Terms of Service

East-West Company Services Limited

Master SaaS Terms of Service
EAST-WEST COMPANY SERVICES LIMITED
Company No. 15830144 (England & Wales)
Last Updated: 26 October 2025
Effective Date: 26 October 2025
________________


About These Terms
These Master SaaS Terms ("Terms") govern your use of our software platform and services. Together with your Order, they form the complete agreement between:
* East-West Company Services Limited ("we," "us," or "our"), and
* The customer identified in the Order ("you" or "your")
Order of Precedence: In the event of any conflict: the Order prevails, then these Terms.
Acceptance: By signing an Order or using the Services, you agree to these Terms.
________________


1. Your Access to the Services
What We Provide
We provide access to our cloud-based software platform, related tools, and support services (collectively, the "Services").
Your Licence
Subject to your compliance with this Agreement and payment of applicable fees, we grant you a non-exclusive, non-transferable, revocable licence for your authorized personnel to access and use the Services for your internal business purposes.
Security & Compliance
You agree to:
* Keep all access credentials secure and confidential
* Implement appropriate access controls for your users
* Notify us immediately of any unauthorized access
* Ensure your users comply with this Agreement
________________


2. Important Limitations – Please Read Carefully
What We Are
We provide software tools and automation technology to support your business operations.
What We Are Not
We are not:
* A customs broker, freight forwarder, or logistics provider
* A law firm or legal adviser
* An accounting firm or tax adviser
* A regulatory compliance consultant
* A carrier or transportation company
Your Responsibility
All outputs from the Services are tools to assist your business decisions. You remain solely responsible for:
* Reviewing and validating all outputs before use
* Making final decisions on filings, shipments, and business operations
* Ensuring compliance with all applicable laws and regulations
* Obtaining appropriate professional advice when needed
The Services do not replace professional judgment, legal advice, or regulatory expertise.
________________


2A. CRITICAL NOTICE – Review & Validation Required
⚠️ READ THIS SECTION CAREFULLY
The Services are software tools only. Outputs are NOT final, verified, or guaranteed to be accurate.
YOU MUST:
✓ Review every output before use – no exceptions
✓ Validate all outputs against source documents, regulations, and your business requirements
✓ Apply professional judgment and expertise to every output
✓ Obtain appropriate professional advice (legal, tax, customs, regulatory) where needed
✓ Never submit outputs directly to government agencies, regulators, customs authorities, or third parties without thorough human verification and validation
✓ Maintain appropriate internal controls including review, approval, and validation processes
WE ARE NOT LIABLE FOR:
✗ Errors, omissions, inaccuracies, or incompleteness in any outputs
✗ Decisions you make based on outputs
✗ Filings, submissions, declarations, or documents created using outputs
✗ Regulatory fines, penalties, sanctions, or enforcement actions
✗ Compliance failures or violations arising from outputs
✗ Customs duties, taxes, or charges assessed due to incorrect outputs
✗ Any losses, damages, or consequences arising from your failure to review and validate outputs
✗ Reliance on unverified, unvalidated, or incorrect outputs
YOUR ACKNOWLEDGMENT
BY USING THE SERVICES, YOU EXPRESSLY ACKNOWLEDGE AND ACCEPT:
* Outputs are unverified suggestions and assistance tools only
* You bear full and sole responsibility for reviewing, validating, and deciding whether to use any output
* You will implement appropriate validation and approval processes before relying on or submitting any output
* You will not hold us responsible for your use of outputs
If you do not agree to review and validate all outputs, you must not use the Services.
________________


3. Your Responsibilities & Warranties
What You're Responsible For
You are solely responsible for:
(a) Data Quality – Ensuring all data, documents, and information you provide are accurate, complete, and current
(b) Legal Compliance – Complying with all applicable laws, including:
* Export controls and sanctions regulations
* Customs and trade compliance requirements
* Data protection and privacy laws
* Industry-specific regulations
(c) Internal Controls – Maintaining appropriate verification, validation, and approval processes for your business operations
(d) Third-Party Rights – Obtaining all necessary rights, licences, and consents to upload and process data (including personal data of individuals)
(e) Data Backup – Maintaining backups of your critical business records
(f) Proper Use – Using the Services in accordance with this Agreement and our documentation
Your Warranties
By using the Services, you represent and warrant that:
* You have full authority to enter into this Agreement
* Your data does not infringe any third-party rights
* You have all necessary consents to upload and process your data
* Your use complies with all applicable laws
* Your data does not contain viruses, malware, or harmful code
________________


