- This agreement covers any and all Services provided by Memset® to the Customer as set out in the Order. The Order shall be contractually binding on the terms of this agreement.
- This agreement supersedes all prior agreements, understandings and arrangements, whether oral or written, as made between Memset® and the Customer, and, together with the Order, shall contain the entire understanding between Memset® and the Customer.
- In the event of any conflict or inconsistency between this agreement and the terms of any Order, the terms of such Order shall prevail, but this agreement shall prevail over the content of its Schedules and any other document incorporated into it. This agreement shall always prevail over any contractual terms and conditions or terms of business of the Customer.
- The capitalised terms used in this clause and in the remainder of this agreement shall be as defined in clause 2.
- The parties may enter into a separate addendum in relation to data protection of these services (“Data Protection Addendum”) and such Data Protection Addendum, if entered into by the parties, shall be deemed incorporated into this agreement. In the event of a conflict between this agreement and the Data Protection Addendum, this agreement shall prevail.
Information that is proprietary or confidential and is either clearly labelled as such or identified as Confidential Information in clause 11, or which would reasonably be considered confidential in the ordinary course. Memset® considers all Customer Hosted Data to be confidential from Memset’s® perspective, regardless of a Customer’s specific internal classification policy.
Customer (or you):
The legal person that has requested the Services in accordance with the Order.
Data, including data classified as Personal Data under the applicable Data Protection Laws, provided to Memset® by the Customer for the purpose of service provisioning and customer relationship management, where Memset® is considered the Data Controller as defined by the applicable Data Protection Laws.
Any element of the Customer Hosted Solution, together with all data hosted thereon, where responsibility for the management of the element(s) either (i) is solely that of the Customer or (ii) is on a shared basis between Memset® and the Customer and the Customer maintains administrative and / or contractual control over the element(s). Such elements include but are not limited to operating systems, platforms, software, network devices and controls and databases each of which are hosted by Memset® on behalf of the Customer on the Customer Hosted Solution or deployed by the Customer onto the Customer Hosted Solution.
Customer Hosted Data:
The data, materials and content hosted by Memset® on behalf of the Customer which may include, but shall not be limited to: Customer or third-party owned transactional e-commerce websites and other websites, data generated through the processing of Memset®-hosted Customer Hosted Data, CRM management data and core business applications where the Customer is deemed the Data Controller under the applicable Data Protection Laws.
Customer Hosted Solution:
The entirety of Memset® services that are purchased by or otherwise allocated to the Customer, including, but not limited to, virtual and physical network, compute and storage resources.
Data Protection Laws:
The Data Protection Act 1998, The Privacy and Electronic Communications (EC Directive) Regulations 2003 and, from 25 May 2018, the EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council ("GDPR") and/or other applicable data protection legislation in force (including any superseding or analogous legislation in force in England and Wales subsequent to the date on which the United Kingdom ceases to be a member state of the European Union), and references to “Data Controller”, “Data Processor” “Data Subject”, “Personal Data” and “Processing” shall be construed in accordance with the applicable Data Protection Laws.
Denial of Service / Distributed Denial of Service – A specific attack aimed at degrading or disrupting performance or availability of a Server or network’s proper functioning.
Exceptional maintenance that is time critical and related to high priority operational or security matters, such as an urgent networking issue impacting on the performance of multiple customers or a critical new security vulnerability. Emergency Maintenances may or may not include downtime or degradation of Services to Customers. Reasonable endeavours will be made to alert customers to Emergency Maintenances via email, SMS or Customer ticket including an identification of the time period in which the maintenance will occur (‘maintenance window’) prior to the maintenance occurring.
The date of this agreement.
The fees and charges payable by the Customer to Memset® in consideration of the Services as provided.
The initial term of this agreement as set out in the Order.
Memset® (or we or us):
Memset® Ltd (company number 04504980), of 87 Dunsfold Park, Stovolds Hill, Cranleigh, Surrey GU6 8TB (registered office).
Memset® Control Panel:
The web-facing applications made available by Memset for use by the Customer for the purposes of configuration and management of the Customer Hosted Solution.
