I have read and understood the Invu Terms and Conditions for accepting the upload of customer data and I confirm that I am authorized by the Customer (identified via supplied support ticket or project code as the password) to provide the Data and/or Documents to Invu for the Purpose described in the Project Documentation or Support Ticket.
Invu Terms and conditions for accepting the upload of customer data
1. “Invu” Invu Services Limited (company no. 03319922) whose registered office is Blisworth Hill Farm, Stoke Road, Blisworth, Northamptonshire. NN7 3DB
2. “Customer”: As identified by the Invu Customer reference used for logging into this upload service
Together “the Parties” and each may be referred to singularly as a Party
Whereas Customer has agreed to purchase and Invu has agreed to supply the Services and or InvuCare to Invu under the agreed Invu Standard Terms and Conditions of Sale the parties hereby agree that Invu has requested and Customer has accepted a transfer of Data and or Documents in accordance with these Terms.
Services and Invucare shall have the meaning described in the Invu Standard Terms and Conditions of Sale namely
“InvuCare” means the support and maintenance offered for sale with Invu Software as listed in Schedule 1. This includes the Support detailed in the Service Level Agreement detailed in clause 4 and the right to upgrade the Invu Software;
“Services” means labour hours provided for proof of concept, software installation, software implementation and other software engineering services as may be required from time to time;
“Confidential Information” means all information, disclosed by either of the Parties in any medium or format and all information acquired by the Parties as a result of the business relationship established by this Agreement including all information relating to in the case of Invu the Software and Services, and for both parties its business, products or services, or information of third parties held by it, , which is or might reasonably be considered to be confidential and including, for the avoidance of doubt, any Personal Identifiable Information “PII” as defined by the European Union General Data Protection Regulation “GDPR”.
“Data” means a copy of the Customer database
“Documents” means Customer documents that are stored in the Invu Document Management Software
“Invu Standard Terms and Conditions of Sale” either The terms agreed between the parties when the Software, Services and or InvuCare was originally acquired by the customer or the latest available version of the Invu Standard Terms and Conditions of Sale.
“Purpose” means carrying out work and investigations over the period documented in the ticket or project reference provided at the time of upload.
“Project Documentation” means the Statement of Work as described in the Invu Standard Terms and Conditions of Sale or any additional document describing the reason for the transfer of the Data and or Documents.
“Statement of Work” means a document describing the scope of work, deliverables and timeline for Professional Services (“the Services”)
“Service Ticket” means the document created by Invu that documents the work to be performed as part of the delivery of InvuCare including but not limited to replication of the issues reported, diagnosis of the issue reported or testing a fix to a feature requested by Customer
2.0 Obligations of Invu
2.1 Invu will treat the Data and the Documents as Confidential Information. Invu will hold confidential any Confidential Information provided to Invu by the Customer. Invu shall however be under no obligation to hold any information confidential which (i) is or becomes publicly available, or (ii) is independently developed by Invu or Invu’s agents, or (iii) is disclosed to Invu by a third party, or (iv) is required to be disclosed by order of any lawful authority, or (v) is disclosed by Invu to professional advisors, Agents, Insurers, parties involved with any Corporate transactions and Consultants provided they hold this information confidential, or (vi) is disclosed by Invu with the Customer’s prior written consent, or (vii) which Invu can demonstrate was in its possession prior to receipt from the Customer.
2.2 Invu will exercise appropriate technical and organisation measures to secure the Data and Documents taking into account the requirements of Article 32 of the GDPR and any specific requirements raised and documented by the customer at the time of the approval of such a transfer. Invu Security includes encrypted and permission controlled storage located physically at the Invu head office in the UK
2.3 Only Invu staff with a need to know the delivery of the InvuCare or Services will have access to the Data and/or Documents. Invu will provide an audit trail showing who has accessed the data on request.
2.4 To ensure that Invu staff with access to the Data and/or Documents are properly trained and supervised.
2.5 To report promptly any security breach that may impact the Data and/or Documents held by Invu.
2.6 To assist with any audit or review required by Customer concerning the Data and/or Documents held by Invu. Invu reserves the right to charge for such assistance.
2.7 Invu will not transfer the Data and/or Documents to any third party or allow any third party (including contractors to access the documents without the written approval of Customer in writing.
