13.    PRIVACY AND DATA PROTECTION POLICY
13.1    This privacy and data protection policy describes the personal information that CHASE gathers on or through the provision of the SOFTWARE and, where applicable our SERVICES, and how CHASE uses and processes such information.
13.2    This policy should help YOU to better understand how CHASE uses YOUR personal information, it explains in detail the types of personal information CHASE collects, what CHASE uses it for and who CHASE may share it with.  If YOU have any further questions about this policy or how CHASE handles YOUR personal information, which is not dealt with here, please contact us using the contact details below.
13.3    Where the legal basis of consent is used, this will be gathered freely, and CHASE will use clear, plain language that is easy to understand, and YOU will be able to remove YOUR consent at any point.
13.4    Who is Chase? 
13.4.1    CHASE is the data controller of all PERSONAL DATA and data that is collected and processed about OUR customers via OUR SERVICES for the purposes of GDPR. 
13.4.2    Where YOU use the CHASE software and process the personal data of YOUR employees, customers, suppliers, contacts, contractors and/or prospects and/or the employees of YOUR customers, suppliers, contacts, contractors and/or prospects (“SECONDARY DATA”) and store SECONDARY DATA on either OUR hosted server or YOUR own or third-party hosted environments, YOU are considered to be the data controller and the provisions of clauses 13.16 and 13.17 will apply to YOU. 
13.4.3    OUR company name is Chase Software Solutions Limited.  CHASE is incorporated by the Registrar of Companies for England & Wales with registration number 9862716 and OUR registered offices are at 40 Gracechurch Street, London, EC3V 0BT.
13.5    What Personal Information does Chase Collect
13.5.1    PERSONAL DATA means any information relating to YOU which allows CHASE to identify YOU. 
13.5.2    If YOU choose to use the CHASE SERVICES, YOU must provide US with some PERSONAL DATA so that WE can provide OUR SERVICES to YOU. The PERSONAL DATA that WE collect is limited to the level WE need to deliver OUR SERVICES and is made up of the following categories:
13.5.2.1    names
13.5.2.2    email addresses
13.5.2.3    phone numbers
13.5.2.4    company names
13.5.2.5    company addresses
13.5.2.6    internet protocol (IP) addresses
13.5.2.7    selected usernames and passwords used to access OUR SERVICES
13.5.2.8    brand and product information
13.5.3    Other non-mandatory PERSONAL DATA may also be gathered.

13.6    Why do We Collect/Process Personal Information?
13.6.1    WE collect/process PERSONAL DATA so that WE can provide the best possible experience when YOU, OUR client, uses OUR SERVICES.  Any data collected is used to administer and deliver OUR SERVICES in accordance with the terms of the CHASE AGREEMENT.
13.6.2    In addition, WE will collect/process YOUR PERSONAL DATA:
13.6.2.1    to comply with OUR legal obligations with regards to record retention;
13.6.2.2    to respond to YOUR queries and complaints;
13.6.2.3    for testing and applying new product or system versions, patches, updates and upgrades, and resolving bugs and other issues that YOU have reported to US;
13.6.2.4    to send YOU communications required by law or which are necessary to inform YOU about OUR changes to the SERVICES WE provide YOU. For example, updates to this policy;
13.6.2.5    to comply with OUR contractual or legal obligations to share data with law enforcement;
13.6.2.6    for statistical and marketing analysis, systems testing, customer surveys, maintenance and development, or in order to deal with a dispute or claim. Note that WE may perform data profiling based on the PERSONAL DATA that WE collect from YOU for statistical and marketing analysis purposes. Any profiling activity will be carried out with YOUR prior consent only and by making best endeavours to ensure that all PERSONAL DATA it is based on is accurate. By providing any PERSONAL DATA YOU explicitly agree that WE may use it to perform profiling activities in accordance with this policy;
13.6.2.7    to manage OUR relationship with YOU as OUR customer and to improve OUR SERVICES and enhance YOUR experience with US;
13.6.2.8    to protect YOUR vital interests or those of another person;
13.6.2.9    to protect OUR legitimate interests.
13.6.3    YOU are free to opt out at any time by emailing or writing to use using the contact details below.
13.6.4    CHASE will only process YOUR PERSONAL DATA where it has a a legal basis to do so. The legal basis will depend on the reasons WE have collected and need to use YOUR PERSONAL DATA for.  For example, WE may process YOUR PERSONAL DATA to enable US to render the SERVICES in terms of the CHASE AGREEMENT.
13.7    Rational for Processing
WE will process PERSONAL DATA on the basis that WE have obtained YOUR consent to do so, WE have contractual obligations to fulfil which require such processing, and because WE have a legitimate interest as the legal basis to do so.
13.8    Retention of Personal Information
13.8.1    The retention and/or deletion of YOUR PERSONAL DATA will be subject to OUR compliance with any legal obligations that WE may be subject to with regards to the retention and/or deletion of PERSONAL DATA and/or records as any contractual obligations that WE are bound to.  
13.8.2    Subject to clause 13.8.1:
13.8.2.1    WE will not retain YOUR PERSONAL DATA for longer than is necessary to fulfil the purpose it was collected/ processed for. To determine the appropriate retention period, WE consider the amount, nature and sensitivity of the PERSONAL DATA, the purposes for which WE process it and whether WE can achieve those purposes through other means. WE must also consider periods for which WE might need to retain PERSONAL DATA in order to meet OUR legal obligations or to deal with complaints, queries and to protect OUR legal rights in the event of a claim being made; 
13.8.2.2    upon the termination of the CHASE AGREEMENT.  WE will, at YOUR written election, either destroy or return all PERSONAL DATA to YOU.  In addition, when WE no longer need YOUR PERSONAL DATA, WE will securely delete or destroy it. WE will also consider if and how WE can minimise over time the PERSONAL DATA that WE use, and if WE can pseudonymise/anonymise YOUR PERSONAL DATA so that it can no longer be associated with YOU or identify YOU, in which case WE may use that information without further notice to YOU.  
13.9    Marketing
WE would like to send YOU information about products and SERVICES of CHASE which may be of interest to YOU. YOU have a right at any time to stop US from contacting YOU for marketing purposes by sending US an email with YOUR request.
13.10    Your Rights
13.10.1    Accessing or Rectifying Your Personal Data
WE want to make ensure that YOUR PERSONAL DATA is accurate and up to date and YOU have the right to request a copy and update the PERSONAL DATA that WE hold about YOU. YOU may ask US to correct or remove information YOU think is inaccurate by emailing or writing to use using the contact details below. 