Primary System Administrator:
The user of the Customer Hosted Solution that holds the ultimate technical power over the account to over-ride, alter or otherwise degrade configurations and controls implemented by Memset® on the Customer Hosted Solution, and may via the Memset® Control Panel, request or implement changes on the Customer Hosted Solution. Conventionally, this is the ‘administrative contact’ on the Customer account.
The request to purchase Memset® Services subject to the terms of this agreement.
The Retails Prices Index published by the Office for National Statistics or any successor body
The patching, upgrading, bug fixing or enhancing of software or the replacement, renewal of Network/Datacentre Infrastructure that has been communicated to Customers via individual or group ticket or email, providing a future time period in which maintenance will occur (‘Maintenance window’). Scheduled Maintenance may be scoped to Customer-specific, shared or Memset® core infrastructure and may or may not include downtime or degradation of Services to Customers, depending on the nature of the maintenance required.
An event or series of events that materially impact on the logical or physical confidentiality, availability or integrity of Memset’s or the Customer’s solution or data.
Any subscription services provided by Memset® to the Customer under this agreement, including but not limited to the provision of hosting services, network, compute and storage resources, consulting and technical administration.
Mass or Customer-specific communication made via the ticketing system built into the Memset® Control Panel.
The term of this agreement as defined in clause 14.
Malicious code - Any code or software that was developed with the intention to damage, disrupt, steal, or in general inflict some other “bad” or illegitimate action on data, hosts, or networks. Includes Viruses, Worms, Trojans, Bots, Back Doors, Spyware, and Adware.
- Memset® shall, during the Term, use commercially reasonable endeavours to provide the Services to the Customer as specified in the Order on and subject to the terms of this agreement, but subject to the either Party’s right to terminate this agreement in accordance with clause 14.
- Memset® may expand or contract the scope of the Services by issuing an amended Order to the Customer in advance of any such change.
- The Services shall be provided in accordance with the response times and guarantees set out in the Service Level Agreement.
- Memset® shall use its commercially reasonable endeavours to provide the availability of the Services in accordance with the Service Level Agreement, subject always to any planned or unscheduled maintenance notified to the Customer provided that Memset® has given reasonable notice to the Customer in advance.
- Certain Customers are deemed to be “UK Digital Marketplace” Customers (UKDMCs) and the provision of Services to all UKDMCs is subject to Schedule 1. For avoidance of doubt, Schedule 1 applies only to UKDMCs.
- The rights provided under this clause 3 are granted to the Customer only, and shall not be considered granted to any subsidiary or holding company of the Customer or any other related party.
4. Shared Spheres of Responsibility
- The Customer’s top-level Memset® Control Panel account user (‘Admin User’) is considered to be the Primary System Administrator of their Services. The responsibilities of the Primary System Administrator include, but are not limited to, the definition and maintenance of appropriate passwords and Customer user account configuration, Server Hardening, firewall Access Control Lists(ACL) and other industry standard or good practice controls.
- Memset® does not make representations as to the security of the Customer Hosted Solution as deployed by Memset® beyond those required by Memset’s own standards and compliance. The security of the Customer Hosted Solution requires continual maintenance and administration by the Customer. Memset® may be able to assist with this maintenance or execute instructions contained in Customer support tickets relative to the Support Level selected by the Customer. As the Primary System Administrator of their services, the Customer retains primary responsibility for the security and secure configuration of the Services that they purchase from Memset.
- The Customer is solely responsible for the security of their Memset® Control Panel user accounts including credentials, usernames and API tokens, and for the security of non-Memset® administration user accounts created on their hosted solution.
- Where Memset® maintains sole access to infrastructure or systems (as in the examples of Public Cloud hypervisors, host Servers underlying shared virtual infrastructure, back-end storage and backup systems, Memset® websites and shared customer Control Panels, core network) then Memset® will retain sole responsibility for the security and resilience of these infrastructures or systems.
5. Customer Hosted Data
- The Customer shall own all rights, title and interest in and to all of the Customer Hosted Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Hosted Data. The Customer is the Data Controller (as defined in the applicable Data Protection Laws) for all Customer Hosted Data.
