United Kingdom

Updated on 1 July 2023

1. Definitions and interpretation

1.1 Clause 1 of the Terms shall apply to these Country Specific Terms.

1.2 Any reference to a ‘clause’ in these Country Specific Terms are to clauses set out in these Country Specific Terms unless stated otherwise.

1.3 In addition to the definitions set out in the Terms, the following definitions shall apply in these Country Specific Terms, and where applicable, in the Terms:

Assurance Documentation means the information available on the ‘Governance’, ‘Legal’ and ‘Investors’ pages of the Iress website (www.iress.com) from time to time, together with Iress’ standard pack of assurance information which is available to the Customer on request.

Authorised Processor means a Subprocessor engaged by Iress in accordance with clause 2.8.

EU GDPR means the General Data Protection Regulation (EU) 2016/679

Group means a member of the group of companies of which the party referred to forms part, comprising that party and all other companies from time to time being that party’s holding company, subsidiaries of that party, subsidiaries of that party’s holding company; “subsidiary” and “holding” bearing the meanings ascribed to them in Section 1159 of the Companies Act 2006.

Office Hours means 09:00-17:00 on a Business Day.

Privacy Legislation means the UK Data Protection Legislation and, to the extent applicable, any other European Union legislation relating to personal data (including the EU GDPR) and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of Personal Data (including, without limitation, the privacy of electronic communications).

Subprocessor means any person (including any third party and any member of the Iress Group, but excluding an employee of Iress) appointed by or on behalf of Iress to process Customer Personal Data on behalf of Iress.

UK Data Protection Legislation means all applicable data protection and privacy legislation in force from time to time in the UK including the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended.

UK GDPR means the General Data Protection Regulation (EU) 2016/679 as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018.

The terms "Controller", “Processor”, "Data Subject", “Personal Data", “Personal Data Breach”, and "processing" shall have the meaning given to those terms in the UK GDPR (and "process" and "processed" shall be construed accordingly), and the term “Supervisory Authority” shall have the meaning given to it in the EU GDPR.

2. Privacy

2.1 Processing of Customer Personal Data

a) The parties agree that for the purposes of the Privacy Legislation Iress shall, in the course of the provision of the Iress Services, be acting as a Processor in respect of the Customer Personal Data.

b) Notwithstanding Clause 2.1(a), the parties acknowledge and agree that Iress may anonymise certain of the Customer Personal Data for research, statistical or commercial purposes, and in such circumstances Iress shall undertake such processing as a separate Controller.

c) Each party agrees to comply with the Privacy Legislation applicable to it in its role as Controller or Processor (as the case may be) to the extent that it relates to the provision and/or receipt of the Iress Services provided under this Agreement.

d) Iress shall not process any Customer Personal Data on behalf of the Customer other than on the documented instructions of the Customer (provided that such instructions are within the scope of the Iress Services), unless Iress is required to process the Customer Personal Data by any law to which Iress is subject (in such a case Iress shall inform the Customer of that legal requirement before processing unless that law prohibits Iress from so notifying the Customer). For the avoidance of doubt, an instruction given by an Authorised User shall be deemed to have been given on behalf of the Customer.

e) Details regarding the scope, nature and purpose of the processing, the type of Personal Data processed by Iress, the duration of the processing and the categories of Data Subject (the “Processing Information”) are set out in annex 1. The Customer instructs and authorises Iress (and any Authorised Processor), on the Customer’s behalf, to process the Customer Personal Data in a manner consistent with annex 1, and where the Customer is acting on behalf of a member of its Group, the Customer warrants that it is and will at all relevant times remain duly authorised to give the instruction set out in this clause on behalf of each relevant member of the Customer’s Group.

2.2 Security and Confidentiality

a) Iress shall ensure that appropriate technical, organisational and security measures are taken against unauthorised or unlawful processing of the Customer Personal Data and against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, such Personal Data, and on request confirm to the Customer in writing the measures it has adopted.

b) Iress shall take reasonable steps to ensure the reliability of any employee, agent or contractor of Iress or any Authorised Processor who may have access to Customer Personal Data, and shall ensure that such personnel are aware of the confidential nature of the Customer Personal Data and are subject to enforceable duties of confidence in respect of Customer Personal Data.

2.3 Requests by Data Subject

Iress shall notify the Customer promptly upon receipt of any subject access request or other request received from a Data Subject in accordance with the Privacy Legislation, and at the Customer’s cost, assist the Customer utilising appropriate technical and organisational measures, in so far as this is possible, in order that the Customer may respond to any such request in a timely manner and in accordance with the Customer’s obligations under the Privacy Legislation.

2.4 Breach Notification

a) Iress shall notify the Customer without undue delay upon becoming aware of a Personal Data Breach affecting the Customer Personal Data.

b) Iress shall provide all cooperation and information reasonably requested by the Customer in respect of a Personal Data Breach as soon as possible following the detection of the Personal Data Breach by Iress, including (i) details of the nature of the Personal Data Breach, (ii) details of the Customer Personal Data compromised, (iii) details of how the Personal Data Breach is being investigated and remedial steps already put in place and to be put in place; and (iv) contact details of the person within Iress where more information can be obtained regarding the Personal Data Breach. To the extent that the information detailed above cannot be provided at the same time, it may be provided in phases without undue delay.

