Acceptable Use

This Acceptable Use Policy covers the use and operation of Diffusion Cloud and is governed by the Diffusion Cloud Service Terms and Conditions.

Push Technology retains all rights to determine, at its sole discretion, whether any Customer or member of the Customer’s Group, is in violation of this Acceptable Use Policy and whether the resultant circumstances necessitate remedial action.

Contained within the following list are examples of behavior and actions considered to be in breach of this Acceptable Use Policy. This list is non-exhaustive and provided purely in an illustrative capacity, in no particular order. Examples of behavior deemed unacceptable in conjunction with Diffusion Cloud are:

  1. Any usage of Diffusion Cloud that results in an adverse impact to Push Technology’s ability to provide an available, reliable or stable system.
  2. Conducting a Denial of Service attack against Diffusion Cloud, or using Diffusion Cloud to facilitate a Denial of Service attack against any third-party service.
  3. Any attempt to circumvent or break Push Technology’s security systems, or otherwise act in a manner that poses a security risk for Push Technology, any Diffusion Cloud Customer, or any other unaffiliated parties who may directly or indirectly be using Diffusion Cloud.
  4. Testing, benchmarking, penetration testing or reverse engineering of Diffusion Cloud in order to find vulnerabilities (unless prior written consent has been obtained from Push Technology).
  5. Using Diffusion Cloud in any manner that may subject Push Technology or any third party to liability, damages or danger.
  6. Engaging or promoting any type of fraudulent or illegal activity, either through use of Diffusion Cloud or by association thereof.
  7. Engaging in activities or transmitting through Diffusion Cloud any information that may be libelous or defamatory or otherwise malicious or harmful to any person or entity, or discriminatory based on race, sex, religion, nationality, disability, sexual orientation, or age.
  8. Transmitting any material that contains viruses, trojan horses, worms or any other malicious, harmful, or deleterious programs.

Push Technology reserves the right to change this Acceptable Use Policy from time to time.



Diffusion Cloud Service

Terms and Conditions

These terms and conditions govern your use of Diffusion Cloud as a cloud service and are made between Push Technology Limited, a company registered in England and Wales with registered office address at Wework 4th Floor, 2 Aldgate Tower, Leman Street, London, United Kingdom, E1 8FA (company number 06034919) (“PUSH”) and you, the company accessing and/or using the Diffusion Cloud cloud services (“Customer” or “You”). If you do not agree to the terms set out here please do not sign up for the Diffusion Cloud cloud services. If you are contracting as a Consumer please contact PUSH separately prior to registering for Diffusion Cloud. By registering for Diffusion Cloud you warrant that you are not contracting with PUSH in your capacity as a Consumer.

1. Definitions

1.1 In this Agreement, the following terms shall have the following meanings:

- ‘Agreement’ means these terms and conditions and the schedules and any documentation expressly incorporated herein by reference and shall include any amendments or supplementary agreements specifically referenced hereto and effected as provided in clause 15.1.
- ‘Confidential Information’ means all confidential information (however recorded, preserved or disclosed) supplied to one party (“Receiving Party”) by or on behalf of the other party (“Disclosing Party”) whether before or after the date of the Agreement in relation to the Agreement, including all commercial information whatsoever (including accounts, financial information, operating statistics, production and marketing records, forecasts, analyses, compilations and studies, notes, contacts and personnel data, information or opinions as to the affairs of the Disclosing Party, all technical and scientific information whatsoever (including specifications, prototypes, models, drawings, computer software (unless permitted by Additional Rights), visual demonstrations, and samples, designs, plans, processes, formulae, know-how, production, marketing and other scientific and technical techniques used by or known to the Disclosing Party)) whether or not proprietary or protected, or capable of protection, by Intellectual Property Rights and all other information to the extent such commercial, technical, scientific or other information relates to all or part of the actual, past or proposed business affairs and activities of the Disclosing Party and all copies thereof. For the avoidance of doubt, Diffusion Cloud and any derivative works, material, idea, data or other information as well as research, developments, trade secrets, financial, technical, commercial or business affairs relating thereto shall be the Confidential Information of PUSH and the Customer’s use and disclosure of the same shall be subject to the terms of the Agreement.
- “Consumer” has the definition given to it in the Consumer Rights Act 2015.
‘‘Customer’s Group’’ means the Customer’s subsidiaries, holding company and other subsidiaries of its holding company.
- “Data Processing Supplement” means the document setting out the parties’ obligations in relation to the processing of personal data, as appended to this Agreement as a supplement and incorporated by reference.
- ‘Defect’ means any reproducible material defect, error or problem with Diffusion Cloud which substantially hinders or prevents the Customer from accessing or using a material part of the functionality of Diffusion Cloud.
- ‘Holding company’ and ‘Subsidiary’ mean a “Holding Company” and “Subsidiary” as defined in section 1159 of the Companies Act 2006.
- ‘Intellectual Property Rights’ means all patents, trade marks and service marks, business and domain names, design rights, copyrights, trade secrets, know how, database rights, inventions and all other rights in the nature of intellectual property rights (whether registered or unregistered) and all applications for the same, subsisting in any part of the world.
- “Message” means each message which is sent through Diffusion Cloud and each message which is received through Diffusion Cloud.
- “Overage” means the additional sum payable by the Customer to PUSH in the event that the Customer’s use of Diffusion Cloud exceeds their Permitted Use Allowance. The Overage rates are as set out on the Website, as amended from time to time in accordance with this Agreement, and shall depend upon the subscription chosen by the Customer.
- “Payment Provider” means Stripe, PayPal, the IBM marketplace, IBM Bluemix or such other payment provider as PUSH may nominate from time to time on reasonable notice to the Customer.
- “Permitted Use Allowance” means the number of Messages that may be used by the Customer in each month of th Subscription Period in accordance with the subscription selected by the Customer.
- ‘Diffusion Cloud’ means: (a) the SaaS-delivered version of PUSH’s Diffusion software (or such other product name or software file name that may be applied to such product) and is provided on a software-as-a-service basis and accessed via the Website and/or API URLs specified by PUSH from time to time, (b) all or any part(s) of any products of the same type and specification; (c) any other products and related documentation developed by PUSH and which PUSH may permit the Customer, by express notice in writing, to use pursuant to this Agreement; (d) any upgrade, update or fix provided by PUSH ; (e) any Third Party Software; and (f) the associated documentation relating to each of them.
- “Subscription Fee” means the sum payable by the Customer to PUSH for the Customer’s subscription for the Diffusion Cloud service, as may be amended from time to time in accordance with the terms of the Agreement.
- “Subscription Period” means the period for which the Customer has subscribed for the Diffusion Cloud service together with any subscription renewal.
- “Support Fee” means the sum payable by the Customer to PUSH in consideration of Support and Maintenance Services, as may be amended from time to time in accordance with the terms of this Agreement.
- “Support and Maintenance Agreement” means the agreement between PUSH and Customer relating to Support and Maintenance Services, the terms of which are incorporated into this Agreement by reference.
- “Support and Maintenance Services” means the support and maintenance services to be provided by PUSH to the Customer in connection with Diffusion Cloud, as more particularly described in the Support and Maintenance Agreement and in clause 4.
- ‘Third Party Cloud Provider’ means any entity hosting cloud services through which the Customer interacts to download Diffusion Cloud.
- ‘Third Party Software’ means all software products owned by a third party or other computer code which embedded within or otherwise provided by PUSH with Diffusion Cloud and which is available under standard proprietary licence terms or public licences such as free and open source software licences. Any Third Party Software provided pursuant to the Agreement is detailed in Schedule 1 (as may be amended from time to time by PUSH).
- ‘Trade Marks’ means any trade mark registrations and applications, including the trade names and unregistered marks “Push” and “Diffusion” and the phrase “Powered by Diffusion” owned by PUSH from time to time.
- “Website” means the website at,, and/ or such other URL as nominated by PUSH from time to time.

