.

“Package” means any arrangement entered into between you and Arken for the provision of Arken services outside of our standard terms and conditions or outside of our standard pricing plans.

“Results” means any information displayed on screen as a result of the User using the Service.

“Server” means the web server owned or licensed by us to provide the Hosting Service.

“Service” means the Intestacy Tool for England and Wales offered by you to your clients.

“Site” means our website www.arken.legal.

“Standard Terms and Conditions” means the model client facing terms and conditions offered by us without responsibility as part of the System and which you may elect to adopt in the provision of the Service.

“Subscription Fees” means the monthly amount payable by you for the use of the System in accordance with Schedule 1 hereto.

“System” means the Arken Intestacy Tool used to provide the Service.

“URL Link” means your Uniform Resource Locator link to the Service.

“Your Data” means the information and data provided to us by you or inputted by you or Your Client into the Service.

1. TERM AND EXTENT OF LICENCE

1.1. During:

1.1.1. the term of a Free Trial, or

1.1.2. the continuance of the payment of the Subscription Fees, or, if the Service is included in a Package, during the term of that Package

we grant to you a non-exclusive and non-transferable licence from the Commencement Date to use the System for the purposes of the Service.

1.2. The Licence granted under Clause 1.1 shall commence on the Commencement Date and unless terminated under Clause 5 of this Licence shall remain in force for three months from the Commencement Date.

1.2.1. Subject to clause 1.2.2, the licence shall be automatically renewable for successive periods of three months unless not less than three (3) months prior written notice of termination is given by one party to the other.

1.2.2. Where the Commencement Date is at the start of a Free Trial, the Free Trial will automatically roll over into a paid subscription at the end of the Free Trial Period in accordance with clause 1.2.1 unless it is first terminated at any point during the Free Trial period. If no notice is given before the end of the Trial period, the Free Trial will come to an end and any notice to terminate will then have to be given in accordance with clause 1.2.1 to terminate the rolled-over paid subscription.

1.3. For the avoidance of doubt, the licence granted under clause 1.1 of this Licence does not entitle you to make the System or Service available from or via any third party website unless we give our prior written consent.

1.4. You shall not nor shall you permit others to decompile, reverse engineer or disassemble the System or any part save to the extent, if at all, permitted by law.

1.5. You shall not assign or sub-licence the benefit of this licence to a third party and you will ensure that the System is used in strict conformity with its terms.

2. YOUR OBLIGATIONS

2.1. You undertake and agree that you will at all times during the continuance of this licence and, where applicable, following termination, observe and perform the terms and conditions of this licence.

2.2. You warrant that the information provided by you in registering for the Service is correct and that none of such information and/or data, including banner, brand or logo, will breach any third party intellectual property rights or be intended or presented to as to mislead as to your identity, any you undertake and agree that you will:

2.2.1. Maintain and update such information as may be required from time to time;

2.2.2. Keep your password and log on details secure; and

2.2.3. Complete and return the Direct Debit Instructions to us.

2.3. You undertake to make any payments due to us in accordance with the terms of this licence. If your bank account details change you must notify us immediately and complete and return to us a new Direct Debit instruction.

2.4. You will bring to our attention immediately any improper or wrongful use of the System.

2.5. You will notify us immediately should you become aware of any System error which renders Results of the Service defective.

2.6. The generation of Results through the Service does not constitute legal advice on our part, and we cannot accept responsibility for the appropriateness of any Results.

2.7. In using the System and providing the Service, you must at all times act honestly and ethically, in accordance with the standards of good business practice and in accordance with the laws of England and Wales.

2.8. You must not do anything that would bring our good name or reputation or that of the System or Service into disrepute.

2.9. You must provide a set of Client Facing terms and conditions governing the use of the Service as between you and your Users. In the event that you choose to upload and use your own or other Client facing Terms and Conditions in the place of the Standard Terms and Conditions you undertake that such shall not be inconsistent with the terms and conditions of this licence. Any Client Facing terms and conditions must be no less onerous than the Standard Terms and Conditions, and as a minimum must:

2.10.

