Terms of Business for Consultancy Services
These are the Terms of Business for Consultancy Services (“Terms”) of The Myers-Briggs Company Limited, a company registered in England and Wales (registered number 2218212) whose registered offices are at Elsfield Hall, 15-17 Elsfield Way, Oxford OX2 8EP, UK (The Myers-Briggs Company) and cover the European branch offices of The Myers-Briggs Company Limited (including The Myers-Briggs Company - France, The Myers-Briggs Company - Netherlands and The Myers-Briggs Company - Germany). When we refer to “The Myers-Briggs Company”, “we”, “us” and “our” we mean The Myers-Briggs Company Limited and our European branch offices, unless otherwise stated.
If you have questions about any of these Terms, please contact The Myers-Briggs Company's Client Support Team on +44 1865 404610 or +44 1865 404500.
1.1 "Business Day" means a day (not being a Saturday or Sunday) on which banks are open for general banking business in the City of London;
"Client" means the organisation contracting with The Myers-Briggs Company for the provision of consultancy services as identified in the Terms of Engagement;
"Contract" means the contract formed by the acceptance and return by the Client of the Terms of Engagement, and such contract shall be governed by these Terms and the Terms of Engagement;
"Deliverables" means those items identified as such in the Terms of Engagement (if any) to be provided by The Myers-Briggs Company to the Client in the course of delivering the Services;
"The Myers-Briggs Company" means The Myers-Briggs Company Limited together with its European branch offices (including The Myers-Briggs Company - France, The Myers-Briggs Company - Netherlands and The Myers-Briggs Company - Germany);
"The Myers-Briggs Company Terms" means these standard terms of business;
"Services" means the work to be undertaken by The Myers-Briggs Company for the Client as described in the Terms of Engagement;
"Terms of Engagement" means the letter or other statement provided to the Client by The Myers-Briggs Company, incorporating these Terms, which outlines the nature of the Services, the deliverables to be provided, the fees payable and the timeframe for completion of the Services, together with any other terms specific to the engagement with the Client;
“Work” means any activity performed by The Myers-Briggs Company in relation to the Services;
"Working Days" means Monday to Friday excluding bank or public holidays.
2. The Services
2.1 The Myers-Briggs Company will provide the Services to the Client on, and subject to, The Myers-Briggs Company Terms and the Terms of Engagement. The Myers-Briggs Company will not start providing the Services until The Myers-Briggs Company has received written acceptance of the Terms of Engagement by an authorised representative of the Client. By accepting the Terms of Engagement, the Client also agrees to be bound by these Terms to the exclusion of all other terms and conditions (including any terms or conditions which the Client purports to apply under any purchase order, confirmation of order, specification or other document). The Terms of Engagement, once signed and returned by the Client, shall, together with these Terms, form the contract between The Myers-Briggs Company and the Client.
2.2 In accepting the Terms of Engagement, the Client authorises The Myers-Briggs Company to proceed with all relevant preparations for providing the Services, including but not limited to purchase of materials and booking venues (if required).
2.3 The Myers-Briggs Company shall provide the Services using reasonable skill and care.
2.4 In providing the Services, The Myers-Briggs Company shall use its reasonable endeavours to give sound advice based on the information available, but the Client will remain wholly responsible for determining matters of policy or action related to that advice.
2.5 The Client acknowledges and agrees that, in order for its personnel to derive benefits from the Services, such personnel will be required to make such commitment as is appropriate to the Services being provided.
3.Terms of Engagement and fees
3.1 The Terms of Engagement will, unless otherwise stated, remain capable of acceptance by the Client for a period of 90 days from the date thereof. The rates for fees and materials are subject to review from time to time, but The Myers-Briggs Company will give one month's notice of its intention to change the charging basis for current and continuing projects.
3.2 The fees set out in the Terms of Engagement are based on The Myers-Briggs Company's understanding of the Client's requirements as set out in the Terms of Engagement. The Myers-Briggs Company reserves the right to make additional charges for:
3.2.1 staff time spent in excess of those estimated in the Terms of Engagement as a result of any delays caused in delivery of the Services due to any act or omission of the Client;
3.2.2 staff time spent travelling to the venue in excess of two hours in either direction;
3.2.3 staff time for planning or other meetings requested by the Client in addition to those allowed for in the Terms of Engagement;
3.2.4 any services or materials requested in writing by the Client that The Myers-Briggs Company agrees in writing to provide and that are additional to those allowed for in the Terms of Engagement, which shall then become part of the Services.