4. AI & Machine Learning Features
How Our Technology Works
Some features use artificial intelligence and machine learning to analyze data and generate outputs. These technologies are probabilistic by nature.
What This Means for You
AI-generated outputs:
* WILL contain errors, omissions, or inaccuracies – this is inherent to probabilistic AI technology and is unavoidable
* YOU MUST review and validate every single output before use – this is not optional and is a fundamental requirement of using the Services
* Are NOT suitable for direct submission to regulators, government agencies, customs authorities, or third parties without thorough human verification and validation
* Should NOT be treated as legal, tax, customs, or professional advice – they are suggestions only
* Are NOT verified by human experts – we do not review outputs before they are provided to you
* May be based on incomplete, outdated, or incorrect information – even if your input data is correct
* Improve over time through machine learning but are NEVER guaranteed to be perfect, complete, or compliant
Your Explicit Acknowledgment
YOU EXPRESSLY ACKNOWLEDGE AND AGREE that:
* All outputs are unverified suggestions only
* Outputs require independent human review, validation, and professional judgment
* You bear sole responsibility for any use, reliance, or submission of outputs
* We make no representations or warranties about the accuracy, completeness, compliance, or fitness of any outputs
* Errors in outputs are expected and inevitable – it is your responsibility to identify and correct them
Beta & Pre-Release Features
Features marked as "Beta," "Preview," "Experimental," or similar are:
* Provided on an "as is" basis with no warranties whatsoever
* Subject to change or withdrawal without notice
* Not recommended for production, mission-critical, or compliance-related operations
* Likely to contain more errors and inaccuracies than generally available features
________________


5. Fees, Payment & Updates
Pricing
Fees and payment terms are set out in your Order. All prices are exclusive of applicable taxes, which you are responsible for paying.
Payment Terms
* Invoices are due 30 days from the invoice date (Net 30)
* Payments must be made in full without set-off or deduction (except for amounts disputed in good faith within 10 days of invoice)
* All payments are non-refundable except as expressly stated in this Agreement
Fee Updates
We may update our fees on at least 30 days' written notice, taking effect:
* On your next renewal date (for subscription fees), or
* At the start of your next billing cycle (for usage-based fees)
Late Payment
Late payments will accrue interest at 4% per annum over the Bank of England base rate, calculated daily and compounded monthly.
If undisputed amounts remain unpaid for 15 days after we send written notice, we reserve the right to suspend your access to the Services until payment is received (see Section 15).
________________


6. Support, Availability & Service Changes
Our Commitments
We will:
* Provide reasonable technical support during business hours
* Use commercially reasonable efforts to maintain service availability
* Aim to provide advance notice of scheduled maintenance
Planned Maintenance & Downtime
We may schedule maintenance windows and updates. Emergency maintenance may occur with limited or no notice to address security issues or critical bugs.
Changes to the Services
We continuously improve our Services and may modify, update, or discontinue features from time to time.
Material Reductions: If a change materially reduces core functionality in a way that substantially impairs your ability to use the Services for their primary purpose, you may:
* Terminate the affected Services on 30 days' written notice, and
* Receive a pro-rata refund of prepaid unused fees
This right must be exercised within 30 days of our notice of the change.
________________


7. Data, Privacy & Security
Your Data Ownership
You retain all ownership rights in your data. We do not claim ownership of any data, content, or files you upload to the Services.
Our Data Licence
You grant us a non-exclusive licence to host, process, and analyze your data as necessary to:
* Provide the Services to you
* Protect the security and integrity of our platform
* Prevent fraud and abuse
* Provide customer support
Use of De-Identified Data
We may use data that has been de-identified and aggregated (such that it can no longer identify any individual or entity) for:
* Service improvement and development
* Security analytics and threat detection
* Industry benchmarking and research
* Quality assurance and model training
Once properly de-identified, this data is no longer personal data.
Security Measures
We maintain appropriate technical and organizational security measures to protect your data, including:
* Encryption in transit and at rest
* Access controls and authentication
* Regular security testing and monitoring
* Employee background checks and training
* Incident response procedures
Personal Data Processing
Where we process personal data on your behalf, the Data Processing Addendum at the end of these Terms applies, covering:
* Our obligations as a processor
* Use of subprocessors (currently AWS for hosting)
* International data transfers
* Data subject rights and security requirements
________________