13.10.2    Deletion
Subject to clause 13.8.1, you may ask US to delete or remove PERSONAL DATA where there is no good reason for US continuing to process it. YOU also have the right to ask US to delete or remove YOUR PERSONAL DATA where YOU have exercised YOUR right to object to processing (see below). Data will be deleted 30 (thirty) days after YOU withdraw consent for processing said data or, 30 (thirty) days after the AGREEMENT has been voided or has expired.
13.10.3    Object to Processing 
YOU may object to OUR processing of YOUR PERSONAL DATA where WE are relying on a legitimate interest (or that of a third-party) and there is something about YOUR particular situation which makes YOU want to object to processing on this ground.  YOU also have the right to object where WE are processing YOUR PERSONAL DATA for direct marketing purposes.  
13.10.4    Object to Automated Decision-Making Including Profiling
YOU can object to being the subject of any automated decision-making or US using YOUR PERSONAL DATA or profiling of YOU.
13.10.5    Restriction of Processing 
YOU may ask US to suspend the processing of PERSONAL DATA about YOU, for example if YOU want US to establish its accuracy or the reason for processing it.
13.10.6    Withdraw Consent
Where YOU have provided YOUR consent to the collection, processing and/or transfer of YOUR PERSONAL DATA for a specific purpose, YOU have the right to withdraw YOUR consent for that specific processing at any time by emailing or writing to use using the contact details below.  Once WE have received notification that YOU have withdrawn YOUR consent, WE will no longer process YOUR PERSONAL DATA for the purpose or purposes YOU originally agreed to, unless WE have another legitimate basis for doing so in law.  YOU acknowledge that by withdrawing YOUR consent, WE may discontinue providing the SERVICES to YOU if WE required YOUR PERSONAL DATA to deliver OUR SERVICES.

13.10.7    Portability
13.10.7.1    YOU may wish to port YOUR PERSONAL DATA to another platform. This enables YOU to take YOUR PERSONAL DATA from US in an electronically useable format and to be able to transfer YOUR PERSONAL DATA to another party in an electronically useable format.
13.10.7.2    If YOU want to exercise any of YOUR rights, please email or write to US at the below address.
13.10.7.3    YOU will not have to pay a fee to access YOUR PERSONAL DATA (or to exercise any of the other rights). However, WE may charge a reasonable fee if YOUR request for access is clearly unfounded or excessive. Alternatively, WE may refuse to comply with the request in such circumstances.
13.11    To Whom We Disclose Personal information
13.11.1    Except as described in this policy, WE will not intentionally disclose YOUR PERSONAL DATA that WE collect or store via OUR SERVICE to any third-parties without YOUR consent. WE may disclose PERSONAL DATA to third-parties if YOU consent to US doing so, as well as in the following circumstances:
13.11.2    Unrestricted Information
Any information that YOU voluntarily choose to include in a public area of OUR SERVICES, such as a public profile page, will be available to any visitor or user who of OUR SERVICES who access to that content.
13.11.3    Group Companies
Subject to the security restrictions on overseas transfers as set out in clause 13.11.5, YOUR PERSONAL DATA may be shared with other companies within the Chase group, both locally and internationally (“GROUP COMPANIES”).
13.11.4    Service Providers
13.11.4.1    WE work with third-party service providers (“SERVICE PROVIDERS”) who provide, for example, email hosting, core corporate applications, web hosting, maintenance, and other services to US in order for US to render OUR SERVICES to YOU. These SERVICE PROVIDERS may have access to, or process YOUR PERSONAL DATA as part of providing their services to US. WE limit the information provided to these SERVICE PROVIDERS to that which is reasonably necessary for them to perform their functions, and OUR contracts with them require them to maintain the confidentiality of such information.  
13.11.4.2    OUR SERVICE PROVIDERS include Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin, 18, D18 P521, Ireland, provider of hosting and storing applications and associated data. 
13.11.5    Overseas Transfers
13.11.5.1    The PERSONAL DATA YOU provide may be transferred to countries outside the European Economic Area (“EEA”) that do not have similar protections in place regarding YOUR PERSONAL DATA and restrictions on its use as set out in this policy. However, WE will take steps to ensure adequate protections are in place to ensure the security of YOUR PERSONAL DATA. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein. By submitting YOUR PERSONAL DATA, YOU consent to these transfers for the purposes specified above.
13.11.5.2    WE may transfer YOUR PERSONAL DATA to the following SERVICE PROVIDERS which are located outside the EEA for the following purposes:
13.11.5.2.1    Chase Software (Pty) Ltd, 10 Morris Street West, Rivonia, 2191, South Africa, for the purposes of performing the SERVICES;
13.11.5.2.2    Afrihost SP (Pty) Ltd, 376 Rivonia Boulevard, Sandton, Gauteng, South Africa, Provider of and Web Hosting; SurveyMonkey, One Curiosity Way, San Mateo, CA 94403, USA, Provider of survey tool to gain feedback from key stakeholders on satisfaction of service;
13.11.5.2.3    Atlassian, Level 29, 363 George Street, Sydney, NSW, 2000, Australia Provider of tool for knowledge base, issue tracking and project management;
13.11.5.2.4    Everlytic, Block B2, Rutherford Estate, 1 Scott Street, Waverley, Johannesburg, South Africa, 2090, Provider of tool to distribute newsletter and marketing detail to subscribed recipients;
13.11.5.2.5    Godaddy.com, 14455 N Hayden Rd Ste 226., Scottsdale, AZ 85260-6993, USA, Provider of SSL (Secure Sockets Layer) certificates.
13.11.5.3    OUR South African service providers are bound by the data protection laws of the Republic of South Africa, in particular, the Protection of Personal data Act, 4 of 2013 (“POPI”).  POPI provides for the safeguarding of YOUR PERSONAL DATA and stipulates that YOUR PERSONAL DATA will be processed to at least similar standards as set out by the GDPR. YOU can obtain a copy of POPI at http://www.justice.gov.za/inforeg/docs/InfoRegSA-POPIA-act2013-004.pdf.
13.11.5.4    If WE transfer YOUR PERSONAL DATA to any other countries, WE will put procedures and/or contractual obligations in place to ensure that YOUR PERSONAL DATA receives a similar level of protection as set out by GDPR. 
