1.1 The Reset service is a service designed to mitigate risk by matching positions in derivatives and other financial instruments between institutions who are participants of the service and who are holding opposite risk to each other (the “Reset Service”). Transactions are identified by the Reset Service (“Identified Transactions”) and then arranged between the relevant participants as further described in these terms of service (the “Terms”) and any supplemental guidelines or protocols from time to time in force (the “Reset Protocol”).
1.2 By using the Reset Service, You (meaning, for the purposes of these Terms, both individual traders and the institution that they represent) will be deemed to agree to these Terms each time You submit any Participant Data (as hereinafter defined) for inclusion in any Reset Session (as hereinafter defined).
1.3 The provider of the Reset Service is the Reset entity determined by reference to the Reset Protocol (“Reset”). If You do not agree to these Terms or you have not executed a version of these Reset General Terms of Service, Reset is unwilling to provide the Reset Service to You and You must cease submitting any Participant Data (as hereinafter defined) for inclusion in any Reset Session. Your compliance with these Terms is a condition of Your continued access to, and use of, the Reset Service.
1.4 Reset reserves the right to amend the Terms from time to time. Any changes will be notified to You via www.Reset.net or such successor website (the “Website”).
1.5 Unless otherwise defined herein, all capitalised terms used in these Terms shall have the meaning given to them in the Reset Protocol.
2.1 Reset shall provide the Reset Service in accordance with terms of the Reset Protocol which will apply to all Participants. In the event of a conflict or inconsistency between these Terms and the Reset Protocol, You agree that the terms of the Reset Protocol will prevail.
2.2 Reset may from time to time amend the Reset Protocol on five (5) business days’ prior written notice provided that any amendment may be made effective immediately on notice (including by email) where in Reset’s reasonable opinion, it is necessary to permit the Reset Service to comply with any applicable legal or regulatory requirement or applicable market convention. Your continued participation in Reset Sessions after receipt of such a notice shall constitute acceptance of such amendment.
2.3 To participate in a Reset Session, You may from time to time provide Reset with the data specified by the Reset Service, including information on Your risk positions and the risk criteria within which You wish for any Identified Transactions to be arranged (the “Participant Data”). You remain solely responsible for verifying the accuracy and completeness of all Participant Data supplied in any Reset Session and You shall have no claim against Reset in respect of such Participant Data howsoever arising. Reset is under no obligation to conduct any investigation as to the completeness or accuracy of any Participant Data provided by You.
2.4 By submitting Participant Data to and participating in a Reset Session, You (i) authorise Reset to arrange or execute, as the case may be, all Identified Transactions to which You will be a counterparty; (ii) agree to be bound by every Identified Transaction in that Reset Session; and (iii) shall be legally obliged to settle all its Identified Transactions in accordance with these Terms and the Reset Protocol. Reset will provide You with details of Your Identified Transactions following its participation in a Reset Session, enabling You to settle them.
2.5 All market and pricing data (including, without limitation, any Curve (as that term is defined in the Reset Protocol)) and any output provided to You by Reset (“Reset Data”) is confidential and is the intellectual property of Reset and/or its group companies or licensors. Use of the Reset Data for any purpose other than that which is directly related to Your use of the Reset Service or participation in a Reset Session is not permitted. Reset expressly reserves all rights in relation to the Reset Data. Should You wish to use the Reset Data for other purposes (e.g. in internal or external applications, or in calculation of indices for internal or external purposes), a separate data licence will be required.
2.6 For further information regarding obtaining a data licence in respect of the Reset Data, please contact NEX Data at enquiries@nexdata.com.
3.1 You are responsible for settling and, if applicable, clearing any Identified Transactions that are notified to You. Neither Reset nor its affiliates have any responsibility for the settlement or clearing of an Identified Transaction.
3.2 You are responsible for any underlying documentation with Your counterparties and, unless otherwise set out in the Reset Protocol or otherwise agreed with Your counterparty, there is an assumption that basic terms and conditions are as per the standard documentation published by the International Swaps and Derivatives Association.
4.1 The fees applicable to the Reset Service shall be agreed between the parties from time to time and shall be paid (without any right of set-off or deduction) on the submission of an invoice or on demand. All such fees are exclusive of any applicable sales or value added tax.
