These are the Terms of Business for the Purchase of Product (“Terms”) of The Myers-Briggs Company Limited, a company registered in England and Wales (registered number 2218212) whose registered offices are at Elsfield Hall, 15-17 Elsfield Way, Oxford OX2 8EP, UK (The Myers-Briggs Company) and cover the European branch offices and operations of The Myers-Briggs Company Limited (including The Myers-Briggs Company - France, The Myers-Briggs Company - Netherlands and The Myers-Briggs Company - Germany). When we refer to “The Myers-Briggs Company”, “we”, “us” and “our” we mean The Myers-Briggs Company Limited and our European branch offices, unless otherwise stated.
If you have questions about any of these terms and conditions, please contact The Myers-Briggs Company's Customer Support Team on +44 1865 404610 or +44 1865 404500.
1.1 In these terms and conditions, the following shall have the following meanings:
"Bureau Scoring Service" means a mail-in service which provides scoring of our psychometric assessments;
"Client" means any person or organisation purchasing Materials or the Registered User using Materials;
"Digital Content" means any Materials or other goods which are supplied by The Myers-Briggs Company in electronic form and not in a tangible form, including computer-scored reports, computer software, and other electronic content: in relation to ebooks, please see our Terms of Business for e-Products;
"Guidelines" means the Guidelines for the Ethical Use of Assessments and Questionnaires, a current copy of which is available upon request, and viewable here.
"Materials" means The Myers-Briggs Company’s assessment and training materials, including Restricted Materials, whether printed materials or recorded on any other medium (such as video, DVD, CD-ROM or other software program);
"The Myers-Briggs Company" means The Myers-Briggs Company Limited together with its European branch offices (including The Myers-Briggs Company - France, The Myers-Briggs Company - Netherlands and The Myers-Briggs Company - Germany);
"Registered User" means an individual who is registered with The Myers-Briggs Company as qualified to administer one or more of our psychometric assessments to respondents, to interpret reports compiled from respondent responses and to provide feedback to respondents (and who account has not been suspended);
"Restricted Materials" means any psychometric assessments or materials (including questionnaire booklets, score keys and weights, answer sheets and profile sheets) that, at the time of purchase, are identified as restricted in The Myers-Briggs Company’s current catalogue, in The Myers-Briggs Company's sales literature, on the website or on the assessments or materials themselves;
"Trademarks" means all the registered and unregistered trademarks used by The Myers-Briggs Company in the course of business.
1.2 The headings in these Terms are for convenience, and do not affect their interpretation.
1.3 The Myers-Briggs Company reserves the right to change these Terms at any time without prior notice to you, so please check them regularly.
1.4 In the event of any conflict between these Terms (as displayed on our website) and those in our catalogue or elsewhere, these Terms (as displayed on our website) shall prevail.
2 Changes to products, services and prices
Prices and specifications of Materials and services are correct at the time of publication in The Myers-Briggs Company's current catalogue and on themyersbriggs.com, but are subject to change without notice. Materials and services may also be withdrawn without notice.
3 Supply of product
Where the Client's business is based outside Europe, please note that qualification in the use of certain instruments does not automatically mean that The Myers-Briggs Company will be able to supply the Client with such instruments.
4 Use of the Materials
4.1 Purchases of certain of The Myers-Briggs Company’s assessments and questionnaires, including Restricted Materials, must be made by or on behalf of an identified Registered User who is qualified to use the Restricted Materials and has registered with The Myers-Briggs Company in accordance with its registration procedures.
4.2 In order to be registered to purchase and use certain of our Restricted Materials, a user must have successfully completed appropriate training approved by The Myers-Briggs Company, details of which are set out at eu.themyersbriggs.com, from time to time. These include, without limitation: (i) in relation to the MBTI® and FIRO-B® instruments, individuals must first undertake The Myers-Briggs Company approved programme of psychometric assessment training, through The Myers-Briggs Company approved training provider; (ii) in relation to the CPI 260® tool, individuals must first take The Myers-Briggs Company-approved programme of psychometric assessment training, through The Myers-Briggs Company-approved training provider, unless you hold a Master's degree in Occupational Psychology or Psychology respectively in which case you may be eligible for The Myers-Briggs Company’s applicable open-access policy; and (iii) in relation to the Strong Interest Inventory®, ABLE Series™ individuals hold the relevant BPS Test User, or other applicable, qualification.
4.3 To establish which Materials an individual is qualified to purchase, a registration form must be completed and returned to The Myers-Briggs Company.
4.4 Restricted Materials must be used in compliance with the Guidelines. The Guidelines may be changed from time to time to reflect the most recently accepted practices. The Myers-Briggs Company reserves the right to refuse to supply Restricted Materials if a Client fails to comply with the Guidelines.