13.11.6    Non-Personally Identifiable Information
WE may make non-personally-identifiable information available to third-parties for various purposes. This data maybe automatically-collected and would be analysed to create an aggregated view of the data and ensure the reported information was anonymous.
13.11.7    Law Enforcement, Legal Process and Compliance
WE may disclose PERSONAL DATA or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies, or if such disclosure is necessary to protect YOUR rights and/or the rights of others.
13.11.8    Change of Ownership
WE may disclose or otherwise transfer YOUR PERSONAL DATA to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third-parties as one of OUR business assets and only if the recipient of the PERSONAL DATA commits to a privacy policy that has terms substantially consistent with this privacy policy.
13.12    Our Data Security
13.12.1    WE have implemented appropriate technical, physical and organisational measures to protect PERSONAL DATA against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access as well as all other forms of unlawful processing (including, but not limited to, unnecessary collection) or further processing.
13.12.2    WE use the following security procedures, technical and organisational measures to safeguard YOUR PERSONAL DATA:
13.12.2.1    OUR primary use and storage of PERSONAL DATA is on OUR own software which is highly encrypted and secure. All transfers of information are encrypted between OUR servers and YOUR device.  Where YOU use YOUR own servers to store PERSONAL INFORMATION, YOU will be the responsible party.
13.12.2.2    In cases where PERSONAL DATA is being processed in third countries (except as set out above) or by third-parties, a rigorous data protection impact assessment will be performed to ensure that YOUR PERSONAL DATA is always secured.
13.12.2.3    OUR application platform is hosted in ISO 27001 certified secure data centres in the Northern Europe Region (Dublin, Ireland).  If WE ever move the location of OUR servers, WE will notify YOU thereof in writing.
13.12.2.4    Firewalls, intrusion detection and prevention, anti-virus and anti-malware and backup and disaster recovery is in place to prevent data loss or deletion.
13.12.2.5    24/7 security guard, closed circuit television and a door access control system to authorized personnel secures OUR offices and data centres.
13.12.2.6    OUR applications are engineered by industry standards to minimise security vulnerabilities and updated on a regular basis.
13.12.2.7    Intrusion detection and prevention secures the network traffic to the servers and applications.
13.12.2.8    Anti-malware and anti-virus software is deployed to all of OUR servers and WE regularly scan and update with the latest anti-malware and virus signatures.
13.12.2.9    WE regularly apply critical, security patches and firmware updates to operating systems and physical hardware to minimise the risk of vulnerabilities.
13.12.2.10    OUR employees undergo background screening and selection processes, with a restricted list of employees having access to secure areas of the applications, databases and physical infrastructure. The access to the secure areas are logged and auditable.
13.12.2.11    WE will use all reasonable efforts to safeguard YOUR PERSONAL DATA. However, YOU should be aware that the use of the internet is not entirely secure and for this reason WE cannot guarantee the security or integrity of any PERSONAL DATA which is transferred from YOU or to YOU via the internet.
13.12.2.12    WE limit access to YOUR PERSONAL DATA to those who have a genuine business need to know it. Those processing YOUR PERSONAL DATA will do so only in an authorised manner and are subject to a duty of confidentiality.
13.12.2.13    WE have procedures in place to deal with any suspected data security breach. WE will notify YOU and any applicable regulator of a suspected data security breach where WE are legally required to do so.
13.12.3    WE use Microsoft products including Microsoft NAV which have data encryption and the privacy notice can be seen using the following link https://privacy.microsoft.com/en-gb/privacystatement.
13.13    Sub-Processors
13.13.1    By YOUR acceptance of this policy, YOU confirm that YOU have given US a general authority to engage third-party processors (“SUBPROCESSORS”) without obtaining YOUR further written, specific authorisation.  This authority is given on the proviso that WE will notify YOU in writing about the identity of a potential SUBPROCESSOR (and its processors, if any) before any agreements are made with the SUBPROCESSOR and before the SUBPROCESSOR processes any of SECONDARY DATA.  The SUBPROCESSOR will have access to YOUR PERSONAL DATA and/or YOUR SECONDARY DATA in order to assist in the provision OUR SERVICES. 
13.13.2    WE will conclude a written agreement with OUR SUBPROCESSOR/S, which agreement/s will subject OUR SUBPROCESSOR/S to the same level of data protection and security as US under the terms of this policy and the CHASE AGREEMENT. WE will be responsible for OUR SUBPROCESSORS’ compliance with the terms of this policy and the CHASE AGREEMENT.
13.13.3    If YOU wish to object to the relevant SUBPROCESSOR, YOU must give US written notice thereof within seven (7) calendar days from receiving OUR notification.  If YOU do not object, YOU will be deemed to have consented to the appointment of the SUBPROCESSOR.
13.14    Incident Management and Data Breach Notification
13.14.1    WE promptly evaluate and respond to incidents that create suspicion of or indicate unauthorized access to or handling of YOUR PERSONAL DATA.
13.14.2    If a breach of  data security occurs that can lead to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, PERSONAL DATA transmitted, stored or otherwise controlled and/or processed by US (“PERSONAL DATA BREACH”), WE will notify YOU thereof without undue delay, but not after 72 (seventy two) hours of becoming aware thereof. 
13.14.3    WE will maintain a register of all PERSONAL DATA BREACHES which will, at a minimum, include the following: 
13.14.3.1    a description of the nature of the PERSONAL DATA BREACH, including, if possible, the categories and the approximate number of affected data subjects concerned and the categories and approximate number of PERSONAL DATA records concerned;
13.14.3.2    a description of the likely as well as actually occurred consequences of the PERSONAL DATA BREACH;
13.14.3.3    a description of the measures that WE will take to address the PERSONAL DATA BREACH, including, where appropriate, measures taken to mitigate its adverse effects. 
13.14.4    As information regarding the breach is collected or otherwise reasonably becomes available to US and to the extent permitted by law, WE will provide YOU with additional relevant information concerning the breach reasonably known or available to US.
13.15    Audit Rights
13.15.1    YOU may at YOUR sole expense audit OUR compliance with the terms of this policy by sending US a written request, including a detailed audit plan, at least six weeks in advance of the proposed audit date. WE will work cooperatively with YOU to agree on a final audit plan.
13.15.2    The audit will be conducted no more than once during a twelve-month period, during regular business hours, subject to OUR on-site policies and regulations, and may not unreasonably interfere with OUR business activities. If YOU would like to use a third-party to conduct the audit, the third-party auditor will be mutually agreed to by the parties and the third-party auditor must execute a written confidentiality agreement that is acceptable to US. Upon completion of the audit, YOU must provide US with a copy of the audit report, which is classified as confidential information under the terms of YOUR agreement with US.