8. Confidentiality
Mutual Obligations
Each party agrees to:
* Keep the other party's Confidential Information secure
* Use Confidential Information only for purposes of this Agreement
* Disclose it only to employees and contractors who need to know
* Protect it with at least the same care used for its own confidential information
What Is Confidential
"Confidential Information" includes business information, technical data, pricing, and any information marked or identified as confidential.
Exceptions
Confidential Information does not include information that:
* Is or becomes publicly available through no breach of this Agreement
* Was independently developed without use of the other party's Confidential Information
* Was lawfully received from a third party without restriction
* Must be disclosed by law or court order (with prompt notice where permitted)
________________


8A. Acknowledgments & Risk Allocation
No Reliance on Representations
You acknowledge that you have not relied on any statement, promise, warranty, or representation not expressly set out in this written Agreement.
Fair Allocation of Risk
The parties agree that:
* The fees charged under this Agreement reflect the limitations of liability and warranties contained herein
* These limitations represent a fair allocation of risk between the parties
* These limitations form an essential basis of the bargain between us
* The Agreement would not have been entered into without these limitations
________________


9. Intellectual Property Rights
Our Ownership
We (and our licensors) own all intellectual property rights in:
* The Services and underlying software
* AI models, algorithms, and methodologies
* User interface, design, and documentation
* All improvements and derivatives thereof
Outputs Licence
Subject to your compliance with this Agreement and payment of fees, we grant you a non-exclusive licence to use outputs generated by the Services using your data for your internal business purposes.
All intellectual property rights in the underlying technology, models, and processes remain ours. You may not reverse-engineer, extract, or recreate our models or methodologies from outputs.
Feedback
If you provide suggestions, ideas, or feedback about the Services, we may use them freely without restriction or obligation to you. Feedback does not create joint ownership or impose any obligations on us.
________________


10. Third-Party Services & Integrations
Third-Party Dependencies
The Services may integrate with or depend upon third-party services, data feeds, and platforms (such as shipping carriers, government databases, or cloud infrastructure providers like AWS).
No Control or Responsibility
We do not control and are not responsible for:
* The accuracy, completeness, or timeliness of third-party data
* Availability or performance of third-party services
* Third-party terms, policies, or pricing changes
* Interruptions caused by third-party service issues
Your Obligations
You are responsible for:
* Obtaining and maintaining all necessary third-party accounts, licences, and consents
* Complying with third-party terms of service
* Any fees charged by third-party providers
* Ensuring you have rights to connect and use third-party data sources
________________


11. Legal Compliance
You agree not to use the Services:
* In violation of any applicable law or regulation
* To facilitate sanctions evasion or export control violations
* For unlawful, fraudulent, or deceptive purposes
* To create false or misleading filings or documentation
* In any manner that could damage, disable, or impair the Services
________________


11A. Prohibited Uses
High-Risk Activities
You will not use the Services for safety-critical or high-risk activities, including:
* Operation of life-support systems or medical devices
* Air traffic control or navigation systems
* Nuclear facility operations or control systems
* Any application where failure could result in death, personal injury, or significant environmental harm
Not a Substitute for Human Judgment
You will not treat system outputs as final determinations for legal, tax, customs, or regulatory matters without appropriate human review, validation, and professional oversight.
Sanctions & Export Compliance
You will not use the Services to evade or circumvent sanctions, export controls, or other legal restrictions.
________________