2.10.1. confirm that in respect of any User data inputted into the System, you are the Data Controller and that we are the Data Processor;

2.10.2. not create any relationship between Arken and any User.

2.11. You accept that it is your responsibility to satisfy yourself as to the efficacy and appropriateness of the Standard Terms and Conditions should you elect to use them.

2.12. You shall bear your own costs and expenses in relation to and incurred in performing your obligations under this licence.

2.13. You will cease to use the URL link immediately on the termination of this licence.

2.14. You will not incur any liability on our behalf.

3. OUR OBLIGATIONS

3.1. At the start of the Term, we will provision the System so that it can be embedded on your website. Any subsequent provisioning maybe charged for. To the extent that you need to do any internal development to allow the embedding of the Service on your website, this will be for you to undertake and at your cost.

3.2. During the continuance of the Licence, we will:

3.2.1. provide or procure technical maintenance of the System;

3.2.2. provide a telephone support line available to you during the hours of 09.00 and 17.00 Monday to Friday (with the exception of Public or Bank Holidays). For the avoidance of doubt, the support line is only available to you and not to your clients;

3.2.3. arrange the Hosting Service with UK web hosting company AWS or such other suitable third party hosting provider as we may decide from time to time;

3.2.4. rectify any material errors in the System as soon as possible after becoming aware or being notified (by you or a third party) of the same. We reserve the right to suspend the Service while any such errors are rectified; and

3.2.5. comply with all current data protection legislation and our Online Wills Data Protection Policy (“Data Protection Policy”) available at Schedule 2 and our Data Security Policy (“Data Security Policy”) available at Schedule 3 as may be amended by us at our sole discretion from time to time.

4. RESERVATION OF RIGHTS

4.1. We reserve the right to:

4.1.1. Suspend the System at our sole discretion at any time;

4.1.2. Withdraw the System for any reason and at any time, subject to the provisions of Clause 5.2;

4.1.3. to change these terms and conditions without notice at any time; and

4.1.4. to vary the amount of the Subscription Fees on giving you at least one (1) months written notice unless the Service is included in a Package.

5. TERMINATION

5.1. Either party may terminate this licence upon giving written notice in accordance with the terms of Clause 1.2.

5.2. If we exercise our right to withdraw the System, we will give you three (3) months prior written notice of such withdrawal.

5.3. We may terminate this licence with immediate effect if you are in breach of any of its terms and conditions, including, without prejudice to the generality of the foregoing, the non-payment or late payment of any payments due to us.

5.4. In the event of termination under Clause 5.2 your liability to pay the Subscription Fees will cease at the end of such three (3) month notice period.

5.5. In the event of termination under the provisions of Clause 5.3 you shall remain liable to us for (i) any unpaid Subscription Fees to the date of termination and for the remainder of the licence term.

6. WARRANTIES AND IPR

6.1. We warrant that:

6.1.1. we have full right and power to grant this licence; and

6.1.2. the System does not infringe any industrial of Intellectual Property Rights of a third party.

6.2. You shall not acquire any right title or interest in any Intellectual Property Rights in the System or any part thereof or in any methodology, techniques, knowhow, methods or general business or technical knowledge used or developed by us in the creation of the System or in any content supplied by us which shall remain our property.

6.3. Other than the express warranties contained in this Clause 6, we make no other representations or warranty of any kind, express or implied, regarding the System, including, but without limitation, warranties of satisfactory quality or fitness for a particular purpose.

6.4. We do not warrant the functionality or compatibility of the System with any particular browser or operating environment.

6.5. We do not warrant the completeness, legality, effectiveness under law or otherwise or appropriateness of the Standard Terms and Conditions.

6.6. We do not warrant that the availability of the System or the Service will be uninterrupted or error free.

7. NON RECOURSE

7.1. You shall have no claim against us arising from any third party actions brought against you arising from the use of the System or Service or the content of any Results created by the System.

