Exelsys
Online Services Terms of Use
Last Updated: 24/06/2025
General Terms of Use of the Online Service.
You may access and use the online
service as described below.
1.
This Agreement (the “Agreement”) is entered into by and between Exelsys Limited (“Exelsys”
or “We”), a company registered in the United Kingdom, with registration number
6807312 and having its registered office at 21 Aylmer Parade, Aylmer Road,
London N2 0AT, United Kingdom which shall include all or any of its
subsidiaries, affiliates, agents, successors or assigns and the entity agreeing
to the terms herein (“You” or “Customer”). This Agreement will be effective as
of the date You click the “I Accept” button as part of the
ordering/registration process, or when You have signed an order form for the Service
directly with Exelsys or with any one of the Exelsys Authorised resellers or
when You have first used the Service, whichever is earlier (the “Effective
Date”). If You are accepting on behalf of Your employer or another entity, You
represent and warrant that: (i) You have full legal authority to bind Your
employer or such entity to these terms and conditions of this Agreement; (ii) You
have read and understand the terms and conditions of this Agreement; and (iii) You
agree, on behalf of the party that You represent, to this Agreement. This
Agreement governs the Customer's access to and use of the Service (as defined
below).
2.
General. Exelsys hereby grants to the Customer
a non-exclusive, non-transferable, worldwide Licence to use the Service, solely
for the Customer’s own internal business purposes, subject to the terms and
conditions of this Agreement. All rights not expressly granted to the Customer
are reserved by Exelsys and its licensors. This License is non-exclusive,
non-perpetual, and is not transferable. The License granted is for a specific and
limited number of Active Employees, number of Users, number of Mobile Only
Users and the Licensed Modules included in the Subscription.
3.
License
Term License Terms– The duration of a Subscription is usually
annual and is renewed from year to year as described in clause 11 of this
Agreement.
4.
Definitions:
·
“Account” means any account created for the
Customer pursuant to the use of the Online Service.
·
“Active Employee” means an employee who at
the time of consideration is Employed by the Customer.
·
“Affiliate” means any legal entity that a
party owns, that owns a party, or that is under its common ownership.
"Ownership" means, for purposes of this definition, control of more
than a 50% interest in an entity.
·
“Business Day” means: a day other than Saturday or Sunday or public holiday
·
“Employee”
means an employee of the Customer whose records are maintained in the system.
·
“Exelsys
Authorised Business Partner” means a company who is authorized to sell Exelsys
subscriptions to Customers.
·
“License”
means the rights granted by Exelsys to Customer to access, display, run and/or
otherwise interact with the Online Service and/or Customer Software, as
applicable.
·
“Licensed
Module” means the right granted to use a specific set of functions to be used
through the Online Service
·
“Mobile Only User” means a Customer’s
named end-user who has access to the Online Service only through the mobile
device or the mobile device application used on a personal computer.
·
“Normal Business Hours” means: the hours between 8:00 – 17:00, in the
Customers time zone, which fall within a Business Day.
·
“Online Service” means the Exelsys HCM
Platform including any of its sub-systems.
·
“Order” means an order for the Online
Services received on the Exelsys website or through any Exelsys authorised
representative. An Order may include multiple Subscriptions to Online Services.
·
“Service” or “Services” or “Online Service”
means: the provision of a platform by Exelsys and the services and other
activities to be supplied to or carried out by Exelsys under this Agreement.
·
“Subscription” means the part of the Order
identifying the specific Online Service being ordered and may include the
quantity, ship-to address, or other information.
·
“Support Ticket” means a problem related to
the Service or its use communicated to Exelsys through the Support Tickets form
available on the Service.
·
“Term or License Term” means the duration of
a Subscription.
·
“User” means each Customer’s named end-user
who has access to the Online Service.
·
“Planned Maintenance” means periods when the
Online Service is being maintained and the customer was previously notified.
·
“Unplanned Maintenance” means periods when
the Online Service is being maintained without the customer having been
previously notified.
·
“Down Time” means the time during which the
Online Service is unavailable.