2.5 Data Protection Impact Assessment and Prior Consultation

Iress shall, at the Customer’s cost, provide reasonable assistance to the Customer in relation to any data protection impact assessments and prior consultations with Supervisory Authorities or other competent data privacy authorities, which the Customer reasonably considers to be required pursuant to the Privacy Legislation, in each case solely in relation to the processing of the Customer Personal Data by, and taking into account the nature of the processing and information available to, any Authorised Processor.

2.6 Audit Rights

Iress shall maintain all necessary records and information to demonstrate its compliance with the provisions set out in this schedule and shall allow for audits to be conducted by the Customer (or an auditor mandated by the Customer) in accordance with clause 3.

2.7 Deletion or return of Customer Personal Data

Iress shall, upon receipt of a written request from the Customer, delete or return all Customer Personal Data at the end of the provision of the Iress Services to which the Customer Personal Data relates, provided that Iress may retain copies of the Customer Personal Data in accordance with any legal and regulatory requirements, and any guidance that has been issued in relation to deletion or retention by a Supervisory Authority.

2.8 Sub-processing

a) Iress shall not engage a Subprocessor without the prior authorisation of the Customer.

b) For the purposes of clause 2.8(a), the Customer shall be deemed to have authorised those Subprocessors set out in the list at https://www.iress.com/resources/legal/data-protection/ (the “Authorised Processor List”). The Authorised Processor List will include details of the country in which the Subprocessor is based and the nature of the processing services to be provided by that Subprocessor. At least 30 days prior to authorising a new Subprocessor to access Customer Personal Data Iress shall provide notice to the Customer by updating the Authorised Processor List. Customers may receive notifications of any updates to the Authorised Processor list by emailing dpa@iress.com with the subject “Subscribe”.

c) If the Customer objects on reasonable grounds relating to data protection to Iress’ use of a new Subprocessor then the Customer shall promptly, and within 30 days following Iress’ notification pursuant to clause 2.8(b) above, provide written notice of such objection to Iress. In the event Iress decides that notwithstanding the Customer’s objection it is reasonable for it to continue with the appointment of the relevant Subprocessor, Iress shall notify the Customer prior to authorising the relevant Subprocessor to process Customer Personal Data and the Customer shall be entitled to terminate all or part of the Services with immediate effect upon written notice to Iress. The Customer shall remain obligated to make all payments required under this Agreement up to and including the relevant termination date. If the Customer does not notify Iress of any objections and/or terminate this Agreement in accordance with this clause 2.8(c) then it shall be deemed to have authorised the appointment of the relevant Subprocessor.

d) Iress shall ensure that any arrangement between Iress and a Subprocessor is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this schedule and meet the requirements of article 28(3) of the UK GDPR and the EU GDPR.

2.9 Transfers of Customer Personal Data outside of the UK

The Customer agrees that in the course of providing the Iress Services, Iress may transfer Customer Personal Data:-

a) to an Authorised Processor who is located outside of the UK, provided that such transfer is made in accordance with any obligations or standards imposed by the Privacy Legislation; or

b) to a Third Party Service Provider who processes data outside of the UK in accordance with clause 2.10(b).

2.10 Customer Acknowledgment

a) Without prejudice to the generality of clause 2.1(b) above, the Customer shall ensure that all required fair processing notices have been given to the relevant Data Subjects (and/or, as applicable, consents obtained) which are sufficient in scope to enable Iress and/or any of the Authorised Processors to lawfully Process the Customer Personal Data and to carry out their obligations under this Agreement in accordance with the Privacy Legislation.

b) Where the Customer receives Third Party Services pursuant to the terms of the Agreement the Customer:

(i) acknowledges that this may involve Iress sending certain Customer Personal Data to the relevant Third Party Service Provider on behalf of the Customer (but for the avoidance of doubt, the Third Party Service Provider shall not be deemed to be a Subprocessor of Iress);

(ii) authorises Iress to transfer Customer Personal Data to a Third Party Service Provider, including where such Third Party Service Provider is based outside of the UK.

3. Audit and review

3.1 (Subject to clause 3.2 to 3.4, Iress agrees to allow for and contribute to audits conducted by or on behalf of the Customer by:

(a) making available to the Customer (or its Permitted Recipients) its Assurance Documentation; and

(b) providing any relevant information or documentation (including copies thereof) relating to the Iress Services to a Regulatory Authority, upon receipt of a written request from a Regulatory Authority to do so.