7.2. You assume sole responsibility and entire risk as to the suitability of the System in the provision of the Service, Results obtained therefrom, and any decision made or actions taken based on information or data contained in or generated by the System and/or Service. You acknowledge that in our providing and maintaining the System:

(a) we cannot under any circumstances be regarded as supplying tax, legal or accounting advice, which you yourself must provide or procure;

(b) you are not relieved of any responsibility, including to any third party, for the preparation, content, accuracy and review of Documents created; and

(c) it is not intended nor can it be relied upon as a substitute for your proper professional judgement in the circumstances.

8. LIMITATION OF LIABILITY

8.1. Whilst we will take such measures as are consistent with good industry practice to reasonably ensure that the System is fit for purpose and free from viruses, Trojan horses and worms, we do not accept liability for:

(a) the transmission of any virus, Trojan horse, worm or other routine or device;

(b) any inaccuracy of information provided as part of the System or the Service;

(c) the content of any documentation created by the System; or

(d) failure in the sending or delivery of emails.

8.2. We accept no responsibility for the appropriateness of any Results produced by the System.

8.3. We are not liable under, or in relation to, these terms and conditions or the System or Service (whether such liability arises due to negligence, breach of contract, misrepresentation or for any other reason) for any:

(a) loss of profits;

(b) loss of sales or turnover;

(c) loss of business;

(d) loss of, or loss of use of, or corruption of data;

(e) loss of, or loss of use of, any computer or other equipment or plant;

(f) loss of or damage to reputation;

(g) loss of opportunity;

(h) loss or corruption of information;

(i) loss of anticipated savings;

(j) loss or wasted time;

(k) indirect loss or damage;

(l) consequential loss or damage; or

(m) special loss or damage,

even if we shall have been advised of the possibility of any such loss and for the purposes of this clause the term “loss” includes a partial loss or reduction in value as well as a complete or total loss.

8.4. Subject to 8.3 above our aggregate maximum liability to you in contract, tort or otherwise (including liability for negligence or breach of statutory duty) under or in connection with these terms and conditions shall be limited to a sum equal to three (3) months Subscription Fee.

8.5. We shall have no liability whatsoever for any liability you may incur to any third party.

9. YOUR DATA

9.1 As between you and us, you will own all Intellectual Property Rights and other rights, title and interest in and to Your Data and you will have sole responsibility for the legality, reliability, integrity, accuracy, quality and security of Your Data.

9.2 You warrant that you have all necessary rights, consents and licences to provide Your Data to us in accordance with the Agreement and that use of Your Data will not infringe the Intellectual Property Rights or other rights of any third party.

9.3 We will follow archiving procedures for Your Data as set out in our back-up policy (as may be amended by us at our sole discretion from time to time) a copy of which is available upon request (“Back-Up Policy”). In the event of any loss or damage to Your Data caused by us, your sole and exclusive remedy will be for us to use reasonable commercial endeavours to restore the lost or damaged data from the latest back-up of Your Data maintained by us in accordance with our Back-Up Policy. We will not be responsible for any loss, destruction, alteration or disclosure of Your Data caused by any third party (except those third parties sub-contracted by us to perform maintenance and back-up services of Your Data).

9.4 It is your responsibility to maintain your own record and copies of Your Data created via the Service as required by any applicable laws and your own internal data retention policies.

9.5 If you contact a User or use User Data which a User has inputted into the Service, it is your obligation to ensure that you have obtained all necessary permissions and comply with all relevant Data Protection legislation in that regard.

9.6 In providing the Service, we will comply with the Data Protection Legislation as defined in the most recent Data Protection Policy available on the Arken website (www.arken.legal). Where there is any inconsistency between the terms of the Data Protection Policy and any term of the Agreement, the terms of the Data Protection Policy shall take precedence only in respect of the processing of Your Data. References to “include”, “includes” and “including” shall be read as being followed by “without limitation” so as to provide a non- exhaustive list of examples.

10. GENERAL

10.1. These terms and conditions are the only terms and conditions applying to our supply of the System or to the Service and apply to the exclusion of any other express or implied conditions including any terms and conditions to which any order of yours may purport to be subject.

10.2. No variation to these terms and conditions shall be binding unless agreed in writing between duly authorized representatives of the parties.

