Exhibit 4.43
|
Master
Services Agreement
Details |
nib |
|
-
name
- ABN
- address |
nib
health funds limited
83 000 124 381
22 Honeysuckle Drive Newcastle NSW 2300 |
| Contact
|
|
-
name
- phone/fax
- email |
Adam
Hatfield
0437 235 238
a.hatfield@nib.com.au |
| Supplier |
|
-
name
- ABN
- address |
Wellteq
Australia Pty Ltd
ACN: 624539500
283 Rokeby Road, Subiaco, Western Australia 6008 |
| Contact
|
|
-
name
- phone/fax
- email |
Jeames
Gillett
0422 080 282
jeames@wellteq.co |
| Start
Date |
1
October 2021 |
| Termination
Date |
30
September 2024 |
| Services |
As
set out in the Statement of Works from time to time |
| Charges |
As
set out in the Schedule of Charges and Statement of Works |
| Professional
Services |
The
Services include Professional Services, which are set out in the Statement of Works from time to time |
| Additional
Privacy Requirements |
The
Additional Privacy Requirements are applicable to this Agreement |
| Member
credit card data |
The
Services do not require the Supplier to process Member credit card data |
| Data
Security Obligations |
The
Data Security Obligations are applicable to this Agreement |
| Outsourcing
Obligations |
The
Outsourcing Obligations are not applicable to this Agreement |
IMPORTANT:
-
This Agreement is made up of each Statement of Works, the Special Conditions (if any), the Details, the Attachments, the Standard
Terms (including the Defined Terms and the Recitals), and any other annexures (if any). All capitalised terms in this Agreement have
the meaning set out next to the relevant term in the Details or Defined Terms.
-
By signing this Agreement the Parties acknowledge having carefully read and understood, and agree to be bound by, the terms of this
Agreement. Persons signing this Agreement warrant that they are an authorised representative of a Party to this Agreement and have
authority to bind that Party to the terms of this Agreement.
|
| SIGNED for and on behalf of nib by: |
|
SIGNED for and on behalf of the Supplier by: |
| |
|
|
| Signature |
/s/ Edward Close |
|
Signature |
/s/ Jeames Gillett |
| Name |
Edward Close |
|
Name |
Jeames Gillett |
| Position |
Chief Executive, arhi |
|
Position |
Chief Operating Officer |
| Date |
09/28/2021 |
|
Date |
09/29/2021 |
|
Index
|
|
| |
|
| 1 |
Interpretation |
9 |
| 2 |
Appointment of Supplier |
10 |
| 3 |
General Obligations |
10 |
| 4 |
Services |
11 |
| 5 |
Professional Services |
12 |
| 6 |
Delays |
12 |
| 7 |
Personnel for Services |
12 |
| 8 |
Safety, security and care |
12 |
| 9 |
Modern Slavery |
13 |
| 10 |
Privacy |
14 |
| 11 |
Confidential Information and Intellectual Property |
16 |
| 12 |
Outsourcing Obligations |
16 |
| 13 |
Variations to the Services |
17 |
| 14 |
Indemnities and insurance |
18 |
| 15 |
Acceptance Testing |
19 |
| 16 |
Payment |
19 |
| 17 |
Goods and Services Tax (GST) |
20 |
| 18 |
Completion of the Services |
20 |
| 19 |
Suspension |
21 |
| 20 |
Dispute resolution |
21 |
| 21 |
Termination |
21 |
| 22 |
Joint and several liability |
22 |
| 23 |
Set Off |
22 |
| 24 |
General |
22 |
Recitals
| A. | The Supplier offers specialist digital wellbeing services. |
| B. | nib wishes to engage the Supplier as a supplier of specialist
digital wellbeing services in respect of an Engagement or potentially a number of Engagements. |
| C. | This Agreement sets out the terms and conditions upon which
the Services will be performed by the Supplier for nib. |
| Defined Terms |
| Additional Privacy Laws |
has the meaning given in Attachment A. |
| Additional Privacy Requirements |
means the additional privacy obligations relevant to the Additional Privacy Laws, including Attachment A (Privacy) which apply to this Agreement where indicated in the Details section of this Agreement. |
| Agreement |
means this master services agreement between the Parties comprising, in decreasing order of priority to the extent of any inconsistency, each Statement of Works, the Special Conditions (if any), the Details, the Attachments, these Standard Terms (including the Defined Terms and the Recitals), and any other annexures (if any) (other than the Special Conditions, if any). |
| AOC |
means an attestation of compliance with the PCI DSS in a form approved by the PCI. |
| Australian Privacy Legislation |
means the Privacy Act 1988 (Cth), the Australian Privacy Principles, the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth), and any applicable state/territory privacy laws or industry codes of practice relating to the handling of Personal Information. |
| Business Day |
means any day other than a Saturday, Sunday or public holiday (in New South Wales). |
| Calendar Days |
means all days in a month, including weekends and holidays. |
| Charges |
means the charges payable by nib for the Services, as set out in the Statement of Works or in the Schedule of Charges (as applicable). |
| Claims |
means claims, demands, debts, accounts, actions, expenses, costs, liens liabilities and proceedings of any nature whatsoever (whether known or unknown), whether arising under contract, in equity, in restitution, or negligence. |
| Code of Conduct |
means the nib Supplier Code of Conduct, a copy of which is available at the following link https://www.nib.com.au/ |
| Confidential
Information |
means
all information provided by one Party (Disclosing Party) to the other
Party (Receiving Party) for or in connection with the Agreement, including:
● information
marked as confidential;
● information
which by its nature is confidential, is known to be confidential or which the Receiving Party ought to have known was confidential;
● all
business plans, technical, financial, commercial or other information disclosed (whether orally, in writing or by any other means) which
is marked as being confidential or which the Receiving Party could reasonably regard as confidential; and
● Personal
Information,
but not including:
● information
which at the time of first disclosure is already in the public domain or is generally known or is available by publication, commercial
use or otherwise without a breach of this Agreement;
● information
which the Receiving Party already possesses at the time of disclosure to it, except through a breach of an obligation of confidentiality
by any third party; or
● information
which a Party independently acquires, except through a breach of an obligation of confidentiality by any third party. |
| Data
Security Obligations |
means
the data security obligations set out in Attachment D (Data Security Obligations) which apply to this Agreement where indicated
in the Details section of this Agreement. |
| Date
for Completion |
means
the date for completion of the Services (if any) specified in the Statement of Works. |
| Delivery
|
means
delivery of the Services in accordance with clause 3(b). |
| Delivery
Date(s) |
means
the date(s) for delivery of the Services (if any) specified in the Statement of Works or any other date for delivery of Services
agreed by nib. |
| Delivery
Point(s) |
means
the place(s) (if any) for delivery of the Services specified in Statement of Works. |
| Direction
|
includes
any agreement, approval, authorisation, certificate, decision, demand, determination, explanation, instruction, notice, order, permission,
rejection, request or requirement. |
| Dispute
|
means
a dispute arising out of or relating to this Agreement, including a dispute as to breach or termination of this Agreement or as to
any Claims. |
| Engagement
|
means
an engagement of the Supplier to perform the Services, as set out in a Statement of Works. |
| Engagement
Commencement Date |
means
the date on which an Engagement will commence, as set out in a Statement of Works. |
| Engagement Termination Date |
means the date on which an Engagement will cease, as set out in a Statement of Works. |
| GST |
means a tax imposed under GST Law. |
| GST Law |
has
the meaning given in section 195-1 of A New Tax System (Goods and Services Tax) Act 1999 (Cth). |