1.2 References to the words “include” or “including” shall be construed as being without limitation to the generality of the preceding words. Words imparting the singular include the plural and vice versa.

1.3 Unless the context otherwise requires, all references to a particular Clause, Schedule or Supplement are references to the corresponding Clause, Schedule or Supplement in or to the Agreement.

1.4 The headings in the Agreement are for ease of reference only and shall not affect its interpretation.

1.5 Any references, express or implied, to an enactment includes references to:
1.5.1 that enactment as amended, extended or applied by or under any other enactment before or after the Agreement;
1.5.2 any enactment which that enactment re-enacts (with or without modification); and
1.5.3 any subordinate legislation made (before or after the Agreement) under any enactment, including one within clause 1.5.1 or clause 1.5.2 above, but does not include any enactment after the date of the Agreement to the extent that it is retrospective.

1.6 Unless the context otherwise requires references to PUSH and the Customer include their permitted successors and assigns.

2. Commencement and Duration

2.1 This Agreement commences when the Customer first registers for Diffusion Cloud and selects the “Accept” button on the registration page and continues for the Subscription Period, unless terminated earlier in accordance with clause 14, and thereafter shall automatically continue for further successive periods equal to the Subscription Period unless Customer cancels its subscription prior to the end of its current Subscription Period by deleting its account.

3. Access and Use Rights

3.1 PUSH grants to the Customer, and the Customer accepts, a non-exclusive, non-transferable limited right for the Subscription Period to access and use PUSH’s instance of Diffusion Cloud for, (a) its own internal business purposes or (b) an evaluation of Diffusion Cloud, in accordance with the terms and conditions of the Agreement up to the Permitted Use Allowance selected by the Customer for its subscription.

3.2 The Customer may extend the benefit of the Agreement to the members of the Customer’s Group subject to:

3.2.1 giving notice to PUSH of the identity and address of the member of the Customer’s Group to which the Agreement has been extended (“Additional Customer”);
3.2.2 the Customer remaining liable to PUSH for the acts and omissions of any member of the Additional Customer and indemnifying PUSH in full in respect of any losses, damages or expenses incurred by PUSH as a result of the negligent or unauthorized use of Diffusion Cloud by or on behalf of any Additional Customer its employees, agents and contractors; and
3.2.3 if required by PUSH, the Additional Customer agreeing in writing to be bound by the terms of the Agreement.

3.3 Where Diffusion Cloud incorporates Third Party Software, the Customer acknowledges that the Third Party Software is licensed on the terms set out or referred to in Schedule 1. Customer agrees to comply with the terms and conditions (including if so required the execution and return of a Third Party Software licence) applicable to the Third Party Software and will indemnify PUSH in full against any proceedings instigated by a Third Party Software owner against PUSH as a result of any breach by or on behalf of the Customer or any member of the Customer’s Group of such terms and conditions.

3.4 The Customer may not use Diffusion Cloud other than as specified in this Agreement without the prior written consent of a director of PUSH and the Customer acknowledges that additional fees may be payable on any change of use approved by PUSH.

3.5 This Agreement grants the Customer rights to access and use Diffusion Cloud on a cloud basis and, except for limited client-side code, this is not a software licence. Accordingly the Customer does not have any rights under the Software Directive (2009/24/EC) or Copyright Designs and Patents Act 1988 and shall not reverse engineer, copy, modify, adapt, disassemble or decompile Diffusion Cloud in whole or in part for any purpose.

3.6 The Customer may not modify, enhance or alter the client-side code in Diffusion Cloud or any part of it without the prior written permission of PUSH nor authorize third parties to do likewise. In the event that PUSH should give such permission, the Customer shall require any third party it so authorizes to be bound by the provisions of this clause 2 and clauses 6 (Title and Copyright) and 10 (Confidentiality). The Customer shall in any event remain liable for any act or omission of such third party.

3.7 The Customer may not perform (or procure a third party to perform) any penetration testing on Diffusion Cloud.

3.8 The Customer may not access Diffusion Cloud (a) other than through its published interface and (b) programmatically, including through scrapers or spiders, but otherwise than as permitted by (a), must access Diffusion Cloud only by means of human interaction.

3.9 The Customer may not use Diffusion Cloud or the Website (or any part of it, including the forums) (a) in any unlawful or illegal manner, for any unlawful or illegal purpose or in any manner which is inconsistent with this Agreement; (b) to infringe PUSH or any third party’s intellectual property rights; (c) to transmit any material that is defamatory, offensive or otherwise objectionable; (d) in any way that could damage, disable or overburden or impair or compromise PUSH or any third party’s systems or security or interfere with other users and (e) to access or attempt to access or use any other user’s account.

3.10 The Customer is responsible for maintaining the confidentiality of its password, login and other registration data or access tokens. The Customer shall notify PUSH immediately of any unauthorized use of its account, password, login or any other breach of security. The Customer may be held liable and indemnify PUSH and hold PUSH harmless for losses incurred by PUSH or any other user of Diffusion Cloud due to breach of this clause or someone else using the Customer’s password or login, including but not limited to any third party costs (e.g. hosting costs).

3.11 The Customer confirms it is acting on its own behalf and not for the benefit of any other person other than the Additional Customer.

3.12 Customers of Diffusion Cloud are expected to make all reasonable efforts to comply with the Acceptable Use Policy. If a Customer becomes aware of a violation of the Acceptable Use Policy, they are required to notify Push Technology in a timely manner. Push Technology reserves the right to limit, suspend, or terminate services to any Customer found in violation of the Acceptable Use Policy, in accordance with clause 14

4. Support and Maintenance

4.1 Support and Maintenance Services are available for paid subscriptions in accordance with the Support and Maintenance Agreement applicable to that level of subscription.