3.2 The audit rights set out above are subject to:

a) a request pursuant to clause 3.1(a) being limited to once every 12 months, unless (i) otherwise required by a Regulatory Authority; or (ii) an inspection of the Assurance Documentation reveals a material default by Iress – in either case this restriction will not apply;

b) any confidentiality obligations owed to third parties, and subject to compliance with any relevant Iress’ policies and process which are notified to the Customer;

c) if the Customer receives any Services which are provided by Amazon Web Services, Inc (“AWS”), then:

(i) Iress shall review AWS’ service organisation controls 1, type 2 report (or such alternative industry standard reports or certifications that are substantially equivalent as reasonably determined by AWS) (“AWS Audit Report”) no less than bi-annually in order to satisfy itself as to the ongoing effectiveness of the security measures provided by AWS in relation to those of the Iress Services performed by AWS;

(ii) Iress may share with the Customer certain AWS compliance reports if Iress is permitted to do so pursuant to the terms applicable to the relevant AWS compliance report and/or the Customer is able to access AWS compliance reports directly subject to the Customer agreeing to follow any applicable procedure(s) set out by AWS in order to enable such access.

3.3 In the event the Customer (acting reasonably) requires Iress to provide any information which is not addressed by the Assurance Documentation, then it shall provide Iress with details in writing of the specific areas which have not been addressed and engage with Iress in order to agree the manner in which any additional information shall be provided.

3.4 The parties shall bear their own respective costs and expenses incurred in respect of compliance with their obligations under this clause 3, provided that to the extent the effort required by Iress in complying with a request made by the Customer or its authorised representatives pursuant to clause 3.3 exceeds half a Business Day, the Customer shall pay Iress for any effort involved over and above half a Business Day at a rate of £950 per day (or part thereof).

3.5 The Customer agrees, for the purposes of reviewing any use of Services, subject to any confidentiality obligations to third parties, to allow (a) Iress, and (b) Third Party Service Providers (including, in each case, their respective authorised representatives) reasonable and appropriate access to any of the Customer's premises where such Services are being used, stored or accessed in order to inspect, test and audit the same and the Customer's compliance with the requirements of this Agreement (including any Third Party Terms). If any audit results in the Customer being notified that the Customer is not in compliance with its obligations under this Agreement, the Customer will promptly remedy the issue.

Annex 1 - Processing information

(a) Scope and purpose of processing:

Iress may process Customer Personal Data during the provision of any of the following services to the Customer:

- Advisory, consultancy and project-related services;

- Training;

- Data migration services;

- System administration services;

- Configuration, design, development and implementation services;

- Testing and verification services;

- Sourcing financial products and services (including, but not limited to, mortgage, life and protection and pension products);

- Hosted services;

- Support Services;

(b) Nature of processing

The nature of the processing activity may include:-

- receiving, uploading, downloading, extracting, copying, duplicating, transmitting, organising, referencing, indexing, classifying, compressing, compiling, updating, transferring, transforming, analysing, modelling, changing, maintaining, protecting or securing, preserving, storing, backing-up or archiving, restoring, retrieving and accessing Customer Personal Data in order to perform any of the services set out in paragraph (a) to this annex 1 (or any other services which Iress may be instructed to provide in accordance with clause 2.1(c));

- destroying, erasing and/or anonymising Customer Personal Data;

- processing Customer Personal Data in order to comply with Iress’ obligations under the Privacy Legislation, or to assist the Customer in complying with its obligations, including responding to any requests made by Data Subjects;

- transferring to or receiving Customer Personal Data from Third Party Service Providers (where applicable to the Services being provided) – this may include transferring the Customer Personal Data to a Third Party Service Provider located outside of the UK depending on the location of that Third Party Service Provider.

(c) Duration of Processing

Iress will process Customer Personal Data for the duration of the provision of the Iress Services. Upon termination of the Iress Services, and subject to clause 2.7, Customer Personal Data will be retained in accordance with the principles set out in Iress’ privacy and data retention policies (each as amended from time to time).

(d) Types of Personal Data

Iress may process Customer Personal Data which falls into the following categories:

● names, addresses, date of birth, sex, National Insurance number, passport number, tax identification numbers, telephone and mobile numbers and email addresses

● family details, for example marital status, number of dependents

● lifestyle and social circumstances

● goods and services

● employment and education details

● income and financial details which may include (without limitation) bank account details, investment details, insurance details, documentation of the above and notes of meetings

● physical or mental health details which may include (without limitation) smoker status and health records

● racial or ethnic origin

● nationality

● photographs and videos

● IP addresses

● any other information which is uploaded into the Services

(e) Categories of data subject

- Staff (including permanent staff, volunteers, agents, temporary and casual workers), sub-contractors, agents, advisers, consultants, referrers or other professional experts, of (a) the Customer; (b) members of the Customer’s Group; (c) third party suppliers to the Customer (or members of its Group); (d) other third parties to whom the Customers may make Iress Services available in accordance with the Agreement.

- End Clients, potential End Clients or former End Clients (including, where relevant, their relatives, dependents, guardians and associates).