4.5 Our psychometric assessments are designed for adults and are not intended for children (under 16 years of age). In order to use our assessments, Registered Users shall ensure that respondents taking our assessments and using our Materials are 16 years of age or over.
5.1 Any order placed by the Client will be deemed to be an offer by the Client to purchase the Materials subject to these terms and conditions.
5.2 No order placed by the Client will be deemed accepted by The Myers-Briggs Company until:
(a) delivery of the Materials to the Client; and
(b) if requested by The Myers-Briggs Company the Client provides either:
(i) a written confirmation of the order; or
(ii) an official purchase order.
5.3 When ordering Restricted Materials, the Client must quote the name of the Registered User and his or her registration number. Orders may be refused if the delivery address is not that relating to a Registered User.
6 Digital Content
6.1 Digital Content shall be provided to you in downloadable form, upon receipt of payment, by provision of a single copy of the Digital Content for download to your installed reader, to be saved on your computer. Use is restricted to the single user and is for personal use only.
6.2 Digital Content is provided in immediately available form and is therefore non-refundable and non-transferable, in accordance with The Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 (“the Regulations”). The Regulations do not apply to Digital Content in respect of minimum cancellation period for distance selling contracts (also referred to as “cooling off” periods.
6.3 At the time of supply of Digital Content, details of any technical functionality requirements and instructions for use will be provided. In addition however, details of such are also provided within the description of the applicable Digital Content on The Myers-Briggs Company’s website. These should be reviewed prior to purchase to ensure that your computer or other equipment meets the technical requirements for provision of applicable Digital Content.
6.4 In relation to Digital Content which comprises computer software, the Client accepts that it is entitled to use the Digital Content only in accordance with any applicable software licence (the terms of which shall be deemed incorporated into these Terms of Business), a copy of which shall be available upon written request.
7 Dispatch of orders
Subject to availability, The Myers-Briggs Company normally dispatches standard (non-personalised) Materials within 24 hours of receipt of any order that The Myers-Briggs Company accepts but in any event within 30 calendar days of purchase, save for Digital Content will may be supplied immediately upon purchase and in relation to which clause 6 applies. However, under no circumstances will the Client be permitted to cancel the order for non- or late delivery unless the procedure in clause 12 (Claims) or 13 (Return for Refund or Credit) has been followed.
8 Shipping and packaging
Standard delivery charges to cover postage and packaging will apply to all Materials other than Digital Content; if the Client requires guaranteed next day delivery, please contact The Myers-Briggs Company's Customer Support Team.
9 Orders for non-stock items
Orders for Materials that do not appear in The Myers-Briggs Company catalogue or website are priced on a case-by-case basis. Please contact The Myers-Briggs Company's Customer Support Team for a quotation. Dispatch of non-stock items is normally possible within four weeks.
10 Value Added Tax
10.1 The following is The Myers-Briggs Company's best interpretation of the current law governing VAT on Materials including Digital Content, but The Myers-Briggs Company reserves the right to correctly apply VAT should this interpretation prove incorrect or be superseded.
10.2 For any sales within the UK and for any sales of Digital Content, regardless of location of the customer, The Myers-Briggs Company is required to add VAT at the standard UK rate to the cost of all products or services that are not zero-rated.
10.3 The following rules currently apply to any sales of products delivered outside the UK except Digital Content:
(a) For sales outside the EU, VAT will not be charged.
(b) For sales within the EU to VAT-registered traders, all products will be zero-rated provided The Myers-Briggs Company has knowledge of the customer's VAT number at the time of ordering. This applies wherever the goods are delivered to, provided they are not for delivery in the UK.
(c) For sales within the EU to non-VAT-registered traders or to individuals, VAT will be chargeable at the UK rate.
11.1 If a Client is not an authorised account holder, all orders must be paid for in full prior to shipment.
11.2 At a Client's request, or where an order is sent in without a cheque or credit card details, The Myers-Briggs Company will issue a pro-forma invoice against which payment may be made. When full payment is received, The Myers-Briggs Company will process such orders and provide the Client with an official, receipted invoice.
11.3 Where The Myers-Briggs Company has quoted a price for a programme in euro (€), US dollars ($) or any other currency, the price shall be paid in accordance with the currency set forth on the invoice.
11.4 Generally, credit accounts will only be offered to registered institutions and major corporate clients (subject to credit approval). Payment terms on these accounts will be 30 days from the invoice date. Authorised account holders will be required to supply an official purchase order or written confirmation. The Myers-Briggs Company reserves the right to request pre-payment for low-value orders below £250. Where the order is telephoned to the Customer Support Team, please send the official purchase order or written confirmation (clearly marked "Confirmation of telephone order") to The Myers-Briggs Company on the same day, preferably by fax on +44 (0)1865 511222, or by first-class post. Orders will only be processed on receipt of written confirmation. Any written orders not clearly marked "Confirmation of telephone order" will be processed as new orders.