| Insolvency Event |
means:
● the Supplier is liquidated, whether compulsorily or voluntarily (other
than for the purpose of amalgamation or reconstruction whilst solvent);
● the Supplier enters into any arrangement with creditors;
● the
Supplier becomes subject to external administration within the meaning of Chapter 5 of the Corporations Act 2001 (Cth) including
having a receiver or administrator appointed over all or any part of its assets; or
● anything
analogous or having a substantially similar effect to the events specified in (a) to (c) above occurs in relation to the Supplier in
any jurisdiction. |
| Intellectual Property |
means
any item, whether tangible or intangible to which Intellectual Property Rights apply, whether registered or not or capable of registration
or not and Intellectual Property Rights means all statutory and other proprietary rights in respect of all intellectual or
industrial property including all trademarks, patents, copyright, confidential information and all other intellectual property as
defined by Article 2 of the Convention Establishing the World Intellectual Property Organisation of July 1967. |
| Invoice |
means an invoice issued by the Supplier under this Agreement for the provision of the supply. |
| KPIs |
means the Key Performance Indicators (if any) set out in the Service Level Requirements (if any). |
| Law |
includes any requirement of any statute, regulation, proclamation, ordinance, by-law or common law, present or future and whether state, federal or otherwise. |
| Member |
means a person who holds a policy of insurance with nib or its Related Entities. |
| Modern Slavery |
means the exploitation of a worker, human trafficking, slavery, servitude, forced labour, debt bondage or deceptive recruiting for labour or services, or similar types of conduct. |
| Modern Slavery Laws |
means any Law which:
● prohibits Modern Slavery and which is applicable or otherwise in force
in the jurisdiction:
i. referred to clause 24.6,
ii. in which nib or the Supplier is registered or conducts business;
or
iii. in which activities relevant to the Agreement are to be performed, or
|
| |
imposes Modern Slavery reporting obligations on one or both of the parties to this Agreement. |
| nib |
means nib holdings limited and its Related Entities. |
| nib Policies |
means each of nib’s policies relating to safety, the environment, quality, energy and purchasing and such other policies as notified to the Supplier by nib, as amended from time to time. |
| nib Representative |
means the person identified in the Details as nib’s contact for the purposes of the Agreement, or such other person as nib may notify to the Supplier in writing from time to time. |
| Outsourcing Obligations |
means the material outsourcing obligations set out in clause 12, which apply to this Agreement where indicated in the Details section of this Agreement. |
| Outsourcing Standard |
means the Outsourcing Prudential Standard CPS 231 published by the Australian Prudential Regulation Authority (APRA). |
| Parties |
means both the Supplier and nib and Party means either one, as the context dictates. |
| PCI |
means the Payment Card Industry Security Standards Council. |
| PCI DSS |
means the Data Security Standard developed by the PCI, as updated from time to time. |
| People |
include employees, agents, consultants and subcontractors of a Party but nib’s People does not include the Supplier or it’s People. |
| Personal Data |
has the meaning given in Attachment A. |
| Personal Information |
has the same meaning as in the Privacy Act 1988 (Cth). |
| Professional Services |
where the Details section of this Agreement indicates that professional services are relevant to this Agreement, means the professional services described in the Statement of Works. |
| Related Entity |
has the meaning given in section 9 of the Corporations Act 2001 (Cth). |
| Schedule of Charges |
means the schedule of Charges set out in Attachment C. |
| Services |
means the work or services described in the Statement of Works and includes the Professional Services (where applicable). |
| Service Level Requirements
|
means
nib’s standards for performance of the Services (if any) by the Supplier as set out in the Statement of Works. |
| Site Regulations |
means
nib’s standard contractors site regulations, policies or site specific inductions as amended by nib from time to time. |
| Special Conditions |
means
the special conditions of supply of the Services (if any) set out in the Statement of Works. |
| Standard Terms |
means
the Standard Terms of Supply of Services, commencing on page 9 of this Agreement, and includes these Defined Terms. |
| Start Date |
means
the Start Date of this Agreement, specified in the Details. |
| Statement of Works |
means
the document executed between the Parties from time to time that sets out the Services, the Charges and other requirements of the
Parties, and which must be in materially the same form as that set out in the Statement of Works Template. |
| Statement of Works Template |
means
the template to be used for Statements of Works, as set out in Attachment B. |
| Site |
includes
any site or premises (whether or not owned by nib) where nib requires or permits the Supplier to perform the Agreement. |
| Termination Date |
means
the expiry date of this Agreement (if any) specified in the Details. |
| Term |
Has
the meaning given to that term by clause 2.1. |
| Work
|
means
an idea, method, invention, discovery, design or other work created or made by the Supplier either in performing the Supplier’s
obligations under this Agreement or relating to or capable of being used in those aspects of the businesses of nib in which the Supplier
is engaged. |
Standard Terms of Supply
of Services
| 1.1 | In this Agreement unless the context otherwise requires: |
(documents) a reference to this Agreement or another document
includes any document which varies, supplements, replaces, assigns or novates this Agreement or that other document.
(references) a reference to the background, a party, clause,
paragraph, schedule or annexure is a reference to the background, a party, clause, paragraph, schedule or annexure to or of this Agreement.
(headings) clause headings are inserted for convenience only
and must not be used when interpreting this Agreement.
(person) a reference to a person includes a natural person,
corporation, statutory corporation, partnership, the Crown and any other organisation or legal entity and their personal representatives,
successors and permitted assigns.
(rights and obligations) a reference to a right or obligation
of a party is a reference to a right or obligation of that party under this Agreement.
(requirements) a requirement to do anything includes a requirement
to cause that thing to be done, and a requirement not to do anything includes a requirement to prevent that thing being done.
(including) including and includes are not words of limitation.
(corresponding meanings) a word that is derived from a defined
word has a corresponding meaning.
(singular) the singular includes the plural and vice-versa.
(parts) a reference to one or more things includes each part
and all parts of that thing or group of things.
(rules of construction) neither this Agreement nor any part
of it is to be construed against a party on the basis that the party or its lawyers were responsible for its drafting.
(joint and several) an obligation on the part of two or more
persons binds them jointly and severally.
(a statute, code, or other law) includes regulations and other
instruments made under any of them and consolidations, amendments, re-enactments or replacements of any of them.
(writing) a reference to a notice, consent, request, approval
or other communication under this Agreement or an agreement between the Parties means a written notice, request, consent, approval or
agreement.