5. Limitations of Use: The Customer shall not (i) license, sublicense, sell, resell, transfer, assign, or otherwise commercially exploit or make available to any third party the Online Service in any way; (ii) modify or make derivative works based upon the Online Service; (iii) create Internet "links" to the Service, or "frame", or "mirror" any content on any other server or wireless or Internet-based device; or (iv) reverse engineer or access the Online Service in order to (a) build a competitive product or service, (b) build a product using similar ideas, features, functions or graphics of the Service, or (c) copy any ideas, features, functions or graphics of the Online Service. User Licenses cannot be shared or used by more than one User but may be reassigned from time to time to new Users who are replacing former Users who have terminated employment or otherwise changed job status or function and no longer use the Service. The Customer may use the Online Service only for the Customer’s internal business purposes and shall not: (i) send spam or otherwise duplicative or unsolicited messages in violation of applicable laws; (ii) send or store infringing, obscene, threatening, libellous, or otherwise unlawful or tortious material, including material harmful to children or violative of third party privacy rights; (iii) send or store material containing software viruses, worms, Trojan horses or other harmful computer code, files, scripts, agents or programs; (iv) interfere with or disrupt the integrity or performance of the Service or the data contained therein; or (v) attempt to gain unauthorized access to the Service or its related systems or networks.
6.
“Customer Software” - In some cases,
the Customer may need to install Exelsys supplied Software to be able to access
and use the Online Service as described in this Agreement. The Customer may
make copies of the Software solely to support the applicable Online Service for
its Users and under the provisions of this Agreement. Copies must be true and
complete copies (including copyright and trademark notices) and be made from an
Exelsys approved media or a network source.
7. License Terms Updates - We may update these license terms from time to time. If We do, Your use of the Online Service under any existing License type during the greater of either 12 months from the time You first used it, or the length of Your committed term will be governed by these license terms without those updates. Despite this commitment on use rights, if We are required by law to change the license terms, those new terms will apply immediately. We will endeavour to notify You of updates at least 7 days before they are generally effective. You agree to the new terms, by using the Online Service after We publish them in these Online Services use rights or send You an email notice about the updates.
8.
Online Service Update. - We
may modify the functionality or features or release a new version of the Online
Service from time to time. After an
update, some functionality or features may not be available.
9. Online Service Suspension or Termination - We may suspend or terminate the Online Service if:
a.
We believe that Your use of the Online Service
represents a direct or indirect threat to our network function or integrity or
anyone else’s use of the Online Service;
b.
We believe that You have violated this Agreement;
c.
a Customers use
exceeds any quotas specified in the documentation for that Online Service;
d.
We are otherwise required by law to do so, or;
e.
the subscription remains unpaid for more than
30 days.
Before
we suspend the Online Service for any one of the above causes, we will inform You
accordingly in writing at least 15 days before the suspension takes effect.
10. Online Service Expiration or Termination. This Agreement will remain in effect unless it is cancelled by the Customer or terminated by Exelsys in accordance with clause 9 above. The Customer may cancel the Agreement by informing in writing Exelsys or the Exelsys Authorised Business Partner at least 90 days before the end date of the Subscription, otherwise the Subscription will automatically be renewed, and the Customer will be invoiced. All payment obligations are non-cancellable, and all amounts paid are non-refundable.
The
Customer may terminate this Agreement in whole at any time by sending a 30 days
written notice to this effect if:
· The
Service for any reason, other than the customer not having paid the
subscription fee, becomes unavailable to the Customer and remains as such for
more than two consecutive days for incidents of Priority 1 & 2 as per
clause 31 of this Agreement.
· Exelsys
and the Customer shall notify each other as soon as reasonably practicable, if
any circumstances have arisen or are reasonably likely to arise which may give
rise to either party being entitled to terminate this Agreement.
Upon
expiration or termination of Your Online Service subscription, You must contact Exelsys and tell us whether to:
a.
disable Your account and then delete Your Customer
Data; or
b.
Availability of customer data – Exelsys
provides the tools to the customer to extract the customer data in various
formats as any time before the subsctription expires
and is terminated.
No Liability for Deletion of Customer
Data. In the event that You do not contact Exelsys within 30 days
of the termination of Your Online Service Subscription You agree that, other than as described in this Agreement or subject
to any Applicable Law, We have no obligation to
continue to hold, export or return Your Customer Data and will therefore,
delete it. Furthermore, You agree that Exelsys will have no liability whatsoever for
deletion of Your Customer Data pursuant to this Agreement.
11.
