MISL Ltd – Terms & Conditions

Last updated [16/02/2024]


 

Introduction

These General Terms and Conditions (“Agreement”) govern the provision of services by MISL Ltd (“MISL”), a company registered in England and Wales, to the client (“Client”). By engaging with MISL, the Client agrees to the terms and conditions outlined in this document. These terms apply to all services provided by MISL, including data processing, storage, transport, and any other related activities. This Agreement constitutes the full and complete understanding between the parties and supersedes all prior agreements or representations.

1. Limitation of Liability

In the event that the Client sustains any loss due, in whole or in part, to MISL’s equipment failure, program error, or operator error, MISL’s liability shall be limited to the cost of reprocessing the Client’s data and providing acceptable results. MISL shall not be liable for any delay, loss, or damage arising from this Agreement, nor for any consequential losses the Client may suffer, except as specifically outlined above.

2. Accuracy of Results

  • It is the Client’s responsibility to ensure that all parts of any project are signed off as correct before commencement.
  • If the specifications do not include verification or auditing controls, the Client agrees to accept the unverified results as complete and satisfactory.
  • Documentation held by MISL and transferred to Roll Film or CD shall be destroyed within 30 days following job completion and invoice, upon Client authorization. If documentation is held for longer than 30 days, storage charges will apply as outlined in section 6.

 

3. Error or Omission in Specification

  • The Client is responsible for confirming that MISL’s job specification correctly reflects the required work. The Client must sign the job specification to authorize the job. Failure to do so will result in delays, and all related costs will be borne by the Client.
  • Any modifications to the agreed job specification must be authorized in writing by the Client. Failure to do so will result in the Client assuming responsibility for any additional costs or delays.
  • If programming or program modifications are undertaken based on the Client’s specifications, MISL will not be responsible for any errors or omissions in those specifications. Any additional work caused by such errors will be charged at MISL’s current rates.

 

4. Transport of Data

  • At the Client’s request, MISL may collect and deliver the Client’s media and/or documents from the Client’s premises. The Client will be responsible for any charges related to this service.
  • The Client’s materials are at their own risk during transportation, and MISL shall not be liable for any delay, loss, or damage arising from transport, nor for any consequential losses.

 

5. Invoicing and Settlement

  • Payment is due within 30 days from the date of the invoice. If payment is not received within this period, MISL reserves the right to charge interest at a rate of 8% above the Bank of England base rate per month.
  • The Client acknowledges that any outstanding invoices will prevent the release of data or deliverable products, which will remain the property of MISL until payment is made.
  • If the minimum quantities received are less than 80% of the quoted value, a surcharge will apply, in line with MISL’s standard per 1,000 images price.

 

6. Physical Storage

  • Boxes will be stored for free for 30 days following project completion. After this period, a destruction authorization form will be sent to the Client for permission to destroy physical files.
  • If the signed form is not returned within 30 days, boxes will be stored under a temporary storage contract for six months at a rate of £5.00 per box per month.
  • Customer recall of stored media will incur charges for the remainder of the month plus a fixed £250 labor fee for retrieving and delivering the data.

 

7. Digital Data Storage

  • Digital data storage is charged at £0.001 per image per month. Data will be stored on internal servers for 3 months. After this period, a destruction authorisation form will be sent to the Client for permission to permanently delete the data.
  • Failure to return the signed form within 3 months will result in the data being stored under a temporary storage contract for six months at the same rate of £0.001 per image per month.
  • If the Client requests immediate deletion of data after delivery, this must be communicated to the account manager during project initiation.

 

8. Termination

  • Either party may terminate this Agreement for failure of the other to comply with any of its terms.
  • If this Agreement is terminated by MISL due to its cessation of trade, MISL shall provide the Client with all programs, documentation, and files necessary for continued service from another supplier, free of charge.

 

9. Data Protection

  • Where MISL processes personal data on behalf of the Client, who is the Controller of such data, MISL acts as the Processor as defined in the General Data Protection Regulation (GDPR).
  • The terms for processing personal data are outlined in Annex A attached to this Agreement.

 

10. General

  • This Agreement shall be governed by the laws of England.
  • Any disputes arising from this Agreement shall be subject to the jurisdiction of English courts.
  • The above terms are also available on the MISL website for further reference.