11.5 It is a condition of sale that ownership of Materials does not transfer to the Client until full payment is received by The Myers-Briggs Company in respect of the Materials and any other sums which are or which become due to The Myers-Briggs Company from the Client on any account. If payment is not received by its due date, The Myers-Briggs Company may repossess any Materials that have not been paid for.
11.6 The Myers-Briggs Company reserves the right to charge interest and costs of recovery in accordance with the Late Payment of Commercial Debts (Interest) Act 1998 (as amended).
11.7 Where a transaction is completed online through The Myers-Briggs Company’s webshop (at eu.themyersbriggs.com) by credit or other card, The Myers-Briggs Company shall be responsible for the processing of such transaction.
11.8 Any such online transactions completed through The Myers-Briggs Company’s webshop will be handled through our third party service provider in a secure manner. Further information can be found at https://secure.worldpay.com/global3/brands/worldpay/payment/fixed/help_brand_en.html.
12.1 All claims should be made in writing to The Myers-Briggs Company's Customer Support Team, quoting the invoice and customer account numbers:
(a) Within three days of receipt of Materials in respect of damage or discrepancies between Materials ordered and Materials received;
(b) Within 21 days of dispatch in respect of non-delivery;
(c) Within one calendar month of dispatch in respect of defective Materials.
12.2 The Myers-Briggs Company's liability for non-delivery, incorrect delivery, or delivery of defective Materials will be limited, at The Myers-Briggs Company's option, to replacement of the Materials free of charge or to a refund of the price of such Materials together with the price paid by the Client for the original delivery.
13 Return for refund or credit
13.1 The Myers-Briggs Company will not accept any Materials for return without prior notice. To arrange return of Materials, contact the Customer Support Team, give the reason for the return and obtain a returns authorisation. You will be sent a completed returns authorisation form to enclose with the Materials you are returning. For reference, a copy of the form is available here. The Myers-Briggs Company will not accept any Materials for return unless the Client contacts The Myers-Briggs Company's Customer Support Team within 14 calendar days for return on non-defective goods and within one month of dispatch by The Myers-Briggs Company for defective goods. For the avoidance of doubt, in accordance with to clause 6.2 and the Regulations, Digital Content is non-refundable and non-returnable.
13.2 In no circumstances will The Myers-Briggs Company accept any Materials for return that are received more than 14 calendar days from the date of returns authorisation, nor will any refund or credit be made in respect of Materials received by The Myers-Briggs Company in a damaged or unsaleable condition. The Myers-Briggs Company recommends that Clients send Materials by traceable means as, in cases of dispute over receipt of returned Materials, clients will be expected to provide proof of receipt by The Myers-Briggs Company. Upon receipt of the order cancellation and return authorisation being given, and provided the returned goods have been received by The Myers-Briggs Company within 14 days of cancellation or evidence of such return has been provided, The Myers-Briggs Company will refund you within 14 calendar days of cancellation.
13.3 The Myers-Briggs Company will not reimburse any shipping or delivery costs incurred to return Materials, unless these costs are agreed by The Myers-Briggs Company in writing prior to shipping or dispatch. In the event of return of a partial order where an initial shipping or delivery charge has been made by us, The Myers-Briggs Company will not credit this charge, but nor will The Myers-Briggs Company charge it again if additional items are dispatched to correct an error by The Myers-Briggs Company.
13.4 For returns not made necessary by reasons that fall under 'Claims' above, a handling charge will be made to cover The Myers-Briggs Company's costs. This handling charge will be 10% of the returned order value, subject to a minimum charge of £10 + VAT or €15 + VAT.
13.5 The Myers-Briggs Company reserves the right to charge a handling fee as shown above on any return received without authorisation, irrespective of the reason for return.
13.6 Where a refund is due to a Client and such is caused at the fault of the Client, The Myers-Briggs Company reserves the right to deduct any administrative bank/ credit card charges from such refund. Where the refund is necessitated at the fault of The Myers-Briggs Company, no such deductions shall be made.
14 Change of address or employer
If the Client changes address, or employment, the Client must inform The Myers-Briggs Company's Customer Support Team as soon as practically possible.
15 Client's obligations
The Client represents, warrants and undertakes that:
15.1 In the event that the Client is not also a Registered User, they shall ensure that only a Registered User uses the Restricted Materials, that they remain at all times in the possession and under the control of the Registered User and that the Registered User complies with the Guidelines;
15.2 The Client shall not, and shall ensure that the Registered User shall not, license, lend, exchange, give or otherwise dispose of Restricted Materials to third parties or act as agent, distribution channel or stockist of the Restricted Materials, other than providing them to individuals in order for those individuals to be assessed under the Registered User's supervision; and shall indemnify The Myers-Briggs Company fully in the event that The Myers-Briggs Company or The Myers-Briggs Company's licensors suffer any losses, claims, liabilities, damages, expenses or costs as a result (whether direct or indirect) of any breach by the Client of such warranties and undertakings.