5.1 You agree that all intellectual property rights in and to any software, database, any website, tools, documentation, processes, data or material used in or produced by the Reset Service (the “Reset Materials”) are owned by, or licensed to, Reset, its affiliates and/or their licensors and You agree that such intellectual property rights shall remain vested exclusively in Reset, its affiliates and/or its licensors (other than You) and/or their respective successors. You shall not attempt to encumber or gain any rights whatsoever to any of the Reset Materials.
5.2 Reset agrees that all right, title and interest in and to all Participant Data shall belong to You. You hereby consent to and grant to Reset and affiliates a worldwide, non‐exclusive and royalty‐free licence to use, copy, modify and adapt the Participant Data to the extent reasonably required for the Reset Service (such licence shall include, but not be limited to, a right to prepare Reset Materials and make such Reset Materials available in accordance with these Terms), including use of services or solutions provided by Reset’s affiliates for which You have an agreement with a Reset affiliate.
5.3 You hereby grant Reset and its affiliates a worldwide, non-exclusive, perpetual and royalty‐free licence to use any data on Identified Transactions (“Transaction Data”) to create Derived Data for its and their business purposes as Reset and its affiliates see fit. For these purposes, “Derived Data” means data of any kind resulting from the manipulation, derivation, calculation and/or analysis of the Transaction Data, whether generated by human or machine, provided that such Derived Data is in an Anonymised Form and that it is created in such a way that it is not possible for a third party to reverse engineer the Transaction Data or any part of it. “Anonymised Form” means, in respect of Derived Data, in such form as would neither enable the transaction parties to be identified, nor their trading positions or strategies, nor specifics of individual transactions, nor containing any personal data. You acknowledge and agree that Reset owns all intellectual property rights in the Derived Data and that you do not have any rights to, or in, the Derived Data.
6.1 These Terms are effective from the date that You first participate in a Reset Session and shall continue until terminated in accordance with this Clause 6. Subject to the remainder of this Clause 6 and the terms of any Reset Protocol, either party shall have at any time the right to terminate these Terms on ten (10) business days written notice.
6.2 Subject to the remainder of this Clause 6 and the terms of any Reset Protocol, nothing in these Terms requires You to participate in a Reset Session or obligates Reset to call any Reset Session.
6.3 If You are in material breach of these Terms, Reset may suspend the provision of the Reset Service and/or a Reset Session to You or to Participants generally, whether or not it has served notice of breach in accordance with Clause 6.4.2.
6.4 Notwithstanding Clause 6.1, these Terms may be terminated by the other party immediately upon written notice if a party:
6.4.1 becomes insolvent or an order is made or a resolution passed for that party’s liquidation, administration, winding-up or dissolution (otherwise than for the purposes of a solvent amalgamation or reconstruction) or anything analogous to the foregoing occurs in any applicable jurisdiction; or
6.4.2 is in material breach of any of these Terms and (if such breach is remediable) fails to remedy that breach within a period of 7 days after being notified in writing to do so.
6.5 Any termination of these Terms whether in whole or in part shall not affect the accrued rights or liabilities of either party under these Terms, any Reset Protocol or the Your rights and obligations arising from Your participation in a Reset Session.
7.1 Except to the extent specifically set forth in these Terms, Reset makes no other representation or warranty with respect to the Reset Service, the Reset Materials or any data or materials retrieved, obtained, provided or transmitted by Reset or through the Reset Service. Except to the extent specifically set forth in these Terms, the Reset Service, the Reset Materials and all data and materials retrieved therefrom are being provided to the You “as is” and Reset hereby disclaims, in respect of the Reset Materials and any such data, any and all other representations or warranties, whether express or implied, including without limitation, any representation or warranty as to merchantability, fitness for a particular purpose or timeliness, any representations or warranties arising from course of dealing or course of performance, and any representations or warranties of accuracy, reliability or functionality.
7.2 You acknowledge that any data, including the Curve, provided by Reset through Your use of the Reset Service is obtained from sources believed to be reliable and may also be based on opinions, estimates, projections and extrapolations constituting Reset’s judgement (including that of its relevant affiliates and/or their respective licensors) and therefore should not be taken in substitution for the exercise of Your own commercial judgement and should not be construed as an offer, bid or solicitation in relation to any financial instrument.
8.1 Nothing in these Terms excludes or limits either Reset’s or Your liability for wilful misconduct, fraud or for death or personal injury arising from their respective negligence or any other liability that cannot be excluded by law.
8.2 Reset and its affiliates shall be under no obligation to ascertain or confirm Your authority or capacity for any purpose in connection with these Terms or the use of the Reset Service. Reset accepts no liability for the commercial advisability of any Identified Transaction or for any information supplied by any Participant in relation to any Identified Transactions.
