These General Terms & Conditions define the basis upon which Gett will provide Customer with access to and use of the Gett Platform and together with the DPA constitute the entire legal agreement between the parties.
By clicking/checking the “I agree” button/box, accessing the Gett Platform or by utilizing the Services you agree to be bound by this Agreement. The Services are not available to persons who are not legally eligible to be bound by this Agreement.
The Platform Fee payable in respect of Services provided by Gett Global Limited hereunder shall be charged from 30 June 2022, or at a later time determined by Gett in its sole discretion. Unless explicitly stated otherwise, Platform Fees payable in accordance with any other agreement you have with any other Gett Affiliate are fully chargeable from the start date of that agreement.
A. Gett is the owner of a technology platform known as Gett Platform and provides Fleets with access to this technology platform either directly or indirectly through a connected Aggregator, allowing customers to request Transportation Services from Fleets in the Location.
B. The Fleets are providers of Transportation Services in the Location.
C. The Customer requires Transportation Services for its employees, third party contractors, clients and other selected individuals. The Customer wishes to appoint Gett, and Gett agrees to facilitate the provision of such Transportation Services via the Gett Platform, and in accordance with the terms and conditions of this Agreement.
D. It is understood and agreed between the parties that Gett will be acting as an agent for tax purposes when providing the Services hereunder.
1. Definitions and Interpretation
1.1 In this Agreement, the following words shall have the following meanings:
“Affiliate” means with respect to each party, any entity which directly or indirectly Controls, is Controlled by, or is under common Control of, such party;
“Aggregator” means an independent third-party supply partner which owns, operates, and administers a technology platform which facilitates the provision of Transportation Services provided by Aggregator Fleets, and which platform is connected with the Gett Platform to enable Customer to access a wider network of Fleets in the Location;
“Aggregator Fleet” means a licensed provider of Transportation Services which is onboarded to the Aggregator’s technology platform and is made available for booking in a Location via the Gett Platform through Gett’s connection with the Aggregator’s technology platform;
“Agreement” has the meaning given in Clause 2;
“Booking” means a request for Transportation Services made by the Service User or by the Customer on behalf of the Service User and which request is facilitated by Gett via the Gett Platform;
“Business Day” means any day other than a Saturday or a Sunday;
“Cancellation Charges” means the charges payable by the Customer for cancellation of Rides by it or its Service Users, such charges as determined by the Fleets;
“Charges” means the ride fare inclusive of all applicable taxes and charges payable by the Customer for Rides as dictated by the Fleet and collected from the Customer by Gett on behalf of the Fleet;
“Confidential Information” means any information marked “confidential” or identified in writing to be confidential, or which should be reasonably understood under the circumstances to be confidential, including any non-public information regarding a party and its Affiliates’ business, financial affairs, strategic plans, customers or products, but excludes any information which:
(a) is, or becomes, generally available to the public, other than as a direct or indirect result of the information being disclosed by recipient in breach of the Agreement;
(b) was available to the recipient on a non-confidential basis or otherwise was lawfully in the recipient’s possession, prior to disclosure under the Agreement; or
(c) was, is, or becomes available to the recipient on a non-confidential basis from a person who is not under any confidentiality obligation in respect of that information;
“Control” means, in relation to each entity, the ability to direct or cause the direction of its management, policies or operations (whether through voting rights, by contract or otherwise), and “Controlled” shall be construed accordingly;
“Customer” means the customer who registered and set up an account online;
“Customer Account” means the account which the Customer sets up by following the process outlined on Gett’s website;
“DPA” means the Data Processing Addendum at Schedule 1;
“Driver” means, where applicable in the relevant jurisdiction, a licensed driver of private hire vehicle or a licensed taxi who is employed or subcontracted by the Fleet to perform and provide the Transportation Services;
“Extras” means the additional costs incurred which are charged to the Customer in relation to each Ride, which may include parking charges, waiting charges, cancellation fees, congestion fees, tolls, soiling fees, luggage, tips, stopping points, holiday fees, aggregator platform fees, and foreign taxes (where applicable);
“Fleets” means the licensed local provider of Transportation Services in a particular jurisdiction and the term includes Onboarded Fleets and Aggregator Fleets;
“Gett” or “Gett Entity” means Gett Global Limited (company number 13742921) whose registered office is at Floor 2, Elm Yard, 13 – 16 Elm Street, London, England, WC1X 0BJ and/or, where applicable, its Affiliates;
“Gett Platform” means the business portal website and/or mobile portal application owned or licensed by Gett and/or its Affiliates which provides a platform through which Gett connects Service Users to third party Fleets;
“Intellectual Property Rights” means any and all patents, trademarks and service marks, registered and unregistered designs, design rights and copyright, moral rights, rights in data and databases and other protectable lists of information, rights in confidential information, trade secrets, inventions and know how, trade and business names, domain names, get ups, logos and trade dress (including all extensions, revivals and renewals, where relevant) in each case whether registered or unregistered and application for any of them and the goodwill attaching to any of them and any rights or forms of protection of a similar nature and having equivalent or similar effect to any of them which may subsist anywhere in the world;
“Location(s)” means any location outside of the United Kingdom where Transportation Services are listed as available on the Gett Platform from time to time;
“Local Regulations” means those laws and regulations applicable to the provision of Transportation Services by Fleet in a particular jurisdiction;
“Onboarded Fleet“means a licensed provider of Transportation Services directly onboarded by Gett on to the Gett Platform;
“Platform Fee” means the fee payable by the Customer in relation to Gett’s facilitation of a Booking, which shall be 20% of the value of the Charges and any additional amounts which may notified at the time of booking a Ride from time to time;
“Ride” means a journey by a Service User in a licenced taxi/ or private hire vehicle (or such other ground transportation vehicle as is applicable in any particular jurisdiction) pursuant to a Booking;
“Services” Gett will provide Customer with access to and use of the Gett Platform.
“Service User” means the individual(s) who the Customer requires to be transported;
“Total Charges” means Charges and any Extras and / or Cancellation Charges (if applicable) payable by the Customer and collected by Gett, and which excludes the Platform Fee;
“Transportation Services” means ground transportation services provided by Fleets to the Customer; and
“Waiting Time Allowance” means the amount of time before a Customer incurs a waiting charge as outlined in the Fleet’s terms and conditions.
1.2 In this Agreement (unless the context requires otherwise):
(a) the Agreement includes all the schedules annexed hereto;
(b) the words “including”, “include”, “for example”, “in particular”, “such as” and words of similar effect shall be construed so that they do not limit the general effect of the words which precede them, and so that any examples that are given are not to be exclusive or limiting examples of the matters in question;
(c) references to any “party” include (where applicable), its lawful successors, permitted assignees and permitted transferees;
(d) references to the singular include the plural and vice versa and references to any one gender do not exclude other genders; and
(e) if they are translated and there is any conflict, ambiguity or inconsistency between the English language version and the translated version, then the English language version shall prevail.
2. Basis of Contract
To enter into a transaction pursuant to which Gett will provide the Services, the Customer shall set up a Customer Account. The Customer’s use of the Services, the Gett Platform and its Customer Account are subject to these General Terms & Conditions and the DPA which are jointly referred to as the “Agreement”.
3.1 The Customer agrees, as a condition to Gett accepting the Customer Account and providing the Services that:
(a) no Affiliate of Gett shall be responsible, or liable in any way to the Customer, for the performance (or non-performance) of the Services provided; and
(b) no Affiliate of Gett is in any way a guarantor of the obligations of, or will be jointly and severally liable with Gett or any other Affiliate.
3.2 Gett does not guarantee availability nor uninterrupted or error free use of the Gett Platform and shall not be liable for any damage, loss, claims, costs or expenses resulting from or in connection with scheduled or unscheduled downtime, unavailability or slowness.