13.15.3    WE will contribute to such audits by providing YOU with the documentation, information and assistance reasonably necessary to conduct the audit, including any relevant records of processing activities applicable to the SERVICES. If the requested audit scope is addressed in a SOC 1 or SOC 2, ISO, NIST, PCI DSS, HIPAA or similar audit report issued by a qualified third-party auditor within the prior twelve months and WE provide such report to YOU confirming there are no known material changes in the controls audited, YOU agree to accept the findings presented in the third-party audit report in lieu of requesting an audit of the same controls covered by the report.  
13.16    Processing Your Secondary Data via Our Hosted Services
13.16.1    Processing Secondary Data
13.16.1.1    If YOU are using OUR hosted server to store SECONDARY DATA, then WE are YOUR data processor under GDPR.  Access to YOUR SECONDARY DATA is restricted by the users YOU allow access to as well as OUR support and engineering staff that need access in order to provide the SERVICES to YOU.
13.16.1.2    The categories and types of SECONDARY DATA that WE may process on YOUR behalf are:
13.16.1.2.1    the names, addresses and contact details of YOUR employees, customers, suppliers, contacts, contractors and/or prospects;
13.16.1.2.2    the accounting system debtor information  of YOUR customers, suppliers, contacts, contractors and/or prospects (this includes the debtor’s name, address, contact details, registration number and address VAT number); and
13.16.1.2.3    the names, titles, designations, contact details and birthdays of the employees/representatives of YOUR customers, suppliers, contacts, contractors and/or prospects with whom YOU have contact.
13.16.1.3    WE will only perform processing activities that are necessary and relevant to render OUR SERVICES to YOU.  WE will update this policy from time to time if there are any changes to the categories and types of SECONDARY DATA that WE may process on YOUR behalf. 
13.16.1.4    WE will maintain a register of processing activities.
13.16.2    Instruction
13.16.2.1    WE will only act and process SECONDARY DATA in accordance with YOUR written instructions (“INSTRUCTIONS”).  YOUR INSTRUCTIONS at the time when YOU conclude YOUR CHASE AGREEMENT with US will be that WE may process SECONDARY DATA with the purpose of:
13.16.2.1.1    rendering OUR SERVICES to YOU in accordance with the terms of the CHASE AGREEMENT; and
13.16.2.1.2    for statistical and marketing analysis, systems testing, customer surveys, maintenance and development, or in order to deal with a dispute or claim;
13.16.2.1.3    performing data profiling based on the SECONDARY DATA for statistical and marketing analysis purposes.  Any profiling activity will be carried out with YOUR prior consent only and by making best endeavours to ensure that all SECONDARY DATA it is based on is accurate.  By providing any SECONDARY DATA YOU explicitly agree that WE may use it to perform profiling activities in accordance with this policy
13.16.2.2    It is YOUR obligation to ensure that any SECONDARY DATA that YOU transfer to US is processed by YOU in accordance with applicable legislation (including GDPR), including the legislative requirements regarding the lawfulness of processing. 
13.16.2.3    If at any time WE consider YOUR INSTRUCTIONS to be in conflict with applicable data protection legislation, WE will notify YOU thereof without undue delay. 
13.16.3    Confidentiality
13.16.3.1    WE will treat all the SECONDARY DATA as strictly confidential information.  SECONDARY DATA may not be copied, transferred or otherwise processed in conflict with YOUR INSTRUCTIONS unless YOU have agreed thereto in writing. 
13.16.3.2    OUR employees and the employees of OUR GROUP COMPANIES (collectively, “GROUP EMPLOYEES”) as well as OUR SERVICE PROVIDERS who have access to and process YOUR SECONDARY DATA  will be subject to an obligation of confidentiality that ensures that they treat all SECONDARY DATA with strict confidentiality 
13.16.4    Security and Sharing of Secondary Data
13.16.4.1    The security measures set out in clause 13.12 of this policy will apply to SECONDARY DATA.
13.16.4.2    SECONDARY DATA may be shared throughout the CHASE GROUP (both locally and internationally subject to the security restrictions on overseas transfers as set out in clause 13.11.5).  Any such transfer will be done on the basis that access to SECONDARY DATA is restricted to only GROUP EMPLOYEES to whom it is necessary and relevant to process the SECONDARY DATA in order for US to render OUR SERVICES to YOU.
13.16.4.3    Any GROUP EMPLOYEES whose work includes processing the SECONDARY DATA will only do so in accordance with YOUR INSTRUCTIONS. 
13.16.4.4    Your SECONDARY DATA may be exported from OUR system by OUR engineers if necessary for testing and OUR policies are in place to ensure that this data is immediately removed after any tests are completed. 
13.16.4.5    WE work with SERVICE PROVIDERS who provide, for example, email hosting, core corporate applications, web hosting, maintenance, and other services to US in order for US to render OUR SERVICES to YOU. These SERVICE PROVIDERS may have access to, or process YOUR SECONDARY DATA as part of providing those services to US.  WE limit the information provided to these SERVICE PROVIDERS to that which is reasonably necessary for them to perform their functions, and OUR contracts with them require them to maintain the confidentiality of such information.  
13.16.4.6    OUR SERVICE PROVIDERS include Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin, 18, D18 P521, Ireland, Provider of hosting and storing applications and associated SECONDARY DATA.
13.16.4.7    All transfers of YOUR SECONDARY DATA is encrypted between OUR servers and the devices YOU use to access OUR software. WE cannot be held responsible for the security of YOUR devices.
13.16.4.8    WE may disclose SECONDARY DATA or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies, or if such disclosure is necessary to protect YOUR rights and/or the rights of others.
13.16.5    Data Protection Impact Assessments and Prior Consultation
If necessary, WE will assist YOU in preparing data protection impact assessments and prior consultations in accordance with articles 35 and 36 of GDPR. 
13.16.6    Rights of the Data Subjects
13.16.6.1    If YOU receive a request from a data subject for the exercise of the data subject’s rights under the GDPR and/or any other applicable data protection legislation and the correct and legitimate reply to such a request necessitates OUR assistance, WE will assist YOU by providing the necessary information and documentation.  WE will require reasonable time to assist YOU with such requests. 
