General Terms and Conditions 2023

General Terms and Conditions

Year

Download Terms and Conditions 

These terms and conditions (“Terms”) govern the acquisition and use of InterWorks Services by a Customer. InterWorks must agree to any addition or change to these terms and conditions in a signed writing; any terms included in a Customer purchase order or similar document shall not apply to or modify these Terms.


1. Definitions

(a) “Customer” means an individual, a company or other legal entity, or an affiliate of such company or legal entity, on whose behalf these Terms have been accepted by execution of an Ordering Document; (b) “InterWorks” means the company identified in Section 10 below; (c) “Ordering Document” means the order form or quote specifying the Services to be provided hereunder that has been entered into between Customer and InterWorks; (d) “Services” means the InterWorks services that are requested by a Customer in an Ordering Document, or which are provided to Customer by InterWorks free of charge or on a trial basis, but Services does not include any third-party software or service that may be resold by InterWorks.

2. Services

General. Services will be delivered by InterWorks as described in the Ordering Document and any applicable service descriptions. InterWorks does not guarantee a specific deliverable or result for any Services. Quoted time frames are estimates only; if additional hours are needed, InterWorks will provide as much notice as reasonably possible and work with Customer to determine an acceptable schedule. InterWorks will not bill for more than the estimated hours without Customer’s consent. Customer agrees to pay for all reasonable and necessary expenses billed in accordance with InterWorks’ then-current Travel and Expense Policy.

3. Billing

Services fees and expenses will be billed as noted on the Ordering Document. If Customer chooses to pre-pay for any Services, Customer must schedule the Services to be completed within one year of the pre-payment, or any pre-paid fees will be deemed earned by InterWorks and will not be refunded. Except as otherwise set forth on the Ordering Document, terms of payment are net 30 days from invoice date, and prices do not include any sales, use, value added taxes or other similar charges, payment of which will be solely Customer’s responsibility. Failure to timely pay invoices may accrue interest at a rate of 2% of the outstanding balance per month, or the maximum rate permitted by law, whichever is greater, and may also result in a suspension of Services. InterWorks will invoice Customer for any applicable sales, use, or value added taxes as required by the applicable jurisdiction, and Customer will pay that amount unless Customer provides a valid tax exemption certificate. If provide a resale or tax exemption certificate that is not accepted or invalid for any reason by any governmental or regulatory authority and InterWorks is required to pay tax on Customer’s purchase, Customer will reimburse InterWorks for the amount of such tax, and InterWorks’ reasonable expenses incurred in connection with the payment and collection of such tax.

4. Scheduling

The Services will be scheduled by mutual agreement of the parties upon receipt by InterWorks of an executed Ordering Document, along with any necessary billing authorizations (e.g., a purchase order) as required by Customer’s accounts payable policies. InterWorks reserves the right to impose a reasonable rescheduling fee on engagements that are rescheduled or cancelled within five business days of the scheduled start date. Customer agrees to pay such fees in addition to the fees and expenses due for Services rendered hereunder.

5. Confidential Information

Each party will hold Confidential Information in strict confidence, only use it in in relation to the Services, and not disclose it to others. Each party will take all action reasonably necessary to protect the Confidential Information including at least any efforts each party uses to protect its own most sensitive information. Each party will only disclose Confidential Information to its personnel as needed in relation to the Services, and such personnel will be bound by written restrictions at least as protective of the Confidential Information as this Agreement. “Confidential Information” means any information regarding a party that such party considers confidential and regularly protects from public disclosure and has been identified as confidential or would be understood as confidential by a reasonable person under the circumstances. Confidential Information will not include information that was previously known to the receiving party, becomes public through no fault of the receiving party, or that the disclosing party regularly gives to third parties without any confidentiality restriction.