3.3 Gett shall not have any liability to the Customer and/or a Service User in connection with the Agreement except as is otherwise provided or permitted under it. The parties acknowledge that Gett has entered into the Agreement to provide technology platform services which connect third party Fleets to the Customer and/or Service Users.
3.4 Subject to Clause 3.6, Gett’s total aggregate liability to the Customer and all Service Users at any time, whether in contract, tort (including negligence) or otherwise, shall be limited to a sum equal to the value of the Platform Fees paid or payable to Gett during the twelve-month period prior to the month in which the cause of action is alleged to have arisen.
3.5 Subject to Clause 3.6, Gett shall not be liable to the Customer or any Service User whether in contract, tort or otherwise for (i) any indirect, special, consequential, incidental, punitive, exemplary or special damage, loss, claims, costs and expenses, or (ii) any loss of business, revenue, profits or loss of use, in either case whether such damage, loss, claims, costs and expenses were foreseeable or notified by the Customer and/or Service User.
3.6 Nothing in this Agreement shall limit or exclude either party’s liability for:
a) death or personal injury caused by that party’s negligence, for that party’s fraud or for any other matter which cannot be excluded by law;
b) Gett’s obligations to indemnify Customer for third-party intellectual property infringement under Clause 13.4;
c) a breach by either party of its confidentiality obligations under Clause 14.1 of the General Terms & Conditions;
d) any wilful misconduct by either party; or
e) Customer’s obligations to indemnify Gett for improper use of the Gett Platform under Clause 3.10.
3.7 Gett provides technology platform services which connect Customers to third party Fleets and accepts no liability whatsoever for acts or omissions on the part of any Fleet regardless of jurisdiction. Fleets and/or Drivers are responsible for all insurances required for the provision of Transportation Services in accordance with Local Regulations.
3.8 The parties acknowledge that Fleets are responsible for ensuring that they and their Drivers, including private hire and licenced taxi drivers are approved and regulated by the government through its licensing bodies in each relevant jurisdiction. If any Fleet fails to ensure it or its Drivers follow applicable licensing and insurance legislation, Fleet shall be liable. Gett accepts no liability whatsoever for acts or omissions on the part of any Fleet or any Driver assigned by Fleet to a Booking, regardless of Location.
3.9 Customer shall, and shall ensure that the Service Users, use the Gett Platform in accordance with the terms of this Agreement and Gett’s standard terms and conditions for use of the Gett Platform.
3.10 Customer shall indemnify and hold Gett and its Affiliates harmless from and against any losses, claims, liability, damages, costs and expenses (including reasonable attorneys’ fees) arising out of any actual or threatened third-party claim made as a result of or in connection with the Customer or any Service User’s improper use of the Gett Platform, including use which is in breach of clause 3.9.
3.11 To the fullest extent permitted by applicable law, each party hereto hereby irrevocably: (i) waives any right it may have to join any claim or cause of action directly or indirectly arising out of or relating to this Agreement, the transactions contemplated hereby or the use of the Gett Platform with those of others in the form of a class action or similar procedural device; and (ii) agrees that any and all disputes, claims and causes of action directly or indirectly arising out of or relating to the agreement, the transactions contemplated hereby or the use of the Gett Platform must be asserted individually and shall be resolved individually, without resort to any form of class action or similar procedural device
4.1 Gett warrants to the Customer that:
(a) it has all necessary rights and licenses to enter into the Agreement and to perform its obligations thereunder;
(b) for each Onboarded Fleet providing Transportation Services in a Location, Gett received, at the time of such Onboarded Fleet’s on-boarding:
(i) a copy of such Onboarded Fleet’s operating license for each country/region in which such Onboarded Fleet operates; and
(ii) a copy of such Onboarded Fleet ‘s insurance certificate(s) and policy(ies),
and, so far as Gett is aware, on the date of receipt, the Onboarded Fleet’s license and insurance satisfied the laws and regulations applicable to such Onboarded Fleet for such Location;
(c) at the time of contracting with each Aggregator, Gett obtained a representation or warranty from such Aggregator that:
(i) as part of on-boarding each of its Aggregator Fleets, the Aggregator satisfied itself that the Aggregator Fleet in question held all relevant operating licences and insurances necessary for it to provide Transportation Services lawfully in each of the Locations; and
(ii) the Aggregator will require its Aggregator Fleets to maintain all such relevant operating licenses and insurances; and
4.2 Gett undertakes to the Customer, for each Onboarded Fleet providing Transportation Services in a Location, Gett will use reasonable endeavours to monitor when such Onboarded Fleet’s operating licence(s) and insurance policy(ies) are due to be renewed and shall require Onboarded Fleets to provide up-to-date copies of such operating licence(s) and insurance policy(ies) and if Gett becomes aware that an Onboarded Fleet providing Transportation Services in a Location has ceased to hold an operating licence, or to maintain insurance, that is necessary for such Onboarded Fleet to provide Transportation Services lawfully in that Location, Gett will promptly suspend such Onboarded Fleet from receiving Bookings in the relevant Location until such time as such Onboarded Fleet obtains such operating licence and/or insurance.
4.3 The Customer warrants and represents that:
(a) it has the authority to provide the Service User details to Gett;
(b) only corporate contact information for Service Users has been provided and no personal contact information has been provided; and
(c) it has all necessary authority to enter into this Agreement.
4.4 DISCLAIMERS. NOTWITHSTANDING ANYTHING CONTAINED IN THE AGREEMENT TO THE CONTRARY, GETT MAKES NO EXPRESS OR IMPLIED WARRANTIES OR REPRESENTATIONS OF ANY KIND WITH RESPECT TO GETT OR ANY GETT ENTITY THE GETT PLATFORM, OR ANY COMPONENTS OF THE GETT PLATFORM OR ANY SERVICE PROVIDED BY GETT, ANY OTHER GETT ENTITY, ANY AGGREGATOR, AGGREGATOR FLEET, FLEET OR DRIVER, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR AS TO THE ACCURACY OR COMPLETENESS OF THE INFORMATION PROVIDED BY GETT, EXCEPT FOR THOSE WARRANTIES AND REPRESENTATIONS EXPRESSLY MADE BY GETT IN THIS CLAUSE 4. IN ADDITION, GETT MAKES NO REPRESENTATION OR WARRANTY OF ANY KIND THAT THE OPERATION OF THE GETT PLATFORM WILL BE UNINTERRUPTED OR ERROR-FREE, AND GETT WILL NOT BE LIABLE FOR THE CONSEQUENCES OF ANY INTERRUPTIONS OR ERRORS.
5. CUSTOMER ACCOUNT
5.1 In order to access the Services, Customers must set up a Customer Account by following the registration process on Gett’s website. The Customer will be required to provide certain information in order to set up a Customer Account, this includes but is not limited to Customer name, registered address, email address and phone number. All information provided by Customer will handled in accordance with the DPA.
5.2 Gett may require the Customer to provide additional information in order to set up the Customer Account or to ensure the security of the Customer Account, including, without limitation, requesting additional information in order to approve Bookings.
6.1 All Bookings shall be made via the Gett Platform. The Customer acknowledges that the technology platforms of Aggregators connect to the Gett Platform in order to allow Customers to make Bookings for Transportation Services provided by Aggregator Fleets.
6.2 Gett shall provide the Customer with user login details for it and its Service Users (where required) in order to place Bookings. The Customer shall keep, and shall procure that Service Users keep, such user login details and all passwords secure and confidential at all times, and only provide such details to individuals within its business whom it authorises to use the Gett Platform. The Customer shall maintain and procure that Service Users maintain a strong and secure password.