Version Control

Date of first publication on the website 22 May 2020
1 July 2021 Clause Summary of amendment
Definitions New definitions of 'EU GDPR' and 'UK GDPR' have been added.
Definitions of Privacy Legislation, UK Data Protection Legislation and Supervisory Authority have been amended
The section relating to the withdrawal of the UK from the EEA has been deleted
Clause 2.5 Reference to article 35 and 36 of the GDPR has been deleted
Clause 2.8(d) Reference to the GDPR has been deleted
Clause 2.9(a) Amended to refer to the provision of Iress Services
Clause 2.9(b) Amended to refer to the UK GDPR
Clause 3.2(a) Amended to include reference to Iress’ audit process
1 July 2022 Clause Summary of amendment
Clause 1.3 New definition of ‘Assurance Documentation’ has been added
Clause 2.1(b) New clause added
Clause 2.1(d) and (e) The wording ‘on the Customers’ behalf has been added
Clause 2.9 Amended to substitute the wording ‘in the absence of’ with ‘until such time as it has put in place the’
Clause 3 Save for clause 3.5, the original audit and review clauses have been replaced in their entirety.
1 July 2023 Definitions Deletion of the ‘Model Clauses’ definition
Clause 2.4(a) Deletion of the words “where such breach is likely to result in a risk to the rights and freedoms of a Data Subject”
Clause 2.9 Deletion of what was clause 2.9(b)

Australia

Updated on 1 July 2024

1 - Definitions and interpretation

1.1 Clause 1 of the Terms shall apply to these Country Specific Terms.

1.2 Any reference to a ‘clause’ in these Country Specific Terms are to clauses set out in this document, unless stated otherwise.

1.3 In addition to the definitions set out in the Terms, the following definitions shall apply in these Country Specific Terms, and where applicable, in the Terms:

Client Data means Input Data that is Personal Information other than Excluded Information.

Group means, in relation to a party, that party and each Related Body Corporate of that party.

Personal Data means Personal Information.

Personal Information has the meaning given to that term under the Privacy Legislation.

Privacy Legislation means the Privacy Act 1988 (Cth).

Privacy Policy means Iress’ Australian privacy policy available on https://www.iress.com/resources/legal/privacy-policy/.

Related Body Corporate has the meaning given to that term under the Corporations Act 2001 (Cth).

2 - Privacy

2.1 Compliance with laws

(a) Each party agrees to comply with the Privacy Legislation applicable to it in its role to the extent that it relates to the provision and/or receipt of the Iress Services provided under this Agreement.

(b) Iress agrees that, in the course of this Agreement, it may receive Personal Information from the Customer. Iress agrees that all such Personal Information will only be shared, transmitted, disclosed, collected, held and/or stored for such purposes as specified in the Privacy Policy.

(c) If Iress receives a request for access to the Customer's Personal Information, or the Customer's clients' Personal Information, Iress will refer such request to the Customer. If not legally prohibited from doing so, Iress will notify the Customer of any subpoena, warrant, order, demand, requirement or request made by a governmental or regulatory authority outside of Australia for the disclosure of the Customer's Personal Information.

(d) Iress agrees to use commercially reasonable efforts to assist the Customer should any question, issue, complaint or like submission be made pursuant to a statutory or common law right to access, use, view, amend, update or correct Personal Information which reasonably requires Iress' co-operation or assistance in discharging and/or satisfying such statutory or common law obligations.

(e) Iress will implement and maintain technical and organisational measures to protect against the unauthorised or unlawful processing of Personal Information and against the accidental loss, destruction of or damage to Personal Information.

(f) The Customer acknowledges that in the course of the provision of the Services, Iress may disclose Personal Information outside of Australia, and disclose Personal Information to persons who reside outside of Australia, including to certain members of the Iress Group who are based in Canada, the European Economic Area, New Zealand, Philippines, Singapore, South Africa and the United Kingdom.

(g) The Customer will be solely responsible for determining and monitoring its compliance with the Privacy Legislation.

(h) Any change in the Services as required by law that materially increases Iress' costs and expenses with respect to compliance with this clause 2 will be subject to a further Service Order.

2.2 Assistance

The Customer must give Iress any assistance reasonably requested to enable compliance with the Privacy Legislation. Without limiting any of the Customer’s requirements in the Agreement, the Customer may only disclose Client Data to Iress if:

(a) authorised by applicable law to collect and disclose the Client Data;

(b) the client to whom the Client Data relates has been informed that, in order to provide services to them, it may be necessary to disclose their Personal Information including, if applicable, tax file number information, to an external organisation that provides information technology services; and

(c) the Customer has obtained the consent of such client to that disclosure.

2.3 Third Party Services

If the Services include Third Party Services, when the Customer or Authorised Users request information (including Client Data) to be exchanged or shared with that Third Party Service Provider, the requirements of clause 2.2 will apply.

Version control

Date of first publication on the website 25 September 2020
1 July 2021 Added definitions of Client Data and Service Recipient consistent with Terms.
Correction of Corporations Act legislative reference in the definition of Related Bodies Corporate.
1 July 2022 Removed definition of Service Recipient as this term is not used in these Country Specific Terms.
Clause 2(f): the word “transfer” is deleted and replaced with “disclose” and “Philippines” is added in the list of countries.
1 July 2024 Added definition of ‘Privacy Policy’.
Clarified in clause 2.1(b) that Iress will handle Personal Information in accordance with the Iress Privacy Policy.
Clarified that clause 2.2 applies without limiting other requirements in the Agreement.