12. Warranties & Disclaimers
Our Limited Warranty
We warrant that the Services will be provided with reasonable care and skill and will materially conform to the documentation we make available to you.
This warranty does not apply to:
* Beta, preview, or experimental features
* Third-party services, integrations, or data feeds
* Issues caused by your misuse, modifications, or failure to follow documentation
* Use with unsupported configurations or outdated systems
* Inaccuracies or errors in AI-generated outputs (which are probabilistic)
* Outputs or suggestions provided by the Services
This warranty is subject to the liability limitations in Section 13 below.
Your Sole Remedy
If we breach the above warranty, your sole and exclusive remedy is:
1. Notify us in writing within 30 days of discovering the issue
2. We will use reasonable efforts to correct the non-conformity
3. If we cannot correct it within a reasonable time, you may terminate the affected Services and receive a pro-rata refund of prepaid unused fees
Disclaimers
EXCEPT AS EXPRESSLY STATED ABOVE, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND.
We specifically disclaim, to the maximum extent permitted by law:
* Any implied warranties of merchantability, satisfactory quality, fitness for a particular purpose, or non-infringement
* Any warranties arising from course of dealing or usage of trade
No Guarantees
We do not warrant or guarantee that:
* The Services will be uninterrupted, error-free, or completely secure
* AI-generated outputs will be accurate, complete, or suitable for regulatory filings
* All defects will be corrected
* The Services will meet your specific business requirements
Explicit Disclaimer on Fitness for Regulatory Use
WE EXPRESSLY DISCLAIM ANY WARRANTY that outputs are:
* Suitable, accurate, complete, or compliant for submission to customs authorities, tax agencies, regulators, or government bodies
* Fit for any particular purpose (including compliance, filing, regulatory use, or legal purposes)
* Complete, current, or in compliance with the latest regulations, tariff codes, or legal requirements
* Verified, validated, reviewed, or approved by human experts
* Free from errors or suitable for use without independent validation
Outputs are provided as unverified suggestions only. You must independently verify, validate, and review all outputs against applicable regulations, professional standards, and your business requirements before submission, filing, or reliance.
Your Acknowledgment
You acknowledge and agree that:
* AI and machine learning outputs will contain errors, omissions, or inaccuracies
* You must independently review and validate all outputs before relying on them
* The Services are tools to assist (not replace) professional judgment and expertise
* Outputs are not legal, tax, customs, or professional advice
* You bear sole responsibility for any use of outputs
________________


13. Limitation of Liability
Liability Cap
Subject to the carve-outs below, our total aggregate liability arising out of or related to this Agreement (whether in contract, tort, negligence, or otherwise) will not exceed the total fees you paid to us in the 12 months immediately preceding the event giving rise to the claim.
Privacy Breach Sub-Cap
Subject to the carve-outs below, our aggregate liability for a personal data breach caused solely by our failure to implement appropriate security measures is limited to two times (2×) the fees you paid in the 12 months preceding the breach.
This is your sole and exclusive monetary remedy for such breaches.
Exclusion of Indirect Damages
We are not liable for:
* Lost profits, revenue, savings, or business opportunities
* Loss of data or goodwill
* Business interruption or downtime costs
* Regulatory fines, penalties, or sanctions
* Customs duties, taxes, or charges
* Compliance costs or remediation expenses
* Reputational harm or damage
* Any indirect, special, incidental, consequential, exemplary, or punitive damages
This exclusion applies even if we have been advised of the possibility of such damages.
Carve-Outs (Unlimited Liability)
Nothing in this Agreement limits or excludes liability for:
* Death or personal injury caused by negligence
* Fraud or fraudulent misrepresentation
* Gross negligence or willful misconduct
* Any other liability that cannot be limited or excluded under applicable law
Basis of the Bargain
These limitations reflect the fees charged and the allocation of risk between the parties. They apply to the fullest extent permitted by law and survive termination of this Agreement.
________________


14. Your Indemnity Obligations
What You Indemnify Us For
You will defend, indemnify, and hold us harmless from and against any claims, losses, damages, costs, and expenses (including reasonable legal fees) arising from:
(a) Your data, content, or instructions to us
(b) Your filings, decisions, or use of system outputs, including:
* Submission of unverified or unvalidated outputs to regulators, government agencies, or customs authorities
* Reliance on outputs without independent validation or professional review
* Use of inaccurate, incomplete, erroneous, or non-compliant outputs
* Regulatory fines, penalties, sanctions, or enforcement actions arising from outputs you submitted or relied upon
* Customs duties, taxes, or charges assessed due to incorrect or non-compliant outputs
* Compliance failures or violations arising from your use of outputs
(c) Your use of the Services in breach of this Agreement or applicable law
(d) Infringement of third-party rights by your data or use of the Services
(e) Your breach of the warranties in Section 3
Our Rights
We may:
* Notify you promptly of any claim
* Allow you to control the defense (with counsel we reasonably approve)
* Cooperate reasonably in the defense (at your expense)
* Participate in the defense with our own counsel (at our expense)
You may not settle any claim that admits liability on our behalf or imposes obligations on us without our prior written consent.
________________