10.3. In these terms and conditions, the introduction and the schedules, any reference:

(a) to any statute or statutory provision includes a reference to that statute or statutory provision as amended, extended or re-enacted and to any regulation, order, instrument or subordinate legislation under the relevant statute or statutory provision;

(b) to the singular includes a reference to the plural and vice versa;

(c) to any gender includes a reference to any other genders;

(d) to clause numbers or schedules shall be those in these terms and conditions.

10.4. No delay or forbearance by us in enforcing any provisions of these terms and conditions shall be construed as a waiver of such provision or any agreement thereafter not to enforce the said provision on that or any other occasion or another provision on another occasion.

10.5. We shall not be liable for any delay or failure to perform our obligations pursuant to this licence resulting from circumstances or events outside of our control or if such delay or failure is due to force majeure.

10.6. The System does not provide legal advice nor represent a legal advisory service.

10.7. If any provisions of these terms and conditions is found void and unenforceable, it will not affect the validity of the remainder of the provisions which shall remain valid and enforceable.

10.8. Where two or more legal entities constitute you, their liability shall be joint and severable.

10.9. These terms and conditions shall be governed by the laws of England and Wales.

10.10. Headings used in these terms and conditions are for ease of reference only and shall not affect its interpretation.

SCHEDULE 1

The amounts payable by you for the use of the System:

Standard Fee : £50 per calendar month

Multi-product Discount : if you subscribe to another product or service offered by Arken (except any Flex plans), you will receive a 50% discount on the Standard Fee

Package Inclusion: if you subscribe to the Service as part of a Package of products, then your Subscription Fee will be deemed to be included in the fee already paid for that Package.

All sums are exclusive of VAT which shall be added at the rate current from time to time.

These amounts may be varied under the provisions of Clause 4.1.4 of these terms and conditions.

SCHEDULE 2

Data Protection Policy

1 DEFINITIONS AND INTERPRETATION

1.1 In this Policy all capitalised terms shall have the same meanings as in the Online Wills Terms and Conditions as well as the following meanings:

“Data Controller” means You and/or Authorised Users.

“Data Processor” means Us.

“Data Processor Personnel” means the Data Processor and/or each of its Sub-Processors and the officers, employees, agents, consultants, representatives and other personnel of each of the Data Processor and each Sub-Processor.

“Data Protection Legislation” means the European Directives 95/46 and 2002/58/EC (as amended by Directive 2009/139/EC) and any legislation and/or regulation implementing or made pursuant to them including but not limited to the Data Protection Act 1998, or which amends, replaces, re-enacts or consolidates any of them (including the General Data Protection Regulation, EU 2016/67), and including, where applicable, the guidance and codes of practice issued by the supervisory authorities (including the Information Commissioner).

“Good Industry Practice” means (in relation to any activity and under any circumstances) exercising the same skill, expertise and judgment and using facilities and resources of a similar or superior quality as would be expected from a person who: (a) is skilled and experienced in providing the services in question, seeking in good faith to comply with his or her contractual obligations and seeking to avoid liability arising under any duty of care that might reasonably apply; (b) takes all proper and reasonable care and is diligent in performing his or her obligations; and (c) complies with all applicable law.

“Request” means a subject access request or request to erase or correct Personal Data.

“Security Breach” means any actual loss, unauthorised or unlawful destruction, alteration, or unauthorised disclosure of, or access to the Personal Data (accidental or otherwise) and/or any other irregularity in processing the Personal Data.

“Sensitive Personal Data” has the meaning given to it in the Data Protection Legislation.

“Sub-Processor” means any sub-contractor to which the Data Processor has sub-contracted, or in the future may sub-contract, any of its obligations under Arken’s Standard Terms and Conditions and in performing such obligations the sub-contractor will receive and process Personal Data including UKFast, Amazon Web Services, Microsoft Azure, Active Campaign, Google Analytics, Zendesk, Cloudflare, Mailgun, Auth0, Segment or as otherwise notified by the Data Processor in writing from time to time.

“Working Days” means Monday to Friday, excluding Public and Bank Holidays, in England & Wales.