Subscriptions
& Payments
Exelsys subscriptions for
using the Service are payable yearly and in advance and must be made to Exelsys
or to the Exelsys Authorised Business Partner, from which You have procured the
Online Service. All payment obligations are non-cancellable, and all amounts
paid are non-refundable. Customer is responsible for paying for all User Licenses
ordered for the entire License Term, whether such User licenses are actively
used. The Customer must provide Exelsys or the Exelsys Authorised Business
Partner, a signed purchase order as a condition to signing up for the Online
Service. Customer may request to add additional modules of the Service by sending
an additional written Order directly to Exelsys or through an Exelsys
Authorised Business Partner. These “Added Licences” will be subject to the
following:
i.
Added Licenses will be coterminous with the
pre-existing License Term (either initial Term or renewal term);
ii.
the fee for the Added Licenses will be the
then current, generally applicable License fee; and
iii.
Any Added Licenses acquired in the middle of
a billing period will be charged on a pro-rata basis to the nearest quarter, for
the length of time the Additional Licenses will be used until the expiration of
the billing period in effect.
iv.
Exelsys reserves the right to modify its fees
and charges and to introduce new charges at any time, upon at least 30 days
prior notice to the Customer, which notice may be provided by e-mail or posted
on the Exelsys website. All pricing terms are confidential, and the Customer
agrees not to disclose them to any third party.
12.
Responsibility
for Your Accounts. You
are responsible for Your passwords, if any, and all activity with Your Online Service
Accounts. This includes activities by Users You have provisioned, and dealings
with third parties that take place through Your Account or associated Accounts. You must keep Your Accounts and passwords
confidential. You must inform us immediately if You suspect any possible misuse
of your Accounts or any security incident related to the Online Service.
13.
Use
of other websites and services. You may need to use certain Exelsys websites
or services to access and use the Online Services. If so, the terms of use associated with those
websites or services, as applicable, apply to Your use of them.
14.
Your Customer
Data. You
may be able to submit Customer Data for use regarding the Online Service. Except for materials we license to You We do
not claim ownership of Customer Data You submit for use with the Online Service.
It is
Your responsibility to make appropriate use, in line with the intended use, of
the above functionality as well as of Your Customer Data.
15.
Privacy.
a. For the purposes of this Agreement the Customer agrees and acknowledges that Exelsys is acting as a Processor and the Customer as a Controller.
b. The Processing of Customer Data by Exelsys shall be governed by the Agreement and Applicable Laws.
c. Exelsys shall at all times have in place, appropriate technical and organisational security measures so that the Personal Data is protected against unauthorised or unlawful Processing and against accidental loss, destruction or damage.
d. Exelsys shall conduct audits at least annually of the security of computers, computing environment and physical data centres that it uses (are used) in processing the Personal Data.
e. At least one audit per annum shall be performed by qualified, independent, third party security auditors at Exelsys’ selection and expense which shall result in the generation of an audit report. The audit report shall clearly disclose any material findings by the auditor. Exelsys shall endeavour to promptly remediate critical issues raised in any such report.
f. Exelsys shall remain responsible for obligations which are performed by employees, agents, sub-contractors or third parties and for the acts or omissions of employees, agents, sub-contractors and third parties as if they were acts or omissions of Exelsys.
g. Exelsys shall ensure that any such sub-contractor or agent is required by contract to comply with obligations at least equivalent to those imposed on Exelsys by this Agreement.
h. Customer may submit Personal Data to the Online Service, the extent of which is determined and controlled by the Customer in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of Data Subjects:
· Employees of the Customer
· Absences and Time Attendance Data
· Position History and Compensation Data
· Employee Training and Development Data
· Vacancies and Job Applicants
· Employee Appraisals
· Employee Surveys
i.
The Types of Data Covered by this
agreement: Exelsys provides a
storage and processing framework that Customers can use to store and
manage the various categories of data as listed above. The actual data
items submitted to the Online Service are solely determined by the Customer.
There is however, a set of data items that
are compulsory and these are:
·
Employee code, first and last name, gender, birth
date, employment date
·
Applicant code, gender, birth date, registration
date, email, job applying for
j. The Exelsys Online Service allows the Customer to Process any employee Personal Data that the Customer may deem necessary as a Controller.
k. Exelsys uses Microsoft as a sub-Processor of the Customer Data. Exelsys uses the Microsoft Azure PaaS infrastructure services to process Customer Data. Exelsys shall not engage any other third-party Processor or sub-Processor without the Customer’s prior written authorization. Exelsys shall inform the Customer in case of any addition or replacement of any third-party Processor or sub-Processor and get the Customer’s consent.