- the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to Memset® so that Memset® may lawfully process the personal data in accordance with this agreement on the Customer’s behalf;
- each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage;
- the Customer must ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data comprising Customer Hosted Data to Memset® for the duration and purposes of this agreement so that Memset® may lawfully use, process and transfer the Personal Data in accordance with this agreement on the Customer's behalf.
6. Third Party Providers
- Memset® may use third party service provider to perform all or any part of the service, but Memset shall remain responsible to the Customer under this agreement for Service perform by its third party service providers to the same extent as if Memset performed the Services itself.
- Memset will undertake appropriate due diligence of any third party service provider used to provide services to the customer.
- This agreement does not confer any rights on any person or party (other than the parties to this agreement and, where applicable, their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.
7. Memset's Obligations
- Memset® undertakes that the Services will be performed in accordance with the provisions of Schedule 1 and Schedule2.
- Memset is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, outside of Memset’s sole control and the Customer acknowledges that the Services may be subject to limitations, delays and other problems inherent in the use of such communications facilities.
- Memset® will comply with its responsibilities as set out in the applicable Data Protection Laws as set out in the Data Processing Addendum.
- The parties shall comply with their respective obligations under the Data Processing Addendum relating to the privacy and security of the Customer Hosted Data and the Customer acknowledges that such document may be amended by Memset® at its sole discretion provided that Memset® provides prior notice of any such amendment, and shall have the right to provide such notification to the Customer by e-mail.
- Separate, and without prejudice, to the provisions of the Data Protection Addendum, which sets out the parties’ respective responsibilities in relation to Processing Personal Data comprising Customer Hosted Data, Memset® warrants that it has and will maintain all necessary licences, consents (but for the avoidance of doubt not including any consent required for the processing of personal data under Data Protection Laws where the Customer is Data Controller), and permissions necessary for the performance of its obligations under this agreement where such aspects fall under Memset’s responsibility. For clarity regarding licensing, the Customer should refer to the Memset Acceptable Use Policy.
- Memset® acknowledges, as a service provider to our customers, responsibility for the security of cardholder data that the service provider possesses or otherwise stores, processes, or transmits on behalf of the customer, to the extent that we could impact the security of the customer’s cardholder data environment. In addition to meeting our legal data protection responsibilities, we will continue to be certified against appropriate PCI-DSS requirements as defined in our AOC and ISO27001 scope.
8. Customer's Obligations
- The Customer shall:
- Provide Memset® with:
- all necessary co-operation in relation to this agreement;
- all necessary access to such information as may be required by Memset®.
- Adhere to the Memset Acceptable Use policy at all times;
- Comply with all applicable laws and regulations with respect to its activities under this agreement;
- Not remove, degrade or otherwise interfere with agents installed on the Customer Hosted System for the purposes of license audit;
- Carry out all other Customer responsibilities set out in this agreement in a timely and efficient manner. In the event of any delays in the Customer's provision of such assistance as agreed by the parties, Memset® may adjust any agreed timetable, delivery schedule or price as reasonably necessary;
- Obtain and maintain all necessary licences, consents, and permissions necessary for Memset®, its contractors and agents to perform their obligations under this agreement, including without limitation the Services;
- Ensure that its network and systems comply with the relevant specifications provided by Memset®;
- Be solely responsible for procuring and maintaining its network connections and telecommunications links from its systems to Memset®'s Data Centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Customer's network connections or telecommunications links or caused by the internet;
- Promptly notify Memset® of any actual or suspected breaches of security, or similar concerns, of which the Customer becomes aware;
- Comply with all responsibilities as Data Controller of the Customer’s Customer Hosted Data under the applicable Data Protection Laws.
- Provide Memset® with:
- The Customer acknowledges that it accepts all risk of any authorised, unauthorised or illegal use of the Memset® network by the Customer or by any party having contracted to the Customer which own any data, materials, content or inter-connected network hosted or accessible by means of any Server of Memset®.