Annex A – Data Processing

Obligations of the Controller

The Controller represents and warrants that it has obtained any and all necessary authorisation to provide the Personal Data to the Processor. The Controller must ensure that:

  • The Personal Data it provides to the Processor complies with applicable data protection laws and regulations.
  • The Controller has obtained all required consents or legal grounds for the processing of Personal Data as per the General Data Protection Regulation (GDPR).
  • The Personal Data it provides to the Processor is accurate, up to date, and relevant for the purposes of processing.
  • The Controller ensures that it has made the necessary arrangements for the protection of the rights of data subjects under the GDPR.
  • If the Controller provides Personal Data for processing on behalf of another entity (e.g., a third party), the Controller must ensure that such third party has authorised the Controller to provide the data for processing.

 

Personal Data Transfers

The Controller hereby authorises the Processor to make the following transfers of the Personal Data:

  • Internal Transfers: The Processor may transfer the Personal Data internally to its own members of staff, offices, and facilities to the extent necessary for the provision of services.
  • Sub-processor Transfers: The Processor may transfer the Personal Data to its sub-processors, provided such transfers are for the purposes of providing the services outlined in this Agreement.
  • Third-Country or International Transfers: The Processor may transfer the Personal Data to third countries or international organisations acting as sub-processors, provided that such transfers comply with Chapter 5 of the General Data Protection Regulation, ensuring adequate protection for the transferred data.

 

Liability

  1. Processor’s Liability
    The Processor shall be liable for and shall indemnify the Controller against any and all actions, proceedings, liabilities, costs, claims, losses, or expenses suffered or incurred by, awarded against, or agreed to be paid by the Controller arising directly or in connection with:
  • Failure by the Processor, or any sub-processors engaged by the Processor, to carry out processing activities on behalf of the Controller in accordance with this Agreement, the General Data Protection Regulation, or any other applicable legislation.
  • Any processing carried out by the Processor that is not in accordance with the instructions given by the Controller and that infringes the General Data Protection Regulation or any other applicable legislation.
  • Any breach by the Processor of its obligations under this Agreement.
  1. Controller’s Liability
    The Controller shall be liable for and shall indemnify the Processor against any and all actions, proceedings, liabilities, costs, claims, losses, or expenses suffered or incurred by, awarded against, or agreed to be paid by the Processor arising directly or in connection with:
  • Any non-compliance by the Controller with the General Data Protection Regulation or any other applicable legislation.
  • Any processing carried out in accordance with the Controller’s instructions that infringes the General Data Protection Regulation or any other applicable legislation.
  • Any breach by the Controller of its obligations under this Agreement.

 

Indemnification for Breaches

In the event of a breach by either party under this Agreement, each party agrees to indemnify and hold harmless the other from any and all claims, damages, or expenses arising out of such breach. However, the Controller shall not be entitled to claim back any sums paid by the Controller in respect of damages to the extent that the Controller is liable to indemnify the Processor.

Security Measures and Data Protection
Both parties agree to take appropriate security measures to protect Personal Data and to comply with the data protection principles outlined in the GDPR. The Processor shall, in particular:

  • Implement technical and organisational measures to ensure the confidentiality, integrity, and availability of Personal Data.
  • Regularly assess the effectiveness of such measures to ensure that Personal Data is secure against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
  • Ensure that all individuals who have access to Personal Data are subject to a confidentiality agreement and are aware of their data protection obligations.
  • Provide support to the Controller in fulfilling its obligations to respond to data subject access requests and to comply with security breach notification requirements.

 

Data Breach Notification

The Processor agrees to immediately notify the Controller of any incident involving Personal Data that results in a breach of security, loss, or unauthorised access. Such notifications will include all relevant details about the breach and actions taken to mitigate the impact, and the Processor will assist the Controller in notifying the relevant authorities or data subjects if required.

Data Retention and Deletion

Upon termination of the services under this Agreement, the Processor will, at the Controller’s discretion, either return or securely delete all Personal Data, unless Union or Member State law requires the Processor to retain the Personal Data. This applies to both physical and electronic records.

Have a question?

Do you have a question regarding this, or any other of our company policies? Please click below to find out more from a member of the MISL team.