6.3 Without prejudice to clause 6.2, Gett is entitled to assume that any person who logs in using correct user login details has authority to make a Booking on the Customer’s account. The Customer is solely responsible for safeguarding the confidentiality of such use login details and password and shall be liable for the Total Charges and Platform Fees of all Bookings made by any such person whether or not in fact authorised by it.
6.4 The Customer acknowledges and agrees that when registering for the Gett Platform, Service Users will be required to accept Gett’s standard terms and conditions for use of the Gett Platform.
6.5 All accepted Bookings are confirmed via the Gett Platform.
6.6 The Customer acknowledges and agrees that if a Service User is not waiting at the pick-up location when the Driver arrives (or in the case of an advanced Booking, at the designated time) the Driver may cancel the Ride and the Customer shall be liable to pay the Cancellation Charges and any applicable Extras.
7.1 Where the Customer or a Service User requires a Ride, an estimate of the Charges for the Ride will be displayed in the Gett Platform at the time of the Booking. This estimate will be based upon the start and end location of the Ride as specified by the Service User and will be displayed as a range, but will not include certain Extras (which may be incurred after the Ride) or any Platform Fees for the Gett Platform which are invoiced separately in accordance with Clause 8. The Service User shall have the option to place the Booking or not to proceed based upon the estimate.
In the event of cancellation by the Customer or a Service User, the Customer is liable to pay a Cancellation Charge and any applicable Extras.
Should the Service User soil, damage or put the vehicle out of service in any way, the Customer will be liable for the cost of any repairs, cleaning and/or soiling charge at an amount dictated by the relevant Fleet up to the maximum set by the local licensing authority (if applicable) where the Ride occurred. For the avoidance of doubt, this soiling charge includes soiling of a vehicle by a Service User (for example a Service User vomiting in a vehicle). The Customer will use all reasonable endeavours to stop its Service Users from soiling or damaging vehicles.
(a) The Total Charges shall be inclusive of all applicable taxes and fees imposed by law.
(b) The Platform Fee is exclusive of any taxes. Gett shall collect from the Customer any applicable taxes imposed by law, with such taxes being borne by the Customer.
8.1 Gett shall invoice the Customer the Platform Fee and Extras payable every month in arrears. Gett shall be responsible for facilitating payment of the Total Charges to the Fleet and/or Aggregator (as applicable). Invoices shall be submitted to the Customer’s Accounts Payable department. The Customer shall pay each invoice submitted to it by Gett within fourteen (14) days of the date of the invoice to a bank account nominated in writing by Gett. Gett reserves the right to charge interest on unpaid and undisputed accounts at the rate equal to the lesser of (a) the Bank of England base rate plus 4% accruing on a daily basis from the due date until full settlement or (b) the maximum rate permitted by applicable law.
8.2 Gett shall permit a Service User to pay the Charges for a Booking upon completion of the Ride using an accepted debit/credit card. Payment shall be made by Service User via the Gett Platform. Following successful payment, Gett shall issue an electronic receipt to the Service User via the Gett Platform. The Customer shall remain ultimately liable for all Total Charges and Platform Fees under this Contract. If for any reason a Service User does not successfully pay the Total Charges and Platform Fee for a Ride as set out in this clause 8.3, Gett shall issue the Customer with an invoice for such outstanding Total Charges and Platform Fee in accordance with clause 8.1.
8.3 The Customer acknowledges that Gett may use information provided by the Customer and/or Service User in order to conduct appropriate anti-fraud checks. The Customer further acknowledges that any information that the Customer and/or Service User provides may be disclosed to third parties in order to complete such anti-fraud checks and to perform this Contract but such information shall not be used for any other purpose.
8.4 The Customer acknowledges and agrees that it must notify Gett in writing within seven (7) days of receipt of the invoice if it disputes the Total Charges (whether in whole or part) and provide full particulars of such dispute. Disputes must be documented in writing and sent via email to firstname.lastname@example.org. Gett shall review the Customer’s dispute and notify the Customer of the outcome of the investigation.
8.5 Following payment, if it is discovered that the Total Charges paid were incorrect or did not include certain Extras, Gett reserves the right to issue additional invoices to recover the Extras and any applicable Platform Fee.
8.6 It is agreed and acknowledged between the parties that no payment is to be made between: (i) the Customer or the Service Users; and (ii) the Fleet or the Drivers, in either case directly.
9. Customer and Service Users will be charged in GBP (£) in the UK and/or in USD ($) in the US and in all other Locations. Customer and Service Users shall be liable to pay currency conversion charges at a rate of 4% where payment is not made in GBP (£) or USD ($).
10. TERM and Termination of Account
10.1 This Agreement will continue on a rolling month by month basis, unless either Party gives to the other not less than thirty (30) days’ notice in writing to terminate this Agreement, in which case this Agreement shall terminate at the end of the month following the month in which such notice was served.
10.2 If any amount is due and unpaid by the Customer, Gett shall notify the Customer and the Customer shall make payment of the overdue amount within five (5) Business Days. Gett may terminate the Agreement under which the unpaid amount is due with immediate effect by giving notice in writing if such overdue amount remains unpaid thereafter.
10.3 Upon termination of the Customer account for any reason, all sums payable to or chargeable by Gett, or otherwise appearing on the Customer’s account, shall be invoiced and become immediately due and payable in full within seven (7) days of the date of the invoice.
(a) Upon termination of an Agreement for any reason: each party shall cease to make further use of the other party’s Confidential Information or Intellectual Property Rights received under the terminated Agreement and shall turn over and make available such Confidential Information or other property in its possession; provided that each party may retain the other party’s Confidential Information to the extent, and for so long as, required for legal, regulatory, or internal compliance purposes, or which has been created pursuant to automatic electronic archiving procedures; and
(b) any provision of the terminated Agreement which expressly or by implication is intended to come into or continue in force on or after termination shall remain in full force and effect.
10.4 Upon termination of an Agreement by Customer in accordance with its terms, Gett shall, on request, provide the Customer, at the Customer’s cost, with commercially reasonable transition assistance to ensure a smooth and orderly transition to a new vendor, provided this will not require Gett to disclose any Confidential Information to such vendor.
11. Local Regulations and Applicable Law
Gett shall comply with any laws and regulations applicable to its provision of the Services in the Locations, including compliance with any applicable laws or regulations relating to the possession and use of personal data and any applicable anti-bribery and corruption laws or regulations to which it is subject.
12. Privacy and Data Protection
To the extent that either party processes personal data under the Agreement, the parties shall conduct such processing in accordance with the DPA.
13. Intellectual Property
13.1 The Customer grants to Gett a non-exclusive, transferable licence to use the Customer’s name and logo for the purpose of identifying the Customer as a Gett customer in its marketing materials, subject to prior written consent of such use by the Customer. Additionally, upon request from Gett, Customer agrees to make available representatives to participate in a written case study on the Customer’s use and experience of the Gett Platform.
13.2 The Customer acknowledges that:
(a) all Intellectual Property Rights and all other rights in the Gett Platform are owned by Gett and/or its Affiliates, and remain vested in Gett and/or its Affiliates at all times; and
(b) the Customer does not acquire any rights in or to the Gett Platform under the Agreement.
13.3 The Customer (whether directly or indirectly) shall not (and shall not attempt to) reverse engineer or in any other way study, copy or develop the Gett Platform. On termination of the Agreement, the Customer shall ensure that all Service Users cease to use the Gett Platform.
13.4 Gett shall indemnify and hold the Customer and its Affiliates harmless from and against any claims, liability, damages, costs and expenses (including reasonable attorneys’ fees) incurred by the Customer as a result of any third-party claim that the Customer’s use of Gett Platform in accordance with the terms of the Agreement infringes or violates the Intellectual Property Rights of a third party (“IP Claim”).