6. Intellectual Property

“Service-Related IP” means all proprietary intellectual property, designs, processes, techniques, concepts or other work we create for Customer in connection with performing the Services, whether they are eligible for patent, copyright, mask work, trade secret, trademark or other legal protection worldwide. All Service-Related IP will be Customer’s sole and exclusive property and will be considered works made for hire. “InterWorks IP” means any intellectual property, designs, processes, techniques, concepts or other work we have developed prior to or independently of the Services. All InterWorks IP will remain the sole and exclusive property of InterWorks. Additionally, we will be free to use our general skills, know-how, and expertise, whether pre-existing or gained under this Agreement, in engagements with other clients if we acquire and apply such information without disclosure of any of Customer’s Confidential Information. If any InterWorks IP is incorporated into the Services, InterWorks hereby grants Customer a perpetual, irrevocable, world-wide, non-exclusive license to use, reproduce, display and otherwise fully exploit the InterWorks IP incorporated into the Services as necessary to use the Services for the purposes for which Customer intends.

7. Privacy and Data Security

(a) These Terms incorporate the InterWorks Data Processing Addendum (“DPA”), when the GDPR applies to your use of the Services (as defined in the DPA). (b) These Terms incorporate the Standard Contractual Clauses between controllers and processors (“Controller-to-Processor Clauses”) and the Standard Contractual Clauses between processors (“Processor-to-Processor Clauses”) approved by the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021 (the “SCCs”). The SCCs will only apply when: (i) the GDPR applies to your use of the Services; and (ii) Customer data is transferred either directly or via onward transfer, to a country outside of the European Economic A rea not recognized by the European Commission as providing an adequate level of protection for personal data subject to GDPR (together a “Data Transfer”). When Customer is a controller (as defined in the GDPR), the Controller-to-Processor Clauses will apply to a Data Transfer. When Customer is a processor (as defined in the GDPR), the Processor-to-Processor Clauses will apply to a Data Transfer.

8. Warranties

InterWorks represents and warrants to Customer that (a) it is under no contractual or other restriction or obligation that will prevent us from performing the Services; (b) it will perform the Services in a professional and workmanlike manner, in accordance with customary standards for our industry; (c) the Services will not infringe upon or otherwise violate any third party’s intellectual property rights. Customer represents and warrants to InterWorks that Customer (x) has all requisite power and authority to execute, deliver and perform Customer’s obligations hereunder; (y) has the financial resources and stability to pay for the Services; (z) will provide timely cooperation, willingness, responsiveness and access to necessary personnel and systems as required for InterWorks to provide the Services. THE WARRANTIES AND REPRESENTATIONS SET FORTH IN THIS AGREEMENT ARE IN LIEU OF, AND INTERWORKS HEREBY DISCLAIMS, ANY AND ALL OTHER WARRANTIES AND REPRESENTATIONS, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE TO THE FULLEST EXTENT ALLOWED BY LAW

9. Limitation of Liability

NEITHER PARTY WILL BE LIABLE FOR ANY SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER NON-DIRECT DAMAGES OR LOST PROFITS IN CONNECTION WITH THIS AGREEMENT, REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF INFORMED IN ADVANCE OF THEIR POSSIBILITY. EACH PARTY’S ENTIRE LIABILITY UNDER THIS AGREEMENT SHALL NOT EXCEED THE FEES PAID OR OWED BY YOU UNDER THIS AGREEMENT DURING THE TWELVE MONTHS PRECEDING THE CLAIM. IN THE CASE WHERE NO AMOUNT WAS PAID FOR THE SOFTWARE OR SERVICE GIVING RISE TO THE CLAIM, INTERWORKS’ ENTIRE LIABILITY TO YOU UNDER THIS AGREEMENT SHALL NOT EXCEED US$100.

10. Termination

Either party may terminate their agreement if the other party materially breaches these Terms or any Ordering Document and fails to cure the breach within 30 days after written notice.

  • Survival The provisions of 5-7 survive the termination or expiration of these Terms.

11. Independent Contractor 

InterWorks is an independent contractor and is not an agent or employee of, and has no authority to bind, Customer by contract or otherwise. We will determine, in our sole discretion, the manner and means by which the Services are accomplished.

