1. INTERPRETATION
1.1 In these terms, the following terms have the following meanings:
(a) Business Partner: the person acting as a business partner or sales representative, who wishes to upload or transfer (or permit others to upload or transfer) data (including Personal Data) to the Servers for the purpose of demonstrating certain software programs or solutions to End Customers.
(b) Data Protection Legislation: the Data Protection Act 2018 as amended or updated from time to time; (ii) the UK GDPR as defined in that act (iii) any other legally binding rules or regulations concerning the protection of personal data.
(c) Data Subject: an individual who is the subject of the Personal Data.
(d) End Customer: an actual or potential end customer of the Business Partner.
(e) Personal Data: any information that is regarded as personal data for the purpose of Data Protection Legislation and which is passed from the Business Parter or an End Customer to Sicon, or obtained by Sicon from the Business Partner or an end Customer, for the purpose, or in the course, of Sicon providing access to the Servers.
(f) Security Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed which affects the Personal Data covered by this agreement.
(g) Servers: means physical or virtual servers and/or platforms (whether hosted locally or in cloud solutions) owner, controller or operated by Sicon.
(h) Sicon: Sicon Limited (company number 03705644), with registered office address St Peters House, Olding Road, Bury St. Edmunds, Suffolk, IP33 3TA.
1.2 A reference to a person includes all natural and legal persons.
2. ACCESS TO SERVERS
2.1 Sicon has agreed to provide the Business Partner’s End Customer with access to the Servers, for the purpose of testing certain software programs or solutions (including those of Sicon) to End Customers (the Testing Activities).
2.2 In connection with the Testing Activities, the Business Partner or End Customer wishes to upload or transfer certain data of the End Customer to the Servers. Such data will include Personal Data.
2.3 In consideration of Sicon permitting the Business Partner or its End Customers to upload or transfer data to the Servers, the End Customer has agreed to the terms of this agreement.
3. PROCESSING ACTIVITIES
3.1 The parties acknowledge that for the purposes of Data Protection Legislation, Sicon is the Controller and the Processor (where Controller and Processor have the meanings as defined in Data Protection Legislation) of the Personal Data.
3.2 Sicon and the End Customer agree that:
(a) The nature and purpose of the processing by Sicon is the storage and hosting of, and providing access to, the Personal Data on the Servers for the purpose of the End Customer conducting Testing Activities.
(b) The subject-matter of the processing by Sicon is the Personal Data supplied to, or obtained by, Sicon in the course of providing access to the Servers.
(c) The Personal Data processed by Sicon will include identification data, employment data, bank account and financial data, and any other types of personal data contained within the systems of the End Customers.
(d) The categories of Data Subjects will be employees, customers, suppliers and business contacts of the End Customers.
3.3 Sicon shall only use and process Personal Data in accordance with the instructions of the End Customer.
4. COMPLIANCE WITH LAWS
4.1 Both parties will comply with all their respective obligations under Data Protection Legislation in connection with the processing of the Personal Data.
5. OBLIGATIONS OF THE END CUSTOMER
5.1 The End Customer shall not use the Servers, or upload or transfer (or permit any person to upload or transfer) Personal Data to the Servers, for any purpose other than to conduct the Testing Activities.
5.2 The End Customer shall indemnify and hold harmless Sicon against any and all claims, costs, damages, liabilities, losses, penalties, fines and expenses, suffered or incurred by Sicon as a result of, or in connection with:
(a) any breach by the End Customer of Data Protection Legislation and/or the provisions of this agreement;
(b) Sicon processing the Personal Data (except to the extent arising as a result of any error or omission by Sicon in breach of the terms of this agreement).
6. OBLIGATIONS OF SICON
6.1 Sicon shall, in relation to any Personal Data processed in connection with this agreement:
(a) process that Personal Data only on the written instructions of the End customer unless Sicon is required by applicable law to process the Personal Data;
(b) ensure that it has in place appropriate technical and organisational measures, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures;
(c) ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential;
(d) assist (at the cost and expense of the End Customer) the End Customer in responding to any request from a Data Subject and in ensuring compliance with its obligations under Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
(e) notify the End Customer without undue delay on becoming aware of a Security Breach (and in any event, within 24 hours of becoming aware of the Personal Data breach), and shall assist the End Customer in complying with the End Customer’s obligations under Data Protection Legislation in relation to a Security Breach;
(f) at the written direction of the End Customer, delete or return Personal Data and copies thereof to the End Customer on termination of this agreement unless required by law to store the Personal Data; and
(g) maintain complete and accurate records and information to demonstrate its compliance with this clause, and within 21 days of written request, provide the End Customer with all information reasonably necessary to demonstrate compliance with its obligations under this clause;
(h) at the cost and expense of the End Customer, allow for and contribute to audits, including inspections during normal working hours, by the End Customer (or an auditor nominated by the End Customer) in relation to the processing of the Personal Data by Sicon or its sub-processors, provided Sicon is given reasonable notice of such audits and inspections.
6.2 The End Customer authorises Sicon to transfer Personal Data to any country or territory outside of the UK or European Economic Area as reasonably necessary for the provision of the Servers, provided that Sicon first notifies the End Customer in writing, and complies with its obligations under Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred.
6.3
(a) Sicon may continue to use sub-processors already engaged by Sicon as at the date of this agreement, subject to sub-clause (b) below. Sicon shall provide details of such sub-processors on request.
(b) Sicon confirms that it has entered into a written agreement with all sub-processors providing, as a minimum, the same protections for the Personal Data as are imposed on Sicon under this agreement. Sicon may not use any sub-processor (whether or not already engaged) without having entered into such written agreement.
(c) Sicon shall give the End Customer prior written notice of the appointment of any new sub-processor, and if the End Customer objects to such appointment within 14 days of such notice, Sicon may not appoint such sub-processor without the written consent of the End Customer.
6.4 Sicon shall as soon as reasonably practicable, and in any event within 60 days after conclusion of the Testing Activities in respect of a given End Customer, delete all Personal Data relating to or provided by that End Customer, from the Server.
6.5 Sicon shall, and shall procure that its End Customer shall, obtain all necessary consents, and provided all necessary notices and information to Data Subjects, to permit End Customer to transfer the Personal Data to the Servers for the purpose of the Testing Activities
7. DURATION AND TERMINATION
7.1 Sicon may terminate access for the End Customer to the Servers:
(a) immediately on written notice to the End Customer, where Sicon reasonably considers that the End Customer is in breach of its obligations under this agreement or any other terms governing the use of the Servers; and
(b) in all other cases, on giving not less than 7 days’ notice in writing to the End Customer.
7.2 This agreement shall terminate immediately on termination of access to the Servers, save that its terms shall continue to apply to any Personal Data retained on the Servers.
7.3 On termination of access to the Servers, Sicon may (in its absolute discretion and without reference to the End Customer) immediately delete all Personal Data from the Servers.
8. MISCELLANEOUS
8.1 This agreement may only be varied in writing signed by both of the parties.
8.2 This agreement comprises the entire agreement between the parties relating to its subject matter.
8.3 This agreement and any dispute arising in connection with it (including in respect of its formation) is governed by the laws of England and Wales, and the courts of England and Wales shall have exclusive jurisdiction in respect of any dispute arising in connection with this agreement.
Last updated: October 2025