13.16.6.2    If WE receive a request from a data subject for the exercise of the data subject’s rights under the GDPR and/or any other applicable data protection legislation and such request is related to the SECONDARY DATA, WE will immediately forward the request to YOU.  WE will not respond to any such request directly to the data subject. 
13.16.7    Secondary Data Breaches
13.16.7.1    If a breach of the data security occurs that can lead to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, SECONDARY DATA transmitted, stored or otherwise processed on YOUR behalf (“SECONDARY DATA BREACH”), WE will notify YOU thereof without undue delay, but not after 72 (seventy-two) hours of becoming aware thereof. 
13.16.7.2    WE will maintain a register of all SECONDARY DATA BREACHES which will, at a minimum, include the following: 
13.16.7.2.1    a description of the nature of the SECONDARY DATA BREACH, including, if possible, the categories and the approximate number of affected data subjects and the categories and the approximate number of SECONDARY DATA records concerned;
13.16.7.2.2    a description of the likely as well as actually occurred consequences of the SECONDARY DATA BREACH;
13.16.7.2.3    a description of the measures that WE will take to address the SECONDARY DATA BREACH, including, where appropriate, measures taken to mitigate its adverse effects. 
13.16.7.3    YOU, as the controller, will be required to notify any of YOUR third-parties of any such SECONDARY DATA BREACHES as contemplated in article 34 of GDPR.
13.16.7.4    WE will provide YOU with a copy of the register of SECONDARY DATA BREACHES if requested to do so in writing.
13.16.8    Documentation of Compliance
Within a reasonable time of receipt of YOUR written request, WE will provide YOU with documentation substantiating that WE complied with OUR obligations in respect of the processing of SECONDARY DATA as contemplated in:
13.16.8.1    this policy; 
13.16.8.2    YOUR INSTRUCTIONS; and 
13.16.8.3    the applicable data protection laws (including GDPR) in respect of the processing of SECONDARY DATA. 
13.16.9    Return or Deletion of Secondary Data
13.16.9.1    The retention and/or deletion of YOUR SECONDARY DATA will be subject to OUR compliance with any legal obligations that WE may be subject to with regards to the retention and/or deletion of SECONDARY DATA and/or records as well as any contractual obligations that WE are bound to. 
13.16.9.2    Subject to clause 13.16.9.1, upon the termination of the CHASE AGREEMENT WE will, at YOUR written election, either destroy or return all SECONDARY DATA to YOU.  In addition, when WE no longer need the SECONDARY DATA to provide OUR SERVICES, WE will securely delete or destroy it. 
13.17    Systems Operations Data Processing Terms
“SYSTEMS OPERATIONS DATA” includes log files, event files, and other trace and diagnostic files, as well as statistical and aggregated information that relates to the use and operation of OUR SERVICES, and the systems and networks that the SERVICES run on.
13.17.1    Responsibility and Purposes for Processing Personal Data and/or Secondary Data Contained in Systems Operations Data
13.17.1.1    WE are responsible for processing PERSONAL DATA and/or SECONDARY DATA that may be incidentally contained in SYSTEMS OPERATIONS DATA. WE may collect or generate SYSTEMS OPERATIONS DATA for the following purposes:
13.17.1.1.1    to help keep OUR SERVICES secure, including for security monitoring and identity management;
13.17.1.1.2    to investigate and prevent potential fraud or illegal activities involving OUR systems and networks, including to prevent cyber-attacks and to detect bots;
13.17.1.1.3    to administer OUR back-up disaster recovery plans and policies;
13.17.1.1.4    to confirm compliance with licensing and other terms of use (license compliance monitoring);
13.17.1.1.5    research and development purposes, including to analyse, develop, improve and optimize OUR SERVICES;
13.17.1.1.6    to comply with applicable laws and regulations and to operate OUR business, including to comply with legally mandated reporting, disclosure or other legal process requests, for mergers and acquisitions, finance and accounting, archiving and insurance purposes, legal and business consulting and in the context of dispute resolution.
13.17.1.2    For PERSONAL DATA and/or SECONDARY DATA contained in SYSTEMS OPERATIONS DATA collected in the EU, OUR legal basis for processing such information is OUR legitimate interest in performing, maintaining and securing OUR products and SERVICES and operating OUR business in an efficient and appropriate manner. PERSONAL DATA and/or SECONDARY DATA may also be processed based on OUR legal obligations or legitimate interest to comply with such legal obligations.
13.17.2    Sharing Personal Data and/or Secondary Data Contained in Systems Operations Data
13.17.2.1    PERSONAL DATA contained in SYSTEMS OPERATIONS DATA may be shared as contemplated in clause 13.11.
13.17.2.2    SECONDARY DATA contained in SYSTEMS OPERATIONS DATA may be shared as contemplated in clause 13.16.4.
13.17.2.3    When third-parties are given access to PERSONAL DATA and/or SECONDARY DATA contained in SYSTEMS OPERATIONS DATA, WE will take the appropriate contractual, technical and organisational measures to ensure, for example, that such data is only processed to the extent that such processing is necessary, consistent with this policy and in accordance with applicable law.
13.17.3    Security
WE have implemented appropriate technical, physical and organisational measures to protect PERSONAL DATA and SECONDARY DATA contained in SYSTEMS OPERATIONS DATA against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access as well as all other forms of unlawful processing (including, but not limited to, unnecessary collection) or further processing.
13.17.4    Rights of Data Subjects
13.17.4.1    To the extent provided under applicable laws, you may request to access, correct, update or delete PERSONAL DATA contained in SYSTEMS OPERATIONS DATA in certain cases, or otherwise exercise YOUR rights as contemplated in clause 13.10 by sending US a request to do so at the below address.
13.17.4.2    If YOU receive a request from a data subject for the exercise of the data subject’s rights under the GDPR and/or any other applicable data protection legislation with regards to SECONDARY DATA contained in SYSTEMS OPERATIONS DATA and the correct and legitimate reply to such a request necessitates OUR assistance, WE will assist YOU by providing the necessary information and documentation.  WE will require reasonable time to assist YOU with such requests. 
13.17.4.3    If WE receive a request from a data subject for the exercise of the data subject’s rights under the GDPR and/or any other applicable data protection legislation with regards to SECONDARY DATA contained in SYSTEMS OPERATIONS DATA, WE will immediately forward the request to YOU.  WE will not respond to any such request directly to the data subject.