| 2.1 | This Agreement will commence on the Start Date and expire on
the Termination Date (Term), unless |
| (a) | it is terminated earlier in accordance with its terms; |
| (b) | it is extended by nib and the Supplier by prior written agreement;
or |
| (c) | an Engagement has an Engagement Termination Date which is
later than the Termination Date, in which case the Agreement will expire on the Engagement Termination Date. |
| 2.2 | When nib wishes to engage the Supplier to perform the Services
under an Engagement, the Parties will complete and execute a Statement of Works. |
| 2.3 | A Statement of Works forms part of this Agreement and becomes
binding on the Parties when it has been signed by nib. |
| 2.4 | Notwithstanding any other provision in this Agreement, nib
is under no obligation to issue the Supplier with Statements of Works during the Term. |
| 2.5 | Nothing in this Agreement is taken to bind nib to an exclusive
arrangement with the Supplier in relation to the supply of the Services. |
| (a) | represents and warrants that any information provided to nib,
during discussions and negotiations regarding this Agreement, as it relates to human rights, labour rights, environment, governance,
community or the Supplier’s compliance with the Code of Conduct (Sustainable Practices) is complete and accurate as at the
date of this Agreement; and |
| (b) | agrees to notify nib of any matter that it reasonably believes
will materially impact on the completeness and accuracy of the information provided to nib relating to its Sustainable Practices. |
Subject to clause 2, the Supplier must:
| (a) | with effect from the Start Date, carry out and complete the
Services in accordance with the terms of the Agreement by the Date for Completion; or |
| (b) | supply the Services in accordance with the terms of the Agreement
at the Delivery Point by the Delivery Date. |
| 4.1 | In complying with clause 3 when performing the Services,
the Supplier must: |
| (a) | exercise due skill, care and diligence in the performance
of the Agreement; |
| (b) | ensure all Services are carried out: |
| (1) | in accordance with the Service Level Requirements (if any); |
| (2) | to a professional standard; |
| (3) | in accordance with all Laws; and |
| (4) | in accordance with the Code of Conduct; and |
| (c) | comply with all reasonable Directions given by nib regarding
the performance of the Agreement; and |
| (d) | ensure all Services comply with any specification provided
by nib. |
Services warranties
| 4.2 | The Supplier warrants that all Services supplied to nib pursuant
to this Agreement will be: |
| (a) | performed by People that have all the necessary experience,
skill, knowledge and competence to perform the Services; |
| (b) | fit for the purposes set out in this Agreement and otherwise
notified to the Supplier by nib (including any purposes described in the Statement of Works); and |
| (c) | complete, accurate and free from any material faults. |
General warranties
| 4.3 | The Supplier warrants and represents to nib that: |
| (a) | it has the authority and power to execute, deliver and perform
its obligations under this Agreement; and |
| (b) | it has all rights, title, licenses, interests and property
necessary to lawfully supply the Services. |
No exclusion of implied warranties and conditions
| 4.4 | Nothing in this Agreement excludes any condition, warranty,
guarantee, right or remedy implied by any Law for the benefit of a purchaser, including the Competition and Consumer Act 2010 (Cth). |
Subcontracting
| 4.5 | The Supplier may only subcontract parts of the Services and
subcontract labour with nib’s prior written consent. |
Conflicts of interest
| 4.6 | The Supplier warrants at the date of this Agreement and during
the Term, the Supplier is not and will not be or become, directly or indirectly, engaged with or concerned or interested in any other
business or party or otherwise in circumstances which conflict or cause the Supplier’s other obligations or interests to conflict
directly or indirectly with the Supplier’s obligations under this Agreement. |
| 5.1 | This clause 5 applies only if the Details section of this
Agreement indicates that the Supplier is performing Professional Services. |
| 5.2 | The Supplier acknowledges nib is relying on the professional
judgment and skill of its People in performing all Professional Services. |
| 5.3 | Any Direction by nib, including approval or review, in relation
to any Professional Services, is for contract management purposes only and does not relieve or reduce the Supplier’s obligations
or liability: |
| (a) | under this Agreement; or |
| (b) | as a provider of Professional Services to nib, owing a duty
of care to nib. |
The Supplier must promptly notify nib if it becomes aware of anything
which may delay its performance of the Services
| 7.1 | nib may direct the Supplier to remove a person from the performance
of the Services at its reasonable discretion. |
| 7.2 | The Supplier warrants it has the materials, personnel and
resources to properly perform the Services. |
| 7.3 | The Supplier must ensure the terms of employment for all
people performing the Services comply with the relevant Laws governing their employment and must, at nib’s request, provide evidence
of compliance with this clause. |
| 8 | Safety, security and care |
| 8.1 | The Supplier must, and must procure that its People, comply
with all Laws and all occupational health, safety and environmental and rehabilitation requirements of nib relating to the Agreement,
including the Site Regulations and the nib Policies. |
| 8.2 | To the extent that the Supplier is performing Services at
the Site: |
| (1) | avoid damage to property on or near the Site and make good
any loss or damage caused to any nib or third party property by the Supplier or its People; |
| (2) | ensure that on completion of the Services the Site is left
clean and tidy to the satisfaction of nib; and |
| (3) | only work or enter the Site during the working hours specified
by nib and only for the purposes of performing the Agreement. |
| (b) | the Supplier warrants that: |
| (1) | it has fully inspected the Site and reviewed all information
provided by nib about the Site; and |
| (2) | it has identified any hazards and provided for all reasonable
contingencies that may arise while the Supplier is performing the Agreement at the Site. |
| (c) | if requested by nib, the Supplier and its People must undertake,
at the Supplier’s expense, a site induction prior to performing any work at the Site to ensure a full understanding of site requirements. |
| 8.3 | At all times during the Supplier’s performance of the
Agreement, the Supplier must, and must procure that its People, comply with all Laws relating, equipment or materials required under the
Agreement. |
| 9.1 | The Supplier must ensure that: |
| (a) | in performing its obligations in connection with the Agreement,
the Supplier must and will ensure that its People: |
| (1) | do not engage in any conduct or omission which may contravene
any Modern Slavery Laws; and |
| (2) | comply with the Code of Conduct as it relates to Modern Slavery;
and |
| (b) | it does all things required or necessary to mitigate or reduce
Modern Slavery risks in its operations and supply chains and stay in compliance with all applicable Modern Slavery Laws and the Code
of Conduct. |
| 9.2 | The Supplier must use reasonable endeavours to ensure the
terms of the contractual arrangements entered into with any person engaged by the Supplier to provide services in connection with this
Agreement, permit the termination of such commitments, where the Supplier has reasonable grounds to believe there has been, or is likely
to be, a breach of any applicable Modern Slavery Laws. |
| 9.3 | The Supplier represents and warrants to nib that: |
| (a) | neither the Supplier nor its People have been convicted of
any offence involving Modern Slavery and human trafficking; and |
| (b) | it conducts its business in a manner that is consistent with
Modern Slavery Laws and with the Code of Conduct. |
| 9.4 | The Supplier will implement due diligence procedures for
its own suppliers and other persons in their supply chain to ensure that there is no, or there is no risk of, Modern Slavery in its supply
chains. |
| 9.5 | The Supplier must establish and maintain policies and procedures
to ensure that the Supplier and its People comply with the obligations set out in clause 9.1(a). The Supplier must ensure that its policies
and procedures as contemplated in this clause 8 contain requirements that training will be provided to the Supplier’s People, as the
case may be, in relation to the matters addressed by those policies and procedures. |
| 9.6 | nib may request that the Supplier provide: |
| (a) | evidence of the Supplier’s compliance with the Code
of Conduct and the Modern Slavery Laws; and |
| (b) | information to enable nib to comply with its own obligations
under Modern Slavery Laws. |
| 9.7 | The Supplier must provide nib with any information reasonably
requested under clause 8.6 as soon as reasonably practicable. |
| 9.8 | If nib knows of or has reasonable grounds to suspect a past,
present or potential breach by the Supplier or its People of any applicable Modern Slavery Laws or any of their own policies relating
to Modern Slavery, in connection with the Agreement, nib may give notice in writing to the Supplier requiring an explanation, copies
of documents, and access (for the purposes of interview by internal or external lawyers) to the Supplier’s People. |
| 9.9 | The Supplier must give such assistance and access to the
documents and the Supplier’s People as the Company may reasonably require under clause 8.8 and must provide (at the Supplier’s cost)
all reasonable assistance (including the provision of information) to nib in order to allow them to comply with the nib’s obligations
under the Modern Slavery Laws. |
| 9.10 | The Supplier indemnifies nib and its Related Entities in
respect of any liability incurred as a result of the Supplier’s breach of clause 9. To the furthest extent permitted by Law, and notwithstanding
any other provision in this Agreement, the Supplier’s obligation to indemnify under this clause 9.10 is not limited to any contractual
limit on liability. |
| 9.11 | If the Supplier is in breach of this clause 9, nib may notify
the Supplier of the breach and require the Supplier to, within 20 business days, undertake remedial action to rectify the breach, ensure
its compliance with Modern Slavery Laws and/or the Code of Conduct (as applicable) and minimise the risk of Modern Slavery within the
Supplier’s supply and value chains. |
| 9.12 | If a Supplier fails to undertake the remedial action as required
in clause 9.11, nib may terminate this Agreement with immediate effect by giving written notice to the Supplier. |
| 10.1 | The Supplier agrees to comply with: |
| (a) | this clause 10 in relation to any Personal Information; and |
| (b) | if the Details provide that the Additional Privacy Requirements
are applicable, Attachment A in relation to any Personal Data, |
it receives from nib, or in connection with the Services to be provided
under this Agreement.