12. Contracting Entity, Notices, and Governing Law

The InterWorks entity entering into these Terms, the address to which Customer should direct notices under these Terms, and the law that will apply in any dispute or lawsuit arising out of or in connection with these Terms, depend on where Customer is domiciled. In addition to the delivery of any notice related to these Terms to the applicable address noted below, all such notices shall be copied via email to legal@interworks.com

  • For Customers domiciled in North or South America, the InterWorks entity is: InterWorks, Inc., an Oklahoma corporation, with a notice address of 1425 S. Sangre Rd., Stillwater, OK 74074, and the governing law is Oklahoma and applicable US federal law.
  • For Customers domiciled in any country in Europe, the Middle East, or Africa, other than Germany or the Netherlands, the InterWorks entity is: InterWorks Europe Ltd, a company incorporated in England, with a notice address of Unit 1, Christchurch Business Park, Radar Way, Christchurch BH23 4FL, and the governing law is England and Wales.
  • For Customers domiciled in Germany, the InterWorks entity is: InterWorks GmbH, a company incorporated in Germany, with a notice address of Breite Straße 27, 40213 Düsseldorf, and the governing law is Germany.
  • For Customers domiciled in the Netherlands, the InterWorks entity is: InterWorks Netherlands B.V., a private company incorporated in the Netherlands, with a notice address of Keizersgracht 391 A 1016EJ, Amsterdam, and the governing law the Netherlands.
  • For Customers domiciled in any country in Asia or the Pacific region other than Australia or New Zealand, the InterWorks entity is InterWorks APAC Pte. Ltd., a Singapore private limited company, with a notice address of 6 Raffles Quay, #14-05/05, Singapore 048580, and the governing law is Singapore.
  • For Customers domiciled in Australia or New Zealand, the InterWorks entity is: InterWorks AUS Pty. Ltd., a proprietary company incorporated in Australia, with a notice address of 727 Collins St.; Collins Square, Tower 1, Docklands, VIC 3008, and the governing law is New South Wales, Australia.

13. General

Each party agrees to the applicable governing law above, without regard to choice or conflicts of law rules. Either party’s failure to enforce a provision is not a waiver of its right to do so later. If a provision is found unenforceable, the remaining provisions of these Terms will remain in full effect and an enforceable term will be substituted reflecting the parties’ intent as closely as possible. Either party may assign its rights to any of its affiliates or subsidiaries, or to any successor in interest of any business associated with the Services. The exercise by a party of any of its remedies under these Terms will be without prejudice to its other remedies under the Terms or available at law or in equity. These Terms comprise the complete and exclusive statement of the mutual understanding of the parties and supersede and cancel all previous written and oral agreements and communications relating to the subject matter of these Terms. Notwithstanding the foregoing, if you have entered into a separate written services agreement signed by InterWorks and effective as of the date of an Ordering Document, the terms and conditions of such other agreement shall prevail over any conflicting provision of these Terms.

Interworks Data Processing Addendum

This Data Processing Addendum (“DPA”) supplements the InterWorks General Terms and Conditions, available at: https://interworks.com/general-terms-and-conditions-2023/, as updated from time to time, or other agreement between Customer and InterWorks governing Customer’s use of InterWorks services (the “Terms”). This DPA is an agreement between you and the entity you represent (“Customer”) and InterWorks, as defined in the Terms. Unless otherwise defined in this DPA or in the Terms, all capitalized terms used in this DPA will have the meanings given to them in Section 15 of this DPA.

1. Data Processing

1.1. Scope and Roles. This DPA applies when Customer Data is processed by InterWorks. In this context, InterWorks will act as processor to Customer, who can act either as controller or processor of Customer Data.

1.2. Details of Data Processing.

1.2.1. Subject matter. The subject matter of the data processing under this DPA is Customer Data.

1.2.2. Duration. As between InterWorks and Customer, the duration of the data processing under this DPA is determined by Customer.

1.2.3. Purpose. The purpose of the data processing under this DPA is the provision of the Services initiated by Customer from time to time.

1.2.4. Nature of the processing. Communication and management of Services as described in an Ordering Document entered into by Customer from time to time.