Canada

Updated on 1 July 2023

1. Definitions and interpretation

1.1 Clause 1 of the Terms shall apply to these Country-Specific Terms.

1.2 Any reference to a ‘clause’ in these Country-Specific Terms are to clauses set out in these Country-Specific Terms unless stated otherwise.

1.3 In addition to the definitions set out in the Terms, the following definitions shall apply in these Country-Specific Terms, and where applicable, in the Terms:

Group means a member of the group of companies of which the party referred to forms part, comprising that party and all other companies from time to time being that party’s affiliate; “affiliate” shall have the meaning given to it in National Instrument 45-106 – Prospectus and Registration Exemptions on the date of this Agreement

Personal Information means any information which, on its own or when reasonably combined with other available information, relates to an identifiable individual.

Privacy Legislation means all applicable statutes, laws or regulations of any governmental or regulatory authority governing the handling of information about an identifiable individual in force from time to time in Canada, including the Personal Information and Protection of Electronic Documents Act (Canada) and equivalent provincial legislation.

1.4 Any reference to “Authorised”; “authorised”; “authorise”; “unauthorised” in the Terms shall be replaced with “Authorized”; “authorized”; “authorize”; and “unauthorized” respectively. Any reference to “organisation” shall be replaced with “organization”.

2. Privacy

2.1 Compliance with laws

(a) Each party must comply with all Privacy Legislation applicable to such party.

(b) Iress agrees that, in the course of providing the Iress Services, it may receive Personal Information from the Customer. Iress agrees that all such Personal Information will only be shared, transmitted, disclosed, collected, held and/or stored (i) for such purposes as are necessary to discharge, complete and/or fulfil Iress’ obligations under the Agreement; or (ii)) otherwise in accordance with the Terms.

(c) If Iress receives a request for access to the Customer Personal Information, Iress will refer such request to the Customer. If not legally prohibited from doing so, Iress will notify the Customer of any subpoena, warrant, order, demand, requirement or request made by a governmental or regulatory authority outside of Canada for the disclosure of the Customer Personal Information.

(d) Iress agrees to use commercially reasonable efforts to assist the Customer should any question, issue, complaint or like submission be made pursuant to a statutory or common-law right to access, use, view, amend, update or correct Personal Information which reasonably requires Iress’ co-operation or assistance in discharging and/or satisfying such statutory or common-law obligations.

(e) Iress will implement and maintain technical and organisational measures against the unauthorized or unlawful processing of Personal Information and against the accidental loss, destruction of or damage to Personal Information.

(f) The Customer acknowledges that in the course of the provision of the Services, Iress may transfer Personal Information outside of Canada, and disclose Personal Information to persons who reside outside of Canada, including to certain members of the Iress Group who are based in the United Kingdom, the European Economic Area, Australia, New Zealand, Singapore and South Africa. If the Customer has any questions about the collection, use, disclosure or storage of Personal Information by third parties outside of Canada, the Customer may contact Iress.

(g) The Customer will be solely responsible for determining and monitoring its compliance with the Privacy Legislation.

(h) Any change in the Services as required by law that materially increases Iress' costs and expenses with respect to compliance with this clause 2 (Privacy) may be subject to a further Service Order.

2.2 Assistance

The Customer must give Iress any assistance reasonably requested to enable compliance with the Privacy Legislation. Without limiting this requirement, the Customer may only disclose Customer Personal Information to Iress if:

(a) authorized by the applicable law to collect and disclose the Customer Personal Information, including obtaining the identifiable individual’s consent where appropriate; and

(b) the identifiable individual has been informed that in order to provide services to them it may be necessary to disclose their Personal Information including, if applicable, tax file number information, to an external organisation that provides information technology services and including that the Personal Information may be transferred outside of Canada as set forth in Section 2.1(f).

2.3 Third Party Services

(a) If the Services include Third Party Services when the Customer or Authorized Users request information (including Customer Personal Information) to be exchanged or shared with that Third Party Service Provider, the Customer shall ensure that the identifiable individual is aware that for the purposes of 2.2(b) above, this includes the Third Party Service Provider and the authorization in 2.2(a) above covers such disclosure to a Third Party Service Provider.

(b) Iress shall not be responsible for the actions of any Third Party Service Provider in relation to the processing of any Personal Information transferred to it in the course of the provision of the Services and the Customer shall enter into a direct agreement with such Third Party Service Provider including appropriate privacy protection clauses.

3. Audit

The Customer agrees, for the purposes of reviewing any use of Services, subject to any confidentiality obligations to third parties, to allow Iress, Third Party Service Providers or their authorized representatives reasonable and appropriate access to any of the Customer's premises where such Services are being used, stored or accessed in order to inspect, test and audit the same and the Customer's compliance with the requirements of the Agreement (including any Third Party Terms). If any audit results in the Customer being notified that the Customer is not in compliance with its obligations under this Agreement, the Customer will promptly remedy the issue.