| 10.2 | Each Party agrees that, in addition to any other standards
of confidentiality or privacy agreed between the parties, each will: |
| (a) | only use the Personal Information for the purpose of fulfilling
its obligations under this Agreement; |
| (b) | take reasonable steps to ensure that the Personal Information
is protected against misuse and loss, and from unauthorised access, modification or disclosure (including ensuring that, where its Personnel
may have access to the Personal Information, access is restricted to its Personnel only who require access to it in order to fulfil its
obligations to the other party; |
| (c) | comply with all Australian Privacy Legislation and comply
with the other party’s reasonable instructions to enable this to be achieved; |
| (d) | not disclose any Personal Information without the other party’s
prior consent (except to the individual to whom the Personal Information relates) and notify the other party immediately if it becomes
aware that a disclosure of Personal Information may be required by Law and or at the direction or order of a court of competent jurisdiction,
or has been made in breach of this clause 8 or any Australian Privacy Legislation; and |
| (e) | handle Personal Information in a manner as reasonably directed
by the other party from time to time, provided that the direction will not cause it to breach any Australian Privacy Legislation. |
| (a) | not do anything with the Personal Information they receive
under this Agreement that will cause the other party to breach its obligations under any Australian Privacy Legislation; |
| (b) | reasonably cooperate with each other to resolve any complaint
made under any Australian Privacy Legislation in connection with this Agreement, and provide other reasonable assistance required for
the parties to comply with any Australian Privacy Legislation relating to the collection, handling, use or disclosure of Personal Information
under this Agreement; |
| (c) | notify each other party promptly of any threatened, suspected,
or actual breach of this clause 9 (including, where the Details provide that the Additional Privacy Requirements are applicable, Attachment
A); and |
| (d) | where the Details provide that the Additional Privacy Requirements
are applicable, comply with the terms of Attachment A. |
| 10.4 | Notwithstanding any other provision in this Agreement, nib may terminate this Agreement without
liability if it determines that the Supplier has breached any provision of this clause 10 (including, where the Details provide that
the Additional Privacy Requirements are applicable, any provision of Attachment A). |
| 10.5 | nib will notify Supplier of such breach, and Supplier will
immediately take reasonable steps to remedy the breach or end the breach, as applicable. |
| 10.6 | Where the Details provide that the Supplier will process
Member credit card data: |
| (a) | the terms “Personal Information” and “Personal
Data” include Member credit card data; |
| (b) | the Supplier is solely responsible for the security of all
Member credit card data that is collected, processed or stored on behalf of nib; and |
| (c) | the Supplier must provide a copy of its AOC to the nib Representative
prior to the commencement of the provision of the Services and annually thereafter prior to expiry of each AOC. |
| 11 | Confidential Information and Intellectual Property |
| 11.1 | If either Party or its People have access to any of the other
Party’s Confidential Information, the Receiving Party must: |
| (a) | keep the Confidential Information confidential; and |
| (b) | not disclose the Confidential Information to any third party,
without the written consent of the Disclosing Party. |
| 11.2 | The Supplier warrants it will not infringe any third party
Intellectual Property Rights in performing the Agreement. The Supplier indemnifies nib against any Claims which may be brought against
nib for an infringement of Intellectual Property Rights by the Supplier or its People. |
| 11.3 | If the Supplier or its People (alone or with others) during
the Term makes or creates any Work the Supplier will disclose promptly full details of the Work to nib and all rights in it will belong
to nib. However, nib will not obtain Intellectual Property Rights in: |
| (a) | any antecedent methodologies or templates used to develop
or deliver the Work; or |
| (b) | any general methods of working developed by the Supplier. |
| (a) | assign to nib all rights, title and interest in any current
or future Work which is or may become a copyright work anywhere in the world; and |
| (b) | will consider itself a trustee for nib in relation to all
such Works. |
| 11.5 | The Supplier must in either case at the request of nib do
everything necessary to vest all rights, title and interest in any Work in nib or its nominee absolutely and to secure patent or other
appropriate forms of protection for the Work anywhere in the world. |
| 11.6 | The Supplier must not do or fail to do anything which would
or might prejudice the rights of nib under this clause 11. |
| 12 | Outsourcing Obligations |
| 12.1 | This clause 12 is binding on the parties where the Details
provide that the Outsourcing Obligations apply to this Agreement. |
| 12.2 | The Supplier acknowledges that: |
| (a) | nib is required to comply with the Outsourcing Standard; and |
| (b) | under the terms of the Standard, nib must ensure that the
Supplier complies with certain requirements as set out in this clause. |
| (a) | will comply with all requests of nib in relation to its compliance
with the Outsourcing Standard as it applies to this Agreement; and |
| (b) | acknowledges that APRA may request: |
| (i) | documentation and information relating to this Agreement from
the Supplier; and |
| (ii) | to conduct on-site visits to the Supplier if APRA considers
this necessary in its role as prudential supervisor. |
| (i) | provide APRA with access to any documentation and information;
and |
| (ii) | allow APRA to undertake such visits, |
as requested by APRA in relation to the Outsourcing Standard as it
applies to this Agreement
| 12.4 | The Supplier agrees will not disclose to any other person
or advertise that APRA has: |
| (a) | requested access to the Supplier’s documentation or information;
or |
| (b) | undertaken a site visit of the Supplier, |
except to the extent necessary to comply with any legal or contractual
obligation binding on the Supplier.
| 12.5 | Subject to the Supplier’s compliance with its obligations
under clause Error! Reference source not found., where the Supplier subcontracts any part of the Services to a subcontractor (Outsourced
Function), the Supplier remains responsible for the Outsourced function as if it were performing the Outsourced Function itself,
and indemnifies nib for any losses or Claims arising out of related to any failure of the subcontractor in relation to the Outsourced
Function. |
| 13 | Variations to the Services |
| 13.1 | nib may direct the Supplier to vary the Services including: |
| (a) | increasing or omitting part of the Services; and |
| (b) | carrying out additional work. |
| 13.2 | The Supplier must not vary the Services without nib’s
prior written approval. |
| 13.3 | If nib directs the Supplier to vary the Services in accordance
with clause 13.1, the Parties shall negotiate in good faith to determine the value of a variation and after taking into account the Supplier’s
applicable rates and prices. |
| 14 | Indemnities and insurance |
| 14.1 | The Supplier indemnifies nib and its People from and against
any Claims arising as a direct or indirect result of: |
| (a) | any breach by the Supplier (or its People) of this Agreement;
or |
| (b) | any negligent, unlawful or wilful acts or omissions of the
Supplier or its People, |
except to the extent the Claim arises solely as a result of nib’s
negligence or breach of the Agreement by nib.
| 14.2 | During the Term the Supplier must maintain: |
| (a) | workers compensation insurance as required by applicable Laws
for all personnel performing any work under the Agreement; |
| (b) | public liability insurance providing a minimum indemnity limit
of $20 million; |
| (c) | if the Agreement includes the supply of Professional Services,
professional indemnity insurance providing a minimum indemnity limit of $10 million; |
| (d) | for any motor vehicles brought onto the Site, third party
property damage motor vehicle insurance; |
| (e) | cyber insurance providing a minimum indemnity limit of $1
million; and |
| (f) | any other insurance required by nib (acting reasonably). |
| 14.3 | The professional indemnity policy referred to in clause Error!