l. Exelsys shall Process Customer Data only for the purposes of the Services provided under this Agreement unless this is required by Applicable Laws to which Exelsys is subject, in which case Exelsys shall to the extent permitted by Applicable Laws, inform the Customer of that legal requirement.
m. Exelsys Online Service Processes Customer Data according to the instructions of the Customer. For any other Processing required by the Customer (Data Controller) that cannot be done by the Data Controller Administrators, using the Exelsys Online Service functionality, Customers are required to submit clear instructions to Exelsys in writing.
n. Any actions undertaken by the Customer is recorded in audit logs by the Exelsys Online Service. These audit logs are available to the Customer pursuant to Article 30 (2) of the GDPR.
o. Exelsys shall assist the Customer in responding to any requests for exercising Data Subjects rights under Applicable Laws, always taking into account the nature of the Processing and insofar as this is possible.
1. Exelsys shall assist the Customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of the Processing and the information available to Exelsys. We shall make available to the Customer all information necessary to demonstrate compliance with its obligations as provided in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by or on behalf of the Customer;
2. Exelsys shall assist the Customer in responding to any requests for exercising Data Subjects rights under Applicable Laws, always taking into account the nature of the Processing and insofar as this is possible.
3. Exelsys shall delete or return all the Customer’s Personal Data to the Customer as requested by the Customer after the end of the provision of Services or upon the termination of this Agreement. Exelsys may retain Customer Personal Data to the extent required by Applicable Laws and for such a period as required by Applicable Laws. Such Customer Personal Data will be processed in accordance and for the purpose(s) specified in the Applicable Laws requiring its storage;
p. Exelsys shall without undue delay inform the Customer if, in its opinion, an instruction given by the Customer infringes the GDPR.
q. Personal Data collected through the Online Service may be transferred, stored and processed within the European Union in an encrypted format. This includes any Personal Data You collect using the Service. By using this Online Service, You acknowledge and agree to the transfer of User Data outside of Your country within the European Union. You also agree to comply with all Applicable Laws during the collection of Personal Data and to inform Users about:
· the transfer of User Data to Exelsys who is acting as a Data Processor
· the storage and processing of data by Exelsys acting as the Data Processor
r. In the course of providing the Service to the Customer under this Agreement, Exelsys shall process User Data only for the purposes of this Agreement
s. Exelsys will be addressing GDPR Requirements as described in Appendix A of this agreement.
t. For more information on how we may collect and use Personal Data please review the Exelsys Online Service’s privacy statement: https://www.exelsyslive.com/Docs/PrivacyPolicy-en.htm
16. Exelsys Use of Customer Data
We
will not monitor Your use of the Online Service, nor will we track, view,
censor, edit, remove or disclose Your Customer Data that are processed or
accessed by the Online Service except to:
·
Provide supporting services to You upon Your
written request
·
Satisfy legal requirements, comply with law
or respond to lawful requests or legal process;
17. Intellectual
Property rights
Exelsys
alone (and its licensors, where applicable) shall own all rights, titles and
interest, including all related Intellectual Property Rights, in and to the
Exelsys Service and any suggestions, ideas, enhancement requests, feedback,
recommendations or other information provided by the Customer or any other
party relating to the Service. This Agreement is not a sale and does not convey
to the Customer any rights of ownership whatsoever in or related to the
Service, the Exelsys Technology or to any Intellectual Property Rights
owned by Exelsys. The Exelsys name, the Exelsys logo, and the product names
associated with the Service are trademarks of Exelsys or third parties, and no
right or license is granted to use them.
18. Disclaimer
of Warranties
EXCEPT
AS EXPRESSLY PROVIDED HEREIN, NEITHER PARTY MAKES ANY WARRANTY OF ANY KIND,
WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND EACH PARTY SPECIFICALLY
DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, TO THE
MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. CONTENT AND BETA SERVICES ARE
PROVIDED “AS IS,” EXCLUSIVE OF ANY WARRANTY WHATSOEVER. EACH PARTY DISCLAIMS
ALL LIABILITY AND INDEMNIFICATION OBLIGATIONS FOR ANY HARM OR DAMAGES CAUSED BY
ANY THIRD-PARTY HOSTING PROVIDERS.
19.