13.5 If the Customer receives an IP Claim, it shall:
(a) as soon as reasonably practicable, give written notice of the Claim to Gett, specifying the nature of the Claim in reasonable detail;
(b) give Gett control over the conduct of the Claim, and shall not make any admission of liability, agreement or compromise in relation to the Claim without the prior written consent of Gett;
(c) give Gett and its professional advisers all reasonable information and assistance (at Gett’s expense) for the purpose of Gett assessing, defending and/or settling the Claim.
14.1 Any and all Confidential Information shall be treated by the receiving party as confidential. The receiving party shall not disclose, directly or indirectly, in whole or in part, to any third party, any Confidential Information or use such Confidential Information for its own benefit except as is solely necessary in connection with the receiving party’s performance under this Agreement or where such Confidential Information is required to be disclosed pursuant to a law, regulation, regulatory authority or judicial or lawful government order, but only to the extent required by such order.
14.2 Any notice to be served on either party under an Agreement shall be in writing sent by pre-paid post or email to the address associated with the Customer Account. It is the duty of each party to notify the other of the appropriate address. Any notice shall be deemed to have been received by the addressee within 48 hours of posting or 24 hours if sent by email to the valid email address detailed in the Agreement.
14.3 Each Agreement constitutes the entire agreement between the parties relating to its subject matter and supersedes all prior communications, drafts, agreements, representations (other than those made fraudulently), warranties, stipulations and undertakings of whatsoever nature, whether oral or written between the parties. Nothing in this clause shall limit or exclude any liability for fraud.
14.4 The Services contemplated by the Agreement can be provided by Gett and/or any of its Affiliates. Where an Affiliate provides the Services to the Customer, such Affiliate shall be entitled to invoice the Customer for its facilitation of such Rides in accordance with the terms of the Agreement, and in all cases, the Gett Affiliate shall be liable and responsible for its compliance with the terms and conditions of the Agreement.
14.5 Gett may elect to change or supplement the terms of this Agreement from time to time at its sole discretion. Gett will exercise commercially reasonable business efforts to provide notice to Customer of any material changes to this Agreement. Within ten (10) business days of posting changes to this Agreement (or ten (10) business days from the date of notice, if such is provided), such changes will be binding on Customer. If Customer does not agree with the changes, they should discontinue using the Services. If Customer continues using the Services after such ten-business-day period, Customer will be deemed to have accepted the changes to the terms of this Agreement.
14.6 The invalidity or unenforceability of any term of, or any right arising pursuant to, an Agreement shall not in any way affect the remaining terms or rights.
14.7 Neither the Agreement nor any of these conditions will be deemed waived, and no breach excused, unless such waiver or consent excusing the breach is in writing and signed by the waiving and/or excusing party.
14.8 Should any provision of an Agreement be invalid or unenforceable, then the remainder of such Agreement shall remain valid and in force. The invalid or unenforceable provision shall be either: (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible; or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.
14.9 The rights under an Agreement only accrue to those parties to it, and, in the case of Gett, to any Gett Affiliate providing Services pursuant to clause 14.4. Except for the foregoing parties, no other person shall have rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term or condition of this Agreement.
14.10 The individual who clicks “I agree”, represents and warrants that they have full power and authority to enter into an Agreement and to fulfil all its terms and conditions on behalf of the Customer and they also represent and warrant that they have read and accepted these General Terms & Conditions and the DPA on behalf of the Customer.
14.11 Each party represents that it has not been induced to enter into an Agreement by, nor is it relying on, any representation or warranty outside those expressly stated in an Agreement.
14.12 Each Agreement, and any and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) is governed and construed in accordance with the laws of England & Wales and any proceedings resulting out of this Agreement, and any non-contractual obligations arising out of them, shall be held in the Courts of England.
DATA PROCESSING ADDENDUM
This data processing addendum (“DPA“) is incorporated by reference into the Agreement, and reflects the parties’ agreement with regard to the Processing of Personal Data under the Agreement. Capitalised terms not defined in this DPA shall have the meanings assigned to them in the Agreement.
By using the Services, Customer accepts this DPA and represents and warrants that it has full authority to bind Customer to this DPA. If Customer cannot or does not agree to comply with all the terms of this DPA, Customer shall not provide any Personal Data to Gett.
In the event of any conflict between certain provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail solely with respect to the Processing of Personal Data.
1.1 In this DPA, the capitalised terms below shall have the following meanings:
a) “CCPA” means the California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100 et. seq.
b) “Data Protection Laws” means all applicable and binding privacy and data protection laws and regulations, including such laws and regulations of the European Union, the European Economic Area and their Member States, Switzerland, the United Kingdom, Canada, Israel and the United States of America, as applicable to the Processing of Personal Data under the Agreement including (without limitation) the GDPR, the UK GDPR, and the CCPA, as applicable to the Processing of Personal Data hereunder and in effect at the time of Processor’s performance hereunder.
c) “Data Subject” means the identified or identifiable person to whom the Personal Data relates.
d) “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
e) “IDTA” shall mean the International Data Transfer Addendum to the Standard Contractual Clauses issued by the Information Commissioner’s Office in the UK as incorporated in Part 2 of Appendix 2.
f) “Personal Data” or “Personal Information” means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to a Data Subject or Consumer.
g) “Services” means the services provided to Customer by Gett in accordance with the Agreement.
h) “Security Documentation” means the Security Documentation applicable to the Services purchased by Customer, as updated from time to time, and made reasonably available by Gett upon Customer’s request.
i) “Sensitive Data” means any categories of Personal Data that are afforded a higher standard of protection such as “special categories of data” under the UK GDPR and GDPR.
j) “Standard Contractual Clauses” shall mean the Standard Contractual Clauses set out in the Annex of Commission Implementing Decision (EU) 2021/914 of 4 June 2021.
k) “Sub-processor” means any third party that Processes Personal Data under the instruction or supervision of Gett.
l) “UK GDPR” means the Data Protection Act 2018, as well as the GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (SI 2019/419).
m) The terms, “Controller“, “Member State“, “Processor“, “Processing” and “Supervisory Authority” shall have the same meaning as in the UK GDPR and GDPR. The terms “Business”, “Business Purpose”, “Consumer” and “Service Provider” shall have the same meaning as in the CCPA.
n) For the purpose of clarity, within this DPA “Controller” shall also mean “Business”, and “Processor” shall also mean “Service Provider”, to the extent that the CCPA applies. In the same manner, Processor’s Sub-processor shall also refer to the concept of Service Provider.
2. PROCESSING OF PERSONAL DATA
Roles of the Parties.
2.1 The Parties acknowledge and agree that:
2.1.1 with regard to the Processing of Personal Data by Gett for the sole purposes of, at the request of the Customer, registering and inviting Service Users to use the Gett Platform, ordering rides on behalf of Service Users, and de-registering Service Users (“Registration and De-registration”) the Customer is the Controller of Personal Data; and Gett is the Processor of such Personal Data and paragraphs 2.2 – 10 and 12 shall apply; and
2.1.2 with regard to any Processing of Personal Data obtained by Gett directly from a Service User, Gett is an independent controller of such Personal Data and paragraphs 11 and 12 shall apply.
2.2 Customer’s Processing of Personal Data. Customer’s instructions to Gett in respect of the Registration and De-registration of Service Users shall comply with Data Protection Laws including but not limited to ensuring that it has any and all required legal bases in order to collect, Process and transfer to Gett the Personal Data, and to authorize the Processing by Gett on Customer’s behalf, including the pursuit of ‘business purposes’ as defined under the CCPA.