Reference source not found. must cover all Professional Services and be a claims-made policy. For 7 years after termination or expiry
of this Agreement, the Supplier must maintain the contract of professional indemnity insurance or obtain run-off professional indemnity
insurance. |
| 14.4 | All policies of insurance must be with an insurer approved
by nib, whose approval will not be unreasonably withheld. |
| 14.5 | The Supplier must notify nib in writing within 5 Business
Days if any of its policies of insurance lapse, are cancelled or if there have been claims on the policies which erode the indemnity
limit by more than 50%. |
| 14.6 | The Supplier must produce certificates of currency for each
policy of insurance to the nib Representative prior to the commencement of the provision of the Services, and prior to the expiry of
each policy. |
| 14.7 | During the Term, the Supplier must ensure that any motor
vehicles brought onto the Site are covered by a current and adequate third party property damage motor vehicle insurance policy. |
| 15.1 | nib may conduct such acceptance tests, or require the Supplier
to conduct such acceptance tests on the Services as determined by nib, including: |
| (a) | operational and functional tests; and |
| (b) | tests that are sufficient to determine whether the Services
meet the requirements of this Agreement, including any Statements of Work. |
| 15.2 | The Services will be deemed to have passed the acceptance
tests, unless nib notifies the Supplier within 14 Calendar Days of the testing becoming available, that the Services have not passed
the acceptance test. |
| 15.3 | Without limiting any other rights and remedies available
to nib, if nib is not satisfied that the Services have passed the acceptance tests, nib may; |
| (a) | require the Supplier to promptly modify or replace the Services
(withing a further period of time determined by nib, acting reasonably), so that the Services will pass the acceptance test, in which
case nib may perform acceptance tests on the modified or replaced Services; and |
| (b) | if, after being given a further opportunity to modify or replace
the Services in accordance with clause 15.3(a), the Services still do not pass the acceptance tests nib may: |
| (1) | terminate this Agreement and any Statements of Work by giving
10 Calendar Days’ notice to the Supplier in writing; or |
| (2) | accept the failed Services, in which case the Supplier must
refund or pay to nib the fees that nib notifies the Supplier are attributable to the failed portion of the Services. |
| 16.1 | nib is only required to pay the Supplier: |
| (a) | for lump sum Charges, when the whole of any Services identified
as included in that lump sum is delivered or complete; or |
| (b) | for schedule of rates charges, for the Services completed
at that schedule of rates. |
| 16.2 | If the Statement of Works does not contain specific payment
dates and amounts, the Supplier must submit a claim for payment for each month in which the Supplier is carrying out Services. |
| 16.3 | The Supplier’s claim must contain enough information
(including nib’s purchase order number) for nib to verify the amount payable to the Supplier. |
| 16.4 | nib will pay the Supplier’s claim within 30 calendar
days of receipt of a tax compliant invoice issued in accordance with the relevant Statement of Works. Should nib dispute an invoice in
part or in full nib will notify the Supplier in accordance with clause 20. |
| 16.5 | With prior notice to the Supplier, nib may deduct from an
amount payable to the Supplier under the Agreement any amount which is, payable by the Supplier to nib, or which is otherwise entitled
to deduct. |
| 16.6 | The Supplier acknowledges that its rates and prices (including
any lump sum price) for the Services include the cost of everything associated with or necessary for the proper performance of the Services. |
| 16.7 | Payments by nib are on account only and do not evidence nib’s
acceptance of the Services. |
| 16.8 | The Agreement rates and prices will not be adjusted for rise
and fall unless the Agreement expressly states that it is subject to rise and fall. |
| 16.9 | The Supplier must provide nib with written details of a bank
account to enable nib to make payments under this Agreement to that account by electronic funds transfer. |
| 17 | Goods and Services Tax (GST) |
| 17.1 | Unless expressly stated otherwise, all amounts payable or
the value of other consideration provided in respect of supplies made under or in accordance with this Agreement are exclusive of GST.
If GST is levied or imposed on any supply made under or in accordance with this Agreement, the amount payable or the value of the consideration
provided for that supply shall be increased by the amount of the GST levied or imposed. |
| 17.2 | Where a party must reimburse or indemnify another party for
a loss, cost, expense or other amount incurred, the amount to be reimbursed or indemnified must first be reduced by any input tax credit
available to that party and, if it is a taxable supply, must be increased by the GST payable for that supply. |
| 17.3 | Where a party makes a taxable supply under or in accordance
with this Agreement, that party shall provide a tax invoice to the recipient for that supply, unless it is a recipient created tax invoice,
in which case it will be issued by the recipient of the supply. |
| 17.4 | If an adjustment event occurs in relation to a supply under
or in accordance with this Agreement, the party making the supply must issue an adjustment note to the recipient for that supply within
28 days after becoming aware of the adjustment, or the recipient requests an adjustment note, whichever is earlier. |
| 17.5 | Terms defined in A New Tax System (Goods and Services Tax)
Act 1999 (Cth) have the same meaning when used in this clause. |
| 18 | Completion of the Services |
At the completion of the Services or on earlier termination of the
Agreement, the Supplier must promptly:
| (a) | deliver to nib all materials, documentation and completed
things produced by the Supplier as part of the Services. For the avoidance of doubt this excludes working materials and artefacts not
required for the functioning of the Services; and |
| (b) | return to nib all materials, documentation and other things
provided to the Supplier by nib for the purposes of the Agreement. |
| 19.1 | The nib Representative may direct the Supplier to suspend
the whole or part of the Services for any reason for a period nominated by the nib Representative. |
| 19.2 | If the suspension is directed because of a default or act
or omission by the Supplier or its People, the Supplier is not entitled to make a claim against nib for any additional costs losses or
damages it may incur or sustain in connection with the suspension. |
| 19.3 | If nib becomes aware that any reason for suspension no longer
exists, it will notify the Supplier in writing and the Supplier must recommence the performance of the Services as soon as practicable. |
| 19.4 | If the performance of the Services is suspended for any reason
other than a default or act or omission by the Supplier or its People, the Supplier will be entitled to request an extension of time
for the completion of the Services not exceeding the period of suspension. |
| 19.5 | The nib Representative will determine the length of the extension
(if any) having regard to the Supplier’s circumstances and acting reasonably. |
| 19.6 | If the Supplier is unable to recommence the Services within
such reasonable period as the nib Representative may notify, nib may terminate the Agreement, or the relevant Statement of Works, immediately
by giving written notice to the Supplier, in which case the Supplier will be entitled to payment for any Services properly completed
under the Agreement up to the date of termination, but will not be entitled to make any other claim against nib arising from the termination. |
| 19.7 | The exercise of the right of suspension does not affect any
other right which nib has to terminate the Agreement. |
| 20.1 | The Parties will attempt to resolve disputes speedily by
negotiation in good faith. Senior personnel nominated by each Party will attempt to resolve the dispute. |
| 20.2 | If the dispute is not resolved within 30 calendar days of
the commencement of negotiations, either Party may in writing terminate any dispute resolution process and refer the dispute to arbitration
or commence court proceedings. |
| 20.3 | The Parties must continue to perform their obligations under
the Agreement despite the dispute. |
| 21.1 | nib may terminate the Agreement, or any Statement of Works
(or any part of a Statement of Works) by not less than 30 calendar days’ written notice to the Supplier at nib’s absolute
discretion and at nib’s convenience. |
| 21.2 | If the Supplier or its People breach the Agreement including
failure to perform Services in accordance with the KPIs (if any) described in the Service Level Requirements, nib may: |
| (a) | suspend payment to the Supplier until the breach or default
is rectified to the nib Representative’s satisfaction; or |
| (b) | immediately terminate the Agreement or the relevant Statement
of Works (at its absolute discretion). |
| (a) | terminate the Agreement immediately by written notice to the
Supplier if the Supplier breaches its obligations under clause 4.6, suffers an Insolvency Event or is otherwise unable to pay its debts
as and when they fall due; or |
| (b) | terminate the Agreement in accordance with clauses 9.12, Error!