8.3 Neither Reset nor its affiliates will be deemed to have recommended that any Identified Transaction should be accepted, nor will Reset or its affiliates have any responsibility for knowledge of or compliance with any applicable laws, regulations or rules applicable to You that limit Your authority to conduct Your business using the Reset Service. Neither Reset or its affiliates shall have any liability for losses resulting from any unauthorised use of the Reset Service.
8.4 Neither You, Reset and its affiliates, or their respective partners, officers, employees, directors, agents, contractors, representatives, successors and assigns, shall be liable to the other or anyone claiming under or through them for loss of profit, capital, interest, revenue, data, money, business, anticipated savings or any indirect or consequential loss or damages under or in connection with these Terms, any Identified Transaction or the receipt or use of the Reset Service, including without limitation, damages for loss of capital, interest, revenue, data or use, or interruption of business, even if such party had been advised of the possibility of such damages.
8.5 Other than as provided in Clause 8.1 and for any breach of Clause 10 (Confidentiality), Reset and its affiliates aggregate liability to You and Your affiliates, partners, officers, employees, directors, agents, contractors, representatives, successors and assigned under or in connection with the Reset Service, these Terms or any Identified Transaction, whether arising from negligence, breach of contract or otherwise shall not exceed in any 12-month period US$100,000.
8.6 Notwithstanding anything to the contrary in these Terms or the Reset Protocol, the liability of any Reset entity in the provision of the Reset Service is several and not joint.
8.7 You acknowledge that e-mail is not a secure or guaranteed medium, and that e-mails may be lost, delayed, corrupted, accessed, modified or spoofed in transit. Where You communicate with Reset, You agree that Reset shall not be liable for any losses attributable to any delay in receipt of any email or unauthorised access, modification or spoofing of any e-mail by any third party.
8.8 You acknowledge the Reset Service is dependent on third party services, including telecommunication services, trade reporting and affirmation services and central counterparties. Reset shall have no liability for any failure of, or otherwise arising out of or in connection with, any such third-party services.
8.9 You agree that the limitations and exclusions set out in these Terms are reasonable having regard to the levels of risk associated with the obligations under these Terms.
9.1 You and Reset each represent and warrant to each other that (i) the warrantor has the power and authority to execute, deliver and perform under these Terms; (ii) these Terms constitute legal, valid and binding obligations, enforceable against the warrantor in accordance with these Terms; and (iii) the warrantor’s performance of its obligations under these Terms will not violate any applicable laws or regulations, or any agreement by which it is bound or by which any of its assets are affected.
9.2 On each submission of Your Participant Data, You warrant and represent that as at the date of submission:
9.2.1 You are, and will remain, in compliance with all applicable/relevant laws and regulations of any relevant jurisdiction;
9.2.2 Your participation in any Reset Session will be in compliance with all applicable laws, rules and regulations and accepted trading rules, market customs and conventions and any applicable rulebooks;
9.2.3 all Participant Data or other information submitted from time to time by You shall be accurate and complete in all material respects as of the time of submission;
9.2.4 each Identified Transaction entered into by You is based on Your independent judgement and not on any recommendation or advice provided by Reset or the Reset Service;
9.2.5 Your participation in any Reset Session is solely on the exercise of your own commercial judgment.
9.2.6 You have, and will continue to have, the right and authority to agree to Identified Transactions in the manner contemplated by these Terms and each of such Identified Transaction shall constitute Your legal, valid and binding obligation, enforceable against You in accordance with its terms; and
9.2.7 You and Your counterparty to each Identified Transaction alone are responsible for identifying and entering into relevant legal agreements, setting any relevant credit limits, complying with any Prime Broker Limits (as applicable) and arranging settlement of any Identified Transaction and Reset shall not be responsible in any way for any failure to do so.
10.1 Other than as provided for in these Terms, You and Reset (each a “Recipient“) undertake to the other (“Disclosing Party“) to treat as confidential all information in any medium or format (whether marked “confidential” or not) which the Recipient receives from the Disclosing Party either directly or from any person, firm, company or organisation associated with the Disclosing Party, which concerns the transactions, business, operations or customers of any or all of the Disclosing Party and its affiliates including, without limitation, information arising from any Reset Session, which for the avoidance of doubt, shall include all Participant Data and Transaction Data arising from a Reset Session (“Confidential Information“). Other than as set out in these Terms, the Recipient may only use the Confidential Information for the purpose of participating in or providing (as the case may be) the Reset Service as contemplated by these Terms. Reset may disclose the fact that You are participating in a Reset Session to other participants.