2.3 Gett’s Processing of Personal Data.
2.3.1 When Processing on Customer’s behalf under the Agreement, Gett shall Process Personal Data in accordance with Customer’s instructions unless required under the laws applicable to Gett, and/or as required by a court of competent jurisdiction or other competent governmental or semi-governmental authority, provided that Gett shall inform Customer of the legal requirement before Processing, unless such law or order prohibits such information on important grounds of public interest.
2.3.2 Gett shall inform Customer without undue delay if, in Gett’s opinion, an instruction for the Processing of Personal Data given by Customer infringes applicable Data Protection Laws.
2.3.3 To the extent that Gett cannot comply with an instruction from Customer, Gett: (i) shall inform Customer, providing relevant details of the issue; and (ii) may, without liability to Customer, temporarily cease all Processing of the affected Personal Data (other than securely storing such data) and/or suspend Customer’s access to the Services. Upon receipt of the written notice in this paragraph 2.3.3(i) if the Parties do not agree on a resolution to the issue in question and the costs thereof, Customer may, as its sole remedy, terminate the Agreement the subject of the affected Processing, and Customer shall pay to Gett all Charges and other sums that were incurred under or in connection with such Agreement before the date of termination and which remains unpaid as at termination. Customer will have no further claims against Gett (including, requesting refunds for Services) as a result of or in connection with the termination of the Agreement pursuant to this paragraph.
2.3.4 Upon Customer’s reasonable request, Gett shall provide Customer, at Customer’s cost, with reasonable cooperation and assistance needed to fulfil Customer’s obligations under applicable Data Protection Laws to carry out a data protection impact assessment related to the Registration and De-registration of Service Users, to the extent Customer does not otherwise have access to the relevant information, and to the extent such information is available to Gett. Gett shall provide, at Customer’s cost, reasonable assistance to Customer in the cooperation or prior consultation with the Supervisory Authority in the performance of its tasks relating to this paragraph 2.3.4, to the extent required under the GDPR or the UK GDPR, as applicable.
2.4 Details of the Processing. The details of the Processing of Personal Data by Gett as a Processor are set out in Appendix 1 (Details of Processing) to this DPA.
2.5 Sensitive Data. The parties agree that the Services are not intended for the Processing of Sensitive Data, and that if Customer wishes to use the Services to Process Sensitive Data, it must first obtain Gett’s explicit prior written consent and enter into any additional agreements as required by Gett.
2.6 CCPA Standard of Care; No Sale of Personal Information. Processor acknowledges and confirms that it does not receive or process any Personal Information as consideration for any services or other items that Processor provides to Customer under the Agreement. Processor shall not have, derive, or exercise any rights or benefits regarding Personal Information Processed on Customer’s behalf, and may use and disclose Personal Information solely for the purposes for which such Personal Information was provided to it, as stipulated in the Agreement and this DPA. Processor certifies that it understands the rules, requirements and definitions of the CCPA and agrees to refrain from selling (as such term is defined in the CCPA) any Personal Information Processed hereunder without Customer’s prior written consent, nor taking any action that would cause any transfer of Personal Information to or from Processor under the Agreement or this DPA to qualify as “selling” such Personal Information under the CCPA.
3. DATA SUBJECT REQUESTS
Gett shall, to the extent legally permitted, notify Customer or refer Data Subject or Consumer to Customer, if Processor receives a request from a Data Subject or Consumer to exercise their rights (to the extent available to them under applicable Data Protection Laws) of access, right to rectification, restriction of Processing, erasure, data portability, objection to the Processing, their right not to be subject to automated individual decision making, to opt-out of the sale of Personal Information, or the right not to be discriminated against (“Data Subject Request”). Taking into account the nature of the Processing, Gett shall assist Customer by implementing appropriate technical and organizational measures, insofar as this is possible and reasonable, for the fulfilment of Customer’s obligation to respond to a Data Subject Request under Data Protection Laws. Gett may refer Data Subject Requests received, and the Data Subjects making them, directly to the Customer for its treatment of such Data Subject Requests.
Gett shall ensure that its personnel and advisors engaged in the Processing of Personal Data have committed themselves to duties of confidentiality.
5.1 Appointment of Sub-processors. Customer acknowledges and agrees and hereby authorizes Gett to engage Sub-processors that are: (a) an Affiliate of Gett; and (b) third-party Sub- processors for and on behalf of Gett and/or an Affiliate of Gett, in each case in connection with the provision of the Services.
5.2 List of Current Sub-processors and Notification of New Sub-processors. Gett will make available to Customer the current list of Sub-processors used by Gett to process Personal Data upon written request of Customer. The Customer provides general authorisation to Gett’s use of Sub-processors to Process Customer’s Personal Data on behalf of Customer, including those set out in such list.
5.3 Objection to New Sub-processors. Gett shall provide Customer with notification of any intended new Sub-processor(s) by sending an e-mail to email address address associated with the Customer Account. Customer may reasonably object to Gett’s use of a new Sub- processor, for reasons relating to the protection of Personal Data intended to be Processed by such Sub-processor, by notifying Gett promptly in writing within seven (7) days after receiving the aforesaid notice. Customer shall ensure that such written objection shall include the reasons for objecting to Gett’s use of such new Sub-processor. Failure to object to such new Sub-processor in writing within seven (7) days following Gett’s notice shall be deemed as acceptance of the new Sub-Processor. In the event Customer reasonably objects to a new Sub-processor, as permitted in the preceding sentences, Gett will use reasonable efforts to make available to Customer a change in the Services or recommend a commercially reasonable change to Customer’s configuration or use of the Services to avoid Processing of Personal Data by the objected-to new Sub-processor without unreasonably burdening the Customer. the termination date with respect to the Processing at issue shall be duly paid to Gett. Until a decision is made regarding the new Sub-processor, Gett may temporarily suspend the Processing of the affected Personal Data and/or suspend access to the Customer’s account applicable to the affected Agreement. Customer will have no further claims against Gett (including requesting refunds for Services) as a result of or in connection with the termination of the Agreement [(or any part of it)] pursuant to this paragraph 5.3.
5.4 Agreements with Sub-processors. Gett or Gett’s Affiliate on behalf of Gett has or will enter into a written agreement with each Sub-processor containing appropriate safeguards for the protection of Personal Data including the same or materially similar data protection obligations as set out in paragraphs 2.2 – 10 of this DPA. Where a Sub-processor fails to fulfil its data protection obligations concerning its Processing of Personal Data, Gett shall remain responsible for the performance of the Sub-processor’s obligations.
6. SECURITY & AUDITS
6.1 Controls for the Protection of Personal Data. Gett shall maintain industry-standard technical and organizational measures for protection of Personal Data Processed hereunder (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Personal Data, confidentiality and integrity of Personal Data, including those measures set forth in the Security Documentation), as may be amended from time to time. Upon the Customer’s reasonable request, Gett will reasonably assist Customer, at Customer’s cost in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR and/or UK GDPR taking into account the nature of the Processing and the information available to Gett.
6.2 Audits and Inspections. Upon Customer providing at least 14 days prior written request (no more than once every 12 months), Gett shall:
6.2.1 make available to Customer, and/or Customer’s independent, reputable, third-party auditor, information necessary to demonstrate Gett’s compliance with paragraphs 2.2 – 10 of this DPA, and
6.2.2 allow for and contribute to audits, including inspections, conducted by them, provided that:
(a) Gett shall not provide information to Customer pursuant to paragraph 6.2.1 where the Customer is a competitor of Gett (as determined by Gett);
(b) prior to receiving any information pursuant to paragraph 6.2.1 or Gett allowing for or contributing to audits or inspections pursuant to paragraph 6.2.2, each of the Customer and any third-party auditor shall enter into confidentiality undertakings satisfactory to Gett; and
(c) all such information, audits, inspections and the results therefrom, including the documents reflecting the outcome of the audit and/or the inspections, shall only be used by Customer and/or third party auditor to assess compliance with this DPA, and shall not be used for any other purpose or disclosed to any third party without Gett’s prior written approval.