Reference source not found., and 19.6. |
| 21.4 | On termination of the Agreement, the Supplier will be entitled
to: |
| (a) | payment for any Services properly completed in accordance
with the Agreement up to the date of termination; |
| (b) | except to the extent already covered by a payment under clause
21.5(a), the costs of materials ordered for the performance of the Agreement provided the Supplier has not prematurely ordered the materials
or not able to reasonably allocate the materials to work being performed by the Supplier for a third party. |
| 21.5 | Except for the Supplier rights under clause 21.4, the Supplier
will not be entitled to make any Claim against nib arising from termination of the Agreement. |
| 22 | Joint and several liability |
If the Supplier comprises two or more persons, each is jointly and
severally liable for obligations and liabilities under the Agreement.
Despite any other provision of this Agreement nib may set
off against any amount due to the Supplier the amount of any Claims by nib under or in connection with this Agreement.
| 24.1 | (No partnership) Nothing in this Agreement constitutes
a partnership or joint venture arrangement between the Parties or, except as expressly provided, makes a Party an agent of another Party
for any purpose. A Party cannot in any way or for any purpose, bind another Party or contract in the name of another Party. |
| 24.2 | (Remedies cumulative) The rights, powers and remedies
provided in this Agreement are cumulative and not exclusive of the rights, powers or remedies provided by law independently of this Agreement. |
| 24.3 | (Exercise of rights) A Party may exercise a right,
power or remedy at its discretion, and separately or concurrently with another right, power or remedy. A single or partial exercise of
a right, power or remedy by a Party does not prevent a further exercise of that right, power or remedy or an exercise of any other right,
power or remedy. Failure by a Party to exercise or delay in exercising a right, power or remedy does not prevent its exercise. |
| 24.4 | (Waiver and variation) A provision of a right created
under this Agreement may not be waived or varied except in writing signed by the party or parties to be bound and unless otherwise expressly
stated, the extent of any waiver granted is restricted to the specific breach concerned and does not extend to any further occurrence
of the breach. |
| 24.5 | (Indemnities) Each indemnity in this Agreement is
a continuing obligation, separate and independent from the other obligations of the Supplier and survives termination of this Agreement. |
| 24.6 | (Governing law and jurisdiction) This Agreement is
governed by the law in force in New South Wales, Australia, and each Party irrevocably and unconditionally submits to the exclusive jurisdiction
of the courts of that State and courts of appeal from them. |
| 24.7 | (Notices) All notices, consents, requests, and approvals
given under this Agreement must be in writing and given by personal service, pre-paid postage, or e-mail at the addresses of the parties
set out in this Agreement or to the address designated by a party by written notice. Any notice sent by post is regarded as having been
received by the party to whom it is addressed on the day which in the normal course of post it would have been delivered. |
| 24.8 | (Entire Agreement) This Agreement constitutes the
sole and entire agreement between the Parties with regard to its subject matter and a warranty, representation, guarantee or other term
or condition of any nature not contained or recorded in this Agreement is of no force or effect. Any order or request for Services by
nib to the Supplier which purports to incorporate terms other than those set out in this Agreement (including the Supplier’s standard
terms and conditions of supply) are of no force or effect. This includes any Statement of Work that includes any, or includes a reference
to any, terms and conditions that are standard or general in nature (even if such Statement of Works has been signed by nib). |
| 24.9 | (Severability) A word or provision must be read down
or removed if this Agreement is void, voidable, or unenforceable if it is not read down or removed and the provision is capable of being
read down or removed without the rest of the Agreement becoming be void, voidable or unenforceable |
| 24.10 | (Conflict) In the event of a conflict between these
Standard Terms set out in this document and the Statement of Works, the Statement of Work shall prevail. |
| 24.11 | (Amendments) No amendments to this Agreement will
have effect unless they are in writing, signed by the parties. |
| 24.12 | (Assignment) Neither Party may assign its rights or
obligations under this Agreement without the express written consent of the other Party, whose consent will not be unreasonably withheld
or delayed. |
| 24.13 | (Electronic consent) If this Agreement is signed by
any party using an electronic signature, nib and the Supplier consent and agree: |
| (a) | to enter into this Agreement in electronic form; |
| (b) | to either or both of the parties signing this Agreement using
an electronic signature; and |
| (c) | to receive counterparts of this Agreement via electronic communication. |
ATTACHMENT A - PRIVACY
Where the Details provide that the Additional Privacy Requirements
are applicable to the Agreement, this document forms part of the Agreement between nib and Supplier, and is effective as of the Effective
Date.
In the course of providing the Services, the Supplier may Process Personal
Data on behalf of nib, and the Parties agree as follows:
In this Attachment A, terms used will have the same meaning given to
such terms in the body of the Agreement, except for the following terms, which have the following meanings:
| (d) | Additional Privacy Laws means any applicable Laws
in addition to the Australian Privacy Legislation that relate to Personal Data, privacy, data protection and data security in connection
with provision of the Services including without limitation, in the case of the EU, all applicable European Union laws and regulations
relating to the Processing of Personal Data and privacy including the GDPR; |
| (e) | Controller, Data Subject, Personal Data, Personal Data
Breach, Process/Processing and Processor and/or similar terms and concepts shall have the meanings as defined in the Additional Privacy
Laws; |
| (f) | Data Subject please see paragraph (b); |
| (g) | GDPR means the EU Regulation 2016/679 on the protection
of natural persons with regard to the Processing of Personal Data and the free movement of such data, of the European Parliament and
of the Council of 27 April 2016 (as amended from time to time); |
| (h) | EU Model Terms means the standard contractual clauses
for data controller to data processor transfers that have been approved by the European Commission for the transfer of Personal Data
from data controllers to data processors; |
| (i) | nib Privacy Policy means the privacy policy available
at https://www.nib.com.au/docs/privacy-policy, as updated from time to time; |
| (j) | nib’s Data Protection Officer is the person
appointed to the role of Data Protection Officer by nib from time to time; |
| (k) | Personal Data and Personal Data Breach please
see paragraph (b); |
| (l) | Personnel means the employees, partners, agents, directors,
and officers of the Supplier, and of its subcontractors and Related Entities; |
| (m) | Process/Processing and Processor please see paragraph
(b); and |
| (n) | Related Entity in relation to a Party: |
| (i) | has the meaning given to Related Body Corporate in the Corporations
Act 2001 (Cth); and |
| (ii) | an entity that directly or indirectly controls, is controlled
by or is under common control with that party and for this purpose “control” will mean the possession directly or indirectly
of the power to direct or cause the direction of the management and policies of the entity whether through voting shares, securities
or otherwise means. |
| (o) | Third Country means a country that the European Commission,
or other national legislative body, has determined does not provide an adequate level of protection for Personal Data. |
| 2. | Controller and Processor |
nib will be a Controller and the Supplier a Processor for purposes
of this Agreement.