Internet Delays
EXELSYS SERVICES
MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT
IN THE USE OF THE INTERNET
AND ELECTRONIC COMMUNICATIONS. EXELSYS IS NOT RESPONSIBLE FOR ANY DELAYS,
DELIVERY FAILURES, OR OTHER DAMAGE RESULTING FROM SUCH PROBLEMS.
20. Limitation of Liabilities
IN NO
EVENT SHALL EITHER PARTY'S AGGREGATE LIABILITY EXCEED THE AMOUNTS ACTUALLY PAID
BY AND/OR DUE FROM YOU IN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING
THE EVENT GIVING RISE TO SUCH CLAIM. IN NO EVENT SHALL EITHER PARTY AND/OR ITS
LICENSORS BE LIABLE TO ANYONE FOR ANY INDIRECT, PUNITIVE, SPECIAL, EXEMPLARY,
INCIDENTAL ARISING OUT OF, OR IN ANY WAY CONNECTED WITH THIS SERVICE, INCLUDING
BUT NOT LIMITED TO THE USE OR INABILITY TO USE THE SERVICE, OR FOR ANY CONTENT OBTAINED
FROM OR THROUGH THE SERVICE, ANY INTERRUPTION, INACCURACY, ERROR OR OMISSION,
REGARDLESS OF CAUSE IN THE CONTENT, EVEN IF THE PARTY FROM WHICH DAMAGES ARE
BEING SOUGHT OR SUCH PARTY'S LICENSORS HAVE BEEN PREVIOUSLY ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
21. Representations & Warranties
Each
party represents and warrants that it has the legal power and authority to
enter into this Agreement. Exelsys represents and warrants that it will provide
the Service in a manner consistent with general industry standards reasonably
applicable to the provision thereof and that the Service will perform
substantially in accordance with the online Exelsys help documentation under
normal use and circumstances. The Customer represents and warrants that it has
not provided any false information to gain access to the Service and that the
Customer’s billing information is correct.
22.
Indemnification
a.
The
Customer shall indemnify Exelsys in respect of any loss or damage whatsoever
(including costs and any necessary payments made in order to settle or
compromise any claim) which it or they may suffer or incur from any breach of
these Terms and Conditions in relation to the Services by the Customer or by
the Customer’s employees, agents or by any other party acting through or with
the Customer to the limit of the cost of the purchased Services.
b.
Exelsys
shall indemnify the Customer in respect of any loss or damage whatsoever
(including costs and any necessary payments made in order to settle or
compromise any claim) which it or they may suffer or incur from any breach of
these Terms and Conditions in relation to the Services by Exelsys or by its
employees, agents or by any other party acting through or with Exelsys to the
limit of the cost of the purchased Services.
23. Confidentiality
a)
Exelsys and the Customer shall keep
confidential all information relating to the other party its operations systems
processes any of its customers, associates, agents, employees or other
howsoever connected parties, obtained under or in connection with the Agreement
or as a result thereof or as a result of the presence of Exelsys or its
subcontractor(s) at the premises of the Customer and shall not divulge same to
any third party without the written consent of the other party.
The
provisions of this clause shall not apply to:
I.
Any information in the public
domain otherwise than by breach of the Agreement.
II.
Information
obtained from a third party who is free to divulge same.
b)
Exelsys shall disclose confidential
information only to those employees who are directly involved in the Agreement
or use of the Software and shall ensure that such employees
are aware of and comply with these
obligations as to confidentiality.
c)
Exelsys shall ensure that its Sub-contractors
and any other persons, the services of whom have been obtained by Exelsys in the course of providing the Service, are bound by the
requirements of this Clause, and shall be directly responsible towards the Customer for any breach
or negligence by such Sub-contractors.
d)
Exelsys affirms that:
a.
Its employees, agents
and/or representatives shall
execute their duties
in accordance with the highest
industry standards and will comply with all provisions and requirements of this Agreement.
b.
It is understood and agreed by both parties
that confidentiality, good faith and trustworthiness extends to any trademarks and/or
trade secrets and/or
other intellectual property
and/or skills that the Customer
owns and/or
e)
retains and Exelsys undertakes that, its
employees, agents, representatives and subcontractors shall treat these as
confidential and not disclose and/or make use of same in any way for their
purpose and/or to their benefit and/or to any third person, legal or natural.
f)
The provisions of this Clause
shall continue in force without
time limit notwithstanding the termination of the Agreement.