- Memset® provides no warranties, makes no representations and accepts no liability for the unauthorised or illegal acts or interference with the Customer’s Server/network unless such access or interference is caused by the intentional unlawful acts of Memset®.
- The Customer acknowledges that where the Services comprise a cloud-based service on which either Customer Hosted Data or Customer Systems may be hosted, the Customer has sole responsibility and risk for the Customer Hosted Data and any Customer Systems that are hosted on the Services. To the extent permitted by law, Memset® shall have no liability to the Customer or any third party in respect of Customer Hosted Data or Customer Systems and any losses, damages, costs, fines, expenses or similar (and in relation to each of the aforesaid, whether direct or indirect) arising from the Customer Hosted Data and / or the Customer Systems(s).
- To the extent applicable by law, Memset® shall have no liability to the Customer or any third party in respect of any losses, damages, costs, fines, expenses or similar (and in relation to each of the aforesaid, whether direct or indirect, and including in relation to any Data Protection Laws) arising from the Customer’s failure to comply with its obligations under clause 8(5) or clause 8(6).
- Where the Memset is responsible for the Operating System patch level of Customer dedicated Hosting Infrastructure, (Private Cloud or Dedicated Servers) Memset will work with the customer in order to schedule security patching in a minimally disruptive fashion. Where the Customer elects to defer security patches recommended by Memset beyond a reasonable timeframe, (stated here as 14 days for Critical patches, 30 days for High and 90 days for Medium patches as per CVSSv.3 criteria) the Customer accepts all responsibility for security or insecurity of the dedicated Hosting Infrastructure. Memset may, in the event of material risk or actually impact to the security of Memset’s systems or other Customer’s infrastructure, declare a breach of AUP and unilaterally disable or update the unpatched infrastructure until the risk has been remediated by Customer action. Memset may require the Customer to sign a declaration provided by Memset to this extent in order to confirm deferral of High and Critical patches beyond a reasonable timeframe as stated above.
9. Fees and Payment
- The Customer shall pay the Fees to Memset® for the Services it uses in accordance with this clause 9 and the Order and Schedule 2.
- If Memset® has not received payment within 5 days after the due date, and without prejudice to any other rights and remedies of Memset®:
- Memset® may, without liability to the Customer and without the need to notify the Customer, disable the Customer's password, account and access to all or part of the Services and Memset® shall be under no obligation to provide any or all of the Services while the invoice(s) concerned remain unpaid; and
- interest shall accrue on a daily basis on such due amounts at an annual rate equal to 3% over the then current base lending rate of Barclays Bank, commencing on the due date and continuing until fully paid, whether before or after judgement.
- All amounts and fees stated or referred to in this agreement:
- shall be payable in pounds sterling, Euros or US dollars;
- are non-refundable;
- are exclusive of value added tax, which shall be added to Memset®'s invoice(s) at the appropriate rate.
- If, at any time whilst using the Services, the Customer exceeds the amount of storage space, network bandwidth or computing power made available by Memset® for the Customer’s purposes, Memset® shall charge the Customer, and the Customer shall pay, Memset®'s then current excess data storage fees network bandwidth or computing power.
- Memset® shall be entitled to increase the Fees with effect from the 1st of January of each year to reflect any percentage increase in the RPI during the previous year (as calculated and determined at Memset’s absolute discretion). Memset® shall give the Customer not less than 30 days’ prior notice in writing and the relevant Order shall be deemed to have been amended accordingly.
In the event that the RPI is discontinued or is no longer applicable, Memset® shall be entitled to use an alternative official index that measures inflation (by way of example, the Consumer Price Index).
9.6 Where a customer has been provided a discount for contracting services for an extended or specified term, they are responsible for ensuring payment until the end of the specified term. Should the customer cancel before the end of the term they shall pay the full outstanding term amount. Refer to Appendix A for discount terms and payment plan.
10. Proprietary Rights
- The Customer acknowledges and agrees that Memset® and/or its licensors own all intellectual property rights in the Services. Except as expressly stated herein, this agreement does not grant the Customer any rights to, or in, patents, copyright, database right, trade secrets, trade names, trademarks (whether registered or unregistered), or any other rights or licences in respect of the Services.