10.2 These confidentiality obligations shall not apply to any information which:
10.2.1 enters the public domain other than as a result of a breach of this clause;
10.2.2 is received from a third party which is under no confidentiality obligation in respect of that information; or
10.2.3 is independently developed by the Recipient without use of the Disclosing Party’s Confidential Information.
10.3 The Recipient may disclose Confidential Information where required to do so by law or by any competent regulatory authority. Other than in ordinary course of fulfilling its reporting obligations to a competent regulatory authority, the Recipient shall give the Disclosing Party prompt advance written notice of the disclosure (where lawful and practical to do so) so that the Disclosing Party has sufficient opportunity (where possible) to prevent or control the manner of disclosure by appropriate legal means. Notwithstanding the foregoing, the Recipient may retain Confidential Information which it is obliged under law, regulation, code of practice or other similar legislation in any relevant jurisdiction to retain and disclose that Confidential Information in connection with any inquiry or other request by a regulatory authority or self-regulatory authority with jurisdiction over the Recipient.
11.1 Definitions
The terms “controller“, “data subject(s)“, “personal data“, “personal data breach“, “process” (and its cognates) and “processor“, when used in these Data Processing Terms, have the same meanings as in Regulation (EU) 2016/679 (the “GDPR“).
11.2 Scope of application
The terms contained in this Clause 11 apply only where Reset processes personal data (“Processed Personal Data“) as a processor on Your behalf, within the scope of the processing description set out in Schedule 1 and in order to provide the services described in paragraph 1 of that Schedule or elsewhere in these Terms (“Processing Services“).
11.3 Processing Instructions
Reset will only process the Processed Personal Data, and in particular only transfer any Processed Personal Data whose transfer is subject to the data privacy laws of the European Economic Area or the United Kingdom, respectively, to a country or territory outside that geographical area, including any transfer within a country or territory outside that geographical area, on Your documented instructions and You hereby instruct Reset to process the Processed Personal Data as Reset reasonably consider necessary to the performance of the Processing Services.
11.4 International data transfers
11.4.1 You acknowledge that, in accordance with Clauses 11.3 and 11.7, Reset may use Sub-processors (as defined in Clause 11.7) including its own affiliates/affiliated parties outside the European Economic Area and the UK to process the Processed Personal Data.
11.4.2 Before Reset or any of its Sub-processors transfers (or requires You in the receipt of the Processing Services to transfer) any Processed Personal Data subject to the Applicable Privacy Laws of the European Economic Area or the UK, respectively, to a Sub-processor in a country or territory outside that geographical area, Reset shall ensure that:
(a) the country or territory has adequate protection for personal data (or categories of personal data which include those Processed Personal Data) in accordance with the GDPR; or
(b) Reset, in its own right and (subject to Clause 11.4.3) as Your agent, has entered into a data transfer agreement with the Sub-processors in an appropriate form approved by the relevant competent body under the GDPR as providing appropriate safeguards to protect personal data and populated so that it applies to the transfer.
11.4.3 You hereby irrevocably authorise Reset to enter into data transfer agreements as referred to in Clause 11.4.2(b)as agent on Your behalf, including by ratification of Reset having entered into such agreements before the date of these Terms.
11.4.4 The parties acknowledge and agree, for the purposes of the data transfer agreement entered into under Clause 11.4.2(b) that:
(a) performance of Reset’s obligations under Clause 11.8 meets the data importer’s obligations to grant audit rights to You under that agreement;
(b) performance of Reset’s obligations under Clause 11.7 meets the data importer’s obligations to inform You of and obtain Your consent to the appointment of a Sub-processor under that agreement;
(c) Reset shall provide You, on request, with a copy of each agreement between the data importer and Reset entered into as contemplated by Clause 11.4.4(b), redacted to remove commercially sensitive information; and performance of this obligation meets the data importer’s obligation to provide copies of agreements with Sub-processors to You under that agreement; and
(d) liabilities of the data importer or Reset to You under or in connection with that agreement are deemed to be liabilities of Reset arising under or in connection with these Terms for the purposes of the limitations of liability clauses stipulated in these Terms.