1.2 For the purposes of this Policy Data Subject,Personal Data, Processing,transfer (in the context of Personal Data transfers) and appropriate technical and organisational measures shall be interpreted in accordance with the implementation of Directive 95/46/EC, or other applicable Data Protection Legislation, in the relevant jurisdiction.

2 PROCESSING PERSONAL DATA

2.1 In providing the Services, the Data Processor shall process Personal Data on behalf of the Data Controller. The type of Personal Data to be Processed, and the categories of Data Subjects are set out in Annex 2 (Details of Personal Data Processed).

2.2 Both parties will comply with all applicable requirements of Data Protection Legislation. This Policy is in addition to, and does not relieve, remove or replace, a party’s obligations under Data Protection Legislation.

3 RESTRICTIONS ON USE OF PERSONAL DATA

3.1 In processing Personal Data on behalf of the Data Controller, the Data Processor shall:

3.1.1 process the Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or the proper performance of its obligations under the Agreement or as is required by law or any regulatory body. The Data Processor may only correct, delete or block the Personal Data processed on behalf of the Data Controller as and when instructed to do so by the Data Controller or, if applicable, a Data Subject;

3.1.2 process the Personal Data only in accordance with the written instructions from the Data Controller or as otherwise lawfully and reasonably notified in writing (including via email) by the Data Controller to the Data Processor during the term of the Agreement (and the Data Controller hereby instructs the Data Processor to process that Personal Data as required to perform its obligations under the Agreement). If the Supplier is required to process the Personal Data for any other purpose by European Union or Member State law, the Data Processor will inform the Data Controller of this legal requirement to the extent permitted to do so by European Union or Member State law; and

3.1.3 ensure that Personal Data is only processed by Data Processor Personnel who are reasonably required to do so in order to enable the Data Processor to comply with its obligations under the Agreement.

3.2 The Data Processor shall ensure that any Data Processor Personnel to whom Personal Data is disclosed are obliged to keep the Personal Data confidential.

3.3 The Data Controller specifically authorises the appointment of any Sub-Processor identified in this Policy, Annex 1 or Annex 2 and generally authorises the Data Processor to appoint further or alternative Sub-Processors. Where the Data Processor appoints or replaces a Sub-Processor it shall:

3.3.1 notify the Data Controller not less than 30 days in advance of any intended changes concerning the addition or replacement of such Sub-Processors. If the Data Controller wishes to object to such changes, it must do so within 30 days of receiving such notice, by notifying the Data Processor in writing accompanied by its reasons for such objection. Following any such objection, the Data Processor may engage with the Data Controller to provide alternatives or assurances in relation to such change. If the Data Controller (acting reasonably in relation to its legal or regulatory compliance obligations) continues to object to such changes the Data Controller may, within 30 days of receipt of the original notice, terminate on written notice without penalty the relevant services directly affected by that change. Where the Data Controller does not provide such written notice of such termination, or continues to use such services following the change, it shall be deemed to have accepted such change;

3.3.2 remain fully liable for all acts or omissions of any Sub-Processor engaged by it (and such engagements shall be on such Sub-Processors’ terms of business which incorporate data protection obligations which are the same or not less onerous in their effect as those set out in this Policy.

3.4 The Data Processor shall not acquire any right, title or interest in and to any of the Personal Data disclosed to it by the Data Controller.

4 SECURITY PROVISIONS

4.1 In processing Personal Data on behalf of the Data Controller, the Data Processor shall implement and shall ensure that it has in place at all times appropriate technical and organisational measures to prevent unlawful or unauthorised processing, accidental or unlawful destruction, damage, accidental loss, alteration, unauthorised disclosure of or access to the Personal Data in accordance with the compliance principles contained in Annex 1 and the Data Protection Legislation.

4.2 As soon as reasonably practicable following a request from the Data Controller, the Data Processor shall provide to the Data Controller all information reasonably necessary to demonstrate and ensure compliance with Clause 4.1 save that the Data Processor shall not be obliged to disclose specific security information which would jeopardise the security of the Software, Service or the Personal Data.