15.3 All Registered Users shall be required, in using The Myers-Briggs Company's Restricted Materials and Materials to verify any local requirements and/or restrictions on using psychometric assessments in general and the Restricted Materials and Materials in particular, in that jurisdiction, whether imposed by law, regulation or by a local regulatory or governmental body. Where any local requirements and/or restrictions exist that alter the criteria for, or prevent, use of Restricted Materials or Materials within a particular jurisdiction, it shall be the responsibility of the Registered User to ensure that it fully complies with any and all such local requirements and/or restrictions. Where any individual or entity uses Restricted Materials or Materials in a particular jurisdiction in contravention of any local requirements and/or restrictions, whether knowingly or inadvertently, such individual or entity shall be solely responsible and liable for such use and shall hold harmless and indemnify The Myers-Briggs Company in respect of any loss or claim by a third party against The Myers-Briggs Company arising from such. Further, in the event that a Registered User has failed to ensure that any Restricted Materials or Materials may be legitimately used within a particular jurisdiction and subsequently purchases Restricted Materials or Materials for use in that jurisdiction, such Registered User shall be liable for the costs thereof and The Myers-Briggs Company shall bear no responsibility or liability for return of such Restricted Materials or Materials or the reimbursement of any associated costs.
16 Intellectual property
16.1 All Materials and other products supplied by The Myers-Briggs Company are protected by intellectual property rights (including trademarks, copyright, patents and design rights) and rights of confidence. Reproduction of these products in whole or in part, in any form, or their storage in a database or retrieval system, by any process, is prohibited except where expressly permitted by law or by licence. Any notice on Materials, including Digital Content, in respect of intellectual property rights (including copyright and trademark notices) shall not be removed from such Materials, or obscured or otherwise altered.
16.2 The Client shall not reproduce, copy, vary or adapt the Materials by any means or in any way whatsoever, or (except as set out in clause 16.3 in respect of Digital Content) enter or convert the same into any kind of information storage or retrieval system, including but not limited to any form of electronic or computer system.
16.3 In relation to any Digital Content, you are permitted to download a single copy to the installed reader on your computer, for use by a single user of that computer at any time, provided that:
(a) the Digital Content, and any proportion thereof, is not distributed or transmitted over any network or communication line;
(b) the Digital Content is used for personal use only;
(c) the Digital Content is not copied or modified in any way;
(d) it is understood and accepted that your permission to use Digital Content (including any software comprised within) is personal to you and may not be transferred nor sublicensed to any third party.
16.4 The contents of The Myers-Briggs Company's methods of scoring and processing results are secret and deemed commercially sensitive and proprietary to The Myers-Briggs Company and its licensors and therefore must be kept confidential and the Client must not disclose them to any third party.
16.5 The Myers-Briggs Company is bound by The Myers-Briggs Company's author and distribution contracts to take prompt legal action against anyone who infringes The Myers-Briggs Company's copyrights or its authors' copyrights.
16.6 The Client may not make use of data collected by means of Restricted Materials to create products for commercial sale or other commercial exploitation.
16.7 Copyright infringement of Restricted Materials damages the professional standards and credibility of the instruments themselves and the individuals who are using them. Also, loss of revenue ultimately means that fewer resources can be devoted to the continued development of the instruments. The Myers-Briggs Company urges all The Myers-Briggs Company assessment users to cooperate by ensuring that no copyright infringements occur within their own organisation.
16.8 The Client acknowledges that the Trademarks are the property of The Myers-Briggs Company, or The Myers-Briggs Company's licensors, and that use of the Trademarks by the Client will at all times be in keeping with these Terms of Business, and the Client will seek to maintain their distinctiveness and reputation.
16.9 The Client shall not use any mark or name confusingly similar to the Trademarks in respect of goods similar to the Materials.
16.10 If The Myers-Briggs Company’s licence in relation to any software used to enable access to any Digital Content is varied or terminated such that The Myers-Briggs Company no longer has the right to make such software available to you, you shall cease use of such software.
17 Research and permissions
All Materials in The Myers-Briggs Company's catalogue and on The Myers-Briggs Company's web site are protected by copyright. Therefore if the Client wishes to modify or quote them in for example, research projects or publications or presentations, the Client will need to apply for permission, which shall be granted entirely at The Myers-Briggs Company’s and its licensors sole discretion. Please contact The Myers-Briggs Company's Legal Team for details of the correct procedure.