3.3 The Myers-Briggs Company may also charge the Client for reasonable expenses incurred by The Myers-Briggs Company in the provision of the Services including, where necessary:
3.3.1 travel, accommodation and subsistence (mileage to be charged at 50 pence per mile);
3.3.2 all bought-in goods, services and sub-contracted items referred to in the Terms of Engagement as being necessary and charged for separately from the fees quoted in the Terms of Engagement.
3.4 Value Added Tax, where applicable, will be payable by the Client on all fees and expenses at the rate in force at the date of invoicing. All prices are quoted exclusive of Value Added Tax.
3.5 The Myers-Briggs Company will issue invoices in accordance with the terms stated in the Terms of Engagement. Depending on the nature of the work, The Myers-Briggs Company may issue invoices at the end of each discrete piece of work or at the end of each month. If the Client delays planned progress on provision of the Services, The Myers-Briggs Company reserves the right to submit interim invoices. The Myers-Briggs Company will also submit invoices in respect of any additional work carried out as referred to in Clause 3.2.
3.6 All invoices will be paid by the Client within 30 days of date of invoice. The Myers-Briggs Company reserves the right to charge the Client interest and costs of recovery in accordance with the Late Payment of Commercial Debts (Interest) Act 1998 (as amended).
3.7 Where a refund is due to a Client and such is caused at the fault of the Client, The Myers-Briggs Company reserves the right to deduct any administrative bank/ credit card charges from such refund. Where the refund is necessitated at the fault of The Myers-Briggs Company, no such deductions shall be made.
4. Cancellation and postponement
4.1 Unless otherwise specified in the Terms of Engagement, The Myers-Briggs Company reserves the right to charge for events (including but not limited to courses, workshops, presentations or seminars) cancelled or postponed by the Client. Such charges will be in accordance with the following schedule (percentages refer to percent of fees relating to the relevant event) to be paid as a cancellation or postponement charge:
Number of Working Days before the work commences
|29 or more||28 or fewer||5 or fewer|
|½ or one-day event||25%||50%||100%|
|Two or more days||40%||80%||100%|
Where an event is cancelled by the Client, the client will be charged one hundred percent (100%) of the fees.
4.2 In addition, the Client will bear the full cost of any fees or expenses incurred by The Myers-Briggs Company for cancellation of venues and, except in cases where the Client has paid a 100% cancellation or postponement charge, for non-returnable goods and services bought or contracted for the event or events.
4.3 Where an event is postponed, the Client will be liable for the full fee for that event quoted in the Terms of Engagement when eventually held, in addition to the postponement charge set out in clause 4.1.
4.4 For the avoidance of doubt, the start date of the Work is not the start of the event but the start of when the Work commences and will be set out in the Terms of Engagement.
5.1 Other than in respect of information that the Client has supplied to The Myers-Briggs Company , The Myers-Briggs Company shall, as between The Myers-Briggs Company and the Client, own all copyright and any other intellectual property rights throughout the world subsisting in the contents of the Terms of Engagement and in all Work, including that work produced by The Myers-Briggs Company in the course of provision of the Services in whatever form or media and (including, without limitation, for the avoidance of doubt the Deliverables) ("Work"), unless otherwise indicated in the Terms of Engagement as "Client Materials".
5.2 If the Client requires The Myers-Briggs Company to incorporate any material into the Work and supplies The Myers-Briggs Company with such material, the Client warrants that:
5.2.1 the proposed use or incorporation of such material will not infringe any third party's intellectual property rights;
5.2.2 where the Client is not the owner of all copyright or other intellectual property rights in such material, the Client has received all necessary consents and licences for the proposed use by The Myers-Briggs Company of such material; and the Client will indemnify and keep The Myers-Briggs Company fully and effectively indemnified against all costs, claims, demands, expenses and liabilities of any nature arising out of or in connection with any breach of the warranty in this clause.
5.3 Subject to Clause 5.4, the Client agrees that it shall not copy or amend the Work or do or authorise any other act that may infringe or devalue The Myers-Briggs Company's copyright or other intellectual property rights.