4.3 The Data Processor shall back up the Personal Data in accordance with its Back-Up Policy.

5 RESTRICTION ON TRANSFER OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)

5.1 The Data Processor shall not transfer Personal Data outside the EEA without the express prior written consent of the Data Controller (and the Data Controller hereby instructs and authorises the Data Processor to transfer Personal Data outside the EEA where required for the provision of the Services, including but not limited to where Personal Data is accessed by or on behalf of the Data Controller from outside the EEA, and where the Data Controller has been notified that an authorised Sub-Processor is located or stores or accesses Personal Data outside the EEA).

5.2 Where the Data Controller gives consent to a transfer outside the EEA, the Data Processor shall take such steps as may reasonably be required by the Data Controller on an ongoing basis to ensure there is adequate protection for such Personal Data in accordance with applicable Data Protection Legislation, which may include the Data Processor (or, where applicable, the Data Processor’s affiliate, Sub-Processor or other relevant third party) entering into the standard contractual clauses set out in the European Commission’s Decision 2010/87/EU of 5 February 2010 for the transfer of Personal Data to processors established in third countries (“Standard Contractual Clauses” with the Data Controller (as determined by the Data Controller) in the form prescribed by the European Commission (as may be amended by agreement of the Parties for compliance with applicable Data Protection Legislation requirements).

6 ASSISTANCE WITH COMPLIANCE

6.1 The Data Processor shall comply (and undertakes to ensure that the Data Processor Personnel do likewise) at all times with the requirements of the Data Protection Legislation and shall perform its obligations under the Agreement in such a way as to assist the Data Controller in complying with its obligations under the Data Protection Legislation taking into account the nature of the Processing and the information available to the Data Processor.

6.2 The Data Processor will at the cost of the Data Controller permit and arrange all reasonable access and assistance required for audits (including but not limited to inspection) by the Data Controller (and/or its auditors, representatives and/or any supervisory or government body, including the Information Commissioner (excluding where any representative is a competitor of the Data Processor)) in relation to compliance with this Policy subject to reasonable and appropriate confidentiality undertakings being given by the Data Controller’s auditors or representatives to inspect and audit the Data Processor’s Processing activities.

6.3 The Data Processor will assist the Data Controller, at the Data Controller’s cost, if it receives a Request from a Data Subject in relation to his or her Personal Data (insofar as this is possible).

6.4 The Data Processor will assist the Data Controller in respect of any complaint received by it from a Data Subject about the processing of his or her Personal Data and providing (at the same time) the Data Controller with details and a copy of the complaint.

6.5 The Data Processor shall, where lawfully permitted, promptly notify the Data Controller of any communication from a regulatory authority in respect of a matter which concerns the Data Controller.

6.6 The Data Processor will promptly and properly deal with and respond to any and all reasonable requests and enquiries made by the Data Controller relating to its processing of the Personal Data.

6.7 The Data Processor will maintain records of processing activities carried out on behalf of the Data Controller containing the information prescribed in applicable Data Protection Legislation (including but not limited to the type of Personal Data processed and the purposes for which they are processed). The Data Processor shall make these records available to the Data Controller and supervisory authorities if and when required by such parties.

6.8 The Data Processor shall notify the Data Controller as soon as reasonably practicable upon it becoming aware that it is or is likely to become unable to comply with either its obligations under the Agreement or Data Protection Legislation, and/or the Data Controller’s requirements or instructions (whether specific or general) regarding the processing of the Personal Data.

6.9 If the Data Processor suspects or becomes aware of a Security Breach, it shall:

6.9.1 without undue delay on becoming aware of a Security Breach notify the Data Controller;

6.9.2 provide the Data Controller (as soon as is possible, and in no circumstance more than 24 hours after receiving a limited request) with such information that the Data Controller may reasonably request and that is available for collection relating to the Security Breach:

6.9.3 unless otherwise agreed with the Data Controller in writing, take action to stop the Security Breach, investigate the Security Breach and to identify, prevent and mitigate the effects of the Security Breach and to carry out any recovery or other action reasonably necessary to remedy the Security Breach; and

6.9.4 not release or publish any filing, communication, notice, press release, or report concerning the Security Breach without the Data Controller’s prior written approval (except where it is required to do so by applicable law).