4. Jurisdiction

15.8 of the Terms shall be replaced with the following:

This Agreement and any claim or dispute arising out of or in connection with it is to be governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein. Each party hereby irrevocably submits and attorns to the exclusive jurisdiction of the Ontario courts situated in the City of Toronto and waives objection to the venue of any proceeding in such court or that such court constituted and inappropriate forum.

24 November 2020 Date of first publication on this website
1 July 2023 Clause 2.1(b) - new sub-clause (ii) has been added. Clause 2.1(f) - replacement of the words “please contact” with “the Customer may contact”

South Africa

Updated on 1 July 2024

  1. DEFINITIONS AND INTERPRETATION

1.1 Clause 1 of the Terms shall apply to these Country Specific Terms.  

1.2 Any reference to a ‘clause’ in these Country Specific Terms are to clauses set out in this document, unless stated otherwise. 

1.3 In addition to the definitions set out in the Terms, the following definitions shall apply in these Country Specific Terms, and where applicable, in the Terms:

Consumer Price Index means the consumer price index published by the Department of Statistics South Africa.

Group means a member of the group of companies of which a party forms part, comprising of that party, that party’s holding company, subsidiaries of that party and subsidiaries of the holding company. “Subsidiaries” and “holding” has the meanings prescribed in the Companies Act, 2008.

Personal Information means information relating to an identifiable living natural person and, where applicable, a juristic person, as set out in the Privacy Legislation.  

Privacy Legislation means any legislation, directive, order, regulation and/or guideline with the force of law, in each case setting out obligations regarding privacy and the protection of personal information, including the Protection of Personal Information Act, 2013 (“POPIA”), Government Regulations relating to the protection of personal information, published on 14 December 2018 (the Regulations) and the Promotion of Access to Information Act, 2000 (PAIA).

2. INTEREST ON LATE PAYMENT AND FEE INCREASE

2.1 The interest rate set out in clause 5.8 of the Terms (4%) shall not apply, and instead the following provisions 2.1(a) and 2.1(b) shall apply. 

(a) Save for as set out in 2.1(b) below, where the Customer fails to pay any undisputed Fees by the Due Date, Iress may charge the Customer interest at the rate of 2% per month, with such interest to be applied from the Due Date (calculated daily) until payment is received; 

(b) Where the Exchange Control Regulations, as promulgated in terms of the Currency and Exchanges Act, No. 9 of 1933, apply to a contract, the Customer fails to pay any undisputed Fees by the Due Date, Iress may charge the Customer interest as follows: 

(i) where the Fees due are calculated in South African Rand, at the South African prime lending rate plus 5% per annum; 

(ii) where the Fees due are calculated in any currency other than South African Rand, at the South African prime lending rate plus 3% per annum, 

in each case with such interest to be applied from the Due Date (calculated daily) until payment is received. 

2.2 In addition to its rights under clause 5.5 of the Terms, Iress may increase the Fees with effect from 1 January of each Contract Year by an amount equal to or less than the inflation rate provided by the Consumer Price Index (taken as an average from the months January to October in the preceding calendar year) plus 2%. 

3. PRIVACY

3.1 For the purposes of this clause 3, the expressions ‘responsible party’, ‘operating party’, ‘process’ shall have the meaning attributed to them in POPIA. 

3.2 The parties agree that for the purposes of the Privacy Legislation, in respect of all Customer Personal Information processed by Iress for, or on behalf of, the Customer in the course of providing the Services: 

(a) the Customer is the responsible party; and

(b) Iress receives the Personal Information from the Customer in its capacity as the operator.

3.3 Each party agrees to comply with the Privacy Legislation applicable to it in its role as responsible party or operator (as the case may be) to the extent that it relates to the provision and/or receipt of the Iress Services provided under the Agreement.  

3.4 Iress will: 

(a) only process the Customer Personal Information in order to perform the Iress Services, unless Iress is otherwise required to process the Customer Personal Information by any law to which Iress is subject;

(b) treat Customer Personal Information as confidential and not disclose it, except when the law requires it or if Iress requires disclosure in order to perform its duties;

(c) take reasonable steps to ensure the reliability of any employee or contractor of Iress who may have access to the Customer Personal Information; 

(d) implement and maintain appropriate and reasonable  technical and organisational measures against the unauthorised or unlawful processing of the Customer Personal Information and against the accidental loss, unauthorised destruction of or damage to the Customer Personal Information; and

(e) notify the Customer immediately where there are reasonable grounds to believe that the Customer Personal Information has been accessed or acquired by an unauthorised person.

3.5 The Customer will be solely responsible for determining and monitoring its compliance with the Privacy Legislation. 

3.6 The Customer must give Iress any assistance reasonably requested to enable compliance with the Privacy Legislation. 

3.7 Without prejudice to the generality of clause 3.3 or 3.6 or limiting this requirement, the Customer warrants that it shall only disclose Customer Personal Information to Iress if:

(a) it has provided all relevant information to the data subject when collecting the data; and

(b) it has a lawful basis (which may include obtaining the consent of the data subject) upon which to disclose the Customer Personal Information to Iress and to permit Iress (and any third party to which Iress may transfer the Customer Personal Information in accordance with these clauses) to process the Customer Personal Information.   