5.4 The Client may, subject to the last sentence of this clause, make a reasonable amount of copies of the Work (or part of the Work) for distribution to its own personnel and strictly for internal business purposes only. The Client shall ensure that each such copy of the Work (or part thereof) shall bear a statement acknowledging its source. The Client shall have no right to make any copies of any Deliverables on which The Myers-Briggs Company does not own the copyright.
6.1 The Myers-Briggs Company shall be entitled, in its absolute discretion, to appoint sub-contractors to provide all or part of the Services.
6.2 If the Client nominates sub-contractors to work with The Myers-Briggs Company in the provision of the Services, the Client shall be responsible for such nominated sub-contractors. The Myers-Briggs Company reserves the right to withdraw co-operation from any nominated sub-contractors if the performance or actions of such persons or organisations prevents The Myers-Briggs Company fulfilling its obligations under the Terms of Engagement and these Terms.
7. Client's obligations
7.1 The Client will ensure that its staff, contractors and other suppliers co-operate fully with The Myers-Briggs Company and cause no delay.
7.2 Whilst The Myers-Briggs Company's employees or sub-contractors are working on the Client's premises, the Client will ensure the health and safety of those people. The Client will indemnify The Myers-Briggs Company and keep The Myers-Briggs Company indemnified against all losses, damages and expenses incurred or suffered by The Myers-Briggs Company in connection with any and all claims made in respect of any injury, death or loss suffered by those employees or sub-contractors as a result of working at the Client's premises.
7.3 Clients will not, either during the provision of the Services or thereafter for a period of one year, directly or indirectly, offer employment or assignments to any of The Myers-Briggs Company's employees or sub-contractors or solicit or procure their employment by any other company, organisation or individual with which the Client is connected.
7.4 All Clients shall be required, in using The Myers-Briggs Company's Services to verify any local requirements and/or restrictions on using psychometric tests in general and The Myers-Briggs Company materials in particular, in that jurisdiction, whether imposed by law, regulation or by a local regulatory or governmental body. Where any local requirements and/or restrictions exist that alter the criteria for, or prevent, use of The Myers-Briggs Company’s materials within a particular jurisdiction, it shall be the responsibility of the Client to ensure that it fully complies with any and all such local requirements and/or restrictions. Where any Client uses The Myers-Briggs Company’s materials in a particular jurisdiction in contravention of any local requirements and/or restrictions, whether knowingly or inadvertently, such Client shall be solely responsible and liable for such use and shall hold harmless and indemnify The Myers-Briggs Company in respect of any loss or claim by a third party against The Myers-Briggs Company arising from such. Further, in the event that a Client has failed to ensure that any The Myers-Briggs Company materials may be legitimately used within a particular jurisdiction and subsequently purchases The Myers-Briggs Company materials for use in that jurisdiction, such Client shall be liable for the costs thereof and The Myers-Briggs Company shall bear no responsibility or liability for return of such The Myers-Briggs Company materials or the reimbursement of any associated costs.
8.1 Both during and after the provision of the Services, both parties shall keep confidential any information of the other party that is obtained in connection with the provision of the Services and that is clearly designated as ‘confidential' or that is by its nature clearly confidential. Neither party shall use such information except in connection with the Services nor divulge it to any third party without the prior written permission of the other party.
8.2 The provisions of this clause 8 shall not apply to any information disclosed by a party ("Disclosing Party") that:
8.2.1 is in, or comes into, the public domain (except as a result of a breach of these Terms);
8.2.2 was already in the possession of the Disclosing Party at the time of its receipt from the other party;
8.2.3 is received by the Disclosing Party from a third party who was not under a legal obligation of confidentiality with respect to it;
8.2.4 is required by law to be disclosed by the Disclosing Party.
8.3 The Terms of Engagement shall be treated as confidential information for the purposes of this clause 8.
9. Data Protection and Privacy
9.2 Client agrees to be bound by the Data Protection Terms as set forth in the Schedule attached hereto, unless otherwise agreed in writing between The Myers-Briggs Company and the Client.
10. Term and termination
10.1 The Contract will commence on the date that The Myers-Briggs Company receives the signed Terms of Engagement from the Client and shall continue in full force and effect until the Services have been completed, subject to earlier termination pursuant to Clauses 10.2 and 10.3.