18 Bureau Scoring Service
18.1 Where a Client's purchase of Materials includes the provision by The Myers-Briggs Company of the Bureau Scoring Service to provide an electronically generated report, then the following shall apply:
(a) Although The Myers-Briggs Company will use its reasonable endeavours to ensure the reports are complete and accurate, The Myers-Briggs Company makes no warranty in this regard; and
(b) Questionnaires to be used with the Bureau Scoring Service will be sent out to the Client within two (2) working days of receipt of the Client’s order. Reports generated therefrom will be emailed to the Registered User normally within two (2) working days of receipt of the completed questionnaire(s) (subject to receipt of payment);
(c) A non-refundable administration fee per report applies. A refund can be requested for a report when the report has not yet been ordered. No refund can be processed when the report has been ordered (even if the Registered User has not yet received it); and
(d) The Client shall indemnify The Myers-Briggs Company in respect of any claims made by a third party against The Myers-Briggs Company or The Myers-Briggs Company's licensors in relation to the provision of the electronically generated reports to assessment-takers without appropriate feedback.
18.2 The Client shall not:
(a) Create its own software for the provision of any bureau scoring services as an alternative to the Bureau Scoring Service; or
(b) Purchase Bureau Scoring Services for the scoring of The Myers-Briggs Company questionnaires and reporting data therefrom, nor for any other use of Materials, which have been acquired from any entity other than The Myers-Briggs Company or any non-The Myers-Briggs Company questionnaires or materials.
The Myers-Briggs Company's liability arising under or as a result of the provision or use of the Materials, whether in contract, tort, breach of statutory duty or otherwise, will not exceed the price paid by the Client for such Materials and their delivery. Nothing in these terms and conditions will exclude or limit The Myers-Briggs Company's liability for death or personal injury, or for any fraud on The Myers-Briggs Company's part, or for any liability that cannot be excluded by law. Subject to the foregoing sentence The Myers-Briggs Company will not be liable for any indirect or consequential loss, loss of business, profit, revenue, data or goodwill, or for lost or wasted management time or the lost time of other employees arising from the Client's use of the Materials (whether direct or indirect).
20 Data Protection and Privacy
20.2 Client agrees to be bound by the Data Processing Terms as set forth in the Schedule attached hereto, unless otherwise agreed in writing between The Myers-Briggs Company Limited and the Client.
20.3 In respect of the personal data of European Union data subjects specifically (EU personal data), EU standard contractual clauses set forth in Exhibit 2 of the Schedule attached hereto (SCCs) shall apply in relation to any transfers of such EU personal data to The Myers-Briggs Company Limited outside the EEA, including to the UK, as set forth herein. The SCCs are entered into to ensure compliance with EU GDPR. The SCCs shall be deemed executed between the Client, as data exporter, and The Myers-Briggs Company Limited, as data importer. The SCCs shall apply in relation to transfers of such EU personal data by the Client to The Myers-Briggs Company Limited in the UK for such period during which the UK is considered to be a “third country” in relation to data protection until such time as a ruling of adequacy has been made by the European Commission in relation to the UK data protection regime.
Any condition, representation or warranty that might otherwise be implied or incorporated within these terms and conditions by reason of statute or common law or otherwise is hereby expressly excluded to the fullest extent permitted by law.
22.1 The Myers-Briggs Company will only supply the Materials in accordance with these conditions, to the exclusion of all other terms and conditions, including any that the Client attempts to apply under any purchase order, confirmation of order or any other document.
22.2 No variation of these terms and conditions requested by the Client shall be effective unless in writing and signed on behalf of The Myers-Briggs Company by one of its directors. These Terms were revised in May 2018 and December 2020.
23 Governing law and jurisdiction
These Terms are governed by English law and you agree you will only sue us in the courts of England. The place of performance of the contract will be England.
24 Further information
24.1 If you wish to raise any query, please contact email@example.com or call our Customer Services on + 44 1865 404610.
The Myers-Briggs Company Limited
15-17 Elsfield Way
Registered in England and Wales
Company Number 2218212
Data Processing Terms (DP Terms)
These DP Terms govern data processing by The Myers-Briggs Company Limited (The Myers-Briggs Company) for and on behalf of Client in relation to the goods and/or services received by Client from The Myers-Briggs Company.
These DP Terms are supplemental to The Myers-Briggs Company Terms, and together form the contract between the Parties.
2. Description of processing
The processing to be carried out by The Myers-Briggs Company is as follows:
2.1 the subject matter of the processing is as described in clause 1.1 above and the duration of the processing will be throughout the period within which The Myers-Briggs Company performs Services;
2.2 the nature of the processing is as described in clause 1.1 above and the purpose of the processing is to enable The Myers-Briggs Company to perform Services to the Client;
2.3 the personal data to be processed will be any personal data of Relevant Data Subjects provided in order to enable or facilitate the provision of Services by The Myers-Briggs Company as described in clause 1.1 above, and the categories of data subjects are Relevant Data Subjects; and
2.4 the obligations and rights of the data controller in relation to the processing are set out below.