4.2 Where the Customer is using a free or trial version of Diffusion Cloud, Diffusion Cloud is provided “as is” and “as available” only with no service levels or uptime guarantees. However, (a) Customers using free or trial versions can ask support questions on the forums accessible via the Website and these may be responded to by PUSH and other third party members of the community. PUSH is not liable or responsible for the responses given by any third party and does not guarantee that it will respond to questions posted on forums; (b) PUSH aims to provide a default level 99.9% uptime for Diffusion Cloud save where it is performing planned or emergency maintenance in which case Diffusion Cloud may be unavailable but provides no guarantee in this regard; (c) PUSH may provide updates and upgrades from time to time. Customers taking free or trial versions of Diffusion Cloud can upgrade their subscription at any time in the “My Account” section subject to the payment of the applicable fee.

4.3 In providing Support and Maintenance Services, we may process personal data. The processing of such personal data is covered by the Data Processing Supplement.

5. Fees and Payment Terms

5.1 The Subscription Fees, Data, and Support Fees chargeable to the Customer are as set out on the Website at the time the Customer registers for Diffusion Cloud and as confirmed in the email confirmation sent by PUSH and/or as specified on an addendum signed by PUSH and Customer. PUSH reserves the right to amend the Subscription and Support Fees at its discretion at any time provided that it gives the Customer not less than 30 days’ prior notice by email of such changes. If the Customer does not agree to the amended fees it may terminate this Agreement in accordance with clause 14.2.

5.2 Payment of Subscription Fees and Support Fees will be due monthly in advance for the subscription and Support Services, if any. Where the Customer incurs data fees, they shall be charged in arrears at the end of the month in which they were incurred. The Customer shall make payment via the Payment Provider on or before the due date.

5.3 Where the data allowance provided with the Free edition is exceeded in any month, the service is suspended until the 1st day of the next calendar month.

5.4 In the event that the Customer does not pay all fees when due (a) PUSH reserves the right to charge interest at 4% per annum above the prevailing base rate on any unpaid amount from the due date until payment is received in full, whether before or after judgement and (b) PUSH may suspend the Customer’s access to Diffusion Cloud until such time as payment (including any accrued interest) is made.

5.5 Where applicable, VAT (or such other applicable local taxes) will be charged in addition to the Subscription Fee and any Overage and Support Fees where required by law and at the prevailing rate. The Customer hereby warrants and agrees that all information provided by it to PUSH at the time of its registration is accurate and complete and that the Customer shall immediately notify PUSH of any changes to such information. The Customer shall indemnify PUSH against any claims, losses, costs, damages, penalties and liabilities suffered or incurred by PUSH as a result of a breach of the foregoing warranty by the Customer, including a requirement to pay tax.

5.6 The Customer agrees that the payment of any Subscription Fee, Data, and Support Fee is irrevocable, non-cancellable and non-refundable and the Customer shall not withhold payment of the Fees for any reason, save as expressly set out in an applicable Support and Maintenance Agreement.

5.7 In the event that the Customer has any dispute or issues making payment via the Payment Provider (or such other payment provider as nominated by PUSH from time to time) the Customer shall contact PUSH prior to raising a dispute with the payment provider and shall cooperate with PUSH in relation to any dispute resolution procedure.

6. Title and Copyright

6.1 No title or rights of ownership in any Intellectual Property Rights or otherwise in Diffusion Cloud (including for the avoidance of doubt any upgrades provided pursuant to any Support and Maintenance Agreement) are or will be transferred to the Customer and the Customer shall have no rights in or to Diffusion Cloud other than the right to access and use it in accordance with the terms of the Agreement and, in the case of Third Party Software, the specific licence applicable to the relevant component of the Third Party Component (which licence shall, in the case of conflict with this Agreement, supersede the terms of this Agreement in respect of that Third Party Component).

6.2 The Customer understands that Diffusion Cloud contains proprietary and confidential information of PUSH and agrees that, except with PUSH’s prior written consent, it will not provide or otherwise disclose or make Diffusion Cloud available for any reason to any other person, firm, company or organisation.

6.3 The Customer shall not delete or obscure any proprietary marks, disclaimers or other notices contained in or on Diffusion Cloud and any related documentation (whether printed or stored electronically).

6.4 The Customer will ensure that all of its employees and agents having access to or knowledge of Diffusion Cloud are advised that Diffusion Cloud contains confidential information of PUSH and that all Intellectual Property Rights in it vests in and are the property of PUSH or its licensors, and the Customer will ensure that its employees, agents and contractors comply with all the terms and conditions of the Agreement and this clause 6 in particular.

6.5 The Customer agrees to indemnify PUSH in respect of any losses, damages or expenses incurred by PUSH as a result of the negligent or unauthorised access or use of Diffusion Cloud by or on behalf of the Customer its employees, agents and contractors or any third party engaged by the Customer however caused.

7. Push’s Warranty

7.1 PUSH warrants that:
7.1.1 it has the right to grant the access and use right granted in clause 2 in respect of Diffusion Cloud; and
7.1.2 subject to clause 7.2, for a period of 30 days from the commencement of the first Subscription Period (the “Warranty Period’) Diffusion Cloud will not contain any Defects.

7.2 PUSH shall have no obligations under clause 7.1.2 above where a material non-conformity results from:
7.2.1 any unauthorised modification or alteration of Diffusion Cloud;
7.2.2 use of Diffusion Cloud not in accordance with related documentation;
7.2.3 any failure of or defect in any third party software (not licensed by PUSH to the Customer) used by the Customer; or
7.2.4 any failure of or defect in other software or equipment with which Diffusion Cloud interfaces or with which Diffusion Cloud interacts or any fault or failure with the Customer’s utilities or connectivity.

7.3 Subject to clause 13, PUSH’s sole obligation in respect of any breach of the warranties in clause 7.1 shall be at PUSH’s option to:
7.3.1 use reasonable commercial endeavours to obtain the necessary rights to enable it to grant the rights in clause 2 in the case of a breach of the warranty in clause 7.1.1;
7.3.2 use reasonable endeavours to remedy any Defects in the case of a breach of the warranty in clause 7.1.2; or
7.3.3 in either event, terminate the Agreement immediately by notice in writing to the Customer and refund any pre-paid Subscription Fee and Support Fees.

7.4 The above clause 7.1 constitutes the only warranties and conditions provided by PUSH in respect of Diffusion Cloud. The obligations and liabilities of PUSH in the Agreement are in place of, and the Customer accordingly waives, in so far as it is permitted to do so by law, all implied warranties and conditions including, without limitation, any warranty of merchantability, satisfactory quality or fitness for a particular purpose whether or not any specific purpose has been notified to PUSH.