10.2 Either party may terminate provision of the Services immediately by notice in writing to the breaching party if the breaching party:
10.2.1 is in irremediable breach of its obligations or, in the case of a remediable breach, such breach has not been remedied within 14 days of receipt by the breaching party of a notice from the other party specifying the breach and requiring its remedy; or
10.2.2 enters into voluntary or compulsory liquidation, or compounds with or convenes a meeting of its creditors, or has a receiver or manager or an administrator appointed over any part of its assets, or ceases for any reason to carry on business, or takes or suffers any analogous action which in the opinion of The Myers-Briggs Company means that the Client may not be able to pay its debts.
10.3 The Myers-Briggs Company may terminate provision of the Services at any time if:
10.3.1 it has given the Client three months' notice in writing; or
10.3.2 the Client attempts substantially to alter the scope or definition of the Services without The Myers-Briggs Company's prior written agreement.
10.4 On termination, The Myers-Briggs Company will be entitled to be paid all fees and expenses incurred or accrued and payable by the Client as at the date of termination or cancellation of the Services. In the case of termination by The Myers-Briggs Company pursuant to Clause 10.2, the Client will be deemed to have cancelled the Services and will be liable to pay a cancellation charge as specified in Clause 4.1, if applicable.
10.5 On termination, each party shall immediately return to the other party all property of the other party in its custody, possession or control.
10.6 Clauses 1, 4, 5, 7.3, 8, 9, 10, 11 and 15 shall survive expiry or termination of these Terms howsoever caused and shall remain thereafter in full force and effect after termination.
11. Warranty and liability
11.1 In the event of damage to tangible physical property, where it is established that such damage to property has arisen as a direct result of the negligence of The Myers-Briggs Company employees or sub-contractors while providing the Services, The Myers-Briggs Company's liability shall be limited to a maximum of £1,000,000 (one million pounds) per claim or series of related claims.
11.2 Nothing in these Terms shall exclude or limit The Myers-Briggs Company's liability for death or personal injury caused by The Myers-Briggs Company's negligence, nor for fraud on The Myers-Briggs Company's part, nor for any liability that cannot be excluded by law.
11.3 Subject to Clauses 11.1, 11.2 and 11.4, The Myers-Briggs Company's liability arising under or as a result of the provision of the Services whether in contract, tort, breach of statutory duty or otherwise is limited to the fees actually paid by the Client to The Myers-Briggs Company for such Services.
11.4 The Myers-Briggs Company will not be liable for any indirect or consequential loss, loss of business, profit, revenue, data or goodwill, nor for lost or wasted management time or employee time of the Client.
11.5 Any condition, representation or warranty that might otherwise be implied or incorporated within these Terms by reason of statute or common law or otherwise is hereby expressly excluded.
12. Force majeure
The Myers-Briggs Company has no liability to the Client if The Myers-Briggs Company is unable to provide all or a part of the Services in accordance with the Terms of Engagement or otherwise as a result of circumstances beyond The Myers-Briggs Company's reasonable control, including without limitation, war, strike, lockout, industrial disputes, riot, civil commotion, acts of Government, fire, blockade, accident, natural catastrophe, disaster.
No delay, neglect or forbearance by either party in enforcing any provision of the Terms of Engagement or these Terms shall be deemed to be a waiver or in any way prejudice any rights of that party.
14. Rights of third parties
Nothing in these Terms or the Terms of Engagement confers or purports to confer on any third party any right to enforce any of the Terms of Engagement or these Terms.
15. Governing law and jurisdiction
These Terms and the Terms of Engagement are governed by and construed in accordance with the laws of England, and are subject to the exclusive jurisdiction of the English courts.
16. Entire agreement
16.1 These Terms together with the Terms of Engagement constitute the entire agreement between The Myers-Briggs Company and the Client in relation to the Services, and supersede all earlier communications. Each party acknowledges that it has not relied on any commitment, representation or warranty in entering into the Contract, other than those expressly set out in the Contract. No amendment or other variation to these Terms by the Client will be effective unless it is in writing, is dated and is signed by a duly authorised representative of The Myers-Briggs Company and the Client.