3. Compliance with the Data Protection Regulations
3.1 Each of Client and The Myers-Briggs Company warrant and represent that it will comply with (and shall ensure that its staff and/or subcontractors comply) with the Data Protection Regulations in processing personal data in connection with the Services.
4. Relationship and roles of the parties
4.1 In relation to the processing of personal data in connection with Services, the parties acknowledge and agree that:
- 4.4.1 Client is the data controller; and
- 4.1.2 The Myers-Briggs Company is the data processor.
The Myers-Briggs Company agrees that it will process the personal data in accordance with these DP Terms.
5. Responsible individuals and enquiries
5.1 Client and The Myers-Briggs Company will each notify the other from time to time of the individual within its organisation authorised to respond to enquiries regarding the personal data and the processing which is the subject of these DP Terms. Client and The Myers-Briggs Company shall each deal promptly and reasonably with all such enquiries.
6. Processing of personal data by The Myers-Briggs Company
In relation to the processing of personal data in connection with the Services, The Myers-Briggs Company shall:
6.1 process the personal data (including when making an international transfer of the personal data) only for the purpose of and to the extent necessary for provision of the Services and then only in accordance with:
- 6.1.1 these DP Terms; and
- 6.1.2 Client's written instructions from time to time,
unless otherwise required by law. Where The Myers-Briggs Company is required by law to process the personal data otherwise than as provided by these DP Terms, it will notify Client before carrying out the processing concerned (unless the law also prevents The Myers-Briggs Company from doing so for reasons of important public interest);
6.2 implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks that are presented by the processing, in particular protection against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed under these DP Terms, as set forth in Exhibit 1;
6.3 take all reasonable steps to ensure that only authorised personnel have access to the personal data and that any persons whom it authorises to have access to the personal data will respect and maintain all due confidentiality in relation to the personal data (including by means of an appropriate contractual duty of confidentiality where the persons concerned are not already under such a duty under the law);
6.4 not engage any sub-processors in the performance of the Services without the prior written consent of Client and otherwise in accordance with clause 7 at all times;
6.5 not do, or omit to do, anything, which would cause Client to be in breach of its obligations under the Data Protection Regulations;
6.6 immediately notify Client if, in The Myers-Briggs Company's opinion, any instruction given to The Myers-Briggs Company infringes the Data Protection Regulations;
6.7 where applicable in respect of any personal data processed in relation to the Services, co-operate with and assist Client in ensuring compliance with:
- 6.7.1 Client's obligations to respond to requests from any data subject(s) seeking to exercise its/their rights under Chapter III of the GDPR, including by notifying Client of any written subject access requests The Myers-Briggs Company receives relating to Client's obligations under the Data Protection Regulations; and
- 6.7.2 Client's obligations under Articles 32 – 36 of the GDPR to:
- (a) ensure the security of the processing;
- (b) notify the relevant supervisory authority, and any data subject(s), where relevant, of any breaches relating to personal data;
- (c) carry out any data protection impact assessments (each a "DPIA") of the impact of the processing on the protection of personal data; and
- (d) consult the relevant supervisory authority prior to any processing where a DPIA indicates that the processing would result in a high risk in the absence of measures taken by Client to mitigate the risk.
6.8 provide assistance where reasonably required by Client in relation to the fulfilment of Client’s obligations to co-operate with the relevant supervisory authority under Article 31 of the GDPR.
7.1 The Myers-Briggs Company will ensure that any sub-processor it engages to provide any services on its behalf in connection with the Services does so only on the basis of a written contract which imposes on such sub-processor terms equivalent to those imposed on The Myers-Briggs Company under these DP Terms or such other alternative terms as may be agreed with Client (the "Relevant Terms"). The Myers-Briggs Company shall procure the performance by the sub-processor of the Relevant Terms and shall be directly liable to Client for:
- 7.1.1 any breach by the sub-processor of any of the Relevant Terms;
- 7.1.2 any act or omission of the sub-processor which causes:
- 126.96.36.199 The Myers-Briggs Company to be in breach of these DP Terms; or
- 188.8.131.52 Client or The Myers-Briggs Company to be in breach of the Data Protection Regulations.
7.2 Where Client has given a general authorisation to The Myers-Briggs Company to engage sub-processors, then prior to engaging a new sub-processor under the general authorisation The Myers-Briggs Company will notify Client of any changes that are made that would affect that general authorisation and give Client an opportunity to object to them.
7.3 Notwithstanding clauses 7.1 and 7.2, it is agreed that The Myers-Briggs Company shall be permitted to transfer personal data to such sub-processors as are set forth in the List of Third Parties and Transfers ex-EEA.