Annex 1

1 Access control to premises and facilities

We will ensure or require of our Sub-Processors that controls are maintained to prevent unauthorised physical access to our Sub-Processors premises, datacentres or facilities holding personal data but have no obligation to provide security or back-ups of data other than as stated in Arken’s Standard Terms and Conditions.

2 Access control to systems

Appropriate technical and organisational measures for user identification and authentication will be maintained in accordance with Good Industry Practice to prevent unauthorised access to IT systems.

3 Access control to data

Appropriate measures will be maintained in accordance with Good Industry Practice to prevent authorised users from accessing data beyond their authorised access rights and prevent the unauthorised modification or disclosure of data. Authorised users shall be subject to a strict duty of confidentiality (whether a contractual duty or a statutory duty).

4 Disclosure control

Appropriate measures will be maintained, including encryption, to prevent the unauthorised access, alteration or removal of data during transfer, and to ensure that all transfers are secure and are logged.

5 Data Processing

Data is processed automatically by the Service.

Annex 2

DETAILS OF PERSONAL DATA PROCESSED

Categories of Personal Data

Personal data which identify the data subject and their personal characteristics including names, addresses, contact details, age, sex, date of birth, marital status, details of dependants as may be included by Users in the use of the Service. The examples given are not exhaustive.

Categories of data subjects

Individuals relating to whom Personal Data is held or used. The data subjects are your clients or prospective clients.

Description of Processing Activities

Processing of any Personal Data is incidental to the Services provided by us. No access to changes to, or other processing of any Personal Data is carried out as part of the Service other than as may be required on your specific written instructions.

SCHEDULE 3

Data Security Policy

Overview of the Arken Intestacy Tool Service
Arken.legal’s Intestacy Tool Service is a cloud service provided by Arken.legal (UK) Limited in England & Wales. Businesses can register to use the Service and are required to complete a profile, purchase subscriptions and pay relevant fees. Once subscribed, the user can use the service to generate leads by providing a User questionnaire asking about their personal circumstances and displaying Results indicating what would be the likely outcome if the User died without making a Will .

Arken.legal provides intelligent questionnaires for the user to input information, make selections, and choose options relevant to their circumstances. There is a live interaction between the front end and the server to present to the user relevant questions based on previously entered information, selections made, and options chosen. Simultaneously, the service dynamically drafts the Results.

The Business can select whether the User has to input their personal contact data before the Results are displayed. Businesses can also opt to allow User Data to be transferred to other Arken products so that a Will document can be drafted for them without rekeying Data.

Data Security
Overview
Arken.legal is committed to maintaining the highest operational standards in systems and processes to protect personal data in accordance with good industry practice. Arken.legal takes a “defence in-depth” approach to protecting its systems and user’s data. Multiple layers of security controls protect access to data, including physical and network security, firewalls and intrusion protection systems.

Arken.legal engages industry leading suppliers to leverage their expertise, experience, global threat and intelligence to protect its systems.

You control access
As a user of Arken.legal’s Intestacy Tool Service, you have flexibility and control over access to the service by Users by supplying or withdrawing the relevant URL.

Data Encryption
Arken.legal uses the latest industry standard SSL and TLS 1.3 (Transport Security Layer) with HSTS (HTTP Strict Transport Security) for enhance security and all data is encrypted in transit.

Facilities
Arken.legal uses enterprise-grade hosting facilities that are PCI and ISO accredited and employs robust physical security controls to prevent physical access to the service and redundant power, air-conditioning and communications. Controls include 24/7/365 monitoring and surveillance, on-site security staff and regular on-going security audits.

User data is held in accordance with Arken.legal’s Privacy Policy (available on request). User’s data is held only in the United Kingdom with redundancy and back-up strategies in place to minimise risk of data loss or outages.

People and Access
Arken.legal maintains administration accounts on the Service restricted to application health monitoring and performing system or application maintenance.

Only authorised Arken.legal personnel have access to data which is strictly limited to essential personnel only and only from Arken.legal equipment.

Monitoring
Arken.legal continuously monitors event logs, notifications, and alerts from all systems to identify and manage threats.

January 2021