- Memset® confirms that it has all the rights in relation to the Services that are necessary to grant all the rights it purports to grant under, and in accordance with, the terms of this agreement.
- The Customer retains ownership of all intellectual property rights pertaining to the Customer Hosted Data.
- Each party may be given access to Confidential Information from the other party in order to perform its obligations under this agreement. A party's Confidential Information shall not be deemed to include information that:
- is or becomes publicly known other than through any act or omission of the receiving party;
- was in the other party's lawful possession before the disclosure;
- is lawfully disclosed to the receiving party by a third party without restriction on disclosure;
- is independently developed by the receiving party, which independent development can be shown by written evidence; or
- is required to be disclosed by law, by any court of competent jurisdiction or by any regulatory or administrative body.
- Each party shall hold the other's Confidential Information in confidence and, unless required by law, not make the other's Confidential Information available to any third party, or use the other's Confidential Information for any purpose other than the implementation of this agreement.
- Each party shall take all reasonable steps to ensure that the other's Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of this agreement.
- Neither party shall be responsible for any loss, destruction, alteration or disclosure of Confidential Information caused by any third party.
- The Customer acknowledges that details of the Services, and the results of any performance tests of the Services, constitute Memset®'s Confidential Information.
- Memset® acknowledges that the Customer Hosted Data is the Confidential Information of the Customer.
- This clause 11 shall survive termination of this agreement, however arising.
- No party shall make, or permit any person to make, any public announcement concerning this agreement without the prior written consent of the other parties (such consent not to be unreasonably withheld or delayed), except as required by law, any governmental or regulatory authority (including, without limitation, any relevant securities exchange), any court or other authority of competent jurisdiction.
- The customer shall pay the cost of any defending claim met by Memset, (including reasonable legal fees, applicable damages or fines) arising out of or in connection with alleged or actual negligence, breach of law or regulation, breach of an agreement with their customers or end users, of our Terms and Conditions, or of our Acceptable Use Policy.
- In no event shall Memset®, its employees, agents or sub-contractors be liable to the Customer to the extent that the alleged infringement is based on:
- a modification of the Services by anyone other than Memset®; or
- the Customer's use of the Services in a manner contrary to the instructions given to the Customer by Memset® including those in the Memset® Acceptable Use Policy; or
- the Customer's use of the Services after notice of the alleged or actual infringement from Memset® or any appropriate authority.
13. Limitation of Liability
- This clause sets out the entire financial liability of Memset® (including any liability for the acts or omissions of its employees, agents and sub-contractors) to the Customer:
- arising under or in connection with this agreement;
- in respect of any use made by the Customer of the Services or any part of them; and
- in respect of any representation, statement or tortious act or omission (including negligence) arising under or in connection with this agreement.
- Except as expressly and specifically provided in this agreement:
- the Customer assumes sole responsibility for results obtained from the use of the Services by the Customer, and for conclusions drawn from such use. Memset® shall have no liability for any damage caused by errors or omissions in any information, instructions or scripts provided to Memset® by the Customer in connection with the Services, or any actions taken by Memset® at the Customer's direction;
- all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this agreement; and
- the Services are provided to the Customer on an "as is" basis.
- Nothing in this agreement excludes the liability of Memset®:
- for death or personal injury caused by Memset®'s negligence; or
- for fraud or fraudulent misrepresentation.
- The service credits detailed within the Memset Service Level Agreement, which constitute your exclusive remedy should Memset fail to meet those set out in the agreement.
- Subject to clause 13.2 and clause 13.3:
- Memset®, its members, shareholders, directors, officers, employees or representatives shall not be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for any loss of profits or savings, loss of business, loss of data (including but not limited to Customer Hosted Data), loss or depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, or for any special, indirect or consequential loss, costs, damages, punitive or exemplary damages, charges or expenses however arising under this agreement; and
- Memset®'s total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of this agreement shall be limited to the total Fees paid for the Services by the Customer during the month immediately preceding the date on which the claim arose.