15. Term, Suspension & Termination
Agreement Term
This Agreement begins on the Effective Date stated in your Order and continues for the Initial Term specified therein, automatically renewing for successive renewal periods unless either party provides written notice of non-renewal at least 30 days before the end of the then-current term.
Our Right to Suspend
We may immediately suspend your access to the Services if:
* Undisputed amounts remain unpaid for 15 days after written notice
* Your use creates a security risk or threatens the integrity of our platform
* Your use violates Sections 11 or 11A (legal compliance and prohibited uses)
* We are required to suspend by law, regulation, or court order
* You commit a material breach that poses immediate risk of harm
We will provide you with notice of suspension where reasonably practicable and will restore access promptly once the issue is resolved and any overdue amounts are paid.
Termination for Breach
Either party may terminate this Agreement if the other party:
* Commits a material breach, and
* Fails to cure that breach within 30 days of receiving written notice specifying the breach
Termination for Convenience
You may terminate this Agreement for convenience on 30 days' written notice, but you remain liable for all fees through the end of the then-current term.
Effects of Termination
Upon termination:
* You must immediately cease all use of the Services
* All outstanding fees become immediately due and payable
* Your access credentials will be deactivated
Data Retrieval & Deletion
Following termination or expiration:
30-Day Export Window: We will make export tools available for you to retrieve your data for 30 days (unless prohibited by law, court order, or undisputed amounts remain overdue).
Deletion Timeline: If you do not export your data within 30 days, we will securely delete it within a further 30 days (60 days total from termination).
Permitted Retention: We may retain:
* Minimal records and logs required by law or regulation
* Data necessary for establishment, exercise, or defense of legal claims
* Aggregated and de-identified data that cannot identify you or any individual
Surviving Provisions
The following provisions survive termination:
Sections 2A (Critical Notice), 3 (Your Responsibilities – for acts before termination), 5 (Fees – for amounts due), 7 (data licence and de-identified data use), 8 (Confidentiality), 8A (No Reliance), 9 (Intellectual Property), 12 (Disclaimers), 13 (Liability), 14 (Indemnities), 18 (Notices), 19 (Governing Law), and 20 (General), together with any other provision that by its nature should survive.
________________


16. Force Majeure
Events Beyond Our Control
Neither party is liable for delay or failure to perform its obligations (other than payment obligations) due to events beyond its reasonable control.
Force Majeure Events include:
* Acts of God, natural disasters, or severe weather
* War, terrorism, civil unrest, or riot
* Pandemic, epidemic, or public health emergency
* Government action, regulation, or court order
* Failure of telecommunications, internet, or power infrastructure
* Strikes, labor disputes, or supply chain disruptions
* Cyberattacks or network intrusions beyond our reasonable control
Notice & Mitigation
The affected party must:
* Notify the other party promptly of the Force Majeure Event
* Use reasonable efforts to mitigate the impact and resume performance
Termination Rights
If a Force Majeure Event prevents performance of material obligations for more than 60 consecutive days, either party may terminate the affected Services (or the entire Agreement if substantially all Services are affected) on written notice.
If termination occurs due to Force Majeure:
* You remain liable for fees for Services provided before the event
* We will refund prepaid fees for Services not provided during the Force Majeure period
________________


17. Changes to These Terms
How We Update Terms
We may update these Terms from time to time to reflect changes in our Services, legal requirements, or business practices. The current version is always available on our website and in the app.
Notice of Changes
We will provide at least 30 days' notice of any material changes by email to your account contact.
Your Rights
If a change to these Terms materially and adversely affects your rights, you may:
* Terminate the affected Services before the effective date of the change, and
* Receive a pro-rata refund of prepaid unused fees for the terminated Services
Continued use of the Services after the effective date constitutes acceptance of the updated Terms.
________________


18. Notices
How to Send Notices
Formal legal notices must be sent to the notice contacts specified in your Order, or by email to:
To Us: legal@east-west.com
To You: The email address in your Order
When Notices Are Effective
A notice is deemed received:
* If sent during business hours: on the next business day
* If sent outside business hours: on the second business day after sending
________________


19. Governing Law & Jurisdiction
This Agreement is governed by the laws of England and Wales, without regard to conflict of law principles.
The parties irrevocably submit to the exclusive jurisdiction of the courts of England and Wales for any disputes arising out of or related to this Agreement.
________________