| 3. | Personal Data obligations |
In relation to Personal Data Processed by the Supplier in connection
with the Services, Supplier agrees that, to the extent required by Additional Privacy Laws, it must:
| (a) | use, disclose or otherwise Process the Personal Data only
in connection with the Services to be provided under this Agreement, unless the Supplier has the prior written consent of nib or is otherwise
required by applicable Law (and, if required by applicable Law, the Supplier will, unless a legal requirement prohibits it from doing
so, inform nib of the relevant legal requirement prior to the use or disclosure and in any event shall keep such use or disclosure to
an absolute minimum); |
| (b) | comply, and will ensure that members of its corporate group,
and its employees, officers, contractors, subcontractors, representatives, or agents of any of them will comply, with: |
| (i) | all Additional Privacy Laws; |
| (ii) | the nib Privacy Policy; and |
| (iii) | any reasonable directions or instructions given by nib from
time to time in respect of the Additional Privacy Laws and steps reasonably required to effect compliance; |
| (c) | without limiting section 4(a) of this Attachment A, provide
collection notices where it collects Personal Data, and obtain consents for the collection of Personal Data in accordance with the Additional
Privacy Laws; |
| (d) | have in place and maintain an up to date privacy policy in
compliance with the Additional Privacy Laws; |
| (e) | ensure that any person to whom Personal Data is disclosed
under this Agreement does not do or omit to do anything which, if done or omitted to be done, would constitute a breach of this Agreement
; |
| (f) | obtain written agreement from all subcontractors to whom
Personal Data is disclosed to comply with the Additional Privacy Laws, and the nib Privacy Policy, and ensure that in such written agreement,
the provisions have the same effect as this section 3; |
| (g) | co-operate with any reasonable requests or directions of
nib, nib’s People, or nib’s nominee with respect to: |
| (i) | the security, use, disclosure, transfer, de-identification
and erasure of Personal Data, or any other rights of Data Subjects in relation to their Personal Data including to access and correct
Personal Data; |
| (ii) | conducting data protection impact assessments; |
| (iii) | notifications to the competent data protection supervisory
authority or body under Additional Privacy Laws and/or communications to individuals by nib in response to a Personal Data Breach; and |
| (iv) | nib’s compliance with its obligations with respect to
the security of Personal Data processing. |
| (h) | respond promptly to all enquiries from Data Subjects relating
to the Personal Data, and in particular will action all requests from Data Subjects to exercise their rights under Additional Privacy
Laws on request from either the relevant Data Subject or from nib. In the event that a Data Subject makes such a request directly to
Supplier, then Supplier will notify nib in writing of the request as applicable to action such request; |
| (i) | not do any act, engage in any practice, or omit to do any
act or engage in any practice that would cause nib to breach or be taken to breach any Additional Privacy Law; |
| (j) | In the event of any privacy complaint or incident relating
to the Services, or any other actual or suspected interference with privacy including a Personal Data Breach, the Supplier must: |
| (i) | immediately notify nib in writing of the matter, and promptly
provide nib details; |
| (ii) | cooperate and comply with all of nib’s reasonable Directions
in respect of the matter; |
| (iii) | promptly take any necessary steps to contain and rectify the
matter and its consequences; and |
| (iv) | not notify any other person or party of the matter without
nib’s consent unless expressly required by Law. |
| (k) | take all reasonable steps to ensure that the Personal Data
is protected against misuse and loss, interference, and unauthorised access, modification or disclosure. Those steps include: |
| (i) | implementing appropriate technical and operational safeguards
to at least the extent, capability and standard as ordinarily used by professional providers of similar services in respect of protecting
the Personal Data; |
| (ii) | ensuring that, where its Personnel may have access to the
Personal Data, access is restricted to its Personnel only who reasonably require access to it in order to fulfil its obligations to nib; |
| (iii) | undertaking any Personnel training as may be required, including
attending security and privacy awareness training with regular intervals, in order to ensure that all Personnel are adequately trained
on requirements of Additional Privacy Laws; |
| (iv) | giving nib all information and access to Supplier’s
premises, Personnel, processes and systems as reasonably required by nib to enable it to audit Supplier’s compliance with this
document; and |
| (v) | on request, provide nib with its most current privacy compliance
plan (including a mandatory data breach response plan) and keep its privacy compliance plan updated; and |
| (l) | obtain nib’s prior written consent before disclosing
the Personal Data to any person outside Australia (including Personnel) including in circumstances where the Personal Data is held in
Australia but is accessible by a person outside Australia. In seeking nib’s consent, Supplier will inform nib of the countries
in which disclosure is likely to occur and Supplier will seek a new consent from nib in respect of any changes to the relevant countries. |
To the extent that the GDPR applies to nib or the Supplier, without
limiting any other provision in this document, Supplier must:
| (a) | not transfer any Personal Data outside the European Economic
Area without nib’s consent; |
| (b) | if Supplier wishes to engage Related Entities or a third
party to Process Personal Data on nib’s behalf, if that person is located in a Third Country, Supplier shall execute a data transfer
agreement, which may include the EU Model Clauses or some other set of model clauses approved by the Additional Privacy Laws; |
| (c) | ensure checks are conducted, and appropriate assurances obtained
(and recorded), that all subcontractors must handle Personal Data on behalf of nib in a manner which is compliant with the Additional
Privacy Laws. All due diligence checks must be recorded and signed off by nib’s Data Protection Officer, and prior to occurrence
of any Processing; |
| (d) | on request, provide nib with all information necessary to
demonstrate compliance with Additional Privacy Laws in connection with the Services including: |
| (i) | nature, purpose and duration of Processing any Personal Data,
including data retention expectations; |
| (ii) | the type of Personal Data being processed; |
| (iii) | the categories of Data Subjects; and |
| (iv) | the obligations and rights of the Data Subjects. |
ATTACHMENT B STATEMENT OF WORK TEMPLATE
[Drafting note – this must be included as a blank template
in each Master Services Agreement so that the parties have an agreed approach to completion of additional Statements of Work. All Statements
of Work must be completed as separate documents].