14. Term and Termination
- This agreement shall, unless otherwise terminated as provided in this Clause 14, commence on the date specified in the Order and shall continue for the Initial Term and, thereafter, this agreement shall be automatically renewed for successive periods of equal length to the Initial Term (each a Renewal Period), unless:
- either party notifies the other party of termination, in writing, at least 30 days before the end of the Initial Term or any Renewal Period, in which case this agreement shall terminate upon the expiry of the applicable Initial Term or Renewal Period; or
- otherwise terminated in accordance with the provisions of this agreement;
- and the Initial Term together with any subsequent Renewal Periods shall constitute the entire Term of this agreement.
- Without affecting any other right or remedy available to it, Memset® may terminate this agreement with immediate effect by giving written notice to the Customer if:
- The customer has failed to communicate with Memset to verify their new account.
- The Customer fails to pay any amount due under this agreement on the due date for payment and remains in default not less than 15 days after being notified in writing to make such payment.
- The Customer commits a material breach of any term of this agreement (if such breach is remediable) and fails to remedy that breach within a period of 30 days after being notified in writing to do so.
- The Customer repeatedly breaches any of the terms of this agreement in such a manner as to reasonably justify the opinion that its conduct is inconsistent with it having the intention or ability to give effect to the terms of this agreement.
- The Customer breaches the AUP as defined at: https://www.memset.com/about-us/aup/.
- The Customer has, on an ongoing basis, failed to make reasonable endeavours within their sphere of responsibility to mitigate the risk of DoS, DDoS or compromise or where continued service to the Customer carries commercially unreasonable risk of disruption or reputational damage to Memset® systems, other Memset® Customers or Memset® upstream providers.
- On termination of this agreement for any reason:
- all licences granted under this agreement shall immediately terminate at the end of their licensing period.
- any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the agreement which existed at or before the date of termination, shall not be affected or prejudiced.
14.4 Memset reserves the right to make changes to Terms and conditions within this document as it deems necessary from time to time to take into account operation and technical matters as well as any applicable changes to laws and regulations affecting the services provisioned. Memset® shall give the Customer not less than 30 days’ prior notice in writing and the relevant Order shall be deemed to have been amended accordingly
15. Force Majeure
Memset® shall have no liability to the Customer under this agreement if it is prevented from or delayed in performing its obligations under this agreement, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes (whether involving the workforce of Memset® or any other party), failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or sub-contractors, provided that the Customer is notified of such an event and its expected duration.
Memset® shall have the right to vary this agreement (including the Data Protection Addendum) upon giving one (1) month’s prior notice.
No failure or delay by Memset® to exercise any right or remedy provided under this agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.
18. Rights and Remedies
Except as expressly provided in this agreement, the rights and remedies provided under this agreement are in addition to, and not exclusive of, any rights or remedies provided by law.
If any provision (or part of a provision) of this agreement is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, that provision or its part in question shall be severed from the remaining provisions and shall not affect their validity or enforceability.
- The Customer shall not, without the prior written consent of Memset®, assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this agreement.
- Memset® may at any time assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this agreement.
21. Partnership or Agency
Nothing in this agreement is intended to or shall operate to create a partnership between the parties, or authorise either party to act as agent for the other, and neither party shall have the authority to act in the name or on behalf of or otherwise to bind the other in any way (including, but not limited to, the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).
22. Governing Law & Jurisdiction
This agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales. Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this agreement or its subject matter or formation (including non-contractual disputes or claims).
Schedule 1 - UK Digital Marketplace Customers
This clause applies to UK Digital Marketplace Customers only (the UK Government marketplace for digital services).
- Digital Marketplace Customers must select a Memset® data centre located in the UK for their hosting services for these terms to apply.
- All Data Centres and support delivery locations are appropriately secured to good industry practice levels. Data Centres and support delivery locations providing or supporting PSN services are additionally secured to at least PSN Codes of Connection requirements.
- All storage media used to store customer hosted data within its service life are physically destroyed using a CESG CAS (Sanitisation) accredited or equivalent process at end-of-life. All storage media used to store customer hosted data are tracked using Memset®'s internal asset management process.