1.2.5. Type of Customer Data. Customer Data provided to InterWorks pursuant to the provision of Services by InterWorks.

1.2.6. Categories of data subjects. The data subjects could include Customer’s employees, suppliers, and customers.

1.3. Compliance with Laws. Each party will comply with all laws, rules, and regulations applicable to it and binding on it in the performance of this DPA, including the GDPR

2. Customer Instructions

The parties agree that this DPA and the Terms (including the applicable Ordering Document and any instructions communicated to InterWorks during provision of the Services) constitute Customer’s documented instructions regarding InterWorks’ processing of Customer Data (“Documented Instructions”). InterWorks will process Customer Data only in accordance with Documented Instructions (which if Customer is acting as a processor, could be based on the instructions of its controllers). Additional instructions outside the scope of the Documented Instructions (if any) require prior written agreement between InterWorks and Customer, including agreement on any additional fees payable by Customer to InterWorks for carrying out such instructions. Customer is entitled to terminate this DPA and the Terms if InterWorks declines to follow instructions requested by Customer that are outside the scope of, or changed from, those given or agreed to be given in this DPA. Given the nature of the processing, Customer agrees that it is  unlikely InterWorks can form an opinion on whether Documented Instructions infringe the GDPR. If InterWorks forms such an opinion, it will immediately inform Customer, in which case, Customer is entitled to withdraw or modify its Documented Instructions.

3. Confidentiality of Customer Data

InterWorks will not access or use, or disclose to any third party, any
Customer Data, except, in each case, as necessary to maintain or provide the Services, or as necessary to comply with the law or a valid and binding order of a governmental body (such as a subpoena or court order). If a governmental body sends InterWorks a demand for Customer Data, InterWorks will attempt to redirect the governmental body to request that data directly from Customer. As part of this effort, InterWorks may provide Customer’s basic contact information to the governmental body. If compelled to disclose Customer Data to a governmental body, then InterWorks will give Customer reasonable notice of the demand to allow Customer to seek a protective order or other appropriate remedy unless InterWorks is legally prohibited from doing so.

4. Confidentiality Obligations of InterWorks Personnel

InterWorks restricts its personnel from processing Customer Data without authorization by InterWorks as described in the InterWorks Security Measures (Annex 1). InterWorks imposes appropriate contractual obligations upon its personnel, including relevant obligations regarding confidentiality, data protection, and data security.

5. Security of Data Processing

5.1. InterWorks has implemented and will maintain the technical and organizational measures for InterWorks Systems as described in the InterWorks Security Measures and this Section. In particular, InterWorks has implemented and will maintain the following technical and organizational measures:

5.1.1. Security of the InterWorks Systems as set out in Section 1.1 of the InterWorks Security Measures;

5.1.2. Physical security of the facilities as set out in Section 1.2 of the InterWorks Security Measures;

5.1.3. Measures to control access rights for InterWorks employees and contractors to the InterWorks Systems as set out in Section 1.1 of the InterWorks Security Measures; and

5.1.4. Processes for regularly testing, assessing and evaluating the effectiveness of the technical and organizational measures implemented by InterWorks as described in Section 2 of the InterWorks Security Measures.

5.2. Customer can elect to implement technical and organizational measures to protect Customer Data. Such technical and organizational measures include the following which can be obtained by Customer from InterWorks or directly from a third party supplier:

5.2.1. Pseudonymization and encryption to ensure an appropriate level of security;

5.2.2. Measures to ensure the ongoing confidentiality, integrity, availability, and resilience of the processing systems and services that are operated by Customer;

5.2.3. Measures to allow Customer to backup and archive appropriately in order to restore availability and access to Customer Data in a timely manner in the event of a physical or technical incident; and

5.2.4. Processes for regularly testing, assessing, and evaluating the effectiveness of the technical and organizational measures implemented by Customer.

6. Sub-processing

6.1. Authorized Sub-processors. Customer provides general authorization to InterWorks’ use of sub- processors to provide processing activities on Customer Data on behalf of Customer (“Sub-processors”) in accordance with this Section. A list of current Sub-processors, which shall be updated when new sub-processors are engaged, can be accessed at: www.interworks.com/dpt/subprocessors, and InterWorks will provide Customer with a mechanism to obtain notification of such updates. InterWorks may also directly notify Customer in the event additional Sub-processors may be required to process Customer Data in connection with the Services. If Customer does not approve of any new Sub-processor, such approval not to be unreasonably withheld, Customer shall notify InterWorks of such determination and the parties agree to work together in good faith to resolve such concerns. To the extent that they cannot be resolved, InterWorks shall either cease its use of the Sub-processor to process the Customer Data or notify Customer that it may terminate that portion of the Services that require the use of the Sub-processor in accordance with the.