3.8 The Customer acknowledges that in the course of the provision of the Iress Services, Iress may transfer Customer Personal Information to a third party (a member of the Iress Group or a sub-contractor of Iress) which is located outside of the Republic of South Africa. The Customer agrees to such transfer of Customer Personal Information provided that the recipient is subject to a law or a binding agreement between Iress and the recipient which: 

(a) upholds principles for reasonable processing of the information that are substantially similar to the conditions contained in POPIA; and

(b) includes provisions that are substantially similar to those contained in POPIA relating to the further transfer of Personal Information from the recipient to third parties who are in another country. 

3.9 The Customer acknowledges that Iress may transfer Customer Personal Information to a Third Party Service Provider in order for the Customer to receive Third Party Services, and such transfer may be outside of the Republic of South Africa depending on the location of the Third Party Services Provider.  Iress shall not be responsible for the actions of any Third Party Service Provider in relation to the processing of any Personal Information transferred to it in the course of the provision of the Services and the Customer shall enter into a direct agreement with such Third Party Service Provider including appropriate privacy protection clauses. 

4. TAXES

Notwithstanding anything to the contrary in clause 5.1 of the Terms, in the event that withholding tax (“WHT”) is applicable in accordance with applicable laws, and provided the Customer provides a valid WHT certificate from the Customer’s local tax authority, WHT shall be included in the Fees related to the provision of Iress’ software only (and not any other part of the Services), and not payable in addition thereto. 

5. AUDIT

The Customer agrees, for the purposes of reviewing any use of Services, subject to any confidentiality obligations to third parties, to allow Iress, Third Party Service Providers or their authorised representatives reasonable and appropriate access to any of the Customer's premises where such Services are being used, stored or accessed in order to inspect, test and audit the same and the Customer's compliance with the requirements of the Agreement (including any Third Party Terms). If any audit results in the Customer being notified that the Customer is not in compliance with its obligations under this Agreement, the Customer will promptly remedy the issue.

6. NOTICES

Clause 15.3 of the Terms shall be amended so that on the first sentence, before subsection (a) and after “by email”, the following is added: 

“or, where required by applicable law, by registered mail”

7. GOVERNING LAW AND JURISDICTION

Clause 15.8 of the Terms shall not apply and the following clause shall apply in its place:

“This Agreement and any claim or dispute arising out of or in connection with it is to be governed by the laws of the Republic of South Africa. Each party submits to the exclusive jurisdiction of the High Court of the Republic of South Africa, Johannesburg.”

Date of publication on this website 24 November 2020
10th March 2021 Amendments to clause 2.1 and 2.2
1 July 2021 Amendments to the definition of ‘Privacy Legislation’ and clause 3.4(b)
1 July 2023 Amendments to the clause references in clause 2.1 and 2.2.
1 July 2024 Replacement of clause 15.8 of the Terms with a revised provision 

New Zealand

Updated on 1 July 2022

1 - Definitions and interpretation

1.1 Clause 1 of the Terms shall apply to these Country Specific Terms.

1.2 Any reference to a ‘clause’ in these Country Specific Terms are to clauses set out in this document, unless stated otherwise.

1.3 In addition to the definitions set out in the Terms, the following definitions shall apply in these Country Specific Terms, and where applicable, in the Terms:

Client Data means Input Data that is Personal Information other than Excluded Information.

Group means, in relation to a party, that party and each Related Company of that party.

Personal Data means Personal Information.

Personal Information has the meaning given to that term under the Privacy Legislation.

Privacy Legislation means the Privacy Act 2020 (NZ).

Related Company has the meaning given to that term under the Companies Act 1993 (NZ).

2 - Privacy

2.1 Compliance with laws

a) Each party agrees to comply with the Privacy Legislation applicable to it in its role to the extent that it relates to the provision and / or receipt of the Iress Services provided under this Agreement.

b) Iress agrees that, in the course of this Agreement, it may receive Personal Information from the Customer. Iress agrees that all such Personal Information will only be shared, transmitted, disclosed, collected, held and / or stored for such purposes as are necessary to discharge, complete and/or fulfil Iress' obligations hereunder.

c) If Iress receives a request for access to the Customer's Personal Information, or the Customer's clients' Personal Information, Iress will refer such request to the Customer. If not legally prohibited from doing so, Iress will notify the Customer of any subpoena, warrant, order, demand, requirement or request made by a governmental or regulatory authority outside of New Zealand for the disclosure of the Customer's Personal Information.

d) Iress agrees to use commercially reasonable efforts to assist the Customer should any question, issue, complaint or like submission be made pursuant to a statutory or common-law right to access, use, view, amend, update or correct Personal Information which reasonably requires Iress' co-operation or assistance in discharging and/or satisfying such statutory or common-law obligations.

e) Iress will implement and maintain the technical and organisational measures against the unauthorised or unlawful processing of Personal Information and against the accidental loss, destruction of or damage to Personal Information.

f) The Customer acknowledges that in the course of the provision of the Services, Iress may disclose Personal Information outside of New Zealand, and disclose Personal Information to persons who reside outside of New Zealand, including to certain members of the Iress Group who are based in the United Kingdom, Australia, the European Economic Area, Philippines, Canada, Singapore and South Africa.

g) The Customer will be solely responsible for determining and monitoring its compliance with the Privacy Legislation.

h) Any change in the Services as required by law that materially increases Iress' costs and expenses with respect to compliance with this clause 2.1 will be subject to a further Service Order.