8. Monitoring of The Myers-Briggs Company's performance
8.1 Client is entitled to monitor and audit The Myers-Briggs Company's compliance with the Data Protection Regulations and its obligations in relation to data processing in connection with the Services at any time during normal business hours. The Myers-Briggs Company agrees to provide Client promptly with all access, assistance and information that is reasonably necessary to enable the monitoring and audits concerned. If Client believes that an on-site audit is necessary, The Myers-Briggs Company agrees to give Client reasonable access to its premises (subject to any reasonable confidentiality and security measures), and to any stored personal data and data processing programs it has on-site. Client is entitled to have the audit carried out by a third party.
9. International transfers (including outside the EEA and to third parties)
9.1 We may transfer personal data internationally, including outside the EEA, and to any third party located internationally (including to The Myers-Briggs Company Limited in the UK in respect of EU personal data, and to our parent company, The Myers-Briggs Company, in the US) where we are permitted to do so for that transfer under Articles 44 to 49 of the GDPR.
9.2 For the purposes hereof, it is agreed that The Myers-Briggs Company shall be permitted to transfer personal data internationally, including outside the EEA, and to such third parties located outside the EEA as set forth in the List of Third Parties and Transfers ex-EEA, provided the appropriate safeguard mechanisms remain in place.
9.3 In respect of EU personal data specifically, until such time as the European Commission shall deem the UK data protection regime as being “adequate”, the EU standard contractual clauses set forth in Exhibit 2 (SCCs) shall apply in respect of all transfers of EU personal data from our European offices and/or in relation to transfers of EU personal data, to The Myers-Briggs Company Limited located in the UK.
10. Completion of Services
10.1 Upon completion of the Services, The Myers-Briggs Company will at Client's discretion, on receipt of Client’s instruction, delete or return to Client, all personal data (including copies) processed in connection with the Services, except to the extent that The Myers-Briggs Company is required by law to retain any copies of the personal data and save to the extent that The Myers-Briggs Company receives instructions to the contrary from any Client Data Subject).
11. Governing Law
11.1 These DP Terms shall be governed by the laws of England and Wales and the courts of London, England shall have exclusive jurisdiction.
12.1 For the purposes of these DP Terms, defined terms used are as follows:
means all laws applicable to any personal data processed under or in connection with the Contract, including:
all as amended, re-enacted and/or replaced and in force from time to time;
means any goods and/or services provided to Client under The Myers-Briggs Company Terms of Business.
The terms personal data; data controller; data processor; processing; and supervisory authority used in these DP Terms shall have the meaning given in the Data Protection Regulations.
The Myers-Briggs Company Technical and Organisational Measures
1.1 The Myers-Briggs Company’s Information Security Management System and Data Protection systems detail:
- Process and procedures;
- Roles and responsibilities;
- Assurance process;
- Risk assessment process including DPIAs; and
- Improvement plans.
1.2 The Myers-Briggs Company’s Physical Security measures include:
- ISO27001 certified datacentres used to provide colocation for systems and services;
- The fitting of appropriate locks and other physical controls to the doors and windows of rooms where computers are kept, including swipecard entry;
- Physically securing unattended lap tops (eg by locking them in a secure drawer or cupboard);
- Ensuring control of and security of all removable media, such as removable hard-drives, CDs, floppy disks and USB drives, attached to business-critical assets;
- Destroying or removing all business-critical information from media such as CDs, and floppy disks before disposing of them;
- Ensuring that all business-critical information is removed from the hard drives of any used computers before disposing of them; and
- Storing back-ups of business-critical information off-site and/ or in a fire and water-proof container.
1.3 The Myers-Briggs Company’s Access Controls measures include:
- Using unique passwords, that are not obvious and change them regularly;
- Using complex password policies;
- Ensuring that employees understand good password security;
- Auditing unauthorised logins; and
- Monitoring for account compromise and suspicious activity.
1.4 The Myers-Briggs Company’s Security and Privacy Technologies include:
- Ensuring that all computers used have anti-virus software installed, and the virus definitions are updated at least once a week. All incoming and outgoing traffic is scanned for viruses, as are any disk or CD that is used, even where from a ‘trusted’ source. At least once a month, computers are scanned for viruses.
1.5 The Myers-Briggs Company’s awareness, training and security checks in relation to personnel include:
- Performing integrity checks on all new employees to ensure that they have not lied about their background, experience or qualifications;
- Giving all new employees a simple introduction to information security, and ensuring that they have read and understand The Myers-Briggs Company’s Information Security Policy and Data Protection Policy;
- Ensuring employees know where to find details of the Information Security standards and procedures relevant to their role and responsibilities;
- Ensuring that employees have access only to the information assets they need to do their jobs. If employees change jobs, we ensure that they do not retain access to the assets they needed for their old job. When dismissing employees, we ensure that they do not take with them any business-critical information;
- Ensuring that no ex-employees have access rights to The Myers-Briggs Company systems; and
- Ensuring employees know about the common methods that can be used to compromise systems.