11.5 Security Measures
Reset will at all times have in place the technical and organisational security measures described in Schedule 2 to protect the Processed Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. You confirm that You have reviewed those security measures, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing that Reset will carry out on Your behalf, and concluded that they are appropriate to the risks of varying likelihood and severity for the rights and freedoms of individuals that are presented by the processing.
11.6 Co-operation and Reasonable Assistance
11.6.1 Reset will:
(a) take appropriate technical and organisational measures, insofar as is possible, to assist You in responding to requests from data subjects for access to or rectification, erasure or portability of Processed Personal Data or for restriction of processing or objections to processing of Processed Personal Data (but Reset will not itself respond to any such data subject request except on Your written instructions); and
(b) give You such assistance as reasonably requested and Reset is reasonably able to provide to ensure compliance with Your security, data breach notification, impact assessment and data protection or data privacy authority consultation obligations under the applicable data privacy laws of the European Economic Area or the United Kingdom, taking into account the information available to Reset.
11.6.2 Reset may charge You for time spent and expenses incurred in providing You with co-operation and assistance as required by this Clause 11.6.
11.7 Sub-Processors and Employees
11.7.1 You hereby provide consent for Reset to engage other processors (“Sub-processors“) where Reset is required to do so in order to provide the Processing Services. Where a Sub-processor is appointed in accordance with this Clause 11.7.1, You hereby authorise Reset to provide equivalent instructions of those set out in Clause 11.3 to any Sub-processors on its behalf. Reset will ensure that any Sub-Processor is party to a written agreement binding on it with regard to You as controller and imposing obligations which are required under Article 28(3) of the GDPR.
11.7.2 Reset will ensure that all of its employees, and employees of its Sub-processors, authorised to have access to (or otherwise to process) the Processed Personal Data have committed themselves to confidentiality on appropriate terms or are under an appropriate statutory obligation of confidentiality.
11.8 Audit
11.8.1 Subject to Clauses 11.8.2 and 11.8.3, and on reasonable advance written notice, Reset will make available to the Client all information necessary to demonstrate compliance with the obligations under Article 28 of the GDPR and allow for and contribute to audits, including inspections conducted by the Client or a representative of the Client.
11.8.2 You will make (and ensure that its auditors make) all reasonable endeavours to avoid causing (or, if it cannot avoid, to minimise) any damage, injury or disruption to Reset’s premises, equipment, personnel and business while You or your auditors’ personnel are on Reset’s premises in the course of such an audit or inspection. Reset need not give access to its premises for the purposes of such an audit or inspection:
(a) to any individual unless he or she produces reasonable evidence of identity and authority;
(b) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and You have given prior written notice to Reset that this is the case; or
(c) for the purposes of more than one audit or inspection in any calendar year, except for any additional audits or inspections which:
(i) You reasonably consider necessary because of genuine concerns as to Reset’s compliance with this Clause 11.8; or
(ii) You are required or requested to carry out by applicable law or a competent data privacy authority, where You have identified concerns or the relevant requirement or request in reasonable detail in its notice to Reset of the audit or inspection.
11.8.3 Clause 11.8.1 does not require Reset to disclose to You or Your auditors any information disclosed to Reset in confidence by, or otherwise held by Reset in confidence on behalf of, any of its other customers or any other person.
11.8.4 Reset may charge You for time spent and expenses incurred in providing You with co-operation and assistance as required by this Clause 11.8.
11.9 Deletion or Return of Processed Personal Data
11.9.1 Subject to Clause11.9.2, when provision of the Processing Services is complete, or earlier if You withdraw instructions, Reset will as soon as is practicable delete (or return to You, at its option – to be exercised by written notice before the earlier of completion of provision of the Processing Services and withdrawal of its instructions) any Processed Personal Data in Reset’s possession or under its control which is subject to the data privacy laws of the European Economic Area or the United Kingdom.
11.9.2 However, Clause 11.9.1 does not require Reset to delete or return Processed Personal Data which it is required to retain by the law or regulation of a member state of the European Economic Area, the United Kingdom (as the case may be) or any other applicable law or regulation or any copies of Processed Personal Data which it is not technically practicable for Reset to locate and delete or return.
12.1 The invalidity or unenforceability of any provision of these Terms shall not affect the validity or enforceability of any other terms herein which will remain in full force and effect.
12.2 Each party acknowledges that any breach by it of its obligations under Clauses 5 and 9 may cause the other party irreparable harm and damage and therefore agrees that, in addition to any other rights or remedies that may be available to the other party at law or in equity, the other party shall be entitled to appropriate injunctive relief, without the posting of any bond or security.