7.5 The Customer acknowledges that:
7.5.1 Diffusion Cloud has not been produced to meet the Customer’s individual needs or specifications;
7.5.2 Diffusion Cloud cannot and has not been tested in advance in every possible operating combination and environment; and
7.5.3 Diffusion Cloud may not be free from errors and/or may not run properly on all computer hardware and/or operating systems. PUSH does not warrant that the use of Diffusion Cloud will be uninterrupted or error-free.

8. Modifications

PUSH reserves the right to make improvements, substitutions, modifications or enhancements to any part of Diffusion Cloud provided that the functionality and performance of Diffusion Cloud will not as a result be materially affected to the Customer’s detriment. PUSH will issue “Customer Advisories” from time to time via the Website or by email setting out its intended roadmap for Diffusion Cloud but gives no guarantees as to the time for implementation for any changes.

9. Infringement of Intellectual Property Rights

9.1 Subject to clauses 9.2 and 12, PUSH undertakes at its own expense to defend the Customer or, at its option, settle any claim or action brought against the Customer by a third party alleging that the Customer’s access and use of Diffusion Cloud in accordance with the terms of this Agreement infringes the UK Intellectual Property Rights of such third party (“Claim”) and shall be responsible for any reasonable losses, damages, costs (including legal fees) and expenses incurred by or awarded against the Customer as a result of or in connection with any such Claim. For the avoidance of doubt, this clause 9.1 shall not apply where the Claim in question is attributable to access or use of Diffusion Cloud (or any part thereof) by the Customer other than in accordance with the terms of the Agreement.

9.2 If any third party makes a Claim, or notifies an intention to make a Claim against the Customer, PUSH’s obligations under clause 9.1 are conditional on the Customer:
9.2.1 as soon as reasonably practicable, giving written notice of the Claim to PUSH, specifying the nature of the Claim in reasonable detail;
9.2.2 not making any admission of liability, offer of settlement, agreement or compromise in relation to the Claim without the prior written consent of PUSH;
9.2.3 giving PUSH and its professional advisers access at reasonable times (on reasonable prior notice) to its premises and its officers, directors, employees, agents, representatives or advisers, and to any relevant assets, accounts, documents and records within the power or control of the Customer, so as to enable PUSH and its professional advisers to examine them and to take copies (at PUSH’s expense) for the purpose of assessing the Claim; and
9.2.4 taking such action as PUSH may reasonably request to avoid, dispute, compromise or defend the Claim.

9.3 If any Claim is made or in PUSH’s reasonable opinion is likely to be made, against the Customer, PUSH may at its sole option and at its own expense, either:
9.3.1 obtain for the Customer the right to continue to use Diffusion Cloud in accordance with the terms of the Agreement;
9.3.2 replace or modify Diffusion Cloud so that it becomes non-infringing; or
9.3.3 terminate the Agreement immediately by notice in writing to the Customer and refund any of the Subscription Fee paid by the Customer as at the date of termination (discounted on a straight-line basis over five years commencing upon the date of the Agreement at twenty per cent per year or part thereof).

9.4 In no circumstances will PUSH be liable for any costs or expenses incurred by the Customer without PUSH’s written authorisation and the foregoing states the exclusive remedy of the Customer in respect of any patent, design right, trade secret or copyright infringement by Diffusion Cloud.

10. Confidentiality

10.1 The Receiving Party hereby undertakes to the Disclosing Party to keep strictly confidential and not to disclose to any third party any Confidential Information so disclosed to it without the prior written consent of the Disclosing Party and the Receiving Party further undertakes that the Confidential Information so received by it shall be used solely in relation to the performance of the Agreement and that, should written permission be given for disclosure to third parties, such disclosure shall not be made until the Disclosing Party has approved such disclosure and the third party has signed a confidentiality agreement containing at least equivalent provisions of confidentiality as contained herein.

10.2 Notwithstanding clause 10.1 above, the Receiving Party shall have the right to communicate to such of its employees such part of the Confidential Information as is essential to perform its rights and obligations hereunder, provided that it shall procure that each such “need to know” employee having access to the Confidential Information are made aware of the obligations of secrecy attached thereto and shall instruct each such employee that the Confidential Information be treated as secret and kept in safe custody, shall prohibit them from retaining copies of it and shall procure that any of its employees to whom disclosure of the Confidential Information is made in accordance herewith shall adhere to the terms of the Agreement as if it were a party hereto.

10.3 If the Receiving Party becomes aware of any breach of confidence by any of its employees, agents or sub-contractors it shall promptly notify the Disclosing Party thereof and give the Disclosing Party all reasonable assistance in connection with any proceedings which the Disclosing Party may institute.

10.4 Notwithstanding clause 10.1, nothing in the Agreement shall be construed to prevent or restrict PUSH from disclosing or using in the course of its business any technical knowledge, skill, know-how, concepts or expertise of a generic nature whether acquired by PUSH in the performance of the Agreement or otherwise.

10.5 The restrictions and obligations of non-disclosure and non-use contained herein shall not apply to any information which it can be clearly demonstrated by existing competent written records maintained in the ordinary course of business:
10.5.1 is in the public domain at the time of disclosure by the Disclosing Party or which later enters the public domain through no fault of the Receiving Party; or
10.5.2 enters the public domain at any time hereafter through no fault of the Receiving Party; or
10.5.3 is acquired by the Receiving Party in good faith from third party sources unconnected with and owing no duty of confidentiality to the Disclosing Party.

10.6 The Receiving Party shall not be in breach of its obligations of confidentiality where it is required to disclose Confidential Information by law, any court of competent jurisdiction or by any other regulatory body provided that the Receiving Party undertakes to give the Disclosing Party not less than 10 working days’ notice of such required disclosure in writing wherever lawful and practicable.

10.7 The Receiving Party shall indemnify the Disclosing Party in full against any loss or damage and reasonable costs which the Disclosing Party may sustain or incur as a result of the Receiving Party failing to comply with the obligations of confidentiality under this clause10.

10.8 The obligations of confidentiality set out herein shall survive termination of the Agreement.

11. Personal Data

The parties shall each comply with the Data Processing Supplement.

12. Risk of Loss or Damage

All risks of loss or damage to any information resides with the Customer and the Customer is responsible and liable for backing up any information as appropriate. PUSH shall not be responsible for recovering any lost or corrupted information save as expressly set out in an applicable Support and Maintenance Agreement.

13. Limits of Liability and Customer Indemnity

13.1 Subject to clause 13.3, PUSH’s maximum liability for any loss or damage suffered by the Customer in contract, common law, tort (including negligence) or otherwise howsoever arising in relation to the Agreement or otherwise relating to Diffusion Cloud or the Third Party Software (which may be subject to a greater limitation as set out in the relevant licence) shall not exceed (a) $10, where the Customer is using a free or trial version of Diffusion Cloud; or (b) the Subscription Fee plus any Overage and Support Fee actually received by PUSH from the Customer in the twelve months prior to the event giving rise to the claim in all other instances.