6.2. Sub-processor Obligations. Where InterWorks authorizes a Sub-processor as described in Section 6.1:

6.2.1. InterWorks will restrict the Sub-processor’s access to Customer Data to only what is necessary for the provision of Services, and InterWorks will prohibit the Sub-processor from accessing Customer Data for any other purpose;

6.2.2. InterWorks will enter into a written agreement with the Sub-processor and, to the extent that the Sub-processor performs the same data processing services provided by InterWorks under this DPA, InterWorks will impose on the Sub-processor the same contractual obligations that InterWorks has under this DPA; and

6.2.3. InterWorks will remain responsible for its compliance with the obligations of this DPA and for any acts or omissions of the Sub-processor that cause InterWorks to breach any of InterWorks’ obligations under this DPA.

7. InterWorks Assistance with Data Subject Requests

If a data subject makes a request to InterWorks, InterWorks will promptly forward such request to Customer once InterWorks has identified that the request is from a data subject for whom Customer is responsible. Customer authorizes, on its behalf, and on behalf of its controllers when Customer is acting as a processor, InterWorks to respond to any data subject who makes a request to InterWorks, to confirm that InterWorks has forwarded the request to Customer. The parties agree that InterWorks forwarding data subjects’ requests to Customer in accordance with this Section represent the scope and extent of InterWorks’ required assistance

8. Security Incident Notification

8.1. Security Incident. InterWorks will (a) notify Customer of a Security Incident without undue delay after becoming aware of the Security Incident, and (b) take appropriate measures to address the Security Incident, including measures to mitigate any adverse effects resulting from the Security Incident.

8.2. InterWorks Assistance. To enable Customer to notify a Security Incident to supervisory authorities or data subjects (as applicable), InterWorks will cooperate with and assist Customer by including in the notification under Section 8.1(a) such information about the Security Incident as InterWorks is able to disclose to Customer, given the nature of the processing, the information available to InterWorks, and any restrictions on disclosing the information, such as confidentiality. Given the nature of the processing, Customer agrees that it is best able to determine the likely consequences of a Security Incident.

8.3. Unsuccessful Security Incidents. Customer agrees that an unsuccessful Security Incident will not be subject to this Section 8. An unsuccessful Security Incident is one that results in no unauthorized access to Customer Data or to any of InterWorks’ equipment or facilities storing Customer Data, and could include, without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing (or other unauthorized access to traffic data that does not result in access beyond headers), or similar incidents.

8.4. Communication. Notification(s) of Security Incidents, if any, will be delivered to one or more of Customer’s administrators by any means InterWorks selects, including via email. It is Customer’s sole responsibility to ensure Customer’s administrators maintain accurate contact information with InterWorks. Customer agrees that InterWorks’ obligation to report or respond to a Security Incident under this Section 8 is not and will not be construed as an acknowledgement by InterWorks of any fault or liability of InterWorks with respect to the Security Incident.

9. Testing and Audits

9.1. InterWorks Testing. InterWorks uses internal processes and testing to verify the adequacy of its security measures. This testing: (a) will be performed at least annually; (b) will be performed using to ISO 27002 standards or such other alternative standards that are substantially equivalent to ISO 27002; and (c) will be performed by at InterWorks’ selection and expense.

9.2. Testing Reports. At Customer’s written request, and provided that the parties have an applicable NDA in place, InterWorks’ internal staff will communicate appropriately with Customer to reasonably verify InterWorks’ compliance with its obligations under this DPA.

9.3. Privacy Impact Assessment and Prior Consultation. Taking into account the nature of the processing and the information available to InterWorks, InterWorks will assist Customer in complying with Customer’s obligations in respect of data protection impact assessments and prior consultation, by providing the information InterWorks makes available under this Section 9.