2.2 Assistance

The Customer must give Iress any assistance reasonably requested to enable compliance with the Privacy Legislation. Without limiting this requirement, the Customer may only disclose Client Data to Iress if:

(a) authorised by applicable law to collect and disclose the Client Data;

(b) the client has been informed that in order to provide services to them it may be necessary to disclose their Personal Information including, if applicable, tax file number information, to an external organisation that provides information technology services; and

(c) the client’s consent to that disclosure has been obtained.

2.3 Third Party Services

If the Services include Third Party Services, when the Customer or Authorised Users request information (including Client Data) to be exchanged or shared with that Third Party Service Provider, the requirements of clause 2.2 will apply.

Version control

Date of first publication on the website Published on 15 February 2021
1 July 2021 Added definitions of Client Data and Service Recipient consistent
with Terms
1 July 2022 Removed definition of Service Recipient as this term is not used in these Country Specific Terms.
Clause 2(f): the word “transfer” is deleted and replaced with “disclose” and “Philippines” is added in the list of countries.

Singapore

1 - Definitions and interpretation

1.1 Clause 1 of the Terms shall apply to these Country Specific Terms.

1.2 Any reference to a ‘clause’ in these Country Specific Terms are to clauses set out in this document, unless stated otherwise.

1.3 In addition to the definitions set out in the Terms, the following definitions shall apply in these Country Specific Terms, and where applicable, in the Terms:

Client Data means Input Data that is Personal Information other than Excluded Information.

Group means, in relation to a party, that party and each Related Corporation of that party.

Personal Data means Personal Information.

Personal Information has the meaning given to that term under the Privacy Legislation.

Privacy Legislation means the Personal Data Protection Act 2012

Related Corporation has the meaning given to that term under the Companies Act 1967.

2 - Privacy

2.1 Compliance with laws

(a) Each party agrees to comply with the Privacy Legislation applicable to it in its role to the extent that it relates to the provision and / or receipt of the Iress Services provided under this Agreement.

(b) Iress agrees that, in the course of this Agreement, it may receive Personal Information from the Customer. Iress agrees that all such Personal Information will only be shared, transmitted, disclosed, collected, held and / or stored for such purposes as are necessary to discharge, complete and / or fulfil Iress' obligations hereunder.

(c) If Iress receives a request for access to the Customer's Personal Information, or the Customer's clients' Personal Information, Iress will refer such request to the Customer. If not legally prohibited from doing so, Iress will notify the Customer of any subpoena, warrant, order, demand, requirement or request made by a governmental or regulatory authority outside of Singapore for the disclosure of the Customer's Personal Information.

(d) Iress agrees to use commercially reasonable efforts to assist the Customer should any question, issue, complaint or like submission be made pursuant to a statutory or common-law right to access, use, view, amend, update or correct Personal Information which reasonably requires Iress' co-operation or assistance in discharging and / or satisfying such statutory or common-law obligations.

(e) Iress will implement and maintain the technical and organisational measures against the unauthorised or unlawful processing of Personal Information and against the accidental loss, destruction of or damage to Personal Information.

(f) The Customer acknowledges that in the course of the provision of the Services, Iress may disclose Personal Information outside of Singapore, and disclose Personal Information to persons who reside outside of singapore, including to certain members of the Iress Group who are based in Australia, the United Kingdom, the European Economic Area, Canada, New Zealand, Philippines and South Africa.

(g) The Customer will be solely responsible for determining and monitoring its compliance with the Privacy Legislation.

(h) Any change in the Services as required by law that materially increases Iress' costs and expenses with respect to compliance with this clause 2 will be subject to a further Service Order.

2.2 Assistance

The Customer must give Iress any assistance reasonably requested to enable compliance with the Privacy Legislation. Without limiting this requirement, the Customer may only disclose Client Data to Iress if:

(a) authorised by applicable law to collect and disclose the Client Data;

(b) the client has been informed that in order to provide services to them it may be necessary to disclose their Personal Information including, if applicable, tax file number information, to an external organisation that provides information technology services; and

(c) the client’s consent to that disclosure has been obtained.

2.3 Third Party Services

If the Services include Third Party Services, when the Customer or Authorised Users request information (including Client Data) to be exchanged or shared with that Third Party Service Provider, the requirements of clause 2.2 will apply.

Date of first publication on the website 1 July 2022