13.2 PUSH shall not be liable in respect of any claim brought by the Customer more than two years after the cause of action has accrued.

13.3 Nothing in this clause 13 or any other provision of the Agreement shall limit the liability of PUSH in relation to death or personal injury caused by PUSH’s negligence or for fraud or for fraudulent misrepresentation or any other liability which may not lawfully be excluded.

13.4 Except as expressly stated in the Agreement, PUSH disclaims all liability to the Customer for misrepresentation, negligence, tort, breach of statutory duty and breach of contract.

13.5 Neither party shall be liable to the other for special, indirect or consequential damages whether arising from tort (including negligence), breach of contract or howsoever, or for loss of profits, loss of use of profit, economic loss, loss of goodwill or anticipated savings, or any losses arising from the loss of data.

13.6 The Customer will indemnify and defend PUSH and its employees in respect of any third party claims which arise from any PUSH performance carried out on the instructions of the Customer or its authorised representative except to the extent that such claims have resulted from PUSH’s wilful misconduct or gross negligence.

13.7 The Customer acknowledges and agrees that the suppliers of Third Party Software expressly disclaim any and all liability for consequential and indirect damages and implied warranties including all warranties of non-infringement, satisfactory quality, merchantability and fitness for a particular purpose, except to the extent that such warranties cannot be lawfully limited or excluded.

14. Termination

14.1 PUSH may terminate the Agreement at any time with immediate effect, without liability, in the event that the Customer is using a free or trial version of Diffusion Cloud.

14.2 The Agreement may be terminated immediately by the Customer ceasing to use Diffusion Cloud and deleting their account via the Website but no pre-paid fees shall be refunded in the event of such termination.

14.3 The Agreement may be terminated by PUSH if:
14.3.1 the Customer commits a breach of any of its material obligations under the Agreement which is incapable of remedy;
14.3.2 the Customer is in material breach of any of its obligations under the Agreement and fails to remedy the breach (if capable of remedy) within a period of 30 (thirty) days after receiving written notice thereof from PUSH. For the avoidance of doubt the failure to pay any sums due under the Agreement shall be considered a material breach;
14.3.3 the Customer is involved in any legal proceedings concerning its solvency or ceases trading or commits an act of bankruptcy or is adjudicated bankrupt or enters into liquidation, whether compulsory or voluntary, other than for the purposes of an amalgamation or reconstruction or makes an arrangement with its creditors or petitions for an administration order or has a receiver or manager appointed over all or any part of its assets or generally becomes unable to pay its debts within the meaning of Section 123 of the Insolvency Act 1986 or equivalent circumstances occur in any other jurisdiction;
14.3.4 there is an event of force majeure pursuant to clause 15.7.

14.4 Any termination of the Agreement will be without prejudice to any other rights or remedies of either party under the Agreement or at law and will not affect any accrued rights or liabilities of either party prior to the date of termination.

14.5 On termination of the Agreement for any reason, the rights of access and use granted pursuant to clause 2 shall terminate and the Customer’s log in details and password and any access tokens will be deactivated by PUSH and the Customer will not be able to access or recover any information previously viewed or stored within Diffusion Cloud.

14.6 On termination of the Agreement for any reason no Subscription Fees, Overage or Support already paid by the Customer shall be refunded (save as expressly stated in the Agreement) and the Customer’s liability for Subscription Fee, Overage and Support Fees which are due on or before the date of termination together with any unpaid interest shall continue.

14.7 Clauses 1, 5, 6, 9, 10, 13, 14 and 15 together with any other provision of the Agreement which expressly or by implication is intended to come into or remain in force on or after termination shall remain in full force and effect notwithstanding the expiry or termination of the Agreement.

15. Ancillary Provisions

15.1 ENTIRE AGREEMENT AND VARIATIONS: The Agreement together with the documents expressly referred to in it constitute the entire agreement between the parties and supersede all prior agreements, arrangements and understandings between the parties relating to its subject matter. Each party confirms that it has not relied upon any representation not recorded in this document inducing it to enter into the Agreement. No variation of these terms and conditions will be valid unless confirmed in writing by authorized signatories of both parties on or after the date of the Agreement.

15.2 SEVERABILITY: If any of the provisions or part of a provision of the Agreement is judged to be illegal or unenforceable, the continuation in full force and effect of the remainder of the provisions or provision will not be prejudiced unless the substantive purpose of the Agreement is then frustrated, in which case either party may terminate the Agreement forthwith on written notice.

15.3 WAIVER: No forbearance or delay by either party in enforcing its respective rights will prejudice or restrict the rights of that party, and no waiver of any such rights or of any breach of any contractual terms will be deemed to be a waiver of any other right or of any later breach.

15.4 RELATIONSHIP OF THE PARTIES: The relationship between PUSH and the Customer is that of independent contractors. Neither party is agent for the other, nor does neither party have any authority to make any contract, whether expressly or by implication, in the name of the other party, except where that party’s prior written consent has been obtained. Nothing contained in the Agreement shall construe the parties as partners, joint ventures, co-owners or otherwise as participants in a joint undertaking.

15.5 ASSIGNMENT: The Customer may not assign the Agreement or any rights granted under the Agreement or any benefits or interests arising under the Agreement without the prior written consent of PUSH which will not be unreasonably withheld or delayed. PUSH shall be entitled to assign, sub-contract or sub-licence the Agreement or any part of the Agreement to any other party.

15.6 NOTICES: Any notice required to be given under the Agreement by either party must be in writing and may be delivered either personally or by first class post in the United Kingdom, if sent from an address in the UK to another address in the UK and by airmail in all other cases, or by facsimile transmission. In the case of post such notices shall be deemed to have been received 7 working days after the date of posting. In case of facsimile transmission notices shall be deemed to have been received by confirmed facsimile transmission. Notices will be delivered or sent to the addresses of the parties set out in the Agreement or to any other address notified in writing by either party to the other for the purpose of receiving notices after the date of the Agreement.

15.7 FORCE MAJEURE: Neither party will be liable to the other party for any delay or failure to perform its obligations under the Agreement (other than a payment of money) as a result of any cause beyond its reasonable control (including but not limited to any industrial dispute, Acts of God, war, riot, malicious acts of damage, fire, acts of any government authority, failure of the electricity supply). If either party is prevented from meeting any of its obligations due to any cause outside its reasonable control, it shall promptly notify the other party in writing of the circumstances and the other party shall grant a reasonable extension for the performance of the Agreement, provided however that if such delay or failure continues for at least 90 days, the party not affected by the cause in question will be entitled to terminate the Agreement by notice in writing.

15.8 PUBLICITY: PUSH shall be entitled to refer to the Customer as a customer of PUSH in its sales and marketing information.