6.3 Upon Gett’s request, Customer shall return all records or documentation in Customer’s possession or control provided by Gett in the context of the audit and/or the inspection. Nothing in this paragraph 6.2 varies or modifies the Standard Contractual Clauses nor affects any Supervisory Authority’s or Data Subject’s rights under the Standard Contractual Clauses.
6.4 In the event of an audit or inspections as set forth in paragraph 6.2, Customer shall ensure that it (and each of its mandated auditors) will not cause (or, if it cannot avoid, minimize) any damage, injury or disruption to Gett’s premises, equipment, personnel and business while conducting such audit or inspection.
7. DATA INCIDENT MANAGEMENT AND NOTIFICATION
Gett will maintain security incident management policies and procedures and, to the extent required under applicable Data Protection Laws, shall notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data Processed by Gett as Processor (a “Data Incident“). Gett shall make reasonable efforts to identify and take those steps as Gett deems necessary and reasonable in order to remediate and/or mitigate the cause of such Data Incident to the extent the remediation and/or mitigation is within Gett’s reasonable control. The obligations herein shall not apply to incidents that are caused by Customer or anyone who uses the Services on Customer’s behalf. Customer will not make, disclose, release or publish any finding, admission of liability, communication, notice, press release or report concerning any Data Incident which directly or indirectly identifies Gett (including in any legal proceeding or in any notification to regulatory or supervisory authorities or affected individuals) without Gett’s prior written approval, unless, and solely to the extent that, Customer is compelled to do so pursuant to applicable Data Protection Laws. In the latter case, unless prohibited by such laws, Customer shall provide Gett with reasonable prior written notice to provide Gett with the opportunity to object to such disclosure and in any case Customer will limit the disclosure to the minimum scope required.
8. RETURN AND DELETION OF PERSONAL DATA
Within 60 days following termination of the Agreement and subject thereto, Gett shall, at the choice of Customer (indicated through the Services or in written notification to Gett), delete or return to Customer all the Personal Data it Processes solely on behalf of the Customer as Processor and Gett shall delete existing copies of such Personal Data unless applicable Data Protection Laws require otherwise.
9. CROSS-BORDER DATA TRANSFERS
9.1 Transfers of Personal Data from the Customer in the EEA, Switzerland and/or the United Kingdom to Gett in a country that offers adequate level of data protection. Personal Data may be transferred from the Customer in the EU Member States, the three EEA member countries (Norway, Liechtenstein and Iceland) (collectively, “EEA“), Switzerland and/or the United Kingdom (“UK“) to Gett in a country that offers an adequate level of data protection under or pursuant to the adequacy decisions published in accordance with applicable Data Protection Laws (“Adequacy Decisions“), as applicable.
9.2 Transfers of Personal Data from the Customer in the EEA, Switzerland and/or the United Kingdom to Gett in a country that does not have an Adequacy Decision (“Third Country”). If there is a transfer of Personal Data from the Customer:
a) from the EEA or Switzerland to Gett in a Third Country, (“EEA Transfer”), the terms set forth in Part 1 of Appendix 2 (EEA Cross Border Transfers) shall apply;
b) from the UK to Gett in a Third Country, (“UK Transfer”), the terms set forth in Part 2 of Appendix 2 (UK Cross Border Transfers) shall apply; and
c) the terms set forth in Part 3 of Appendix 2 (Additional Safeguards) shall apply to an EEA Transfer and a UK Transfer.
10. GETT AS INDEPENDENT CONTROLLER
In relation to its Processing of Personal Data obtained by Gett directly from Service Users as an independent Controller, Gett shall, to the extent applicable under Data Protection Laws comply with its obligations under Data Protection Laws.
11. OTHER PROVISIONS
11.1 Modifications. Each party may by at least forty-five (45) calendar days’ prior written notice to the other party, request in writing any variations to this DPA if they are required as a result of any change in, or decision of a competent authority under, any Data Protection Laws, to allow Processing of Customer Personal Data to be made (or continue to be made) without breach of those Data Protection Laws. Pursuant to such notice: (a) the parties shall make commercially reasonable efforts to accommodate such modification requested by Customer or Gett believes is necessary; and (b) Customer shall not unreasonably withhold or delay agreement to any consequential variations to this DPA proposed by Gett to protect Gett against additional risks, or to indemnify and compensate Gett for any further steps and costs associated with the variations made herein at Customer’s request. The parties shall promptly discuss the proposed variations and negotiate in good faith with a view to agreeing and implementing those or alternative variations designed to address the requirements identified in Customer’s or Gett’s notice as soon as is reasonably practicable. In the event that the parties are unable to reach such an agreement within 30 days of such notice, then Customer or Gett may, by written notice to the other party, with immediate effect, terminate the Agreement to the extent that it relates to the Services which are affected by the proposed variations (or lack thereof). Customer shall pay to Gett all Charges and other sums that were incurred under or in connection with such Agreement before the date of termination and which remains unpaid as at termination. Customer will have no further claims against Gett (including requesting refunds for the Services) as a result of or in connection with the termination of the Agreement pursuant to this paragraph.
APPENDIX 1 – DETAILS OF THE PROCESSING
Nature and Purpose of Processing
1. Undertaking Registration and De-registration;
2. Performing the Agreement, this DPA and/or other contracts executed by the Parties;
3. Acting upon Customer’s instructions, where such instructions are consistent with the terms of the Agreement;
4. Sharing Personal Data with Sub-processors (e.g., integrations between the Services and any services provided by third parties, as configured by or on behalf of Customer to facilitate the sharing of Personal Data between the Services and such third party services);
5. Rendering Personal Data fully anonymous, non-identifiable and non-personal in accordance with applicable standards recognized by Data Protection Laws and guidance issued thereunder;
6. Complying with applicable laws and regulations;
7. All tasks related with any of the above.
Duration of Processing
Subject to any paragraph of the DPA and/or the Agreement dealing with the duration of the Processing and the consequences of the expiration or termination thereof, Gett as Processor will Process Personal Data pursuant to the DPA and Agreement for the duration of the Agreement, unless otherwise agreed upon in writing.
Type of Personal Data
Personal details (e.g. name, home address, business address), contact information (e.g. mobile phone number, pick-up and drop-off locations, employer/organization, position/job title).
Categories of Data Subjects
Customer may submit Personal Data relating to the following categories of Data Subjects:
Service Users, which may include Customer’s employees, consultants, agents, advisors, and guests.
APPENDIX 2 – CROSS BORDER TRANSFERS
PART 1 – EEA Transfers
1. The parties agree that the terms of the Standard Contractual Clauses are hereby incorporated by reference and shall apply to an EEA Transfer.
2. Module Two (Controller to Processor) of the Standard Contractual Clauses shall apply where the EEA Transfer is effectuated by Customer as the data controller of the Personal Data and Gett is the data processor of the Personal Data.
3. Clause 7 of the Standard Contractual Clauses (Docking Clause) shall not apply.
4. Option 2: GENERAL WRITTEN AUTHORISATION in Clause 9 of the Standard Contractual Clauses shall apply, and the method for appointing and time period for prior notice of Sub-processor changes shall be as set forth in Section 5.2 of the DPA.
5. In Clause 11 of the Standard Contractual Clauses, the optional language will not apply.
6. In Clause 17 of the Standard Contractual Clauses, Option 1 shall apply, and the Parties agree that the Standard Contractual Clauses shall be governed by the laws of the Republic of Ireland.