24. Security of Customer Data.
Exelsys taking into account the state of the art, the
costs of implementation and the nature, scope, context and purposes of
Processing as well as the risk of varying likelihood and severity for the
rights and freedoms of natural persons, will implement reasonable and
appropriate technical and organizational measures, such as encrypting data in
transit and at rest, applicable to the Online Service to help secure Your Customer
Data processed or accessed by the Online Service against accidental or unlawful
destruction, loss, alteration, unauthorized access or disclosure. You agree that these measures are:
a.
our only responsibility with respect to the
security and handling of Customer Data; and
b.
in place of any confidentiality obligation
contained in the Agreement or any other non-disclosure or confidentiality
agreement.
Exelsys
is hosted on Microsoft Windows Azure PaaS (Platform as a Service). Microsoft
conducts ongoing security testing of the Azure platform. Microsoft maintains
security certifications for Azure, including ISO 27001, SOC 1 & 2 Type 2,
FedRAMP, and PCI Level 1 and ISO 22301:2012 (Business Continuity Management
System).
25. Data Backup
Exelsys
backs up the encrypted data daily, going back 30 days using the Azure
Point-in-time restore mechanism. In addition, Exelsys uses Active
Geo-replication. Using Active Geo-Replication, a separate readable secondary
database in a separate region to that of the primary data center
is used and can be switched over in the case a disaster happens in the primary
data center.
26. Scope of Use.
You
may not:
i.
use the Online Service in a way that is
prohibited by any law, regulation or governmental order or decree in any
relevant jurisdiction, or that violates others’ legal rights;
ii.
use the Online Service in a way that could
harm it or impair anyone else’s use of it;
iii.
use the Online Service to try to gain
unauthorized access to any service, data, account or network by any means;
iv.
falsify any protocol or email header
information (e.g., “spoofing”);
v.
use the Online Service to send “spam” (i.e.,
unsolicited bulk or commercial messages) or otherwise make available any
offering designed to violate these terms (e.g., denial of service attacks,
etc.); or
vi.
remove, modify, or tamper with any regulatory
or legal notice or link that is incorporated into the Online Service.
27. Personal Data Breaches. In
the case that Exelsys becomes aware that a Personal Data Breach has occurred,
it undertakes to notify the Personal Data Breach to the Customer, without undue
delay and, where feasible, not later than 72 hours after having become aware of
it. Where such notification cannot be achieved within 72 hours, the reasons for
the delay will accompany the notification and information may be provided in
phases without undue further delay.
The
Notice shall include:
a)
a description of the nature of the
Personal Data Breach including, where possible, the categories and approximate
number of Data Subjects concerned and the categories and approximate number of
Personal Data records concerned,
b)
the name
and contact details of the Servicer’s point of contact,
c)
a description of the possible consequences of the
Personal Data Breach identified.
28. Regulatory. We
may modify or terminate the Online Service in any country where there is any
current or future government requirement or obligation that subjects Exelsys to
any regulation or requirement not generally applicable to businesses operating
there, presents a hardship for Exelsys to continue operating the Online Service
without modification, and/or causes Exelsys to believe these terms or the Online
Service may be in conflict with any such requirement or obligation.
29. Electronic Notices. We may provide You with information about the Online Service
in electronic form. It may be via email to the address You provide
when You sign up for the Online Service, or through a web site that we
identify. Notice via email is given
as of the transmission date. As long as You
use the Online Service, You have the
software and hardware needed to receive these notices. Please note that
these Electronic Notices are not for marketing purposes and therefore, if You
have an account with us, You will continue to receive
these communications.
30. Technical Support Services
Should
You determine that the Online Service includes a defect, You
shall notify us by contacting us and submit a Support Ticket through the
Exelsys on-line service Support Tickets function. If this is not available,
then You can send a message to the following email:
E-mail:
SupportTickets@exelsys.net, or in urgent cases call us on +357 22375034, +44
20 3514 7594 or through Microsoft Teams.
We
shall accept web form-based incident submittal by You 24 hours a day, seven
days a week, subject to Priority 1 and Priority 2 events as set out in the table
below. We shall use reasonable endeavours to process support requests, issue
trouble ticket tracking numbers, if necessary, determine the source of the
problem and respond to You. We shall use reasonable endeavours to respond to
all support requests from You within the time periods specified below,
according to priority. We shall determine the priority of any fault in
accordance with the following table.
If no
progress has been made on a Priority 1 or Priority 2 incident, as per the table
below, within the target resolution time, the incident shall be escalated and
reported to the top management.