13.18    Contact Us
13.18.1    OUR company address is 40 Gracechurch Street, London, EC3V 0BT
13.18.2    OUR postal address is 16 The Mall, Surbiton, KT6 4EQ
13.18.3    OUR telephone number is +44 7943 549271
13.18.4    OUR email address is sales@Chasesoftware.biz
13.19    Contacting the Regulator
13.19.1    If YOU have any complaints regarding OUR compliance with this policy, please contact US first. WE will investigate and attempt to resolve any complaints and disputes regarding OUR privacy practices.
13.19.2    If YOU feel that YOUR PERSONAL DATA has not been handled correctly, or YOU are unhappy with OUR response to any requests YOU have made to US regarding the use of YOUR PERSONAL DATA, YOU have the right to lodge a complaint with the Information Commissioner’s Office.
13.19.3    YOU can contact them by calling 0303 123 1113. Or go online to www.ico.org.uk/concerns (please note WE can't be responsible for the content of external websites).
13.20    Changes to Policy
13.20.1    WE may change this policy from time to time and any changes will be communicated to YOU by way of an e-mail or a notice on OUR website.
13.20.2    YOU will be requested to accept any changes to this policy if YOU wish to continue using the SERVICES.  If YOU do not accept such changes YOU will not be able to access OUR SERVICES, system and/or software.  If YOU do not want to agree to changes to this policy, YOU can request an account deletion.  Note that YOUR refusal to accept any changes to this policy will not absolve YOU of YOUR obligations as per the CHASE AGREEMENT.
13.20.3    This privacy policy was last updated on 2021/03/23.
13.21    Limitation of Liability
13.21.1    Whilst CHASE uses adequate security and technological measures to safeguard YOUR PERSONAL DATA and SECONDARY DATA, CHASE will not be liable for any breach or compromise of personal information and/or breach of privacy beyond the reasonable control of CHASE and which may include, but is not limited to:
13.21.1.1    acts of  terrorism, cyber-terrorism, cyber-extortion, cyber-attacks, viruses, malware, malicious code, logic bombs, spyware, worms, trojan horses, hacking, vis-majors, criminal actions by third-parties unrelated to CHASE; 
13.21.1.2    network disruptions beyond CHASE’S reasonable control and which may occur on YOUR computer systems and any failure by YOU, YOUR employees and/or YOUR service providers to ensure that YOU implement adequate security safeguards to protect YOUR PERSONAL DATA and SECONDARY DATA on YOUR computer systems and devices;
13.21.1.3    unauthorised user access by YOU and password protection breaches which is no fault on the part of CHASE;
13.21.1.4    where YOU are the responsible party and host YOUR own PERSONAL DATA and/or SECONDARY DATA on YOUR own servers or use YOUR own service providers to host YOUR PERSONAL DATA and/or SECONDARY DATA and any breach is not caused by any fault of CHASE.
13.22    Your Obligations 
13.22.1    YOU warrant in favour of CHASE that YOU have obtained the consent of any third-party for the use of that third party’s PERSONAL DATA and/or SECONDARY DATA in this way, or otherwise that such processing is lawful.  Except in the event of CHASE’S gross negligence or fraud , YOU hereby indemnify and holds harmless CHASE, its directors, employees and/or contractors, now and in the future from any claim, expense, damages and legal costs arising from:
13.22.1.1    YOUR failure to obtain the third-party’s consent to lawfully process their PERSONAL DATA and/or SECONDARY DATA;
13.22.1.2    YOUR breach of any relevant data protection legislation in the EEU, including GDPR.
13.22.2    You consent to CHASE retaining back-ups of YOUR PERSONAL DATA and SECONDARY DATA for no less than 6 (six) years after termination of the CHASE AGREEMENT or for longer as may be required in law for the retention of records. CHASE provides no warranty in respect of the effectiveness of such backups.
13.22.3    To the extent that YOU collect SECONDARY DATA in terms of the CHASE AGREEMENT, YOU will be responsible for all obligations of a controller in terms of GDPR.
13.22.4    YOU undertake to advise CHASE as soon as reasonably possible of if the Regulator investigates YOU or makes a ruling against YOU pertaining to YOUR failure or contravention of GDPR. 
13.22.5    When accessing, dealing with, collecting and/or processing PERSONAL DATA and/or SECONDARY DATA, using the SERVICES, YOU must at all times:
13.22.5.1    not request, collate, process and/or store PERSONAL DATA and/or SECONDARY DATA which is not necessary for the lawful purpose for which the PERSONAL DATA and/or SECONDARY DATA is required;
13.22.5.2    obtain written permission from the database subject for the collection, collation, processing and/or disclosure of any PERSONAL DATA and/or SECONDARY DATA;
13.22.5.3    not use the PERSONAL DATA and/or SECONDARY DATA for any purpose other than for the disclosed purpose for which the database subject gave their written permission;
13.22.5.4    keep a record of the PERSONAL DATA and/or SECONDARY DATA and the reason for which the PERSONAL DATA and/or SECONDARY DATA was collected, for as long as the PERSONAL DATA and/or SECONDARY DATA is used by YOU;
13.22.5.5    keep a record of all security breaches with regards to PERSONAL DATA and SECONDARY DATA;
13.22.5.6    not disclose the PERSONAL DATA and/or SECONDARY DATA to any third-party, unless permitted by legislation to do so or authorised in writing by the database subject to do so.  A record of any such disclosure must be kept for as long as the PERSONAL DATA and/or SECONDARY DATA is used by the database subject and the record must contain details on the reasons for the disclosure, the date of disclosure and the entity or person to whom disclosure was made;
13.22.5.7    delete and/or destroy any PERSONAL DATA and/or SECONDARY DATA that becomes obsolete. Prior written approval must be obtained from the database subject before any such deletion and/or destruction takes place; and
13.22.5.8    treat all PERSONAL DATA and/or SECONDARY DATA in a consistent and confidential manner.

14.    INTELLECTUAL PROPERTY
14.1    YOU acknowledge that YOU obtain no intellectual property rights (whether registered or unregistered) (“INTELLECTUAL PROPERTY”) whatsoever in the SOFTWARE or documentation relating to the SOFTWARE by virtue of the CHASE AGREEMENT and/or this EULA and that all such INTELLECTUAL PROPERTY rights will be and remain the sole property of CHASE.
14.2    Unless expressly agreed otherwise, the parties acknowledge that any and all of the INTELLECTUAL PROPERTY rights created in connection with this EULA by the other party (“the OWNING PARTY”), including any enhancements or adaptations thereto, are and will remain the sole property of the OWNING PARTY.  The parties agree that they will provide such reasonable assistance as may be required in the circumstances for the OWNING PARTY to prove and/or register in the name of the OWNING PARTY or its nominee, the foregoing rights during the term of this EULA and thereafter, including assigning such rights to the OWNING PARTY in writing, if required.