15.9 COUNTERPARTS: The agreement may be executed in any number of counterparts, each of which when executed and delivered shall constitute an original of the agreement, but all the counterparts shall together constitute the same agreement.

15.10 THIRD PARTY RIGHTS: A person who is not a party to the Agreement shall not have any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of the Agreement, but this does not affect any right or remedy of a third party which exists, or is available, apart from that Act.

15.11 GOVERNING LAW AND JURISDICTION: The Agreement is governed by and shall be construed in accordance with English Law and the parties submit to the exclusive jurisdiction of the English Courts.

16. Disputes

16.1 If either party considers there to be in existence a dispute as to whether PUSH is in breach of clause 6.1(“Dispute”) they will immediately give notice of it to the other party.

16.2 Immediately upon receipt of a notice under clause 16.1 the parties will use reasonable endeavours to resolve the Dispute and record any agreement reached between them in writing.

16.3 If the parties have not reached an agreement in writing to resolve the Dispute within 14 days of the service of the notice under clause 16.1 hereof it will be referred to such expert as the parties will jointly nominate.

16.4 If the parties fail to nominate an expert within 21 days of the service of the notice under clause 16.1 then the expert will be nominated at the request of either party by the President for the time being of the Institute of Arbitration.

16.5 The expert, whether appointed under clause 16.2 or 16.3, will act as an expert whose decision (which will be in writing) will, except in the case of manifest error, be final and binding upon the parties. At the request of either party the expert will give reasons in writing for his decision.
Schedule 1
Free and Open Source Software –

Data Processing Supplement

1. Definitions

“the Agreement” means the agreement to which this Supplement is attached, and where the context requires, includes this Supplement;
“Customer Data” means any data of the Customer (including data of the Customer’s own customers, suppliers, vendors and end users) which is Processed on the Push System;
“Customer Instance” means any version of the Push System the Customer has access to that has been configured according to the Customer’s requirements;
“Customer Personal Data” means any Customer Data which is Personal Data;
“Customer System” means any information technology system or systems owned or operated by the Customer from which Customer Data is received in accordance with this Supplement.
“End User System” means any data processing equipment of the Customer or third parties authorised by the Customer which receives Customer Data from the Push System;
“Privacy and Data Protection Requirements” means all applicable data protection and privacy legislation in force from time to time including the General Data Protection Regulation ((EU) 2016/679); the Data Protection Act 2018; the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended and the equivalent of any of the foregoing in any relevant jurisdiction.
“Push System” means any data processing equipment or system owned or under the control of Push and used to Process Customer Data;
“Security Standards” means the physical and data security standards annexed contained within or annexed to this Supplement as amended by Push from time to time.
“Standard Contractual Clauses” means the standard contractual clauses for the transfer of personal data from the European Union to processors established in third countries (controller-to-processor transfers), as set out in the Annex to Commission Decision 2010/87/EU.
“Security Breach” means any security breach relating to:
(a) the Customer Personal Data reasonably determined by Push to be sufficiently serious or substantial to justify notification to the Information Commissioner or other relevant supervisory authority in accordance with the Privacy and Data Protection Requirements; or (b) the Customer Personal Data reasonably determined by Push to be sufficiently serious or substantial to give rise to a material risk of litigation by third parties affected by the breach.
“Security Feature” means any security feature, including any key, PIN, password, biometric information, token, certificate or smartcard.
“Specific Instructions” means instructions for the Processing of Customer Personal Data given by or on behalf of the Customer to Push in any form, including configuration of the Customer Instance and any support or maintenance services which Push provides to the Customer.
“This Supplement” means this data processing and security supplement.
Capitalised terms not defined above are to be interpreted in accordance with the Agreement and the Privacy and Data Protection Requirements.

2. Context

2.1 Push provides a cloud-based system which facilitates the provision of data in realtime or as stored on the Push System, to multiple devices (“Services”).

2.2 To the extent that any Customer Personal Data is being Processed on any Customer Instance, it is the Customer, and not Push, who determines the purposes for which it is Processed, and the Customer, and not Push, which determines the configuration of the Customer Instance (including the extent to which, and duration for which, any data is stored), and thereby acts as Data Controller.

2.3 The Customer acknowledges the Customer Instance is configurable in ways concerning which the Customer has specific duties and responsibilities as Data Controller which if not adhered to may result in breach of Privacy and Data Protection Requirements, such as the non-transient storage, deletion, amendment, blocking, erasure, unauthorised transmission and transfer to third countries of Customer Personal Data. The Customer acknowledges that such configuration is entirely outside of Push’s control and it is the Customer’s sole responsibility to ensure that the configuration of its Customer Instance(s) is in compliance with Privacy and Data Protection Requirements.

3. Push Rights and Obligations

3.1 Push agrees to (1) act solely on the instructions of the Customer in relation to the Processing of Customer Personal Data, as set out in Appendix 1, through the Services (meaning that Push shall not Process Customer Personal Data either (a) on the instructions of any entity other than the Customer or (b) on its own account (other than in circumstances where it is required to do so by applicable law, in which case Push shall notify the Customer in advance, unless prevented from doing so by such law); and (2) employ technical and organisational measures to ensure the security of Customer Personal Data, as more particularly set out in this Supplement and the Security Standards.

3.2 Push shall keep at its normal place of business appropriate records relating to the processing of the Customer Personal Data by Push (‘Records’). Push may keep logs of Specific Instructions received from the Customer, thus causing those Specific Instructions to be documented.

3.3 Push shall permit the Customer on reasonable notice in writing, during normal business hours and on one occasion per contract year, (but without notice or restriction on the number of occasions in case of any reasonably suspected breach of this Supplement or the Security Standards), to:
(a) gain access to review and take copies of the Customer Records and review any other relevant information held at Push’s premises or on the Customer System; and
(b) inspect all Customer Records, and relevant documents; and
(c) make such information available relating to any Subcontractors as shall be necessary for the Customer to undertake the review set out above.

3.4 Push will submit to reasonable data security and privacy compliance audits by the Customer or an independent third party, to verify compliance with this Supplement, applicable law, and any other applicable contractual undertakings. Any such audits shall be subject to the provision of reasonable notice and the further restrictions described in Clause 3.3. Push shall give all necessary assistance to the conduct of such audits throughout the Term of the Agreement and the Customer will provide Push with a copy of the resulting audit reports. Push reserves the right to charge the Customer any reasonable costs incurred as a result of the Customer exercising its rights pursuant to Clause 3.3 and/or Clause 3.4.