31. Service Availability
|
Priority |
Description |
Response
time |
Target
resolution time |
|
1. |
The entire Service is
completely inaccessible. Priority 1 incidents shall be reported by telephone
only. |
Within two Normal Business
Hours. |
Four Normal Business Hours.
Continuous effort during Normal Business Hours after initial response and
with Your co-operation. |
|
2. |
Operation of the Services is
severely degraded, or major components of the Service are not operational and work cannot reasonably continue. Priority
2 incidents shall be reported by telephone only. |
Within four Normal Business
Hours. |
Within two Business Days
after initial response. |
|
3. |
Certain non-essential
features of the Service are impaired while most major components of the Service
remain functional. |
Within 4 Normal Business
Days. |
Within ten Business Days
after initial response. |
|
4. |
Errors that are,
non-disabling or cosmetic and clearly have little or no impact on the normal
operation of the Services. |
Within 10 Normal Business
Days. |
When reasonably possible |
We
shall provide at least a 99.5% uptime Service availability level
A
Service will be considered as unavailable only:
a.
during periods of Priority 1 or Priority 2 faults
described in the table above; and
b.
during periods of Unplanned Maintenance (periods
when the system is unavailable without prior notification to the Customer)
A
Service will not be considered unavailable if the Down Time is due:
a.
to interruption of Internet connectivity
between Your site and the hosting facility and
b.
to Planned Maintenance Events or Emergency
Maintenance unless, in respect of the latter, the emergency
situation has been created by us or as a result of
our actions.
In
the remote event of a prolonged downtime of more than 1-day Exelsys shall
provide access to the service through a disaster recovery backup site.
32. Force Majeure: Exelsys will not be liable for or be considered to be in breach of or default under this
Agreement on account of, any delay or failure to perform as required by
Agreement as a result of any cause or condition beyond
Exelsys’ reasonable control.
33. Severability: Should
any provision of this Agreement be invalid or unenforceable, then the remainder
of this Agreement shall remain valid and in full force. The invalid or
unenforceable provision shall be amended as necessary to ensure its validity
and enforceability, while preserving the parties’ intentions as closely as
possible. If this is not possible, it will be construed in a manner as if the
invalid or unenforceable part had never been contained therein.
34. Governing
Law:
Where Customer, is a company or organization
registered in a country of the European Union, this Agreement will be governed
by the laws of the Republic of Cyprus and the Courts of the Republic of Cyprus
will have exclusive jurisdiction for any dispute arising out of or relating to
this Agreement.
For
all other Customers, then this Agreement
will be governed by the laws of England and Wales whose Courts will have
exclusive jurisdiction for any dispute arising out of or relating to this
Agreement.
Appendix A
Exelsys and GDPR - How is Exelsys addressing GDPR
Requirements
Exelsys is committed to maintain a high level of security, to meet all GDPR expectations which apply to Data Processors. By using the Exelsys HCM online service, we can be assured that Exelsys has the technical infrastructure in place which goes above and beyond regulation requirements.
Data Controllers in addition to other requirements, are required to only use Data Processors that provide adequate guarantees to implement appropriate technical and organisational measures so that data processing will meet the requirements of the GDPR.
Below we provide a summary of how Exelsys addresses the various GDPR requirements.
The right of access to personal data – Exelsys provides self-service access and each data subject is aware of the data maintained by the Data Controller.
The right to correct inaccurate personal data – Exelsys provides the mechanism for data subjects to correct inaccurate data or to request from their company acting as the data controller to do so.
The right to be forgotten – Exelsys provides the functionality to the data Controller to erase the data of data subjects completely or to anonymise it, which means that the data remains for statistical purposes but any personal identification which can link the data to a person is erased.
Data Portability – Exelsys allows the Data Controller if requested by a data subject to export the data subject’s data to an XML file. This may be required for moving personal data from one employer to another. Data administrators have at their disposal a variety of tools for exporting data.
The Exelsys Privacy Statement as well as the Terms of Service are readily available from within the platform and can be viewed by any individual who has a right to access the Exelsys Online Service. The Exelsys Policies have been updated to be GDPR compliant.
Exelsys employees are required to sign a confidentiality agreement and commit to abide by the Exelsys Information Security Policy as well as to attend relevant trainings. The Exelsys Information Security Policy outlines expected behaviour with respect to the protection of information.
