MISL Total Document Management – General Terms and Conditions.

Download MISL’s General Terms and Conditions.

Last updated [28/02/2024]


 

Limitation of Liability.

In the event of the client sustaining any loss due in whole or in part to MISL’s equipment failure, program, or operator error then MISL’s liability shall be limited to the cost of reprocessing the client’s data and providing acceptable results. Save as aforesaid MISL shall not be liable for any delay, loss or damage however arising of this agreement nor for any consequential losses the client may suffer.

 

Accuracy of Results.

  •  It is the client’s responsibility that all parts of any project must be signed off as correct before commencement.
  •  When the specifications do not include verifying or checking and balancing to audited control figures the client agrees to accept the unverified results as complete and satisfactory.
  •  30 Days following job completion and invoice, documentation held by MISL and transferred to Roll Film or CD shall be destroyed upon authorisation from the customer. If held for a period of more than 30 days, then storage charges shall arise at rates stated in 6 below.

 

Error or Omission in Specification.

The client is responsible for confirming that MISL’s job specification is a correct understanding. The client is responsible for signing the job specification to authorise the job. Failure to do so will delay the work. All delays and costs resulting from a failure or delay for this proper authorisation to be provided will be the responsibility of the client.

All modifications to the job where specification has already been agreed will need to be authorised in writing by the client. Failure to do so will be the responsibility of the client. Any and all costs resulting from such a delay will be the responsibility of the client.

Where programming, or program modification, is undertaken by MISL for a client based on the client’s specification, no responsibility will be taken for any errors or omissions in that specification. Any additional work resulting from such errors or omissions will be chargeable, over and above the quoted figure, at MISL’s current rates.

 

Transport of Data.

At the request of the client, MISL may collect and deliver the client’s media and/or documents from the client’s premises for which service MISL may charge. During such collection or delivery to or from the client, all the client’s materials shall be at the client’s risk. MISL shall not be liable for any delay, loss or damage arising there from nor from any consequential losses incurred by the client.

 

Invoicing and Settlement.

Payment is to be made within thirty (30) days from the date of the invoice. MISL reserve the right to charge interest at the rate of eight percent above the Bank of England base rate per month on any invoice outstanding beyond thirty (30) days where that invoice is not the subject of a valid query, such query to have been notified within 7 days of invoice date. Whilst any invoice remains outstanding the data/deliverable product remains the property of MISL.

Where the minimum quantities received are less than 80% of the total value of the quotation, a surcharge will be applied to your invoice in line with MISL’s standard per 1,000 images price to cover the shortfall due to the cost incurred for project set up and production planning.

 

Physical Storage.

Following the initial 30 days of free storage from the date of project completion, clients will receive a destruction authorisation form within this period for signing, granting permission for the physical files’ destruction. Failure to return the signed form within the 30-day period will trigger a temporary storage contract for six months, with a charge of £5.00 per box per month. In case of customer recall during this period, charges will apply to cover the remaining month, along with a fixed sum of £250 to account for labour costs associated with the removal and delivery of the recalled data/documents.

 

Digital Data Storage.

Digital Data Storage is charged at £0.001 per image per month and will be stored for 3 months on our internal storage servers. During the first 3 months of the data storage period, the client will be sent a destruction authorisation form for signing to give permission for the data to be permanently deleted.  Failure to return the signed form within the initial 3-month period, will result in your data being held in a temporary storage contract for six months charged at £0.001 per image per month.  If customers wish to have their data deleted immediately after data delivery, then this will need communicating to the account manager during project initiation.

 

Termination.

Either party may terminate this agreement at any time for failure of the other to comply with any of its terms.

If this agreement, or any supplement to the agreement, is terminated by MISL as a result of MISL ceasing to trade, MISL shall make available to the client, free of charge, all programs, documentation and files necessary for that client to obtain continued service from another supplier.

 

Data Protection.

Where MISL processes personal data on behalf of the client, who in turn is the Controller of such data, MISL is acting in the capacity of a Processor (“Controller” and “Processor” shall have the meaning given to those terms in Article 4 of regulation (EU) 2016/679 (the General Data Protection Regulation)).

Terms for the processing of such personal data are included in the Annex A.

 

General.

This agreement shall be governed by the laws of England and constitute, with its supplements, the entire agreement between client and MISL with the respect to the services enumerated herein and its terms and conditions of any order submitted by the client in respect of such service.

The above information can also be found on the MISL website.

 

Annex A – Data Processing.

Obligations of the Processor

The Processor shall:

Process Personal Data only for the purpose of fulfilling the terms of any contracts between the Controller and the Processor. In no event shall the Processor use any of this Personal Data for its own purposes or for any other purpose other than the specific purpose which the use of such Personal Data has been authorised for by the Controller.