7. In Clause 18(b) of the Standard Contractual Clauses, disputes will be resolved before the courts of the Republic of Ireland.
8. Annex I.A of the Standard Contractual Clauses shall be completed as follows:
Data Exporter: Customer.
Contact details: As detailed in the Agreement.
Data Exporter Role:
Module Two: The Data Exporter is a data controller.
Signature and Date: By entering into the Agreement and DPA, Data Exporter is deemed to have signed these Standard Contractual Clauses incorporated herein, including their Annexes, as of the Effective Date of the Agreement.
Data Importer: Gett.
Contact details: As detailed in the Agreement.
Data Importer Role:
Module Two: The Data Importer is a data processor.
Signature and Date: By entering into the Agreement and DPA, Data Importer is deemed to have signed these Standard Contractual Clauses, incorporated herein, including their Annexes, as of the Effective Date of the Agreement.
9. Annex I.B of the Standard Contractual Clauses shall be completed as follows:
The categories of data subjects are described in Appendix 1 (Details of Processing) of this DPA.
The categories of personal data are described in Appendix 1 (Details of Processing) of this DPA.
The Parties do not intend for Sensitive Data to be transferred.
The frequency of the transfer is a continuous basis for the duration of the Agreement.
The nature of the processing is described in Appendix 1 (Details of Processing) of this DPA.
The purpose of the processing is described in Appendix 1 (Details of Processing) of this DPA.
The period for which the personal data will be retained is for the duration of the Agreement, unless agreed otherwise in the Agreement and/or the DPA.
In relation to transfers to Sub-processors, the subject matter, nature, and duration of the processing is set forth at the link detailed in Section 5.2.1 of the DPA.
10. Annex I.C of the Standard Contractual Clauses shall be completed as follows:
The competent supervisory authority in accordance with Clause 13 is the supervisory authority in the Member State stipulated in Section 7 above.
11. The Security Documentation referred to in the DPA serves as Annex II of the Standard Contractual Clauses.
12. To the extent there is any conflict between the Standard Contractual Clauses and any other terms in this DPA or the Agreement, the provisions of the Standard Contractual Clauses will prevail.
PART 2 – UK Transfers
The parties agree that the IDTA shall apply to a UK Transfer and this Part 2 is effective from 21 March 2022.
For the avoidance of doubt, defined terms set out in Part 2 of this Appendix 2 are set out in Part 2 Mandatory Clauses below.
Part 1: Tables
Table 1 of the Addendum shall be completed as follows:
- Data Exporter: Customer.
- Contact details: As detailed in the Agreement.
Signature and Date: By entering into the Agreement and DPA, Data Exporter is deemed to have signed this Addendum incorporated herein, as of the Effective Date of the Agreement.
- Data Importer: Gett
- Contact details: As detailed in the Agreement.
Signature and Date: By entering into the Agreement and DPA, Data Importer is deemed to have signed this Addendum, incorporated herein, as of the Effective Date of the Agreement.
Table 2 of the Addendum shall be completed as follows:
Addendum EU SCCs
The Approved EU SCCs, including the Appendix Information and with only the following modules, clauses or optional provisions of the Approved EU SCCs brought into effect for the purposes of this Addendum:
Module in operation
Clause 7 (Docking Clause)
Clause 9a (Prior Authorisation or General Authorisation)
Clause 9a (Time period)
Is personal data received from the Importer combined with personal data collected by the Exporter?
Shall not apply
Shall not apply
As set out in Paragraph 9.2 of the DPA
Table 3 of the Addendum
Annex IA shall be completed as follows:
- Data Exporter: Customer
- Contact details: As detailed in the Agreement.
- Data Exporter Role: Module Two: The Data Exporter is a data controller.
- Signature and Date: By entering into the Agreement and DPA, Data Exporter is deemed to have signed the Approved EU SCCs, incorporated herein, including their Annexes, as of the Effective Date of the Agreement.
- Data Importer: Gett
- Contact details: As detailed in the Agreement.
- Data Importer Role: Module Two: The Data Importer is a data processor.
- Signature and Date: By entering into the Agreement and DPA, Data Importer is deemed to have signed the Approved EU SCCs, incorporated herein, including their Annexes, as of the Effective Date of the Agreement.
Annex I.B shall be completed as follows:
- The categories of data subjects are described in Appendix 1 (Details of Processing) of this DPA.
- The categories of personal data are described in Appendix 1 (Details of Processing) of this DPA.
- The Parties do not intend for Sensitive Data to be transferred.
- The frequency of the transfer is a continuous basis for the duration of the Agreement.
- The nature of the processing is described in Appendix 1 (Details of Processing) of this DPA.
- The purpose of the processing is described in Appendix 1 (Details of Processing) of this DPA.
- The period for which the personal data will be retained is for the duration of the Agreement, unless agreed otherwise in the Agreement and/or the DPA.
- In relation to transfers to Sub-processors, the subject matter, nature, and duration of the processing is set forth at the link detailed in paragraph 5.2.1 of the DPA.
- The Security Documentation referred to in the DPA serves as Annex II.
- Annex III: List of Sub-processors shall not apply as Gett has a general written authorisation to use Sub-processors.
Table 4 of the IDTA
The Importer may end this Addendum as set out in Section 19.
Part 2: Mandatory Clauses
1. Each Party agrees to be bound by the terms and conditions set out in this Addendum, in exchange for the other Party also agreeing to be bound by this Addendum.
2. Although Annex 1A and Clause 7 of the Approved EU SCCs require signature by the Parties, for the purpose of making Restricted Transfers, the Parties may enter into this Addendum in any way that makes them legally binding on the Parties and allows data subjects to enforce their rights as set out in this Addendum. Entering into this Addendum will have the same effect as signing the Approved EU SCCs and any part of the Approved EU SCCs.
Interpretation of this Addendum
3. Where this Addendum uses terms that are defined in the Approved EU SCCs those terms shall have the same meaning as in the Approved EU SCCs. In addition, the following terms have the following meanings:
|Addendum||This International Data Transfer Addendum which is made up of this Addendum incorporating the Addendum EU SCCs.|
|Addendum EU SCCs||The version(s) of the Approved EU SCCs which this Addendum is appended to, as set out in Table 2, including the Appendix Information.|
|Appendix Information||As set out in Table 3.|
|Appropriate Safeguards||The standard of protection over the personal data and of data subjects’ rights, which is required by UK Data Protection Laws when you are making a Restricted Transfer relying on standard data protection clauses under Article 46(2)(d) UK GDPR.|
|Approved Addendum||The template Addendum issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18.|
|Approved EU SCCs||The Standard Contractual Clauses set out in the Annex of Commission Implementing Decision (EU) 2021/914 of 4 June 2021.|
|ICO||The Information Commissioner.|
|Restricted Transfer||A transfer which is covered by Chapter V of the UK GDPR.|
|UK||The United Kingdom of Great Britain and Northern Ireland.|
|UK Data Protection Laws||All laws relating to data protection, the processing of personal data, privacy and/or electronic communications in force from time to time in the UK, including the UK GDPR and the Data Protection Act 2018.|
|UK GDPR||As defined in section 3 of the Data Protection Act 2018.|
4. This Addendum must always be interpreted in a manner that is consistent with UK Data Protection Laws and so that it fulfils the Parties’ obligation to provide the Appropriate Safeguards.
5. If the provisions included in the Addendum EU SCCs amend the Approved SCCs in any way which is not permitted under the Approved EU SCCs or the Approved Addendum, such amendment(s) will not be incorporated in this Addendum and the equivalent provision of the Approved EU SCCs will take their place.
6. If there is any inconsistency or conflict between UK Data Protection Laws and this Addendum, UK Data Protection Laws applies.