16.2 If there is any conflict between these Terms and the Terms of Engagement, these Terms will prevail.
16.3 The Myers-Briggs Company reserves the right to change these Terms at any time without prior notice to you, so please check them regularly. These Terms were revised in May 2018.
17.1 Any notice permitted or required under these Terms will be given in writing and shall be effectively served if delivered by hand or sent by first-class or airmail post to The Myers-Briggs Company at its usual address and, in the case of the Client, to the last known or usual address. Any notice personally delivered shall be deemed to have been received at the time of delivery. Any notice sent by post shall be deemed to have been delivered three Business Days after posting in the case of inter-UK communications, or five Business Days otherwise.
17.2 In cases where the Terms of Engagement specify nominated representatives of the parties, all notices shall be addressed to such representatives.
18. Further information
If you wish to raise any query, please contact firstname.lastname@example.org or call our Client Services on + 44 1865 404610.
The Myers-Briggs Company Limited
15-17 Elsfield Way
Registered in England and Wales
Company Number 2218212
Data Processing Terms (DP Terms)
These DP Terms govern data processing by The Myers-Briggs Company for and on behalf of Client in relation to the goods and/or services received by Client from The Myers-Briggs Company.
These DP Terms are supplemental to The Myers-Briggs Company Terms to which these DP Terms are supplemental, and together form the contract between the Parties.
2. Description of processing
The processing to be carried out by The Myers-Briggs Company is as follows:
2.1 the subject matter of the processing is as described in clause 1.1 above and the duration of the processing will be throughout the period within which The Myers-Briggs Company performs Services;
2.2 the nature of the processing is as described in clause 1.1 above and the purpose of the processing is to enable The Myers-Briggs Company to perform Services to the Client;
2.3 the personal data to be processed will be any personal data of Relevant Data Subjects provided in order to enable or facilitate the provision of Services by The Myers-Briggs Company as described in clause 1.1 above, and the categories of data subjects are Relevant Data Subjects; and
2.4 the obligations and rights of the data controller in relation to the processing are set out below.
3. Compliance with the Data Protection Regulations
3.1 Each of Client and The Myers-Briggs Company warrant and represent that it will comply with (and shall ensure that its staff and/or subcontractors comply) with the Data Protection Regulations in processing personal data in connection with the Services.
4. Relationship and roles of the parties
4.1 In relation to the processing of personal data in connection with Services, the parties acknowledge and agree that:
- 4.4.1 Client is the data controller; and
- 4.1.2 The Myers-Briggs Company is the data processor.
The Myers-Briggs Company agrees that it will process the personal data in accordance with these DP Terms.
5. Responsible individuals and enquiries
5.1 Client and The Myers-Briggs Company will each notify the other from time to time of the individual within its organisation authorised to respond to enquiries regarding the personal data and the processing which is the subject of these DP Terms. Client and The Myers-Briggs Company shall each deal promptly and reasonably with all such enquiries.
5.2 In respect of The Myers-Briggs Company, the individual authorised to respond to such enquiries is The Myers-Briggs Company DPO together with other members of The Myers-Briggs Company Data Protection Team. Any enquiries should be addressed to email@example.com
6. Processing of personal data by The Myers-Briggs Company
In relation to the processing of personal data in connection with the Services, The Myers-Briggs Company shall:
6.1 process the personal data (including when making an international transfer of the personal data) only for the purpose of and to the extent necessary for provision of the Services and then only in accordance with:
- 6.1.1 these DP Terms; and
- 6.1.2 Client's written instructions from time to time,
unless otherwise required by law. Where The Myers-Briggs Company is required by law to process the personal data otherwise than as provided by these DP Terms, it will notify Client before carrying out the processing concerned (unless the law also prevents The Myers-Briggs Company from doing so for reasons of important public interest);
6.2 implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks that are presented by the processing, in particular protection against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed under these DP Terms, as set forth in the Appendix;
6.3 take all reasonable steps to ensure that only authorised personnel have access to the personal data and that any persons whom it authorises to have access to the personal data will respect and maintain all due confidentiality in relation to the personal data (including by means of an appropriate contractual duty of confidentiality where the persons concerned are not already under such a duty under the law);
6.4 not engage any sub-processors in the performance of the Services without the prior written consent of Client and otherwise in accordance with clause 8 at all times;
6.5 not do, or omit to do, anything, which would cause Client to be in breach of its obligations under the Data Protection Regulations;
6.6 immediately notify Client if, in The Myers-Briggs Company's opinion, any instruction given to The Myers-Briggs Company infringes the Data Protection Regulations;
6.7 where applicable in respect of any personal data processed in relation to the Services, co-operate with and assist Client in ensuring compliance with:
- 6.7.1 Client's obligations to respond to requests from any data subject(s) seeking to exercise its/their rights under Chapter III of the GDPR, including by notifying Client of any written subject access requests The Myers-Briggs Company receives relating to Client's obligations under the Data Protection Regulations; and
- 6.7.2 Client's obligations under Articles 32 – 36 of the GDPR to:
- (a) ensure the security of the processing;
- (b) notify the relevant supervisory authority, and any data subject(s), where relevant, of any breaches relating to personal data;
- (c) carry out any data protection impact assessments (each a "DPIA") of the impact of the processing on the protection of personal data; and
- (d) consult the relevant supervisory authority prior to any processing where a DPIA indicates that the processing would result in a high risk in the absence of measures taken by Client to mitigate the risk.