2.8 Invu will on receipt of a request from the customer delete the Data and/or Documents.
2.9 Invu will only hold the Data and/or Documents to fulfill the Purpose and only for the shorter of, the period documented in the Service Ticket or Project Documentation provided at the time of upload or completion of the project or closure of the Service Ticket. Where such period exceeds 90 days Invu will request continuing permission to hold the Data and/or Documents and for any subsequent 90 day period.
2.10 Invu notify Customer when Data and/or Documents are deleted. An automated email will be sent to the uploader to notify them that files related to a given Ticket or Project reference have been destroyed.
2.11 Invu will assist Customer if customer is required to fulfil a data subject access request, or other request required in support of Customer in fulfilling obligations under Chapter III “Rights of the Data Subject” of the GDPR, that requires disclosure of Data and/or Documents that have been transferred to Invu. Invu reserves the right to charge for such assistance.
2.12 If Invu receives a data subject access request related to Data and/or Documents transferred by Customer Invu will promptly inform Customer and 2.11 shall apply to the handling of such a request.
3.0 Obligations of Customer
3.1 Customer will only transfer Data and/or Documents to Invu with the prior approval of Invu and subject only to these Terms unless otherwise agreed in writing between the Parties.
3.2 Customer will notify Invu in advance if the Data and/or Documents transferred include personal data as defined by the GDPR Article 4 (1).
3.3 Customer will notify Invu in advance if the Data and/or Documents to be transferred include any special categories of personal data as referred to in the GDPR Article 9.
3.4 Customer will promptly notify Invu if it is subject to a data breach and the breach may involve either Data or Documents that have been copied to Invu.
3.5 Customer acknowledges that Invu is only holding documents for the purpose and that Invu will have no responsibilities in relation to processing the data beyond processing the documents for the purpose and security and access control over the documents. In particular Invu will have no responsibility to ensure the data held is accurate.
3.6 Customer warrants that it has the right to transfer the Data and/or Documents to Invu and where the Data and/or Documents contain personal data that Customer is the data controller as referred to in the GDPR.
4.1 This Terms are to be treated as an addendum to the Invu Standard Terms and Conditions of Sale
4.2 The General terms documented in the Invu Standard Terms and Conditions of Sale
4.3 If there is a conflict between interpretation of a term in these Terms and the Invu Standard Terms and Conditions of Sale the latter shall apply.
The below sections outline the data and process management at Invu
CUSTOMER DATA STORAGE & MANAGEMENT:
Data provided to Invu via this service is managed securely, confidentially and in accordance with GDPR regulation. The upload inbox is processed by the appointed Customer Data Owner at Invu who will place the data into encrypted and permission controlled storage held at the Invu head office in the UK
LIMITATION OF USE
This upload service is available for two types of upload: Support Ticket Data Files and Project Data Files. The data files provided will be used solely for the purpose our carrying out work and investigations framed by the ticket or project reference provided at the time of upload. More specifically:
a) Support Ticket Data Files: files uploaded with a ticket reference will be stored with that ticket reference. The files may be used to assist with the following tasks
a. Replication (at Invu) of the issue reported
b. Diagnosis of the issue reported
c. Testing a fix or feature
b) Project Data Files: Files uploaded with an Invu project reference will be stored against that project reference. The data may be used for
a. Building the solution defined in the project PID/Scope (at Invu)
b. Testing the solution (at Invu)
LIMITATION OF ACCESS
Without further consent the data provided is only made visible to Invu staff as defined below. The data is not forwarded on to other 3rd parties.
Who can see/Access the Data:
a) Support Ticket Data: Access is provided to the Support Team at Invu. Access may be extended to specific members of the development team if 3 level support is required. All activity (including accessing the data) is audited by the system.
b) Project Data: Access is only provided to staff as required and controlled by the Project
DELETION OF FILES
When the files are destroyed:
1. A customer may request the data to be destroyed at any time by submitting an email request for data destruction and citing the Invu project/ticket reference.
2. When a support ticket or project is closed the files are marked for deletion
3. When a ticket is open for 90 days or more the data linked to the ticket is reviewed and the data may be marked for deletion. If Invu wish to retain the data for longer than 90 days (for open tickets only) the permission will be requested by Invu
Notification of deletion
Once files are deleted an automated email will be sent to the uploader to notify them that files related to a given Ticket or Project reference have been destroyed