1.6 The Myers-Briggs Company’s Incident/Response Management/Business Continuity include:
- Ensuring that employees understand what is meant by a Security Incident, being any event that can damage or compromise the confidentiality, integrity or availability of your business–critical information or systems;
- Ensuring that employees are trained to recognise the signs of Security Incidents;
- Ensuring that employees receive training on the need to notify anything which may be a sign of a Security Incident and are kept informed as to the identity of the person to whom such notifications should be made;
- Ensuring that if a Security Incident occurs, employees know who to contact and how;
- Having in place a Business Continuity Plan to assure business continuity in the event of a serious Security Incident. The Plan specifies:
- Designated people involved in the response;
- External contacts, including law enforcement, fire and possibly technical experts;
- Contingency plans for foreseeable incidents such as:
- Power loss;
- Natural disasters and serious accidents;
- Data compromise;
- No access to premises;
- Loss of essential employees;
- Equipment failure; and
- Ensuring that the Business Continuity Plan is issued to all required employees and is tested at least once a year, regardless of whether there has been a Security Incident; and
- After every incident when the Business Continuity Plan is used, and after every test, re-examining and updating, where necessary, the Business Continuity Plan using the lessons learned.
- Auditing of who has access to its systems;
- Logging of such access to the systems; and
- Auditing of compliance with security procedures.
1.7 The Myers-Briggs Company’s Audit Controls/Due Diligence include:
Ensuring that appropriate security audit arrangements are in place including:
Standard Contractual Clauses
Standard Contractual Clauses (processors)
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection
Name of the data exporting organisation: Customer as named in the account opening documents completed by the Customer
Address, Telephone and E-mail of the Customer, as provided:
(the data exporter)
Name of the data importing organisation:
The Myers-Briggs Company Limited
Address: Elsfield Hall, 15-17 Elsfield Way, Oxford OX2 8EP
Tel.: + 44 1865 404500; e-mail: firstname.lastname@example.org
Other information needed to identify the organisation:
Head office, registered in England and Wales under registered number 2218212.
The Myers-Briggs Company Limited
(the data importer)
each a “party”; together “the parties”,
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
For the purposes of the Clauses:
(a) 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
(b) 'the data exporter' means the controller who transfers the personal data;
(c) 'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
(d) 'the subprocessor' means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
(e) 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
(f) 'technical and organisational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Third-party beneficiary clause
1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
Obligations of the data exporter
The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).
Obligations of the data importer
The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11;
(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity. The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.
Mediation and jurisdiction
1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
Cooperation with supervisory authorities
1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.
2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.
Obligation after the termination of personal data processing services
1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
Appendix 1 to the Standard Contractual Clauses
This Appendix 1 forms part of the Clauses and must be completed and signed by the parties.
The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix 1.
The data exporter is (please specify briefly your activities relevant to the transfer):
Customer, the data controller, is customer of The Myers-Briggs Company Limited, operating in Europe, and receiving business psychology and other goods and services from The Myers-Briggs Company. Under the terms of business agreed between Customer and The Myers-Briggs Company Limited (“Terms”), and the data processing agreement supplemental to the Terms, Customer will transfer personal data relating to its employees and consultants to The Myers-Briggs Company Limited for the purposes of fulfilment of its obligations under the Terms.
Additionally, the goods and services received by Customer comprise in part the completion of questionnaires by Customer’s respondents, which are completed online via the online assessment platform, OPPassessment, of The Myers-Briggs Company Limited, and through which personal data will be transferred by Customer to The Myers-Briggs Company Limited, as the data processor, for scoring of the responses for preparation and generation of the assessment report.
The data importer is (please specify briefly your activities relevant to the transfer):
The Myers-Briggs Company Limited provides psychometric assessment goods services to customers. As such, The Myers-Briggs Company Limited will receive personal data in respect of Customer’s employees and consultants, including personal data received via its OPPassessment online platform, in relation to scoring and report generation for its psychometric assessments.
The personal data transferred concern the following categories of data subjects (please specify):
Respondents (customer employees and others as respondents or other receivers of our goods and services)
Categories of Data
The personal data transferred concern the following categories of data (please specify):
Customer and Customer contacts:
Name and title
Address and contact details
Respondents (customer employees and others as respondents or other receivers of our goods and services):
Name and title
Contact details and geographic location
Ethnicity if voluntarily provided
Special Categories of Data (if appropriate)
The personal data transferred concern the following special categories of data (please specify):
Respondents (customer employees and others as respondents or other receivers of our goods and services):
Ethnicity if voluntarily provided
The personal data transferred will be subject to the following basic processing activities (please specify):
Appendix 2 to the Standard Contractual Clauses
This Appendix 2 forms part of the Clauses and must be completed and signed by the parties.
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
- Technical and Organisation Measures – Key Controls as set forth in Exhibit 2 to the Schedule