3.5 To the extent that it acts as Data Processor, Push shall ensure that the Customer Personal Data is kept secure, and shall use all reasonable security practices and systems applicable to the use of the Customer Personal Data to prevent, and take prompt and proper remedial action against, unauthorised access, copying, modification, storage, reproduction, display or distribution of the Customer Data and Customer Personal Data, it being always acknowledged that other than the limited circumstances in which Push Processes Customer Personal Data in connection with the Services the Customer, and not Push, has access to and is aware of the nature of the Customer Personal Data and consequently bears sole responsibility for compliance with Privacy and Data Protection Requirements.

3.6 Push shall not disclose any Customer Personal Data other than (1) subject to Specific Instructions or (2) as required by law.

3.7 Push shall:
(a) only make copies of the Customer Personal Data to the extent reasonably necessary to carry out its duties under the Agreement; and
(b) not extract, re-utilise, use, exploit, redistribute, re-disseminate, copy or store the Customer Personal Data other than to carry out its duties under the Agreement or in accordance with Specific Instructions.

3.8 Push shall take reasonable steps to ensure that personnel who have access to the Customer Personal Data have committed themselves to confidentiality and shall comply with these this Supplement and Privacy and Data Protection Requirements.

3.9 Push shall not permit any third party to Process Customer Personal Data except as specifically stated in this Supplement, in accordance with Specific Instructions, or where such disclosure or transfer is required by applicable law.

3.10 Push shall take reasonable precautions to preserve the integrity of any Customer Personal Data Processed by it and to prevent any corruption or loss of such Customer Personal Data. Where configured by the Customer, Push will store such Customer Personal Data for a period of time to permit failover and recovery in the case of failure of Push Systems.

3.11 Push may transfer Customer Personal Data to and Process Customer Personal Data in any country where it or its Subcontractors are located insofar as such Processing is required for the performance of the Services. Push shall ensure that, when processing any Customer Personal Data which is subject to the Privacy and Data Protection Requirements of the European Economic Area (which for the purposes of this Agreement shall be deemed to include the United Kingdom), and such processing takes place outside the European Economic Area, that appropriate measures are in place, such as the Standard Contractual Clauses, Binding Corporate Rules or compliance with the US Privacy Shield program to permit such processing to take place lawfully.

3.12 Push may engage third parties (“Subcontractors”) to provide limited services on its behalf, such as support or where set out in the Security Standards. Push shall transfer Customer Personal Data to subcontractors solely where necessary for the Subcontractors to provide such limited services, on written terms which prohibit the Subcontractors from Processing the Customer Personal Data for any other purpose and are otherwise compliant with this Supplement and the Data Protection Requirements, including where such transfer is outside the European Economic Area. Push shall remain accountable and responsible for all actions by Subcontractors with respect to the disclosed or transferred Customer Personal Data. A list of Subcontractors which are or may be used to Process Customer Personal Data is available on request. Push shall notify Customer in advance of any addition or replacement of such Subcontractors, and Customer shall have up to two weeks to object to any such change.

4. Customer Obligations

4.1 The Customer agrees and acknowledges that:
a) it has familiarised itself with the configuration and operation of the Customer Instance;
b) that the technical and organisational measures implemented by Push are as set out in the Security Standards; and
c) it is responsible for the configuration of the Customer Instance (including storage whether for resilience or otherwise) in such a way to ensure that it complies with the Privacy and Data Protection Requirements.

4.2 The Customer agrees that as Data Controller it is itself responsible for ensuring compliance with Privacy and Data Protection Requirements and that it will design, implement and operate the Customer Systems accordingly, taking into account the fact that the Security Standards are designed on the basis that Push has limited access to the Customer Personal Data.

4.3 The Customer acknowledges that Push is under no duty to investigate the completeness, accuracy or sufficiency of any Specific Instructions or the Customer Data.

4.4 Where Push provides services relating to the configuration and operation of the Customer Instance, the Customer acknowledges that Push is advising the Customer as to industry best practice, in terms of in the context of the purpose for which Customer Personal Data may be Processed as opposed to making any determination as to the means by which and the purpose for which the Processing occurs on the Customer’s behalf, and that the decisions are made by Customer alone and that
accordingly, Push is neither sole or co-data controller in respect of such Customer Personal Data.

4.5 Where Push provides support and maintenance services for the Customer, the Customer will, to the extent possible, ensure that it does not disclose Customer Personal Data to Push. Where such Customer Personal Data is disclosed, the Customer hereby instructs Push to process the data solely and to the extent necessary for the purposes of providing support and maintenance services for the Customer and to delete such Customer Personal Data once such Customer Personal Data are no longer required for providing such support and maintenance services. Push shall otherwise process such Customer Personal Data in accordance with the Agreement including this Supplement. The Customer acknowledges and accepts that Push may use remote screen services such as Intercom and that Customer Personal Data obtained and Processed using such systems shall be used solely for the purpose of providing support and maintenance services.

4.6 Push will reasonably assist the Customer with meeting Customer’s compliance obligations under the Privacy and Data Protection Requirements, taking into account the nature of the Push’s processing and the information available to Push, including in relation to data subject rights, data protection impact assessments and reporting to and consulting with supervisory authorities under Privacy and Data Protection Requirements..

4.7 Push will take such technical and organisational measures as may be appropriate, and promptly provide such information and assistance to the Customer as the Customer may reasonably require, to enable the Customer to comply with:
(a) the rights of data subjects under the Privacy and Data Protection Requirements, including subject access rights, the rights to rectify and erase personal data, object to the processing and automated processing of personal data, and restrict the processing of personal data; and (b) information or assessment notices served on Customer by any supervisory authority under the Privacy and Data Protection Requirements.

4.8 Push reserves the right to charge Customer any reasonable costs incurred in the course of fulfilling its obligations pursuant to Clause 4.6 and/or Clause 4.7.

5. Mutual Obligations

5.1 If either party:
(a) becomes aware of any unauthorised or unlawful processing of any Customer Personal Data or that any Customer Personal Data is lost or destroyed or has become damaged, corrupted or unusable;
(b) becomes aware of any Security Breach; or
(c) learns or suspects that any Security Feature has been revealed to or obtained by any unauthorised person,
that party shall, at its own expense, promptly notify the other party and fully co-operate with the other party and any supervising authority having jurisdiction over such party and/or the Personal Data in question to remedy the issue as soon as reasonably practicable.

5.2 Push may change Security Features on notice to the Customer for security reasons.

6. Warranties

6.1 Each party warrants to the other that it will process the Customer Personal Data in compliance with the Privacy and Data Protection Requirements.

6.2 Push warrants and represents that for such time as it Processes Customer Personal Data that it will:
(a) (having regard to the state of technological development and the cost of implementing any measures, subject to Customer’s compliance with paragraphs 6.3 (e) and (f) below) take the technical and organisational measures against the unauthorised or unlawful processing and the accidental loss or destruction of, or damage to, of Customer Personal Data to ensure a level of security appropriate to:
(i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and
(ii) the nature of the Data to be protected
as set out in the Security Standards
(b) take reasonable steps to ensure compliance with those measures; and
(c) discharge its obligations under this Supplement with all due skill, care and diligence.