- Customers on specifically dedicated services including Dedicated Servers, dedicated Network Security Appliances and Private Cloud will operate on Servers that are dedicated to them. Services such as Cloud VPS (Miniserver), shared Cloud Storage and most security services will operate on platforms that are physically shared with multiple customers with appropriate logical segregation in place.
- Vulnerability Mitigation Timescales
Memset® maintains a large number of systems which are configured to automatically apply security patches to non-service impacting software when they become available. Other patches with potential service impact will only be applied after successful and thorough testing. In this case patch maintenance notification to customers will follow this schedule below:
- Critical: 5 working days
- High: 10 working days
- Medium and low: As per normal patch maintenance schedules
- Memset® is only responsible for patching vulnerabilities on Operating Systems and applications within Memset’s sphere of support and customer SLA, not including third party software installed by the Customer. Memset® is responsible for patching potentially impacting vulnerabilities on shared customer infrastructure.
Schedule 2 - Fees Policy
The Customer agrees to pay Memset®, without limitation, for the Services it uses. Memset® reserves the right to charge the Customer standard hourly rates as specified in the support section, to cover the resolution of excessive or unusual problems or complaints.
Invoices are emailed to the current billing email address. Unless stated in Schedule 2 point 4 Exceptions below Monthly Service Fees are invoiced in advance. Payment is due on the payment date provided on the invoice.
Clients are fully responsible to ensure payment of all amounts due are paid on time independently of receiving invoice or billing notifications by email from Memset®. Overdue services may be disconnected at any time after the expiry date. All data will be deleted on the effective termination date unless alternative arrangements are made with Memset®.
2. Cancellation Policy
Unless stated in Schedule 2 point 4 Exceptions or otherwise negotiated in writing, each Service contract renews on expiry of its Initial Term for another equal Term. In order to cancel a Service contract the Customer must notify Memset® at least 30 days before expiry of the current Term via the online cancellation form.
If a service is cancelled with less than the Term remaining an invoice will be issued for the additional days. There are no partial refunds or credits for early cancellations. All payments to Memset® are final and non-refundable.
3. Overdue payments
All invoices are due on the payment date stated on the invoice. At our discretion we may refer overdue payments to our debt collections agency, and in that event an administration charge will be added to the outstanding amount. The value of the administration charge is discretionary, but would be a minimum of 25% of the overdue amount.
Some of our Services have different payment and cancellation terms. They are listed below:
1. Cloud VPS (Miniserver)
Cloud VPS (Miniserver) may be purchased by the month or by the hour.
If purchased by the month the cancellation notice period is a minimum of 7 days or until the end of the rental period, whichever is longer.
If purchased by the hour the cancellation notice period is one hour. By the hour Miniserver VM® virtual Servers are billed for in arrears.
There will be no partial refunds or credits for any early cancellations received.
Cancellation request notifications are made via the online forms only.
2. Cloud Storage
Cloud Storage is chargeable only when it is being used to store data. Those charges are accumulated by the hour and are charged in arrears. The cancellation notice period is one hour, however charges will also cease to accumulate if the Customer deletes all data in their Cloud Storage account.
Cloud IaaS is chargeable only when compute, networking or storage resources are provisioned. Charges for these services are accumulated by the hour and are charged in arrears. The cancellation notice period is one hour, however charges will also cease to accumulate if the Customer removes all of their infrastructure in the Cloud IaaS platform. To clarify:
All compute resources are billable unless they are in any of the following states:
Therefore, instances in SHUTOFF state are still billable. This is because the instance's compute resources are reserved on the hypervisor.
Routers connected to the external network will have 1 IP address which is always billable.
Additionally, Floating IP addresses allocated to your project are always billable whether they are attached to an instance or not. You need to disassociate it the IP from the instance and then release from the project to not be billed.
Storage is always billable.
4. Discounts and Special Offers
Unless otherwise indicated in the offer, where the Customer orders Services in conjunction with Discount Codes or Special Offers, such offers can only be used on a new order and will be on the basis of one offer per customer.