20. General Provisions
No Partnership or Agency
This Agreement does not create any partnership, joint venture, agency, or employment relationship. Neither party has authority to bind the other or make commitments on the other's behalf.
No Exclusivity
This Agreement does not grant you any exclusive rights or prevent us from providing services to other customers, including your competitors.
Assignment & Change of Control
Neither party may assign this Agreement without the other party's prior written consent (not to be unreasonably withheld or delayed), except that:
We may assign this Agreement without consent:
* To an affiliate or subsidiary
* In connection with a merger, acquisition, reorganization, or sale of all or substantially all of our assets or business
Any attempted assignment in violation of this provision is void.
Publicity & Marketing
We may use your name, logo, and a general description of your use of the Services in customer lists, case studies, and marketing materials. We will comply with your reasonable brand guidelines. You may opt out by providing written notice.
You may not publicly disclose the terms of this Agreement (including pricing) without our prior written consent.
Subcontracting
We may use subcontractors and service providers to fulfill our obligations, but we remain responsible for their performance.
Severability
If any provision of this Agreement is held to be invalid, illegal, or unenforceable, the parties will negotiate in good faith to replace it with a valid provision that reflects the original intent as closely as possible. The remaining provisions will remain in full force and effect.
Entire Agreement
This Agreement (comprising these Terms and your Order) constitutes the entire agreement between the parties and supersedes all prior or contemporaneous discussions, proposals, agreements, and understandings.
This Agreement may only be modified by a written amendment signed by both parties (except for updates to these Terms as expressly permitted in Section 17).
No Waiver
No failure or delay by either party in exercising any right or remedy will operate as a waiver. A waiver is only effective if in writing and signed by the waiving party. A waiver of one breach does not constitute a waiver of any subsequent breach.
Counterparts & Electronic Signatures
This Agreement may be executed in counterparts (including electronic copies, PDFs, and electronic signatures such as DocuSign or Adobe Sign), each of which is deemed an original and all of which together constitute one agreement.
________________


Data Processing Addendum (UK GDPR)
Last Updated: 26 October 2025
This Data Processing Addendum ("DPA") forms part of the Agreement and applies where we process personal data on your behalf.
________________


1. Definitions & Roles
Roles: You are the Controller. We are your Processor.
Definitions: Terms like "personal data," "processing," "data subject," "controller," and "processor" have the meanings given in UK GDPR and the Data Protection Act 2018.
________________


2. Scope of Processing
Subject Matter & Duration
Processing of personal data you upload to the Services to deliver the Services, for the term of the Agreement plus 30 days for data export.
Nature & Purpose of Processing
* Hosting, storage, and retrieval
* Data transformation and analysis
* Quality assurance and analytics for security, safety, and abuse prevention
* Customer support and technical troubleshooting
* Service improvement using de-identified and aggregated data (which is no longer personal data)
Types of Personal Data
* Business contact information (names, email addresses, phone numbers)
* Shipment and consignment references
* Communications metadata
* End-customer and partner personnel data provided by you
* Any other personal data you choose to upload
We do not require special category data. You must not upload special category data or payment card numbers without our prior written consent.
Categories of Data Subjects
* Your employees and contractors
* Your customers and end-users
* Partners, suppliers, and service providers
* Any other individuals whose personal data you provide
________________


3. Your Instructions & Our Obligations
Processing Instructions
We will process personal data only on your documented instructions, which consist of:
* This Agreement and your Order
* Your use and configuration of the Services
* Written instructions issued by authorized personnel
Note: Our use of de-identified and aggregated data as described in Section 7 of the Terms is not processing of personal data.
Our Core Obligations
We will:
(a) Confidentiality: Ensure that personnel authorized to process personal data are subject to confidentiality obligations
(b) Security: Implement appropriate technical and organizational measures to protect personal data (see Section 8 below)
(c) Sub-processing: Currently we use AWS for hosting. We impose equivalent data protection obligations on subprocessors and remain fully liable for their performance
(d) Data Subject Rights: Assist you in responding to data subject requests (access, rectification, erasure, objection, etc.) to the extent reasonably possible
(e) Security Incidents: Notify you without undue delay after becoming aware of a personal data breach
(f) DPIAs & Consultations: Assist you with data protection impact assessments and prior consultations with supervisory authorities, where required
(g) Deletion or Return: Delete or return personal data at the end of the Services, subject to legal retention requirements (see Section 15 of the Terms)
(h) Compliance Information: Make available information necessary to demonstrate compliance upon reasonable request
Unlawful Instructions
If we reasonably believe an instruction violates UK GDPR or other data protection laws, we will promptly inform you and may suspend the instruction until you confirm or modify it.
________________