14.3    Save as otherwise provided for in terms of this EULA, neither party will have the authority to use the other party’s name, nor any INTELLECTUAL PROPERTY rights of the other party, save for the purposes of carrying out its duties and obligations in terms of this EULA, and subject at all times to the prior written approval of such party and for no other purpose whatsoever. 
14.4    In any event, the right of the receiving party (“the RECIPIENT PARTY”) to use any INTELLECTUAL PROPERTY rights of the OWNING PARTY will:
14.4.1    be subject at all times to the instructions, standards and specifications of use issued by the OWNING PARTY; and
14.4.2    immediately terminate upon termination of the CHASE AGREEMENT for any reason whatsoever, in which event the RECIPIENT PARTY will have no further right, title or interest in the INTELLECTUAL PROPERTY rights of the OWNING PARTY.
14.5    Each party will take all steps as may reasonably be required to protect and maintain the INTELLECTUAL PROPERTY rights of OWNING PARTY, provided that the OWNING PARTY will refund to RECIPIENT PARTY any expenses incurred by the RECIPIENT PARTY in relation thereto and provided further that the OWNING PARTY’S prior written consent for any such costs has been obtained.
14.6    YOU will immediately bring to the attention of CHASE any infringement or suspected infringement by any third-party of any of the INTELLECTUAL PROPERTY rights in the SOFTWARE of which YOU are aware and YOU will, at the request and expense of CHASE, assist CHASE in taking such action as CHASE may deem appropriate to protect its INTELLECTUAL PROPERTY rights or in the event that the actions or omissions of YOURS, leading directly or indirectly led to such infringement or suspected infringement, take such action at YOUR expense.
14.7    YOU must notify CHASE in writing of any claim which may be made against CHASE, or any related company alleging that the SOFTWARE infringes the INTELLECTUAL PROPERTY rights of a third-party as soon as is reasonably practicable after it becomes aware of any such actual or potential claim.
14.8    CHASE will defend YOU against any action, suit or proceedings and indemnify YOU against any award of damages or costs or any settlement caused by reason of any infringement or alleged infringement of any INTELLECTUAL PROPERTY rights of a third-party where such infringement or alleged infringement arises from YOUR authorised use or possession of the SOFTWARE pursuant to the CHASE AGREEMENT and this EULA provided that:
14.8.1    any infringement or alleged infringement is not caused by any unauthorised changes to or unauthorised use of the SOFTWARE made by or on YOUR behalf;  
14.8.2    YOU make no statement or admission without CHASE’S prior written consent; and
14.8.3    CHASE has control of the defence of any action or such claim and all negotiations for settlement or compromise and YOU give CHASE all reasonable assistance with the defence or settlement of such claim at CHASE’S expense.
14.9    If the SOFTWARE or any part thereof is held to constitute an infringement, CHASE may at its option, or as part of any settlement or compromise either procure for YOU the right to continue using the SOFTWARE, modify the SOFTWARE so that it is non-infringing (provided it has at least the same level of functionality) or, and only in the event that neither of the above options are feasible on a commercially reasonable basis (as determined solely by CHASE), terminate this EULA and/or the CHASE AGREEMENT, at which time the YOUR right and LICENCE to continue using the said infringing SOFTWARE will terminate.
14.10    YOU acknowledge that the ideas and expressions contained in the SOFTWARE (and any modifications thereof or updates thereto provided by CHASE) and any particulars thereof provided by CHASE are confidential and YOU undertake not to divulge such information to a third-party and only to divulge such information to its agents and employees as is strictly necessary to enable it to be used in accordance with and for the purposes hereof.  YOU acknowledge that the terms of this clause 14 will survive the termination for whatever reason of the CHASE AGREEMENT and this EULA.
14.11    YOU undertake not to remove, delete or obscure any copyright, trademark or other notices on or in the SOFTWARE and to ensure the accurate reproduction of the same on any copies of the SOFTWARE which YOU are entitled to make in accordance with the terms of your LICENSE.
14.12    YOU agree and confirm that all goodwill accruing to any of CHASE’S trademarks or trade names by virtue YOUR use of the SOFTWARE, will accrue to CHASE and that YOU acquire no rights in any of the said trademarks or trade names or anything so closely resembling them as to be likely to cause confusion and that YOU will take all reasonable steps necessary to ensure that YOU do not use the said words or trademarks or resemblance thereof in contravention of this EULA. 
15.    WARRANTIES
15.1    Each PARTY warrants that:
15.1.1    it has obtained all required legal, regulatory and governmental approvals, licences, consents and permits in relation to this EULA;
15.1.2    it will exercise due care, diligence and skill in all aspects relating to the fulfilment of its obligations hereunder and will comply with all applicable laws; 
15.1.3    it has the legal capacity and has taken all necessary action required to empower and authorise it to enter into and implement this EULA on the terms and conditions herein set out;
15.1.4    this EULA constitutes an agreement valid and binding on it and enforceable against it in accordance with its terms;
15.1.5    by acceptance of this EULA and the performance of its obligations hereunder does not and will not:
15.1.5.1    contravene any law or regulation to which that PARTY is subject;
15.1.5.2    contravene any provision of that PARTY’S constitutional documents; or 
15.1.5.3    conflict with or constitute a breach of any of the provisions of any other agreement, obligation, restriction or undertaking which is binding on it; and
15.1.6    to the best of its knowledge and belief, it is not aware of the existence of any fact or circumstance that may impair its ability to comply with all of its obligations in terms of this EULA; 
15.1.7    the CLIENT, the user, the person or the SYSTEM ADMINISTRATOR who accepts this EULA on behalf of the CLIENT and the USER is validly and duly authorised to do so;
15.1.8    it will not do anything or allow any act to be done which does or is likely to prejudice the good name, reputation and business practice of the other PARTY.
15.2    The parties undertake in favour of one another to:
15.2.1    conduct their respective businesses in an orderly manner and to comply with all laws applicable in the RSA to businesses of their respective natures;
15.2.2    keep separate, full and proper books of account and records showing clearly the transactions in terms of the CHASE AGREEMENT and this EULA;
15.2.3    in carrying out their responsibilities in terms of this EULA, ensure due compliance with the provisions of the Electronic Communications Act of 2005, POPI and all other relevant laws of the RSA and any regulations promulgated there under, including but not limited to any regulations by the Independent Communications Authority of South Africa;
15.2.4    not publish or cause the other PARTY to publish anything illegal or in any way engage in any illegal or fraudulent business practice.