Process Personal Data on the documented instructions of the Controller, including with regards to any transfer of data to third countries or international organisations unless required to do so by Union or Member State law to which the Processor is subject; in such a case, the Processor shall inform the Controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.

Ensure that any person acting under the authority of the Processor, who has access to Personal Data is subject to a duty of confidentiality and that such individual’s process such data in accordance with the Processors instructions only.

At all times, considering the nature of the processing, implement technical and organisational measures appropriate to the level of risk that shall provide:

  • The ability to ensure the ongoing confidentiality, integrity and availability of processing systems and services,
  • Security against unauthorised or unlawful processing of Personal Data,
  • The ability to restore the availability and access to Personal Data in a timely manner in the event of an incident,
  • A process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

Ensure that the security of Personal Data is backed up by robust policies and procedures and reliable, well-trained staff.

Ensure that each of its employees, or any other persons acting under its authority are made aware of the Processors obligations and duties under this agreement and shall require that they enter into binding obligations with the Processor in order to maintain the levels of confidentiality, security and protection provided for in this agreement.

Not divulge the Personal Data to any third party without the express documented consent of the Controller.

Not engage another sub-processor without prior specific or general written authorisation of the Controller.

Ensure where the Processor engages another sub-processor for carrying out specific processing activities on behalf of the Controller, the same data protection obligations as set out in these conditions shall be imposed on that sub-processor by way of a contract or other legal act under Union or Member State law. Where that other sub-processor fails to fulfil its data protection obligations, the Processor shall remain filly liable to the Controller for the performance of that other sub-processor’s obligations.

Assist the Controller, insofar as this is possible, for the fulfilment of the Controller’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the General Data Protection Regulation.

Assist the Controller in ensuring compliance with the Controllers obligations pursuant to Articles 32 through 36 of the General Data Protection Regulation in respect of security of processing, notification of Personal Data breaches to the appropriate supervisory authority, communication of Personal Data breaches to the data subject, Data Protection impact assessments and prior consultation with the appropriate supervisory authority where appropriate.

Immediately and without undue delay notify the Controller if any Personal Data is lost or destroyed or becomes damages, corrupted or unusable and restore such Personal Data at its own expense, or if there is any accidental, unauthorised, or unlawful processing of Personal Data, or of any Personal Data breach.

Make available to the Controller all information necessary to demonstrate compliance with the Article 28 of the GDPR and allow for audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.

The Processor shall immediately and without undue delay notify the Controller if in its opinion, it is asked to do something that infringes the General Data Protection Regulations or any other Union or Member State data protection provisions.

Maintain a record of all categories of processing activities carried out on behalf of the Controller that is compliant with Article 30 of the General Data Protection Regulation.

Where applicable cooperate with the appropriate supervising authority in the performance of its tasks.

At the choice of the Controller, delete or return all Personal Data to the Controller after the end of the provision of services relating to the processing and delete existing copies unless Union or Member State law requires storage of the Personal Data.

 

Obligations of the Controller

The Controller represents and warrants that it has obtained any and all necessary authorisation to provide the Personal Data to the Processor.

 

Personal Data Transfers

The Controller hereby authorises the Processor to make the following transfers of the personal data:

  • The Processor may transfer the Personal Data internally to its own members of staff, offices, and facilities.
  • The Processor may transfer the Personal Data to its sub-processors provided that such transfers are for the purposes of providing the services.
  • The Processor may transfer the Personal Data to third countries or international organisations acting as sub-processors provided that such transfers comply with chapter 5 of the General Data Protection Regulation.

 

Liability.

The Processor shall be liable for and shall indemnify the Controller in respect of any and all action, proceeding, liability, cost, claim, loss or expense suffered or incurred by, awarded against, or agreed to be paid by, the Controller arsing directly or in connection with:

  • Failure by the Processor, or sub-processors engaged by the Processor to carry out processing activities on behalf of the Controller, to fulfil their data protection obligations with this agreement, the General Data Protection Regulation, or any other applicable legislation,
  • Any processing carried out other than in accordance with instructions given by the Controller that infringe the General Data Protection Regulation or any other applicable legislation,
  • Any breach by the Processor of its obligations under this agreement.

The Controller shall be liable and shall indemnify the Processor in respect of any and all action, proceeding, liability, cost, claim, loss or expense suffered or incurred by, awarded against the Processor arising directly or in connection with:

  • Any non-compliance by the Controller with the General Data Protection Regulation or any other applicable legislation,
  • Any processing carried out in accordance with instructions given by the Controller that infringe the General Data Protection Regulation or any other applicable legislation; or,
  • Any breach by the Controller of its obligations under this agreement.

The Controller shall not be entitled to claim back from the Processor any sums paid by the Controller in respect of any damages to the extent that the Controller is liable to indemnify the Processor.