The Exelsys Terms of Service have evolved to provide notifying the Data Controller within 72 hours of any data breaches.
According to the GDPR, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
Exelsys operates global infrastructure designed to provide state-of-the-art security through the entire information processing lifecycle. This infrastructure is built to provide secure deployment of services, secure storage of data with end-user privacy safeguards, secure communications between services, secure and private communication, and safe operation by administrators.
Exelsys is committed to maintain a high level of security, to meet all GDPR expectations which apply to Data Processors. Exelsys is utilises the Microsoft Azure platform and uses the Azure PaaS model. It therefore takes full advantage of the security features available in Windows Azure Cloud Services. Microsoft has achieved security compliance audit certifications for Windows Azure services from various compliance regulators (ISO 27001, SSAE 16, ISAE 3402, ISO 22301:2012, EU Model Clauses and HIPAA BAA). Exelsys customers can be confident that their data is safely guarded during transmission, storage and processing in the cloud.
In addition to the above features and functionality, Azure SQL Database also participates in regular audits and has been certified against a number of compliance standards. For more information, see the Microsoft Azure Trust Center, where You can find the most current list of SQL Database compliance certifications.
Exelsys uses encryption to protect data in transit and at rest. Data in transit to Exelsys is protected using HTTPS, which is activated by default for all users. Exelsys HCM encrypts content stored at rest, without any action required from customers, using one or more encryption mechanisms.
Exelsys HCM is a multi-tier application where information travels through different layers. With N-Tier architecture, where “n” is any number of distinct tiers that an application is broken into. By deconstructing the main building blocks into tiers, each tier can be separated, distributing the processing load and increasing the security and scalability of the application.
Windows Azure runs in geographically-dispersed data centres managed and operated by Microsoft, delivering a 99.95% service-level agreement for high availability. Microsoft operations staff have years of experience in delivering the world's largest online services with 24/7 continuity.
Users access the Exelsys application by providing a user code and password. Password complexity and other password attributes are controlled by the security profile associated with the user account. Each company administrator can create a number of security profiles and associate them with user accounts.
Passwords are doubly encrypted, firstly by the application using hash algorithms and then by the SSL/TLS transmission protocol.
Exelsys backs up the encrypted data daily, going back 30 days using the Azure Point-in-time restore mechanism.
In addition, Exelsys uses Active Geo-replication. Using Active Geo-Replication, a separate readable secondary database in a separate region to that of the primary data centre is used and can be switched over in the case a disaster happens in the primary data centre.
Our customers and regulators expect independent verification of security, privacy, and compliance controls. Exelsys does regular vulnerability and penetration tests at least once a year, conducted by companies who are Qualified Security Assessors (QSA).
Exelsys uses Microsoft as a sub-processor as described above to provide the data centre infrastructure and database services. No other sub-processors are being used.
Data Controller Administrators can export customer data, via the functionality of Exelsys HCM, at any time during the term of the agreement. We have included data export commitments in our data processing terms for several years, and we will continue offering those after the GDPR comes into force, and working to enhance the robustness of the data export capabilities.
Data Controller Administrators can also delete customer data, via the functionality of Exelsys HCM Online Service, at any time. When Exelsys receives a complete deletion instruction from a customer who terminates the service, Exelsys will delete the relevant customer data from all its systems within a maximum period of 45 days.
Data Controller Administrators have at their disposal several functions allowing them to delete data that is no longer necessary to the company, such as old job applicants.
Exelsys is designed to provide for 99.95% availability with very fast transaction times. The main and back up Data Centres used by Exelsys are located within the European Union.
In addition to the main data centre, the data as part of the disaster recovery plan policy is also stored in another Microsoft Azure Data Centre within the European Union, located in the Republic of Ireland. In the case of a technical or physical incident that may prevent access to the data in the main data centre, access can be restored using the backup site in a timely manner.
Exelsys maintains detailed audit logs of any data changes recording the user, the data changed and the date and time that the change occurred.
In addition, Exelsys keeps a detailed log of all the data processing operations, showing the function used to access or process data, the user who executed it and the date and time it occurred.
Exelsys HCM processes data according to the instructions of Data Controller Administrators. Data Controller Administrators execute functions of the system to process data. For any other processing required by the customer (Data Controller) that cannot be done by the Data Controller Administrators using the Exelsys HCM Platform functionality, customers are required to submit clear instructions to Exelsys in writing.