16.    SOFTWARE WARRANTIES
16.1    CHASE warrants that where it provides SERVICES to the CLIENT, they will be performed:-
16.1.1    in a professional manner by appropriately qualified persons; and
16.1.2    in accordance with all applicable provisions hereof.
16.2    CHASE warrants further that:
16.2.1    it has the authority to grant the rights granted to the CLIENT and the user hereunder; 
16.2.2    that the use of the SOFTWARE or any part thereof will not in any way constitute an infringement or other violation of any intellectual property rights of a third-party;
16.2.3    in respect of Microsoft Dynamics NAV, and at the time of acceptance of this EULA by YOU, CHASE has all of the necessary authority from Microsoft under and in terms of its end user license terms to confer all of the necessary rights which it does so confer in terms of this EULA to YOU and the user and that by YOU using the SOFTWARE and/or NAV, YOU will not be in violation of any of the underpinning rights of Microsoft and/or its license-holders.
16.3    Exclusions of warranties
16.3.1    YOU warrant that YOU have not been induced to enter into the CHASE AGREEMENT and/or this EULA by any prior representations whether oral or in writing except as expressly contained in this EULA. 
16.3.2    CHASE hereby excludes all warranties, express or implied (statutory or otherwise), except those warranties expressly made to YOU in this clause 16.  In particular, CHASE disclaims the implied warranties of satisfactory quality and fitness for a particular purpose in relation to the SOFTWARE.
16.4    Remedies for Breach of Warranties
16.4.1    In the event of any breach of the warranties set out in clause 16.1, CHASE will use its reasonable endeavours on business days to remedy any non-performance or defect in the performance of the SOFTWARE or the SERVICE.  On the expiry of 30 (thirty) business days from the date on which YOU give notice to CHASE to remedy such breach, if the breach still remains, YOU will be entitled to any further remedies at law resulting from a breach of such warranty. 
16.4.2    In the event of any breach of the warranty set out in clause 16.2.2, YOUR sole remedy in respect of such breach is subject to the provisions of clause 14.
16.5    General
16.5.1    To the extent that any breach of warranty under clause 12 or claim for infringement under clause 14 arises as a direct or indirect result of the modification of any part of the SOFTWARE by or on YOUR behalf or on behalf of YOUR personnel, YOU will have no claim for any breach of warranty under clause 12 or right to indemnity under clause 17.
16.5.2    The warranties given by CHASE and contained in this clause are specifically limited to YOU and no warranty is made to any other person.
17.    INDEMNITY 
Subject to clause 18, YOU agree to indemnify, defend, and hold harmless CHASE (and its subsidiaries, affiliated companies, officers, agents, co-branders or other partners, and employees) from and against any claim, demand, loss, damage, cost, or liability (including reasonable attorneys' fees) arising out of or relating to any use or alleged use of YOUR account or YOUR passwords by any person whether authorised or not, or YOUR violation of this EULA and/or the CHASE AGREEMENT.
18.    LIMITATIONS OF LIABILITY
18.1    General
Neither party limits its liability for fraud or theft by it or its employees, or death or personal injury caused by its negligence or that of that party’s employees, or subcontractors as applicable.
18.2    Corrected faults
CHASE will correct any fault in the SOFTWARE or SERVICES where possible and as soon as reasonably practical and this is its entire liability regarding any fault in the SOFTWARE or SERVICES.  If this clause is held inapplicable or unenforceable, then the following clauses will apply.
18.3    Other website, goods, or services
CHASE is not liable for any other website, goods, or service provided by any third-party.
19.    BREACH, TERMINATION, GOVERNING LAW AND DISPUTE RESOLUTION
19.1    Breach, termination, governing law and dispute resolution of this EULA will be governed by the terms and conditions contained in the CHASE AGREEMENTTERMINATION
20.    GENERAL 
20.1    YOU may not cede or delegate any of YOUR rights or obligations under this EULA without CHASE’S prior written consent first being obtained, which consent will not be unreasonably withheld.  For the purposes hereof, such cession, delegation and/or assignment will include, without limitation, a merger, sale of assets or business, or other transfer of control by operation of law or otherwise. 
20.2    The CHASE AGREEMENT and the EULA and any other expressly incorporated document constitute the entire agreement between the parties hereto and supersedes any prior understandings between the parties in relation to the subject matter hereof and neither PARTY may rely on any representation made by the other PARTY unless such representation is expressly repeated herein. Nothing in this clause 22.2 will relieve either PARTY of liability for fraudulent misrepresentations and neither PARTY will be entitled to any remedy for either any negligent or innocent misrepresentation except to the extent (if any) that a court or arbitrator may allow reliance on the same as being fair and reasonable. 
20.3    CHASE may at any time and in its sole and absolute discretion, make amendments to this EULA.  Any such changes will be communicated to YOU and YOU will be required to accept same.  If YOU do not accept any such amendments YOUR LICENSE will be suspended and YOU will not have access to the SOFTWARE and/or the SERVICES.  If YOU do not accept the amendments within 20 (twenty) business days of such amendments being communicated to YOU, CHASE may immediately terminate the CHASE AGREEMENT and this EULA.
20.4    No latitude, extension of time or other indulgence which may be given or allowed to YOU by CHASE in respect of the performance of any obligation hereunder, and no delay or forbearance in the enforcement of any of CHASE’S rights arising from this EULA, and no single or partial exercise of any right by CHASE under this EULA, will in any circumstances be construed to be an implied consent or election by CHASE or operate as a waiver or a novation of or otherwise affect any of CHASE’S rights in terms of or arising from this EUAL or stop or preclude CHASE from enforcing at any time and without notice, strict and punctual compliance with each provision or term hereof. 
20.5    CHASE is an independent service provider and nothing in this EULA should be construed as constituting an employment relationship between the parties.  The parties acknowledge that this EULA is not subject to any employment law.
20.6    CHASE may use sub-contractors to perform services under this EULA in which case CHASE will take full responsibility for them.
20.7    Each provision of this EULA, is severable, the one from the other and, if at any time any provision is, or becomes, or is found to be invalid, illegal or otherwise unenforceable for any reason, by a court of competent jurisdiction, the remaining provisions of this EULA will continue to be of full force and effect.