9.4. Customer Audits. If Customer chooses to conduct any audit, including any inspection, it has the right to request or mandate on its own behalf, and on behalf of its controllers when Customer is acting as a processor, under the GDPR or the Standard Contractual Clauses, Customer may issue such request by sending InterWorks written notice as provided for in the Terms. If InterWorks declines to provide any such requested audits, including inspections, Customer is entitled to terminate the Services in accordance with the Terms

10. Transfers of Personal Data

10.1. Regions. Customer may request the location(s) where Customer Data will be processed within the InterWorks Systems (each a “Region”), including Regions in the EEA. If such request is accepted by InterWorks in writing, InterWorks will not transfer Customer Data from Customer’s selected Region(s) except as necessary to provide the Services initiated by Customer, or as necessary to comply with the law or binding order of a governmental body.

10.2. Application of Standard Contractual Clauses. The Standard Contractual Clauses will only apply to Customer Data that is transferred, either directly or via onward transfer, to any Third Country, (each a “Data Transfer”).

10.2.1. When Customer is acting as a controller, the Controller-to-Processor Clauses will apply to a Data Transfer.

10.2.2. When Customer is acting as a processor, the Processor-to-Processor Clauses will apply to a Data Transfer. Given the nature of the processing, Customer agrees that it is unlikely that InterWorks will know the identity of Customer’s controllers because InterWorks has no direct relationship with Customer’s controllers and therefore, Customer will fulfill InterWorks’ obligations to Customer’s controllers under the Processor-to-Processor Clauses.

10.2.3. Alternative Transfer Mechanism. The Standard Contractual Clauses will not apply to a Data Transfer if InterWorks has adopted binding corporate rules for Processors or an alternative recognized compliance standard for lawful Data Transfers.

11. Termination of the DPA

This DPA will continue in force until the termination of the Services subject to the Terms (the “Termination Date”)

12. Return or Deletion of Customer Data

Processing by InterWorks shall only take place for the duration of the Services. After the end of the Services, InterWorks shall, at Customer’s choice, delete all Customer Data and certify to Customer that it has done so, or return to Customer all Customer Data and delete existing copies. Until Customer Data is deleted or returned, InterWorks shall continue to ensure compliance with this DPA. In case of local laws applicable to InterWorks that prohibit return or deletion of the Customer Data, InterWorks warrants that it will continue to ensure compliance with this DPA and will only process it to the extent and for as long as required under that local law.

13. Duties to Inform

Where Customer Data becomes subject to confiscation during bankruptcy or insolvency proceedings, or similar measures by third parties while being processed by InterWorks, InterWorks will inform Customer without undue delay. InterWorks will, without undue delay, notify all relevant parties in such action (for example, creditors, bankruptcy trustee) that any Customer Data subjected to those proceedings is Customer’s property and area of responsibility and that Customer Data is at Customer’s sole disposition.

14. Entire Agreement; Conflict

This DPA incorporates the Standard Contractual Clauses by reference. Except as amended by this DPA, the Terms will remain in full force and effect. If there is a conflict between the Terms and this DPA, the terms of this DPA will control, except that an Ordering Document will control over this DPA if such superseding language is specifically described in the terms of the Ordering Document. Nothing in this document varies or modifies the Standard Contractual Clauses.

15. Definitions

Unless otherwise defined in the Terms, all capitalized terms used in this DPA will have the meanings given to them below:

15.1. “InterWorks Systems” means InterWorks’ servers, networking equipment, and host software systems (for example, virtual firewalls) that are within InterWorks’ control and are used to provide the Services.

15.2. “InterWorks Security Measures” means the security standards attached to this DPA as Annex 1.

15.3. “Controller” has the meaning given to it in the GDPR.

15.4. “Controller-to-Processor Clauses” means the standard contractual clauses between controllers and processors for Data Transfers, as approved by the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021.

15.5. “Customer Data” means any “personal data” (as defined in the GDPR) that is provided to InterWorks in connection with the Services.

15.6. “EEA” means the European Economic Area.