This Statement of Work is issued pursuant to, and forms part of the
Master Services Agreement between nib and the Supplier with a Start Date of [insert] (Agreement).
| Engagement |
[Insert name / nature of Engagement and include details of scope] |
| Engagement outcomes |
[Insert details of any required outcomes of the Engagement] |
| Engagement Commencement Date |
[Insert date on which the Engagement will commence] |
| Engagement Termination Date |
[Insert date on which the Engagement will complete] |
| Services |
[Insert description of the Services to be performed] |
| Professional Services |
[Insert description of the Professional Services to be performed] |
| Service Level Requirements |
[Insert all applicable Service Level Requirements] |
| Delivery Date(s) |
[Insert the key date(s) for delivery of the Services (if any)] |
| Delivery Point(s) |
[Insert all key places for delivery of the Services] |
| Date for Completion |
[Insert the date for completion of the Services] |
| Special Conditions |
[Insert any Special Conditions relevant to the Engagement, specifying how they amend the terms of the Master Services Agreement, where they have such an effect]. |
| SIGNED for and on behalf of nib by: |
|
SIGNED for and on behalf of the Supplier by: |
| |
|
|
| |
|
|
| Signature |
|
|
Signature |
|
| Name |
|
|
Name |
|
| Position |
|
|
Position |
|
| Date: |
|
|
Date: |
|
ATTACHMENT C SCHEDULE OF CHARGES
If any Professional Services are required in a Statement of Works,
the Rate Card below sets out the applicable Charges.
| Rate
Card |
RRP
Day Rate |
nib
Day Rate
15% saving |
| CTO |
$ 2,500 |
$ 2,125 |
| Project Manager |
$ 1,800 |
$ 1,530 |
| Developer |
$ 1,200 |
$ 1,020 |
| QA |
$ 1,200 |
$ 1,020 |
| UI/UX Designer |
$ 1,200 |
$ 1,020 |
| Data Engineer |
$ 1,200 |
$ 1,020 |
| Analyst |
$
1,200 |
$ 1,020 |
ATTACHMENT D DATA SECURITY
Where the Details provide that the Data Security Obligations are applicable
to the Agreement, this document forms part of the Agreement between nib and Supplier, and is effective as of the Effective Date.
The Supplier acknowledges that:
| (e) | nib must comply with the Information Security Prudential
Standard CPS 234 (the Standard), published by the Australian Prudential Regulation Authority (APRA); and |
| (f) | under the terms of the Standard, nib must ensure that the
Supplier complies with certain security requirements as set out in this Attachment D. |
In this Attachment D, terms used have the following corresponding meanings:
Audit means the provision of access to reasonable and appropriate
resources and data by the Supplier in a timely manner to allow nib to assess the Supplier’s (or its Sub-suppliers’) compliance
with the obligations set out in this Attachment D.
Data Security Capability means the totality of resources, skills
and controls which provide the ability and capacity to maintain Data Security.
Data Security means the preservation of the confidentiality,
integrity and availability of nib Data.
Data Security Control means a prevention, detection or response
measure to reduce the likelihood or impact of a Data Security Incident.
Data Security Incident means an actual or potential compromise
of Data Security, including the accidental or unlawful destruction, loss, alteration, unauthorised disclosure, breach of, or access to,
nib Data, whether suspected or actual, on systems managed by or otherwise controlled by the Supplier.
Data Security Response Plan means a plan to respond to Data
Security Incidents that could plausibly occur.
Disclosure means a disclosure of details to APRA in relation
to a Data Security Incident.
nib Data means any source data supplied by nib or any data arising
from or in connection to Services provided under this Agreement.
SOC 2 means a service organisation control report addressing
Supplier’s Data Security Controls.
Sub-Supplier means a supplier who (i) contracts with the Supplier
for the performance of any element of the Services; (ii) may process personal information relevant to this Agreement on behalf of the
Supplier; or (iii) performs any service on behalf the Supplier which may directly or indirectly support the performance of the Services
by the Supplier including, but not limited to, data storage, protection or availability services.
| (a) | have in place effective Data Security Controls; |
| (b) | actively maintain its Data Security Capability with respect
to changes in vulnerabilities and threats, including those resulting from changes to information assets or its business environment; |
| (c) | have robust mechanisms in place to detect and respond to Data
Security Incidents in a timely manner; and |
| (d) | schedule regular external penetrations testing using an appropriately
accredited third party (at least annually) in relation to the Supplier’s systems involved in providing the Service in order to
test its Data Security Capability. |
| 3.2 | The Supplier shall pay for all standard penetration testing
and vulnerability assessment including mobile app, web app, APIs and Wellteq Managed Services. |
| 3.3 | nib shall pay for penetration testing relating to specific
elements including the separate deployment, different API end points, integrations (SSO, rewards, Tealium) as hosted on the separate
environment managed by CMD. All nib costs under clause 3.1 (d) are capped at $15,000 per annum. |
| 4. | Security Response plans |
The Supplier must:
| (a) | maintain appropriate Data Security Response Plans, which must
include mechanisms for managing all relevant stages of a Data Security incident, from detection to post-incident review; and |
| (b) | annually review and test its Data Security Response Plans
to ensure they remain effective and fit-for-purpose. |
| 5. | Notifications and assessments |
In providing the Services, the Supplier must:
| (a) | provide nib with a notification as soon as practicable if
the Supplier detects Data Security Incident, including (but not limited to) any loss of nib Data or any privacy breach but in any event
within 2 Business Days of the Data Security Incident occurring. |
| (b) | on request, provide nib with such information as may be reasonably
required to enable nib to assess the Supplier’s Data Security Capability, where such an assessment is required for nib to comply
with the Standard (and where nib does not already have such information available to it as part of this Agreement). |
| (c) | provide any other assistance to nib that is reasonably required
in order to enable Supplier or nib to comply with the Standard or respond to any notification or request from APRA regarding the Standard. |
In circumstances where nib considers a Disclosure to be reasonably
necessary to ensure its compliance with the Standard, nib may make a Disclosure and the Supplier consents to such Disclosure being made.
In providing the Services, Supplier must ensure that:
| (a) | all nib Data relating to or arising out of this agreement
is stored at all times on servers located in Australia; and |
| (b) | all nib Data relating to or arising out of this agreement
is not transferred to servers located outside of Australia for any purposes, including for the purposes of a disaster recovery event
or business continuity plan scenario (including disaster recovery and/or business continuity tests). |
Upon request by nib, Supplier must provide to nib’s nominated
representative:
| (a) | details of Supplier’s Data Security Response Plans;
and |
| (b) | a copy of Supplier’s SOC 2 certificate, ISO 27001 certificate
by August 2022, or other attestations relevant to the Services and/or nib Data. |
In providing the Services, the Supplier must comply with all applicable
[service availability levels, as set out elsewhere in this Agreement.
| 10. | Data retention and deletion |
Except to the extent required by law, upon a formal written demand
issued by nib: (i) at its discretion at any time; (ii) upon termination or expiry of this Agreement; or (iii) at a time when the nib Data
is no longer required for the performance of Services under this Agreement, whichever is the earlier, the Supplier must, return (in the
format reasonably requested by nib) and / or destroy (at the option of nib and at no cost to nib) all nib Data whether in hard copy or
electronic form.
| (a) | Upon request by nib and at nib’s expense, the Supplier
must allow nib (or nib’s independent, third-party auditor) to undertake an Audit and provide all reasonable assistance to nib to
enable the performance of such Audit. In the event of a Data Security Incident, the Supplier the audit will be at the Supplier’s
expense. |
| (b) | nib may request an Audit: (i) no more frequently than once
annually at its discretion; or (ii) in the event of a Data Security Incident. |
| (a) | The Supplier must ensure that its contracts with Sub-suppliers
contain Data Security terms which are no less onerous than those set out in this Attachment D. |
| (b) | Upon request by nib, the Supplier must, (at nib’s choice
in its discretion): (i) allow nib (or nib’s independent, third-party auditor) to undertake an Audit of the Supplier’s Sub-suppliers
processes and business aspects related to supporting nib information; or (ii) provide nib with a list of its Sub-suppliers and details
of the Data Security assurances that the Supplier has obtained from those Sub-suppliers. |
| (c) | nib may request an Audit of the Supplier’s Sub-suppliers:
(i) no more frequently than once annually at its discretion; or (ii) in the event of a Data Security Incident. |
3