6.3 The Customer warrants, undertakes and represents that for such time as Push processes Customer Personal Data:

(a) the Customer has the right to license the processing of the Customer Data for the purpose of its agreement with Push;
(b) the processing of the Customer Data under its agreement with Push will not infringe the Intellectual Property Rights of any third party;
(c) the Customer Data contains nothing that is defamatory or indecent;
(d) Push’s processing of the Customer Personal Data in accordance with Specific Instructions has been and will be carried out in accordance with the Privacy and Data Protection Requirements at all times;
(e) the Customer has reviewed the Security Standards and has made its own determination that the Security Standards are appropriate for the Processing of Customer Personal Data by Push in accordance with the Agreement;
(f) the Customer has obtained, where necessary, appropriate consents from the Data Subjects of Customer Personal Data to ensure that any Processing carried out by Push in accordance with this Supplement and the Agreement is carried out lawfully;
(g) the Customer is not aware of any circumstances likely to give rise to breach of any of the Privacy and Data Protection Requirements in the future (including any Security Breach); and
(h) the Customer is registered with or has provided appropriate notification to all relevant data protection authorities to process all Customer Personal Data.

6.4 Except as expressly stated in the Agreement and this Supplement, all warranties, conditions and terms, whether express or implied by statute, common law or otherwise are hereby excluded to the extent permitted by law.

6.5 Neither party will be deemed to be in breach of this Supplement where it has undertaken any act (including any omission) required by a regulator having lawful jurisdiction over it or the Customer Personal Data in question, provided that it promptly notifies, where practicable and lawful, the other party of the act or omission in question.

7. This Supplement shall survive the termination, expiration, or other conclusion of the Agreement for as long as Push has access to or possession of the Customer Data.

8. The Customer shall fully and effectively indemnify Push against any cost, claim, expense, liability or damage arising from any breach of this Supplement by Customer. Such indemnity, shall not be subject to any provision of the Agreement which limits the Customer’s liability, shall survive termination of the Agreement or this Supplement and shall subsist for a period of 6 years after Push has last processed Customer Personal Data on behalf of the Customer under the Agreement.

9. Push’s liability under this Supplement shall be subject to the limitation of liability provisions in the Agreement.

Security Standards

These Security Standards are annexed to the data processing Supplement, and may be modified by Push from time to time by notice to the Customer, or by modifying them as available from[securitystandards]

1. Personnel

1.1 Push has and will maintain a security policy for its employees and contractors and will require those which have access to Customer Personal Data to undergo security and privacy awareness training.

1.2 Push shall ensure that its employees and contractors are responsible for ongoing monitoring of its security practices, Push procedures and infrastructure and incident handling.

2. Data Handling

2.1 Push shall Process and transmit all Customer Personal Data through servers which are managed by Push. Push may replicate data across multiple storage systems.

2.2 Subject to paragraph 2.3, once Push no longer requires any Customer Personal Data to fulfil its obligations to the Customer and its legal requirements, it shall securely delete the Customer Personal Data. Such deletion shall take place in accordance with guidelines issueds by the UK Information Commissioner from time to time, which may permit placing the data ‘beyond use’ as an alternative to physical erasure.

2.3 Upon termination of the Agreement, Push shall either securely delete the Customer Personal Data in accordance with paragraph 2.2, or at Customer’s election (which must be made by written notice prior to termination of the Agreement), retain the Customer Personal Data in such a manner as to enable Customer to retrieve the Customer Personal Data, provided always that the Customer Personal Data must be retrieved by Customer within four weeks of termination.

2.4 To the extent that Push considers appropriate, it will employ cryptography covering data in transit and/or at rest.

3. Vulnerabilities

3.1 Push will monitor a variety of communication channels for security vulnerabilities, and Push’s security team will react promptly to known security vulnerabilities.

4. Change Management

4.1 Push’s change management will include, but not be limited to a code review process to increase the security of the code provided in the Push System.
4.2 Push will also continue to employ a security review process to enhance the security features in production environments.

5. Server

5.1 Push will use a hardened operating system implementation customized for the Push System.

5.2 Push will maintain a prioritized patch management policy.

5.3 Push will install the most recent security patches on the Push System as soon as reasonably practical.

6. Access Control

6.1 Push employs systems and processes to limit physical and logical access based on least privileges and according to job responsibilities to ensure Customer Personal Data can only be accessed by authorized Push personnel.

7. User Roles

7.1 Push and Customer will have control over the creation, deletion, and suspension of user roles within the Customer’s environment of the Push System

8. Connectivity Requirements

8.1 Push will protect its Push System with multiple security layers and services.

9. Data Centre Environment and Physical Security

9.1 Push currently uses the data centere services provided by Amazon Web Services (“AWS”) for the delivery of its Services., AWS’ security standards can be found here

9.2 Each year, Push will review and evaluate the applicable third party security audit reports provided by AWS to ensure they meet an acceptable standard.

10. Continuity Management

10.1 Push shall at all times during the term of this Agreement have in place internal practices, plans or procedures aiming to reasonably ensure the Push System is uninterrupted during the term of the Agreement (“Business Continuity Plan”).

10.2 Certain portions of the Business Continuity Plan may be made available to Customer upon reasonable written notice and shall be kept up to date, tested at regular intervals- and in good working order.

11. Development and Testing

11.1 Systems and processes used for test and development activities will be segregated from Push System.

11.2 Push shall not use Customer Personal Data in its testing and development activities, but it may use Customer Personal Data for the purposes of providing Support and Maintenance as set out in the Agreement.

11.3 The Push System is developed using a documented Software Development LifeCycle (SDLC) to help minimize the risk of introducing security vulnerabilities into the Push System. As an example the SDLC includes the following gates:

11.4 Security review of the source code – automatic and/or manual;

11.5 Security audit of the Push System prior to deployment.

11.6 All of Push System is subject to penetration testing and vulnerability scans prior to being launched into production status, and on a regular basis and following major changes.

11.7 All critical security vulnerabilities found during the security testing in the Push System will be addressed.

11.8 All Push developers are trained annually to identify and resolve common coding vulnerabilities in order to minimise the number of security vulnerabilities.

Appendix 1

Processing Details
Nature and Purpose of Processing

Processing shall be undertaken in accordance with and for the purpose of the fulfilment of the Services as further described in the Agreement.
Types of Personal Data

Personal data includes name, address, email address, phone number, IP address, location data, phone ID number (UDID), log-in credentials, password.

Special Category Data

Special Category Data may include health data.
Data Subjects
End users, customers, employees and contractors of the Customer.
Duration of the Processing:
The Processing shall continue for the duration of the Services.