6.8 provide assistance where reasonably required by Client in relation to the fulfilment of Client’s obligations to co-operate with the relevant supervisory authority under Article 31 of the GDPR.
7.1 The Myers-Briggs Company will ensure that any sub-processor it engages to provide any services on its behalf in connection with the Services does so only on the basis of a written contract which imposes on such sub-processor terms equivalent to those imposed on The Myers-Briggs Company under these DP Terms or such other alternative terms as may be agreed with Client (the "Relevant Terms"). The Myers-Briggs Company shall procure the performance by the sub-processor of the Relevant Terms and shall be directly liable to Client for:
- 7.1.1 any breach by the sub-processor of any of the Relevant Terms;
- 7.1.2 any act or omission of the sub-processor which causes:
- 188.8.131.52 The Myers-Briggs Company to be in breach of these DP Terms; or
- 184.108.40.206 Client or The Myers-Briggs Company to be in breach of the Data Protection Regulations.
7.2 Where Client has given a general authorisation to The Myers-Briggs Company to engage sub-processors, then prior to engaging a new sub-processor under the general authorisation The Myers-Briggs Company will notify Client of any changes that are made that would affect that general authorisation and give Client an opportunity to object to them.
7.3 Notwithstanding clauses 7.1 and 7.2, it is agreed that The Myers-Briggs Company shall be permitted to transfer personal data to such sub-processors as are set forth in the List of Third Parties and Transfers ex-EEA.
8. Monitoring of The Myers-Briggs Company's performance
8.1 Client is entitled to monitor and audit The Myers-Briggs Company's compliance with the Data Protection Regulations and its obligations in relation to data processing in connection with the Services at any time during normal business hours. The Myers-Briggs Company agrees to provide Client promptly with all access, assistance and information that is reasonably necessary to enable the monitoring and audits concerned. If Client believes that an on-site audit is necessary, The Myers-Briggs Company agrees to give Client reasonable access to its premises (subject to any reasonable confidentiality and security measures), and to any stored personal data and data processing programs it has on-site. Client is entitled to have the audit carried out by a third party.
9. Transfers outside the EEA and to third parties
9.1 We may transfer personal data outside the EEA and to any third party located outside the EEA (including to our parent company, The Myers-Briggs Company, in the US) where we are permitted to do so for that transfer under Articles 44 to 49 of the GDPR. For the purposes hereof, it is agreed that The Myers-Briggs Company shall be permitted to transfer personal data outside the EEA and to such third parties located outside the EEA as set forth in the List of Third Parties and Transfers ex-EEA, provided the appropriate safeguard mechanisms remain in place.
10. Completion of Services
10.1 Upon completion of the Services, The Myers-Briggs Company will at Client's discretion, on receipt of Client’s instruction, delete or return to Client, all personal data (including copies) processed in connection with the Services, except to the extent that The Myers-Briggs Company is required by law to retain any copies of the personal data and save to the extent that The Myers-Briggs Company receives instructions to the contrary from any Client Data Subject).
11. Governing Law
11.1 These DP Terms shall be governed by the laws of England and Wales and the courts of London, England shall have exclusive jurisdiction.