12.3 You shall not assign or transfer or purport to assign or transfer these Terms or any part of it or the benefit or burden thereof without the prior written consent of Reset. Reset may assign or transfer these Terms or the benefit or burden thereof to any person (including by amending the Reset Protocol), save that Reset shall give You written notice if any such assignment or transfer is to a person not being an affiliate. Any purported assignment in contravention of this Clause 12.3 shall be void.
12.4 Any notices made under or in connection with these Terms must be in writing and, unless otherwise stated, may be given in person, prepaid first-class post, fax or by electronic communication in accordance with the contact information held, as applicable, by Reset and You. For the purpose of these Terms, an electronic communication will be treated as being in writing.
12.5 You acknowledge that any telephone call made to Reset or any of its affiliates may be recorded and that any such recording is Reset’s property and may be used by Reset or any of its affiliates in evidence.
12.6 Save as provided herein, these Terms contain the entire agreement and understanding of the parties regarding the subject matter hereof and supersedes any previous agreement between the parties relating to the subject matter hereof. Except as otherwise provided herein (in particular Clause 1.4), these Terms may not be amended, modified or superseded, unless expressly agreed in writing by the parties.
12.7 Save that Reset or any of its affiliates may enforce these Terms in accordance with its terms and in accordance with the Contracts (Rights of Third Parties) Act 1999, no provision of these Terms shall be enforceable under that Act by any third party.
12.8 The rights of Reset or You to terminate, rescind or agree any variation, waiver or settlement under these Terms, unless expressly stated, is not subject to the consent of any person that is not a party to these Terms.
12.9 Notwithstanding any termination of these Terms, Clauses 5, 6.5, 8, 9, 10, 11, 12.1, 12.2, 12.5, 12.6, 12.7, 12.9 and 13 shall apply and remain in full force and effect both during and after termination.
13.1 These Terms shall be construed in accordance with and governed by the laws of England and Wales (without regard to the principles of conflicts of laws) and the parties hereby submit to the non-exclusive jurisdiction of the courts of England and Wales for all matters arising hereunder.
SCHEDULE 1 PROCESSING DESCRIPTION
1. Services, subject matter and duration of processing
Processing Personal Data so as to facilitate risk mitigation services in accordance with the terms of the Reset General Terms of Service.
The Personal Data will be processed: (i) during the term of the General Terms of Service; (ii) during the provision of any termination assistance services if applicable; and (iii) in accordance with applicable law, regulations and contractual terms.
2. Nature and purpose of processing
The Personal Data described below will be processed by Reset in the course of providing the services to You.
3. Types of Processed Personal Data
Reset may process the following Personal Data: First Name, Last Name, Gender, Home Address, Date of Birth, Email address, Telephone number, National Identity Number, Identity Document image / photo (E.g., Passport, Driver’s license), Country of Residence, Country of Nationality, Place of Birth, Country of Birth, CV details, Occupation/Title, Trader ID.
4. Categories of data subjects
(i) Employees of the client or its affiliates using the services and/or systems on behalf of You or your affiliates.
(ii) Employees of the client or its affiliates involved in the administration of the services and/or systems.
SCHEDULE 2 SECURITY MEASURES
Reset has adopted certain security measures to:
1. pseudonymise and encrypt processed personal data;
2. ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
3. restore the availability of and access to processed personal data in a timely manner in the event of a physical or technical incident;
4. regularly test, assess and evaluate the effectiveness of technical and organisational measures for ensuring the security of the processing;
5. protect Your IT systems from third parties and in particular from disruption by any “back door”, “time bomb”, “Trojan Horse”, “worm”, “drop dead device”, “virus”, “malware” or other computer software routine intended or designed to: (a) permit access or use of information technology systems by a third person other than as expressly authorised; or (b) disable, damage or erase or disrupt or impair the normal operation of any information technology systems;
6. control access to premises and facilities;
7. identify and authenticate users;
8. prevent unauthorized access and monitor and log access;
9. transport, transmit and communicate or store data on data media (manual or electronic) and for subsequent checking;
10. segregate the responsibilities between the Reset and You;
11. assure data security (physical/logical) and protect processed personal data against accidental destruction or loss;
12. provide for separate processing (storage, amendment, deletion, transmission) of processed personal data for different purposes;
13. implement group policies regarding information security; and
14. implement contractual security obligations with You and suppliers.