15.7. “GDPR” means Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

15.8. “Processing” has the meaning given to it in the GDPR and “process”, “processes” and “processed” will be interpreted accordingly.

15.9. “Processor” has the meaning given to it in the GDPR.

15.10. “Processor-to-Processor Clauses” means the standard contractual clauses between processors for Data Transfers, as approved by the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021.

15.11. “Security Incident” means a breach of InterWorks’ security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data.

15.12. “Standard Contractual Clauses” means (i) the Controller-to-Processor Clauses, or (ii) the Processor-to-Processor Clauses, as applicable in accordance with Sections 10.2.1 and 10.2.2.

15.13. “Third Country” means a country outside the EEA not recognized by the European Commission as providing an adequate level of protection for personal data (as described in the GDPR).

Annex 1

InterWorks Security Measures

Capitalized terms not otherwise defined in this document have the meanings assigned to them in the DPA.

1. Information Security Program . InterWorks will maintain an information security program (including the adoption and enforcement of internal policies and procedures) designed to (a) secure Customer Data against accidental or unlawful loss, access, or disclosure, (b) identify reasonably foreseeable and internal risks to security and unauthorized access to the InterWorks Systems, and (c) minimize security risks, including through risk assessment and regular testing. InterWorks will designate one or more employees to coordinate and be accountable for the information security program. The information security program will include the following measures:

1.1. Network Security. The InterWorks Systems will be electronically accessible to employees, contractors, and any other person as necessary to provide the Services. InterWorks will maintain access controls and policies to manage what access is allowed to the InterWorks Systems from each network connection and user, including the use of firewalls or functionally equivalent technology and authentication controls. InterWorks will maintain corrective action and incident response plans to respond to potential security threats.

1.2. Physical Security.

1.2.1. Physical Access Controls. Physical components of the InterWorks Systems are housed in nondescript facilities (the “Facilities”). Physical barrier controls are used to prevent unauthorized entrance to the Facilities at building access points. Passage through the physical barriers at the Facilities requires either electronic access control validation (for example, card access systems, etc.) or validation by human security personnel (for example, contract or in-house security guard service, receptionist, etc.). Visitors and any other contractors are required to sign-in with designated personnel, must show appropriate identification, are assigned a visitor ID badge that must be worn while the visitor or contractor is at any of the Facilities, and are continually escorted by authorized employees or contractors while visiting the Facilities.

1.2.2. Limited Employee and Contractor Access. InterWorks provides access to the Facilities to those employees and contractors who have a legitimate business need for such access privileges. When an employee or contractor no longer has a business need for the access privileges assigned to them, the access privileges are promptly revoked, even if the employee or contractor continues to be an employee of InterWorks or its affiliates.

1.2.3. Physical Security Protections. All access points (other than main entry doors) are maintained in a secured (locked) state. Access points to the Facilities are monitored by video surveillance cameras designed to record all individuals accessing the Facilities. InterWorks also maintains electronic intrusion detection systems designed to detect unauthorized access to the Facilities, including monitoring points of vulnerability (for example, primary entry doors, emergency egress doors, roof hatches, dock bay doors, etc.) with door contacts, glass breakage devices, interior motion-detection, or other devices designed to detect individuals attempting to gain access to the Facilities. All physical access to the Facilities by employees and contractors is logged and may be audited.

2. Continued Evaluation. InterWorks will conduct periodic reviews of the security of its InterWorks Systems and adequacy of its information security program as measured against industry security standards and its policies and procedures. InterWorks will continually evaluate the security of its InterWorks Systems to determine whether additional or different security measures are required to respond to new security risks or findings generated by the periodic reviews.

InterWorks uses cookies to allow us to better understand how the site is used. By continuing to use this site, you consent to this policy. Review Policy OK

×

Interworks GmbH
Ratinger Straße 9
40213 Düsseldorf
Germany
Geschäftsführer: Mel Stephenson

Kontaktaufnahme: markus@interworks.eu
Telefon: +49 (0)211 5408 5301

Amtsgericht Düsseldorf HRB 79752
UstldNr: DE 313 353 072