7. If the meaning of this Addendum is unclear or there is more than one meaning, the meaning which most closely aligns with UK Data Protection Laws applies.
8. Any references to legislation (or specific provisions of legislation) means that legislation (or specific provision) as it may change over time. This includes where that legislation (or specific provision) has been consolidated, re-enacted and/or replaced after this Addendum has been entered into.
9. Although Clause 5 of the Approved EU SCCs sets out that the Approved EU SCCs prevail over all related agreements between the parties, the parties agree that, for Restricted Transfers, the hierarchy in Section 10 will prevail.
10. Where there is any inconsistency or conflict between the Approved Addendum and the Addendum EU SCCs (as applicable), the Approved Addendum overrides the Addendum EU SCCs, except where (and in so far as) the inconsistent or conflicting terms of the Addendum EU SCCs provides greater protection for data subjects, in which case those terms will override the Approved Addendum.
11. Where this Addendum incorporates Addendum EU SCCs which have been entered into to protect transfers subject to the General Data Protection Regulation (EU) 2016/679 then the Parties acknowledge that nothing in this Addendum impacts those Addendum EU SCCs.
Incorporation of and changes to the EU SCCs
12. This Addendum incorporates the Addendum EU SCCs which are amended to the extent necessary so that:
a. together they operate for data transfers made by the data exporter to the data importer, to the extent that UK Data Protection Laws apply to the data exporter’s processing when making that data transfer, and they provide Appropriate Safeguards for those data transfers;
b. Sections 9 to 11 override Clause 5 (Hierarchy) of the Addendum EU SCCs; and
c. this Addendum (including the Addendum EU SCCs incorporated into it) is (1) governed by the laws of England and Wales and (2) any dispute arising from it is resolved by the courts of England and Wales, in each case unless the laws and/or courts of Scotland or Northern Ireland have been expressly selected by the Parties.
13. Unless the Parties have agreed alternative amendments which meet the requirements of Section 12, the provisions of Section 15 will apply.
14. No amendments to the Approved EU SCCs other than to meet the requirements of Section 12 may be made.
15. The following amendments to the Addendum EU SCCs (for the purpose of Section 12) are made:
a. References to the “Clauses” means this Addendum, incorporating the Addendum EU SCCs;
b. In Clause 2, delete the words: “and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679”;
c. Clause 6 (Description of the transfer(s)) is replaced with: “The details of the transfers(s) and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred) are those specified in Annex I.B where UK Data Protection Laws apply to the data exporter’s processing when making that transfer.”;
d. Clause 8.8(i) of Module 2 is replaced with: “the onward transfer is to a country benefitting from adequacy regulations pursuant to Section 17A of the UK GDPR that covers the onward transfer;”
e. References to “Regulation (EU) 2016/679”, “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)” and “that Regulation” are all replaced by “UK Data Protection Laws”. References to specific Article(s) of “Regulation (EU) 2016/679” are replaced with the equivalent Article or Section of UK Data Protection Laws;
f. References to Regulation (EU) 2018/1725 are removed;
g. References to the “European Union”, “Union”, “EU”, “EU Member State”, “Member State” and “EU or Member State” are all replaced with the “UK”;
h. The reference to “Clause 12(c)(i)” at Clause 10(b)(i) of Module one, is replaced with “Clause 11(c)(i)”;
i. Clause 13(a) and Part C of Annex I are not used;
j. The “competent supervisory authority” and “supervisory authority” are both replaced with the “Information Commissioner”;
k. In Clause 16(e), subsection (i) is replaced with: “the Secretary of State makes regulations pursuant to Section 17A of the Data Protection Act 2018 that cover the transfer of personal data to which these clauses apply;”;
l. Clause 17 is replaced with: “These Clauses are governed by the laws of England and Wales.”;
m. Clause 18 is replaced with: “Any dispute arising from these Clauses shall be resolved by the courts of England and Wales. A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of any country in the UK. The Parties agree to submit themselves to the jurisdiction of such courts.”; and
n. The footnotes to the Approved EU SCCs do not form part of the Addendum, except for footnotes 8, 9, 10 and 11.
Amendments to this Addendum
16. The Parties may agree to change Clauses 17 and/or 18 of the Addendum EU SCCs to refer to the laws and/or courts of Scotland or Northern Ireland.
17. If the Parties wish to change the format of the information included in Part 1: Tables of the Approved Addendum, they may do so by agreeing to the change in writing, provided that the change does not reduce the Appropriate Safeguards.
18. From time to time, the ICO may issue a revised Approved Addendum which:
a. makes reasonable and proportionate changes to the Approved Addendum, including correcting errors in the Approved Addendum; and/or
b. reflects changes to UK Data Protection Laws;
The revised Approved Addendum will specify the start date from which the changes to the Approved Addendum are effective and whether the Parties need to review this Addendum including the Appendix Information. This Addendum is automatically amended as set out in the revised Approved Addendum from the start date specified.
19. If the ICO issues a revised Approved Addendum under Section 18, if any Party selected in Table 4 “Ending the Addendum when the Approved Addendum changes”, will as a direct result of the changes in the Approved Addendum have a substantial, disproportionate and demonstrable increase in:
a. its direct costs of performing its obligations under the Addendum; and/or
b. its risk under the Addendum,
and in either case it has first taken reasonable steps to reduce those costs or risks so that it is not substantial and disproportionate, then that Party may end this Addendum at the end of a reasonable notice period, by providing written notice for that period to the other Party before the start date of the revised Approved Addendum.
20. The Parties do not need the consent of any third party to make changes to this Addendum, but any changes must be made in accordance with its terms.
PART 3 – Additional Safeguards
1. In the event of an EEA Transfer or a UK Transfer, the Parties agree to supplement these with the following safeguards and representations, where appropriate:
a. The Processor shall have in place and maintain in accordance with good industry practice measures to protect the Personal Data from interception (including in transit from the Controller to the Processor and between different systems and services). This includes having in place and maintaining network protection intended to deny attackers the ability to intercept data and encryption of Personal Data whilst in transit and at rest intended to deny attackers the ability to read data.
b. The Processor will make commercially reasonable efforts to resist, subject to applicable laws, any request for bulk surveillance relating to the Personal Data protected under GDPR or the UK GDPR, including under section 702 of the United States Foreign Intelligence Surveillance Court (“FISA”);
c. If the Processor becomes aware that any government authority (including law enforcement) wishes to obtain access to or a copy of some or all of the Personal Data, whether on a voluntary or a mandatory basis, then unless legally prohibited or under a mandatory legal compulsion that requires otherwise:
I. The Processor shall inform the relevant government authority that the Processor is a processor of the Personal Data and that the Controller has not authorized the Processor to disclose the Personal Data to the government authority, and inform the relevant government authority that any and all requests or demands for access to the Personal Data should therefore be notified to or served upon the Controller in writing;
II. The Processor will use commercially reasonable legal mechanisms to challenge any such demand for access to Personal Data which is under the Processor’s control. Notwithstanding the above, (a) the Controller acknowledges that such challenge may not always be reasonable or possible in light of the nature, scope, context and purposes of the intended government authority access, and (b) if, taking into account the nature, scope, context and purposes of the intended government authority access to Personal Data, the Processor has a reasonable and good-faith belief that urgent access is necessary to prevent an imminent risk of serious harm to any individual or entity, this subsection (e)(II) shall not apply. In such event, the Processor shall notify the Controller, as soon as possible, following the access by the government authority, and provide the Controller with relevant details of the same, unless and to the extent legally prohibited to do so.
2. Once in every 12-month period, the Processor will inform the Controller, at the Controller’s written request, of the types of binding legal demands for Personal Data it has received and solely to the extent such demands have been received, including national security orders and directives, which shall encompass any process issued under section 702 of FISA.