4. Subprocessors
Current Subprocessors
We currently use the following subprocessors:
* Amazon Web Services (AWS) – cloud infrastructure and hosting (EU/UK regions)
Subprocessor Changes
We will notify you of any material changes to subprocessors (additions or replacements) at least 30 days in advance by email.
Your Right to Object
If you reasonably object to a new subprocessor on data protection grounds, you must notify us in writing within 30 days.
We will use reasonable efforts to make available an alternative configuration. If we cannot resolve your objection within 30 days, you may terminate the affected Services and receive a pro-rata refund of prepaid unused fees.
________________


5. International Data Transfers
Transfers Outside UK/EEA
Where we transfer personal data outside the United Kingdom or European Economic Area, we will ensure appropriate safeguards are in place, including:
* Use of the UK International Data Transfer Agreement (IDTA) and/or EU Standard Contractual Clauses (with UK Addendum where applicable)
* Transfers to countries with adequacy decisions from the UK or EU
* Additional technical and organizational measures where appropriate (e.g., encryption)
Our primary infrastructure provider (AWS) maintains data centers in EU and UK regions.
________________


6. Audits & Compliance
Compliance Information
Upon reasonable written request, we will provide information about our security measures and compliance with this DPA.
Audits
You may conduct (or appoint an independent third-party auditor to conduct) an audit of our relevant processing activities:
Frequency: Once per year on 30 days' prior written notice, or immediately following a personal data breach affecting your data
Conditions:
* Conducted during normal business hours
* Execution of reasonable confidentiality undertakings
* Minimizing disruption to our operations
* Reimbursement of our reasonable costs if the audit reveals no material non-compliance
________________


7. Security Incident Notification
Our Obligations
We will notify you without undue delay (and in any event within 72 hours where feasible) after becoming aware of a personal data breach.
Notification Contents
The notification will include, to the extent known:
* Nature of the breach and categories/numbers of data subjects affected
* Likely consequences of the breach
* Measures taken or proposed to address the breach
* Contact point for further information
Your Obligations
You remain responsible for:
* Determining whether to notify data subjects and supervisory authorities
* Compliance with breach notification requirements under UK GDPR
________________


8. Security Measures
We maintain appropriate technical and organizational security measures, including:
Technical Measures
* TLS 1.2+ encryption for data in transit
* AES-256 encryption for data at rest
* Role-based access control
* Multi-factor authentication for administrative access
* Regular security monitoring and logging
* Automated backups (retained for 35 days on a rolling basis)
Organizational Measures
* Employee background checks and security training
* Confidentiality agreements
* Incident response procedures
* Regular security reviews
Infrastructure
* Secure cloud infrastructure (AWS EU/UK regions)
* Industry-standard data center security
* Geographically distributed infrastructure for redundancy
________________


9. Data Retention & Deletion
Retention Periods
We retain personal data only for as long as necessary to:
* Provide the Services to you
* Comply with legal obligations
* Establish, exercise, or defend legal claims
Backup Retention: Encrypted backups are retained for 35 days on a rolling basis and are then automatically deleted.
Deletion Upon Termination
Following termination, we will delete personal data as described in Section 15 of the main Terms:
* 30-day export window for you to retrieve data
* Deletion within 60 days total (if not exported)
* Retention of minimal records as permitted by law
________________


10. Your Instructions & Prohibited Data
Standard Instructions
The standard instructions for processing are set out in this DPA and include:
* Providing the Services as described in the Agreement
* Responding to your support requests
* Security and abuse prevention
Prohibited Data
You must not upload:
* Special category data (sensitive personal data) without our prior written agreement
* Payment card primary account numbers (PANs)
* Government secrets or classified information
* Data you are not authorized to process
Special category data includes data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation.
________________


11. Contact for Data Protection Matters
For all data protection inquiries, requests, or concerns, please contact:
Email: privacy@east-west.com
________________


12. Term
This DPA remains in effect for the term of the Agreement and survives for 30 days thereafter to allow for data export and deletion procedures.
________________


East-West Company Services Limited is committed to providing innovative software tools while ensuring customers understand their responsibilities. Questions? Contact us at legal@east-west.com
← Go back