12.1 For the purposes of these DP Terms, defined terms used are as follows:
means all laws applicable to any personal data processed under or in connection with the Contract, including:
all as amended, re-enacted and/or replaced and in force from time to time;
means the General Data Protection Regulation (EU) 2016/679; and
means any goods and/or services provided to Client under The Myers-Briggs Company Terms of Business.
The terms personal data; data controller; data processor; processing; and supervisory authority used in these DP Terms shall have the meaning given in the Data Protection Regulations.
The Myers-Briggs Company Technical and Organisational Measures
1.1 The Myers-Briggs Company’s Information Security Management System and Data Protection systems detail:
- Process and procedures;
- Roles and responsibilities;
- Assurance process;
- Risk assessment process including DPIAs; and
- Improvement plans.
1.2 The Myers-Briggs Company’s Physical Security measures include:
- The fitting of appropriate locks and other physical controls to the doors and windows of rooms where computers are kept, including swipecard entry;
- Physically securing unattended lap tops (eg by locking them in a secure drawer or cupboard);
- Ensuring control of and security of all removable media, such as removable hard-drives, CDs, floppy disks and USB drives, attached to business-critical assets;
- Destroying or removing all business-critical information from media such as CDs, and floppy disks before disposing of them;
- Ensuring that all business-critical information is removed from the hard drives of any used computers before disposing of them; and
- Storing back-ups of business-critical information off-site and/ or in a fire and water-proof container.
1.3 The Myers-Briggs Company’s Access Controls measures include:
- Using unique passwords, that are not obvious and change them regularly;
- Using complex password policies;
- Ensuring that employees understand good password security; and
- Auditing unauthorised logins.
1.4 The Myers-Briggs Company’s Security and Privacy Technologies include:
- Ensuring that all computers used have anti-virus software installed, and the virus definitions are updated at least once a week. All incoming and outgoing traffic is scanned for viruses, as are any disk or CD that is used, even where from a ‘trusted’ source. At least once a month, computers are scanned for viruses.
1.5 The Myers-Briggs Company’s awareness, training and security checks in relation to personnel include:
- Performing integrity checks on all new employees to ensure that they have not lied about their background, experience or qualifications;
- Giving all new employees a simple introduction to information security, and ensuring that they have read and understand The Myers-Briggs Company’s Information Security Policy and Data Protection Policy;
- Ensuring employees know where to find details of the Information Security standards and procedures relevant to their role and responsibilities;
- Ensuring that employees have access only to the information assets they need to do their jobs. If employees change jobs, we ensure that they do not retain access to the assets they needed for their old job. When dismissing employees, we ensure that they do not take with them any business-critical information;
- Ensuring that no ex-employees have access rights to The Myers-Briggs Company systems; and
- Ensuring employees know about the common methods that can be used to compromise systems.
1.6 The Myers-Briggs Company’s Incident/Response Management/Business Continuity include:
- Ensuring that employees understand what is meant by a Security Incident, being any event that can damage or compromise the confidentiality, integrity or availability of your business–critical information or systems;
- Ensuring that employees are trained to recognise the signs of Security Incidents;
- Ensuring that employees receive training on the need to notify anything which may be a sign of a Security Incident and are kept informed as to the identity of the person to whom such notifications should be made;
- Ensuring that if a Security Incident occurs, employees know who to contact and how;
- Having in place a Business Continuity Plan to assure business continuity in the event of a serious Security Incident. The Plan specifies:
- Designated people involved in the response;
- External contacts, including law enforcement, fire and possibly technical experts;
- Contingency plans for foreseeable incidents such as:
- Power loss;
- Natural disasters and serious accidents;
- Data compromise;
- No access to premises;
- Loss of essential employees;
- Equipment failure;
- Ensuring that the Business Continuity Plan is issued to all required employees and is tested at least once a year, regardless of whether there has been a Security Incident; and
- After every incident when the Business Continuity Plan is used, and after every test, re-examining and updating, where necessary, the Business Continuity Plan using the lessons learned.
- Auditing of who has access to its systems;
- Logging of such access to the systems; and
- Auditing of compliance with security procedures.
1.7 The Myers-Briggs Company’s Audit Controls/Due Diligence include:
Ensuring that appropriate security audit arrangements are in place including: