PLEASE READ THE FOLLOWING TERMS AND CONDITIONS CAREFULLY.
For Master Users:
The AGENT 360 Terms and Conditions shall consist of the following:
Section A: AGENT 360 and AGENT 360 Credits Terms of Use
Section B: SIA Passenger Sales Agency Terms and Conditions, which applies to the Company and includes:
The Agent 360 Registration Form
Schedule 1: Non-IATA Accredited Agents; and
Schedule 2: Data Protection Terms.
For Admin and Ordinary Users:
The AGENT 360 Terms and Conditions shall consist of the following:
Section A: AGENT 360 and AGENT 360 Credits Terms of Use
SECTION A: AGENT 360 AND AGENT 360 CREDITS TERMS OF USE
Last Updated: [1 Oct 2024]
THIS AGENT 360 TERMS OF USE GOVERNS YOUR USE OF THIS WEBSITE. PLEASE READ THESE AGENT 360 TERMS OF USE CAREFULLY BEFORE USING THE WEBSITE.
By accessing or using AGENT 360, you acknowledge that you have read these AGENT 360 Terms of Use and indicate your agreement to be bound by these Terms of Use and the documents referred to in them. If you do not agree to any part of these Terms of Use, you should stop using AGENT 360 immediately.
Singapore Airlines does not purport (through the AGENT 360 Credits and the use of the same via the AGENT 360 Credits Wallet or AGENT 360 or other services provided by Singapore Airlines (as well as their subsequent iterations or versions)) to operate a payment service regulated under the Payment Services Act. Singapore Airlines is not licensed, approved, registered or otherwise regulated under the Payment Services Act. Consequently, holders and users of the AGENT 360 Credits and AGENT 360 Credits Wallet (as well as their subsequent iterations or versions) will not be afforded the relevant protections set out in the Payment Services Act and related subsidiary legislation, regulations, circulars, notices, directions and guidelines. The AGENT 360 Credits (as well as their subsequent iterations or versions) can only be used with Singapore Airlines, a Singapore entity and/or its related corporations, to offset Singapore Airlines’ agency administrative fees as described below.
Definitions
Words and expressions in this AGENT 360 Terms of Use shall have the following meanings, unless the context requires otherwise:
‘AGENT 360’ shall refer to the Singapore Airlines AGENT 360 website.
‘AGENT 360 Credits’ shall refer to the digital representation of value within the AGENT 360 Credits Wallet.
‘AGENT 360 Credits Wallet’ shall refer to the wallet function of AGENT 360 where AGENT 360 Credits distributed to a TA are stored.
‘Applicant’ shall refer to the applicant corporate entity which meets the registration criteria stated hereunder.
‘ARC’ refers to the Airline Reporting Corporation.
‘Financial Year’ shall refer to Singapore Airlines’ Financial Year which spans from 1 April of the current year to 31 March of the following year.
‘IATA’ refers to the International Air Transport Association.
‘Singapore Airlines’ shall refer to Singapore Airlines Limited (Company Registration Number 197200078R), a company incorporated in Singapore with its registered office at 25 Airline Road, Airline House, Singapore 819829.
‘TA’ shall refer to a Travel Agent which application for an AGENT 360 membership has been successful and an account has been granted.
1. AGENT 360 Account
1.1. Singapore Airlines AGENT 360 is only open to travel agents (IATA, ARC and non-IATA) for registration. Applicants will be verified by Singapore Airlines.
1.2. Applicants must be bona fide business entities. Where applicable, Applicants must be officially registered with the national Company Registry of their country and be able to show such proof of registration to Singapore Airlines, as and when requested by Singapore Airlines. The Applicant agrees to provide Singapore Airlines with the information it may request (which it may request at any time deemed necessary) for the purposes of identity verification and the detection of money laundering, terrorist financing, fraud, or any other financial crime, and permit Singapore Airlines to keep a record of such information. Singapore Airlines may take any action, in its sole discretion, in relation to applications that fail to provide the documents and information that Singapore Airlines may request for its verification process.
1.3. Singapore Airlines AGENT 360 may not be available in every country. For the latest list of countries in which AGENT 360 is available, please refer to the following registration form: https://agent360.singaporeair.com/en_UK/sg/accountRegistration. This list shall be subject to updates and changes made without prior notice, and in Singapore Airlines’ sole discretion.
1.4. Individuals (natural persons) are not eligible to register as a member to use Singapore Airlines AGENT 360.
1.5 . Multiple registrations using the same email address is not allowed. Each Applicant cannot be concurrently associated with more than one AGENT 360 account.
1.6. Singapore Airlines reserves the right to reject any application for membership to use Singapore Airlines AGENT 360.
1.7. All applications must be made via the online registration form (as amended from time to time) on agent360.singaporeair.com.
1.8. During registration, all mandatory fields in the online registration form must be completed. Applications with inaccurate or incomplete information will be rejected.
1.9. Upon completion of the registration form, a verification email will be sent to the Applicant to verify the submitted email address before Singapore Airlines conducts its review of the application. TAs will receive a confirmation email from Singapore Airlines.
1.10. If TA does not access its approved AGENT 360 account within 180 calendar days after successful registration, the account will automatically be locked. If the locked account is not accessed by TA for a further 14 calendar days, such account will be deleted. Prior to the locked account being deleted, TA will be able to unlock and access their locked account by contacting their station administrator.
1.11. Without prejudice to the generality of the clauses in Section 3 of this AGENT 360 Terms of Use, Singapore Airlines reserves the right to suspend or permanently exclude the TA from further participation in, or terminate the TA’s AGENT 360 membership upon the occurrence of the following events:
1.11.1. The TA has contravened any term or rule of membership in connection with the usage of AGENT 360, as prescribed by Singapore Airlines from time to time.
1.11.2. The TA has acted fraudulently in connection with its AGENT 360 membership.
This list of events is non-exhaustive and Singapore Airlines reserves the right to suspend and/or terminate any TA’s AGENT 360 account for any reasons as Singapore Airlines shall in its sole discretion see fit. Singapore Airlines will, on a goodwill basis, endeavour to contact the TA by email in order to resolve any discrepancies or non-compliance. In the event that Singapore Airlines has been unable to contact the TA within 28 days of the occurrence of such discrepancy or non-compliance, or the TA is unable to rectify such discrepancies or non-compliance within such period of time, Singapore Airlines reserves the right to terminate the TA’s AGENT 360 membership and close the TA’s account. The TA acknowledges that whether the TA is suspended, permanently excluded or its membership is terminated or is otherwise subject to other action taken by Singapore Airlines, the TA shall be liable for all outstanding fees, damages, costs of litigation and any other associated costs that may arise as a result of the TA’s suspension or termination from the usage of AGENT 360 or AGENT 360 membership.
2. AGENT 360 Credits
2.1. AGENT 360 Credits will be awarded to TA’s AGENT 360 Credits Wallet (hereinafter known as “Agent Wallet”) at the sole discretion of Singapore Airlines at the beginning of each Financial Year. Any additional award of AGENT 360 Credits will entirely be at Singapore Airlines’ sole discretion.
2.2. AGENT 360 Credits awarded to a TA can only be used to offset Singapore Airlines’ agency administrative fees for Ticket Reissuance, Ticket Refunds, Ticketing Time Limit Extensions and Name Corrections made through AGENT 360. AGENT 360 Credits cannot be used on any other platform(s) or through Singapore Airlines Ticket Offices/Contact Centres.
2.3. All AGENT 360 Credits used to offset the above-mentioned administrative fees are non-refundable.
2.4. AGENT 360 Credits awarded to a TA may only be used by the TA and by employees of the TA. Transfer of AGENT 360 Credits to other TAs or third parties is not permitted. It is the sole responsibility of the TA to manage distribution and use of these credits within the agency.
2.5. AGENT 360 Credits will expire and be forfeited at the end of each Financial Year at 2359h Singapore time (GMT +0800h). For illustration: AGENT 360 Credits credited to an TA’s Wallet on/after 1 April 2022 would expire at 2359h Singapore time (GMT +0800h) on 31 March 2023.
2.6. The validity period of the AGENT 360 Credits cannot be extended.
2.7. If TA’s AGENT 360 membership is suspended, TA will not be able to use its AGENT 360 Credits. As the AGENT 360 Credits have a limited validity period, the AGENT 360 Credits may expire during the suspension period and cannot be used after such period. Provided the AGENT 360 Credits have not expired during the suspension period, the TA may use the remaining valid AGENT 360 Credits once the suspension is lifted.
2.8. If a TA’s AGENT 360 membership is permanently terminated, all AGENT 360 Credits held by the TA will be revoked and forfeited without compensation.
2.9. All AGENT 360 Credits awarded to a TA can be cancelled or expired at Singapore Airlines’ sole discretion.
2.10. One AGENT 360 Credit can be used to offset one Singapore Dollar worth of agency administrative fees. AGENT 360 Credits may not be withdrawn or exchanged for physical cash. Singapore Airlines reserves the right and has full discretion to change the amount of AGENT 360 Credit that can be used to offset one Singapore Dollar worth of agency administrative fees without further notice to any Applicant or any travel agent registered with AGENT 360.
3. Account Management
3.1. User profiles associated with a TA’s account can be created via AGENT 360 and designated to relevant employees of the TA. In the event that an employee should cease employment with a TA, the TA should delete such former employee’s user profile or inform station administrator to delete the user profile as soon as practicable.
3.2. If a TA would like to edit its account details or manage the user profiles, the TA can edit selected account details under ‘Manage your Account’ via AGENT 360.
4. General Conditions
4.1. In the event that Singapore Airlines discovers any Applicant or TA abusing or inappropriately using its AGENT 360 account or its features and benefits, as shall be determined in Singapore Airlines’ sole discretion, the AGENT 360 account may be immediately suspended and prevented from performing further transactions. In such an event, the reinstatement of the account shall be allowed only at Singapore Airlines’ sole discretion.
4.2. Each Applicant and TA agrees to use AGENT 360 in accordance with this AGENT 360 Terms of Use and for lawful and proper purposes. You agree to be responsible for all matters arising from your use of AGENT 360 and your membership. Further, you agree:
4.2.1. Not to use AGENT 360 in any manner which breaches any applicable law or regulation or causes or which may cause an infringement of any third party rights;
4.2.2. Not to post, transmit or disseminate any information on or via AGENT 360 which may be harmful, obscene, defamatory or illegal or create liability on Singapore Airlines’ part;
4.2.3. Not to interfere or attempt to interfere with the operation or functionality of AGENT 360;
4.2.4. Not to obtain or attempt to obtain unauthorized access, via whatever means, to any of SIA’s systems; and
4.2.5. Not to use AGENT 360 Credits, AGENT 360 Credits Wallet, AGENT 360 or other services provided by Singapore Airlines for any unlawful or prohibited purposes, or for any unauthorised or fraudulent payments.
If Singapore Airlines (in its sole discretion) believes that you are in breach, or will be in breach, of any of this AGENT 360 Terms of Use, Singapore Airlines reserves its right to deny you access to AGENT 360 without giving you a reason and/or without further reference to you.
4.3. Each Applicant and TA agrees to the processing of personal data set out in the Singapore Airlines Privacy Policy (“Privacy Policy”), accessible at http://www.singaporeair.com/en_UK/privacy-policy/. For the purposes of these AGENT 360 Terms of Use, “Customer Data” in the Privacy Policy shall include, where applicable, personal data of TAs.
4.4. Singapore Airlines may send to Applicants and/or TAs emails containing or relating to sales circulars, promotions to customers and company and business updates (“Informative Materials”). Applicant and its TAs may disseminate such Informative Materials to its customers, provided that it shall not disseminate and/or send such Informative Materials (i) in Singapore Airlines’ name and (ii) without obtaining consent from the customer as required under applicable laws. Each TA may subsequently instruct Singapore Airlines not to send such Informative Materials by changing their email subscription preference in the user profile.
4.5. Singapore Airlines shall not be responsible for any tax liability, including but not limited to income, use, excise, sales, custom fees, value-added tax, or any other tax liability of the TA as a result of the TA’s membership of or participation in AGENT 360.
4.6. The sale or barter of any benefits of the AGENT 360 is prohibited and will result in cancellation of these benefits. TAs that breach this rule may also be liable for damages, litigation and transaction costs.
4.7. Singapore Airlines reserves the right to audit a TA’s AGENT 360 account for compliance with this AGENT 360 Terms of Use at any time and without prior notice.
4.8. Singapore Airlines reserves the right to (i) amend this AGENT 360 Terms of Use, and/or (ii) terminate any AGENT 360 account or any part thereof, at any time and regardless of notice at its sole and absolute discretion. Singapore Airlines is not liable to any Applicant for any losses that may arise as a result of any changes or termination made to the account.
4.9. Singapore Airlines shall not be held liable for any product and service offered or promised by an AGENT 360 Programme partner. Singapore Airlines will not be held liable for any losses or damage that may arise as a result of contracting with an AGENT 360 Programme partner. For the avoidance of doubt, AGENT 360 Credits cannot be used to pay for or redeem any product and service offered or promised by an AGENT 360 Programme partner or any person, other than Singapore Airlines and/or its related corporations and in accordance with this AGENT 360 Terms of Use.
4.10. To the maximum extent permitted by law, Singapore Airlines shall not be liable to any TA or Applicant for any injury, loss, claim, damage, cost, disbursement or expense of any kind whatsoever solely arising out of or in connection with the use of the AGENT 360 website, whether such injury, loss, claim, damage, cost, disbursement or expense is caused by Singapore Airlines’ negligence or otherwise, and whether Singapore Airlines has any control over the circumstances giving rise to the claim or not.
4.11. Singapore Airlines will not be liable for any injury, loss, claim, damage, cost, disbursement or expense of any kind whatsoever loss or damage connected to the unavailability or interruption of AGENT 360 to any TA or Applicant in whole or in part or any failure or delay in any way connected with the use of AGENT 360 because of ancillary equipment, the systems of Singapore Airlines systems or technology or any other circumstances, including the use of or inability to connect to AGENT 360. Singapore Airlines makes no guarantee that AGENT 360 will always be available or uninterrupted.
4.12. Singapore Airlines’ liability with respect to any claims solely in relation to the use of the AGENT 360 website shall be limited to the value of the tickets transacted. For the avoidance of doubt, monetary compensation is expressly excluded and Singapore Airlines shall not be liable for any loss of revenue, profit, business, contract, reputation, or for any special, consequential, indirect, exemplary, punitive damages, howsoever arising.
4.13. Singapore Airlines reserves the right to assign or deal with this AGENT 360 Terms of Use in favour of any of its subsidiaries, subcontractors or appointed agents to carry out any of its obligations herein. Singapore Airlines shall not be responsible to the Applicant for any delay in performance or non-performance, including that of its subcontractors and/or agents, due to causes beyond its reasonable control.
4.14. Should this AGENT 360 Terms of Use be available in other languages, the meanings and interpretations of the English language version shall be final in the event of any discrepancy.
4.15. Singapore Airlines reserves the right to interpret and apply at its sole discretion this AGENT 360 Terms of Use (as amended from time to time), which shall be posted on Singapore Airlines' website. All decisions made or action taken by Singapore Airlines in connection with this AGENT 360 Terms of Use shall be final and conclusive.
4.16. Where applicable, if there is any conflict or inconsistency between the terms of the Section B: SIA Passenger Sales Agency Terms and Conditions (including all its Schedules) and this Section A: AGENT 360 and AGENT 360 Credits Terms of Use, the terms of Section B shall prevail over Section A in respect of activities conducted pursuant to Section B.
4.17. This AGENT 360 Terms of Use were last updated on the date at the top of this page. No changes to this AGENT 360 Terms of Use are valid or have any effect unless agreed by Singapore Airlines in writing or made in accordance with this clause. Singapore Airlines reserves the right to vary these AGENT 360 Terms of Use from time to time. The updated AGENT 360 Terms of Use will be displayed on AGENT 360 and by continuing to use and access AGENT 360 following such changes, the TA agrees to be bound by any variation made by Singapore Airlines. It is the TA’s responsibility to check these AGENT 360 Terms of Use from time to time to verify such variations.
SECTION B: SIA PASSENGER SALES TERMS AND CONDITIONS
Singapore Airlines Limited (“SIA”) is pleased to welcome you and, following our agreement of the Key Terms (where applicable), appoint you (the “Company”) as SIA’s passenger sales agent in the country(ies) / market(s) listed in the Key Terms of the Agreement or the Agent 360 Registration Form (as defined in Clause 1.1 below), and such other country(ies) / market(s) as may be added by the Company and approved by SIA via AGENT 360.
SIA wishes to engage the Company to provide the Services (as defined in Clause 1.1 below) on the terms and conditions set out in the Agreement.
SIA and the Company are collectively referred to as the “Parties” and are each, a “Party”.
The following documents shall form the SIA Passenger Sales Agency Agreement ("Agreement”):
- the Key Terms to be agreed in writing and signed by the Parties;\
- the SIA Passenger Sales Agency Terms and Conditions (as amended from time to time), which include
- The AGENT 360 Registration Form;
- Non-ARC accredited and Non-IATA accredited Agent Terms that may apply to the Company (Schedule 1), and
- the Data Protection Terms (Schedule 2).
In case of any inconsistency, discrepancy or omission between the documents or provisions forming part of the Agreement, such inconsistency, discrepancy or omission shall be resolved and determined by reference to the documents in the order as above.
Where applicable and to the extent permitted by law:
(a) the Agreement shall supplement the existing contractual arrangements, as amended, updated and supplemented from time to time, between the Company and SIA, namely:
(i) in respect of IATA accredited agents, the terms and conditions of the International Air Transport Associations ("IATA") Passenger Sales Agency Agreement and Passenger Sales Agency Rules, and all IATA resolutions incorporated by them (collectively, the "IATA Documents");
(ii) in respect of the ARC accredited agents, the terms and conditions of the ARC (as defined in Clause 1.1 below) Agent Reporting Agreement and the ARC Industry Agents’ Handbook (collectively, the "ARC Documents"); and
(b) in the event of any inconsistency, discrepancy or omission between (1) the Agreement, and (2) the IATA Documents and ARC Documents, the Agreement (including all its Schedules) shall prevail over the IATA Documents and ARC Documents.
SIA PASSENGER SALES AGENCY TERMS AND CONDITIONS
1. DEFINITIONS, INTERPRETATION, AND TERM1.1 Words and expressions in this Agreement shall have the following meanings, unless the context requires otherwise:
Agent 360 Registration Form means the online form containing information populated by the Company, as part of the Company’s initial registration process on the Agent 360 website at https://agent360.singaporeair.com;
ARC means Airline Reporting Corporation, an electronic billing system designed to facilitate the flow of data and funds between travel agencies and airlines;
API means application programming interface(s);
BSP means Billing and Settlement Plan, an electronic billing system designed to facilitate the flow of data and funds between travel agencies and airlines;
Conditions of Carriage means the conditions of carriage of SIA in force from time to time as published on SIA’s website (SingaporeAir.com), SIA's tariffs, timetables, notices and elsewhere;
Confidential Information has the meaning ascribed to it in Clause 10.1;
Effective Date means, unless otherwise agreed to by the Parties in the Key Terms, the date of the Agent 360 sign up confirmation email sent by SIA to the Company;
End Users means a person enquiring about SIA's products or services, regardless of whether such person makes a purchase of SIA's products or services;
GST means tax on the supply of goods and services sold or rendered by one Party to the other;
IPR includes in Singapore and throughout the world and for the duration of the rights (a) any patents, utility models, copyrights, registered or unregistered trademarks or service marks, trade names, branding (including without limitation brand names) and other similar indicia of identity or source as stipulated and/or provided by a Party, logos, layout-design rights, registered designs and commercial names and designations; (b) any invention, discovery, trade secret, know-how, or confidential, business, scientific, technical or product information; (c) any other rights resulting from intellectual activity in the commercial, industrial, scientific, literary and artistic fields and whether dealing with manufactured products or services; and (d) any letters patent, deed of grant, certificate or document of title for anything referred to in paragraphs (a), (b) or (c) of this definition;
Key Terms means the commercial terms as may be agreed in writing between the Parties;
Law has the meaning ascribed to it in Clause 9.1
NDC means the “New Distribution Capability” XML-based data transmission standard developed by IATA
PDPA means the Singapore Personal Data Protection Act 2012;
Process has the meaning ascribed to it in Clause 9.1
Services means the sale of SIA’s Transportation through EDIFACT, NDC, and/or any other distribution channel provided by SIA from time to time, and any other services to be provided by Company as further particularised in the Key Terms;
SIA means Singapore Airlines Limited (Company Registration Number 197200078R), a company incorporated in Singapore with its registered office at 25 Airline Road, Airline House, Singapore 819829
SIA Reservation System means the reservation system used by SIA to manage and process bookings on its flights;
Term has the meaning set out in Clause 1.3;
Transportation means air passenger transportation and/or ancillary services; and
Viruses means any electronic virus or other information including but not limited to cancelbots, worms, trojans, malware or other harmful component.
1.2 In this Agreement:
(a) references to "the Agreement" include all amendments, additions and variations thereto agreed between the Parties;
(b) "person" shall include an individual, corporation, company, partnership, firm, trustee, trust, executor, administrator or other legal personal representative, unincorporated association, joint venture, syndicate or other business enterprise, any governmental, administrative or regulatory authority or agency (notwithstanding that "person" may be sometimes used herein in conjunction with some of such words), and their respective successors, legal personal representatives and assigns, as the case may be, and pronouns shall have a similarly extended meaning;
(c) the headings and sub-headings are for convenience only and shall not affect the construction of the Agreement;
(d) unless the context otherwise requires the singular shall include the plural and vice versa;
(e) the words "other" and "otherwise" are not to be construed ejusdem generis with any foregoing words, and whenever the words "include", "includes" or "including" are used in the Agreement, they will be deemed to be followed by the words "without limitation";
(f) references to "Clauses" are to clauses of the Agreement (unless otherwise specified);
(g) "including" and similar expressions are not and must not be treated as words of limitation; and
(h) any reference to a statute, statutory provision or other legislation includes:
(i) any order, regulation, instrument or other subordinate legislation made under it; and
(ii) except where the contrary is stated or the context otherwise requires, any amendment, extension, consolidation, re-enactment or replacement of it,
for the time being in force.
1.3 Unless otherwise agreed to by the Parties in the Key Terms, the Agreement shall commence on the Effective Date and continue for a period of one (1) year (the “Term”), and will automatically renew for further periods of one (1) year each on each anniversary of the Effective Date, unless earlier terminated in accordance with Clause 14 (Termination) of the Agreement.
2. SALE OF TRANSPORTATION
2.1 Any Transportation sold by Company under the provisions of the Agreement shall be sold subject to the Conditions of Carriage of SIA. Company shall transmit to SIA such specific instructions, requests or particulars in connection with each customer as may be proper to enable SIA to render efficient service to its customers.
2.2 To the extent permitted under applicable law, no Transportation shall be sold by or through Company directly or indirectly at a rate other than that fixed by SIA. For the avoidance of doubt, Company shall not add any mark ups or discounts to any of SIA's fares or prices.
2.3 Company shall not sell or issue tickets, exchange vouchers/orders, forms, documents or other materials covering the Transportation offered by SIA to persons who plan to sell, issue, or offer to sell or issue such Transportation documents, but who have not been authorised by SIA to represent SIA.
2.4 Company shall request reservation of firm booking(s) only when Company has had a request from a customer and, if so required by SIA, when a deposit therefore in the proper amount has been paid to Company by the customer. Company shall secure confirmation from SIA that a definite reservation has been made before issuance to the customer of a ticket, exchange voucher/order, form, document or other material for any particular flight(s); except that, unless otherwise instructed by SIA, a ticket, exchange voucher/order, form, document or other material may be issued to a customer covering "open date" Transportation, or a ticket, exchange voucher/order, form, document or other material may be so issued which includes an "open date" portion or portions for which no accommodation has been reserved at the time of issuance to the customer, provided such ticket, exchange voucher/order, form, document or other material is properly marked to indicate "open date" issuance in accordance with current instructions of SIA.
2.5 Company shall make only such representations as to SIA, aircraft or route by which any service is to be furnished by SIA as are herein authorised or may hereafter be authorised by SIA.
2.6 The Agreement shall be subject to, and Company agrees to observe, all government laws and regulations applicable to the sale of Transportation or any other acts performed by Company under the Agreement in the territory or territories where the office of Company listed herein is located, and in all territories to or over which Company may sell the Transportation.
2.7 Company shall not become the General Sales Agent in a specific country or region of any additional airlines either directly or indirectly without the prior written consent of SIA. If Company decides to accept this additional representation which SIA views as a conflict of interest, this will constitute just cause for SIA to terminate the Agreement forthwith without notice.
3. COMPANY'S RIGHTS AND OBLIGATIONS
3.1 During the Term, Company shall:
(a) provide the Services in a professional manner to the satisfaction and approval of SIA in accordance with and subject to the terms of the Agreement;
(b) in good faith discuss, consult and agree with SIA on the scope of the Services and/or the manner in which the Services are to be provided, with a view to ensuring orderly operation of the business of SIA during the Term;
(c) in providing the Services, comply with, or procure compliance with, the provisions of the Agreement, all applicable laws, and such directions, instructions, policies and/or guidelines as may be required or prescribed by SIA from time to time and notified to Company in writing;
(d) exercise, in the provision of the Services and the performance of its obligations hereunder, the standard of skill, care and diligence that a prudent person acting in a like capacity and familiar with such matters would use in the conduct of an enterprise of like character as SIA, having regard to the provisions of the Agreement; and
(e) promptly give to SIA all such information and updates as SIA may reasonably require in connection with matters relating to the provision of the Services;
3.2 During the Term, the Parties shall, at regular quarterly or other agreed intervals, undertake a review of the scope of the Services and in good faith discuss and agree on any variations thereto.
3.3 Company represents, warrants and undertakes to and for the benefit of SIA that:
(a) it is competent, professional and capable of discharging its obligations under the Agreement, and the Services shall be performed with utmost skill, care and diligence in full compliance with the terms of and all requirements relating to the Agreement; and
(b) it has, and will maintain throughout the Term, all requisite licences, permits, consents and insurance policies necessary for it to carry out and perform the Services and its obligations under the Agreement.
3.4 Company may represent itself on letterheads, advertising, telephone listings and classifications, office signs and otherwise as an "Agent" or "Booking Agent" representing SIA, but shall not represent itself as a "General Agent" or "General Sales Agent" or use any other designation, such as "Air Lines Ticket Office" or "Consolidated Air Lines Ticket Office", which would indicate or imply in any way that its office is an office of SIA.
3.5 During the Term, Company shall:
(a) other than as provided for in Clause 2.1, seek the approval of SIA for all advertising matter issued by and at the expense of Company across all media channels, including, without limitation, digital, social and print, in which reference is made to SIA;
(b) make known the services of SIA in every way reasonably practicable. Company shall display in its office, posters, booklets, circulars and other publicity material supplied by SIA free of charge to Company and any such material of a permanent or valuable character and so designated by SIA shall remain the property of SIA;
(c) obey and observe all directions and instructions given to it by SIA relating to the sale of the Transportation;
(d) perform its obligations diligently, efficiently, in a timely manner with reasonable care and skill according to the standards in the industry for similar services;
(e) comply with SIA's instructions in relation to the making of any sale of Transportation under the Agreement;
(f) hold such licence where it is required by law, any regulatory authority or any industry body in any jurisdictions to hold a licence to carry on the business of a travel agent, and Company shall notify SIA immediately upon the revocation, cancellation or non-renewal of such licence;
(g) in the event of any errors or mistakes in any Transportation sold under the Agreement (howsoever caused), to work together with SIA and to take such actions as SIA may request to resolve the corresponding issues;
(h) inform End Users at the time of collecting information from such End Users that the information it collect shall be, as required for the Sale of Transportation to the End User, be provided to and used and further processed by SIA in accordance with Singapore Airlines Privacy Policy (“SIA Privacy Policy), and ] provide to End Users a link to the SIA Privacy Policy;
(i) provide SIA with all information required by SIA to process the End User’s booking, including contact information (e.g. telephone numbers and email addresses) provided by customers and any other information required by governmental authorities for SIA’s provision of Transportation. Company shall not substitute any contact information or provide Company's contact information in lieu of such customer without the consent of such customer and SIA;
(j) ensure that all information provided to SIA is complete and accurate;
(k) promptly communicate any updates or changes to the Transportation sold under the Agreement to the corresponding customer, including without limitation schedule change or disruption;
(l) not make speculative bookings, reserve seats in anticipation of demand and/or improperly create or modify records;
(m) not develop or publish any reservation, ticketing, sales, cargo or tariff guide;
(n) not engage in any fraudulent activity, including without limitation, altering flight coupons for non-qualifying discount travel, back-dating tickets or selling coupons, discounts or upgrades;
(o) not engage, facilitate or encourage any form of bias against SIA's products or services or alter the presentation of the information as provided by SIA; and\
(p) not, without the prior written consent of SIA:
(i) act as an intermediary for further distribution of SIA's products and services via other intermediaries or sales agents;
(ii) offer or distribute SIA's products and services via any other channel that appears to be a search, booking or ticketing service from a third party; or
(iii) in the event SIA licenses API to Company for use under the Agreement, offer or sell SIA's products and services via a third party linking from or otherwise using such API.
3.6 The name(s) under which the activities of Company are conducted, or under which any of its offices are operated, shall be only such as are set forth herein, and neither such name(s) nor the location of Company's office shall be changed. Notwithstanding the foregoing provision, Company may by giving SIA at least two (2) months' prior written notice effect any such changes.
3.7 Company acknowledges and agrees that:
(a) the purchase, sale or barter of promotional awards, mileage or tickets is strictly prohibited;
(b) it shall be its sole responsibility, at its own cost:
(i) to ensure that bookings and/or ticketing made by Company are only in respect of customer's genuine travel requirements;
(ii) to take such precautions as may be reasonable and proper (including maintaining adequate insurance that meets the requirements of all applicable laws) regarding any act or omission of End Users or third party; and
(iii) to take out insurance policies with reputable companies for sufficient amounts necessary in order to cover the responsibilities and liabilities that arise from its provision of the Services and the sale of Transportation by Company under the Agreement; and
(c) it shall be liable for Company's, Company's users, Company Users, Company's personnel and Company's agents acts and omissions under the Agreement.
3.8 In the event that the Company is a consolidator, the following clauses shall not apply to the Company:
(a) Clause 2.2; and
(b) Clause 3.5(q)(i).
4. SIA'S RIGHTS
SIA will not assume or pay any telephone, telegraph, mailing, printing, or other advertising or promotional expenses of Company except when SIA specifically authorises Company to incur such expenses.
5. REMUNERATION
5.1 When applicable for the sale of Transportation by Company under the Agreement, SIA shall remunerate Company in a manner and amount as stated in the Key Terms or in such other manner and amount as may be stated from time to time and communicated to Company by SIA. Such remuneration shall constitute full compensation for the services rendered to SIA.
5.2 SIA may, for any reason, make or allow a refund of the whole or part of the fare. SIA will not remunerate Company upon any sum so refunded, and Company shall reimburse SIA the remuneration which has been paid in respect of any sum so refunded.
5.3 For the purpose of computing remuneration, the "applicable tariff rates" shall exclude any tax(es), surcharges thereon and any charge(s) for excess weight or valuation of baggage.
5.4 Company shall retain the full amount of the remuneration allowed by SIA, and shall not rebate or promise to rebate, directly or indirectly, in any manner whatsoever, such remuneration or portion thereof to any customer, customer's agent, or any other person. Company shall set-off such remuneration amounts from those amounts the Company is liable to pay SIA under this Agreement.
5.5 If requested by SIA:
(a) Company shall be entitled to issue an invoice in respect of each calendar month during the Term for the remuneration payable by SIA for the sale of Transportation by Company under the Agreement in such month. SIA shall pay all undisputed charges within sixty (60) days of receipt of an invoice.
(b) Unless otherwise specified, all invoices will be billed in Singapore dollars and all payments required to be made under the Agreement shall be made in Singapore dollars.
5.6 Unless otherwise expressly provided, all amounts stated in the Agreement expressed to be exclusive of any GST arising in respect of any supply made hereunder shall on the issue of a valid tax invoice in respect of the same be paid to the Party making such supply by the Party to whom it is made in addition to any other consideration payable. Save for the foregoing, all other taxes shall be borne by Company, including without limitation any withholding tax payable as a result of the Agreement. SIA shall pay to Company all amounts due under the Agreement net of any withholding tax, and shall be permitted and entitled, if required in compliance with applicable laws or regulations, to withhold or deduct from the amounts payable to Company under the Agreement such taxes, withholdings and/or deductions.
6. REMITTANCES
6.1 Where Company is an IATA member, Company shall remit to SIA the monies due for the Transportation sold by Company hereunder as per the BSP ruling at that particular time and if so required by SIA, Company shall submit sales reports (or 'no sales' reports), at such times, in such manner, under such conditions and in such currencies as SIA may designate from time to time in writing.
6.2 Where Company is an ARC agent, Company shall remit to SIA the monies due for the Transportation sold by Company hereunder as per the ARC Ticketing, Traffic Documents and Sales Reporting and Settlement of Sales requirements at that particular time and if so required by SIA, Company shall submit sales reports (or 'no sales' reports), at such times, in such manner, under such conditions and in such currencies as SIA may designate from time to time in writing.
6.3 All monies collected or received by Company for the Transportation sold by Company hereunder are the property of SIA, and shall be held by Company on trust in a segregated account exclusively for the benefit of SIA, and Company shall ensure that such funds are not comingled with any other monies (including the monies of other customers of Company, other funds of Company, and/or funds of other third parties).
6.4 In the event SIA does not receive the full and complete payment in accordance with the Agreement, SIA shall be entitled to cancel the relevant booking or sale of the Transportation and Company shall be liable and must indemnify and hold harmless SIA from and against any claim, demand, loss, damage, cost, or liability (including legal fees) which SIA may suffer or suffers in connection with or arising from the cancellation, including any reasonable settlement made with the relevant customer in SIA's sole discretion.
7. CUSTODY AND ISSUANCE OF DOCUMENTS
7.1 SIA may, at its option, furnish Company free of charge with tickets, forms, documents and other materials for use in connection with business transacted under the Agreement, and such documents shall remain the property of SIA and shall be issued by Company only in its specified office. If written authorization is given to Company by SIA, Company may draw its own tickets, forms, documents or other materials on SIA.
7.2 Company shall be responsible for the safe custody and care of such documents while in its possession and shall be liable to SIA for the value of any such documents. All stocks of tickets, forms, documents and other materials, and the books and records of Company relating to the sale the Transportation offered by SIA shall be open to inspection by SIA or its designated representative.
7.3 Company shall not in any manner vary or modify the terms and conditions set forth in any documents or instructions of SIA.
8. FINANCIAL SECURITY
8.1 This Clause 8 shall not apply where the Company is an ARC agent.
8.2 Where Company is an IATA member:
(a) Company shall notify SIA of its IATA financial security pledged to the country/area of the BSP as specified by SIA from time to time ("IATA-BSP-country"), with effect from the Effective Date. Subsequently, Company shall update SIA of its pledged IATA financial security on an annual basis. Company is also required to notify SIA of any changes to the pledged financial security within the next working day of submitting the change to IATA-BSP-country.
(b) Company shall also permit SIA to verify with IATA-BSP-country on the provided IATA financial security information on a regular basis.
(c) If Company breaches any of the terms and conditions of the Agreement, SIA reserves the right to withhold tickets, forms, documents and other materials from Company.
9. PERSONAL DATA
9.1 Company acknowledges and represents that it is aware of and is in compliance with the requirements under all applicable Data Protection Laws, as defined under Schedule 2 to this Agreement. Each Party shall comply with the provisions under Schedule 2 to this Agreement. SIA shall have the right to terminate this Agreement with immediate effect if Company is found to have breached any provision under this clause, including Schedule 2, and fails to remedy such breach within 14 days’ notice.
10. CONFIDENTIALITY
10.1 For the purposes of the Agreement, "Confidential Information" includes the terms of the Agreement, all information (written or oral) concerning the business and affairs of each of the disclosing Parties (including, without limitation, information relating to the operational systems and processes of each Party, customers and services of each Party or its related or associated companies, reports, recommendations, advice or tests, source and object codes of software incorporated into the operational systems and processes operated by SIA or its related or associated companies including any API licensed by SIA to Company under the Agreement (where applicable)), and data, obtained or received or accessed by each Party as a result of or in connection with the entry or performance of the Agreement. Any information which each Party has received or will receive in tangible form from the disclosing Party that is marked as "Confidential" or "Proprietary" or with words to a similar effect pursuant to the Agreement will also be considered Confidential Information.
10.2 Each receiving Party agrees to keep confidential, and to procure that its respective Representatives (as defined in Clause 10.3 below) keep confidential, any Confidential Information, and shall not, disclose the Confidential Information to any other person unless disclosure has been expressly permitted by the disclosing Party in writing. Each receiving Party agrees and acknowledges that the disclosing Party’s
Confidential Information shall only be used for the purposes of performing its obligations under the Agreement.
10.3 Each Party agrees to disclose such Confidential Information only to the extent necessary to such of its officers, employees, agents, and approved vendors and sub-contractors (and in the case of SIA, includes its professional advisors and consultants) as shall have a need to know for the proper purposes referred to in this Clause 0 (the “Representatives”). Each Party hereby undertakes to take all such steps as shall from time to time be necessary to ensure compliance by its respective Representatives with the provisions of this Clause 0.
10.4 Notwithstanding the foregoing, each receiving Party shall not be liable to the disclosing Party for the disclosure of any Confidential Information which is in or later enters the public domain, other than by reason of any breach, default or wilful or negligent act or omission of the receiving Party or any of its Representatives.
10.5 Upon request, each receiving Party shall immediately return to the disclosing Party all tangible materials (including copies thereof) of the disclosing Party, including, but not limited to any documents, disks, USB-sticks, tapes and/or similar storage devices, without retaining any copies, notes or extracts. If not returned, such tangible materials shall be destroyed (or deleted if stored or contained in a database or compilation system).
10.6 The provisions of this Clause 10 shall survive, and continue to be binding on the Parties after, the expiry or termination of the Agreement.
11. WARRANTIES
11.1 Each Party warrants and represent to the other Party that:
(a) it has the right, power and authority to enter into the Agreement;
(b) it has the rights necessary to perform its obligations hereunder;
(c) in the event Company provides API to SIA under the Agreement, its title to and property in such API is free and unencumbered and it owns or has all necessary rights to grant the rights contemplated hereunder including all IPR in such API;
(d) in respect of the Company, all items supplied solely by Company to SIA under the Agreement do not alone or in any combination infringe any IPR, and in the event Company provides API to SIA under the Agreement, it is not aware of any claims of the IPR in such API that would be inconsistent with the performance of its obligations under the Agreement;
(e) in respect of the Company, the Company shall not infringe any of SIA's or any third party's IPR in performing its obligations under the Agreement or accessing or using any API licensed by SIA to Company under the Agreement (where applicable);
(f) in respect of the Company, the Company will adhere to the SIA Suppliers' Code of Conduct set out in singaporeair.com/pdf/media-centre/supplierscodeofconduct.pdf, which may be revised by SIA from time to time; and
(g) it will comply with all applicable laws and regulations.
11.2 Company shall not introduce any Viruses onto SIA's In the event Company provides API to SIA under the Agreement, Company:
(a) further warrants and represents that such API will not, when installed, contain Viruses that will have an adverse effect on the information and networked system including but not limited to all hosts, routers, fileservers, firewalls and/or network appliances; and
(b) shall, without prejudice to any other right of action available to SIA under the Agreement or under any general law, notify SIA immediately if such API shall be found or should have been found to contain any Viruses.
12. LIMITATION OF LIABILITY
12.1 Except as otherwise provided in the Agreement, neither Party shall be liable to the other Party for any special, incidental, indirect, consequential, exemplary or punitive damages (including, without limitation damages for lost profits, anticipated profits, contract, goodwill, production, corruption of data, operation time, revenue, economic loss, business opportunity or business interruption) relating to the Agreement, any of the services or work product provided under the Agreement or any other subject matter of the Agreement and regardless of whether such claim be based on contract, tort, equity or otherwise.
12.2 Without limiting Clause 12.1, the maximum aggregate liability of SIA to Company for any or all claims for any damages of any kind relating to the Agreement, any services or work product provided under the Agreement or any other subject matter of the Agreement shall not exceed an amount equal to the total amount payable from SIA to Company through its incentive schemes.
12.3 The limitations of liability contained in Clause 12.1 and 12.2 will apply regardless of the form of action (including without limitation, contract, warranty, negligence, tort, strict liability or statutory) or type of damages, regardless of any claim or finding with respect to the adequacy, failure, purpose or sufficiency of any remedy offered or provided for hereunder and regardless of whether a Party was informed of, aware of or otherwise could have anticipated the possibility of such damages or liability.
12.4 Clauses 12.1 and 12.2 shall not apply to the indemnities to be provided pursuant to Clause 13; and shall not apply to damage and/or loss caused to SIA by Company's:
(a) infringement of any of SIA's or SIA's licensors' IPR;
(b) breach of the licence terms and Company's obligations in relation to such API in the event SIA licenses API to Company for use under the Agreement;
(c) breach of Clauses 9 and 11; and/or
(d) breach of the Company's confidentiality obligations under the Agreement.
13. INDEMNITY
13.1 Company agrees to indemnify and hold harmless SIA and its related and associated companies in full from and against all actions, proceedings, claims, damages, liabilities, settlement sums, charges, losses, costs and expenses (including without limitation, legal costs and expenses and costs of other professionals and any penalties or other amounts levied, imposed or charged by any regulator or regulatory authority) (collectively, "Losses") whatsoever arising out of or in connection with:
(a) the sale or issue of tickets, exchange vouchers/orders, forms, documents or other materials furnished by SIA to Company, or tickets, exchange vouchers/orders, forms, documents or other materials issued by Company on the authority of SIA, or the proceeds thereof, whether or not such proceeds have been deposited in a bank, and whether or not such loss is occasioned by the default or insolvency of either a purchaser of such forms or documents or of a bank in which Company may have deposited such proceeds, and notwithstanding the fact that, under the terms of the Agreement, such proceeds are the property of SIA and held by Company on trust in a segregated account exclusively for the benefit of SIA, and Company shall ensure that such funds are not comingled with any other monies (including the monies of other customers of Company, other funds of Company, and/or funds of other third parties);
(b) in the event SIA licenses API to Company for use under the Agreement, Company's or its users' access and/or use of such API (including any content or data in connection therewith);
(c) in the event SIA licences SIA IPR to Company for use under Clause 20.1, Company’s or its users’ infringement and/or potential infringement of any third party’s IPR (directly or indirectly) as a result of or relating to any misuse or misappropriation of SIA IPR;
(d) Company's or its users' breach of any of the terms of the Agreement;
(e) Company's or its users' violation of any rights including without limitation, the IPR, of a third party;
(f) in the event SIA licenses API to Company for use under the Agreement, any other party's access, use, breach or violation of the items set out in the above paragraphs (b) to (e), where such party was able to access and/or use such API by using Company's access credentials;
(g) Company's breach of its confidentiality obligations under the Agreement;
(h) fraud (including any chargebacks on credit cards in connection with or caused by fraudulent claims and disputes), gross negligence, willful misconduct, negligent act, omission or misrepresentation of Company, Company's users, Company’s Users, Company's personnel or Company's agents; and/or
(i) bodily injury or death of any person or damage to real and/or tangible personal property directly caused by the negligence or willful misconduct of Company, Company's users, Company’s Users, Company's personnel or Company's
13.2 SIA agrees to indemnify and hold harmless Company in full from and against all actions, proceedings, claims, damages, liabilities, settlement sums, charges, losses, costs and expenses (including without limitation, legal costs and expenses and costs of other professionals and any penalties or other amounts levied, imposed or charged by any regulator or regulatory authority) (collectively, "Losses") whatsoever arising out of or in connection with:
(a) SIA's breach of its confidentiality obligations under the Agreement; and/or(b) bodily injury or death of any person or damage to real and/or tangible personal property directly caused by the negligence or willful misconduct of SIA or SIA’s personnel or agents.
13.3 The remedies contained in this Clause 13 are without prejudice to and in addition to any warranties, indemnities, remedies or other rights provided by law. Company agrees and acknowledges that SIA is not obliged to take any step or measure to mitigate any Losses.
14. TERMINATION
14.1 The Agreement may be terminated:
(a) by SIA giving written notice to terminate to Company if:
(i) Company commits any breach of any term of the Agreement and (in the case of a remediable breach) fails to remedy the breach within fourteen (14) days of receipt of a written notice from SIA to remedy the breach.
(ii) Company is involved in any activity which may bring SIA into disrepute, damage the good name of SIA or result in losses to the property of SIA or in Losses;
(iii) Company's sales performance is not up to SIA's expectation;
(iv) Company ceases to be in business as a travel agent for sale of the Transportation;
(v) where Company is an IATA member and Company's membership is revoked or terminated for any reason whatsoever;
(vi) where Company is an ARC agent and Company's ARC accreditation is revoked or terminated, or Company is removed from the ARC Agency List, for any reason whatsoever;
(vii) Company has its travel agency licence cancelled or revoked, or such licence otherwise expires or lapses; or
(viii) in SIA's opinion, Company is not operating as a travel agent in the best interests of SIA and/or its related or associated companies;
(b) by either Party at any time upon the giving of thirty (30) days' written notice to the other Party; or
(c) by either Party giving written notice to the other Party in the event that either Party (i) files for bankruptcy; (ii) becomes or is declared insolvent, or is the subject of any proceedings related to its liquidation, insolvency or the appointment of a receiver or similar officer for it; (iii) makes an assignment for the benefit of all or substantially all of its creditors; or (iv) enters into an agreement for the composition, extension, or readjustment of substantially all of its obligations.
14.2 Upon expiry or termination of the Agreement:
(a) a request for return of Confidential Information is deemed to be made and Clause 10.5 and 10.6 shall apply;
(b) all property of each Party shall immediately be returned that Party, and Company shall return all SIA property together with all monies due and payable to SIA hereunder and a complete, and satisfactory account rendered; and
(c) SIA may, without prejudice to any of its rights under the Agreement, take possession of any property belonging to SIA.
14.3 Any termination of the Agreement pursuant to this Clause shall be without prejudice to any other rights or remedies any Party may be entitled to hereunder or at law and shall not affect any accrued rights or liabilities of either Party.
14.4 All Clauses of the Agreement so intended to survive after expiry or termination of the Agreement shall survive the expiry or sooner termination of the Agreement. For the avoidance of doubt, the indemnities provided by Company hereunder shall survive, and continue to be binding on the Parties after the expiry or termination of the Agreement.
15. ANTI-CORRUPTION/ANTI-BRIBERY REPRESENTATIONS AND WARRANTIES
15.1 Company represents and warrants that it is in compliance with all laws of those countries in which it operates, including all anti-corruption and anti-bribery laws, and will remain in compliance with all such laws during the Term. Company further represents and warrants that it has not made, authorized or offered to make payments, gifts or other transfers of value, directly or indirectly, to any government official or private person in order to (a) improperly influence any act, decision or failure to act by that official or person, (b) improperly induce that official or person to use his or her influence with a government or business entity to affect any act or decision by such government or entity, or (c) secure any improper advantage.
15.2 Company agrees that should it learn or have reason to know of any payment, gift or other transfer of value, directly or indirectly, to any government official or private person that would violate any anti-corruption or anti-bribery law, it shall immediately disclose such activity to SIA. If, after consultation by the Parties, any concern cannot be resolved in the good faith and reasonable judgment of SIA, then SIA, on written notice to Company, may despite any other term of the Agreement withdraw from or terminate the Agreement with immediate effect.
15.3 SIA shall have the right to terminate the Agreement with immediate effect if Company breaches this Clause 15, or any other, representation, warranty or undertaking set forth in the Agreement.
16. NOTICES AND COMMUNICATION
16.1 All notices required or permitted to be given hereunder shall be in writing and in the English language and shall be sent by hand or by post or by email to the respective addresses and/or numbers of the Parties as set out in the Agent 360 Registration Form or the Key Terms (where applicable), or to such other address or numbers as the relevant Party may hereafter specify to the other Party by notice in writing expressed to be for the purposes of this Clause.
16.2 Any notice, demand or other communication so addressed to the relevant Party shall be deemed to have been delivered if (a) delivered by hand, on the date of receipt, or (b) delivered by post, five (5) days after despatch, or (c) in the case of electronic transmission, on despatch of the notice from the sender's outbox, unless a delivery failure notification is received by the sender.
16.3 Any process or other document relating to litigation, administrative or arbitral proceedings relating to this Agreement may be served by any method contemplated by this Agreement or in accordance with any applicable law.
17. INSPECTION
17.1 Company's records, such as books, tickets, exchange vouchers/orders, forms, documents and other materials relating to the sale of the Transportation and/or Services offered by SIA shall be open to inspection by SIA. Company shall furnish to SIA adequate opportunity to interview and obtain information from any officer, agent, employee and servant of Company whom SIA has reason to believe is or might be in possession of information relative to the complaint or other matter under investigation.
17.2 Company shall submit to SIA on an annual basis, its audited annual accounts within six (6) months of the close of its financial year.
18. GOVERNING LAW AND DISPUTE RESOLUTION
18.1 The laws of the Republic of Singapore shall govern the validity and interpretation of the Agreement and the legal relationship of the Parties to it.
18.2 In the event of any dispute of difference arising out of or in connection to the Agreement or the breach thereof including any question regarding its existence, validity or termination, the Parties shall use their best endeavours to settle such disputes or differences through amicable discussions. To this effect, they shall consult and negotiate with each other, in good faith and understanding of their mutual interests, to reach an amicable and equitable solution satisfactory to both Parties.
18.3 If the Parties are unable to reach any solution within a period of thirty (30) days after the commencement of the negotiation then the disputes or differences shall be referred to and finally resolved by arbitration in Singapore in accordance with the Arbitration Rules of the Singapore International Arbitration Centre for the time being in force which rules are deemed to be incorporated by reference into this Clause. All arbitration proceedings shall be in the English The seat of the arbitration shall be Singapore. The Tribunal shall consist of 1 arbitrator.
18.4 The commencement of any arbitration proceedings under this Clause shall in no way affect the continual performance of the obligations of the Parties under the Agreement, except insofar as such obligations relate to the subject matter of such proceedings.
19. GENERAL
19.1 No waiver of any rights arising under the Agreement shall be effective unless in writing and signed by the Party against whom the waiver is to be enforced. No waiver of any breach of the Agreement shall operate as a waiver of any subsequent breach of the same or any other provision. The failure of either Party to enforce at any time of the provisions of the Agreement shall in no way be interpreted as a waiver of such provision.
19.2 If any term or provision of the Agreement shall be held to be invalid, illegal or unenforceable, the remaining terms and provisions of the Agreement not affected by such invalidity illegality or unenforceability shall remain in force and effect and such invalid, illegal or unenforceable term or provision shall be deemed not to be part of the Agreement.
19.3 The Agreement is personal to Company and shall not be assigned or novated either as to the whole or any part thereof, without the prior written consent of SIA. SIA may, by notification to Company, assign or novate the whole or any part of the Agreement to any party. Company shall be deemed to have consented to such assignment or novation, which shall be effective on the date that SIA notifies Company.
19.4 The Agreement shall operate for the benefit of and be binding on the successors in title and permitted assigns of each Party.
19.5 Company shall carry out its obligations hereunder personally. Company shall not subcontract the whole or any part of its obligations under the Agreement without the prior written consent of SIA.
19.6 Notwithstanding any other provision to the contrary contained in the Agreement, SIA will be entitled, at any time and from time to time, without notice to Company, to set off and deduct from any and all amounts payable to Company (whether under the Agreement or any other agreement), any and all sums that may be due and owing by Company to SIA, its related or associated companies, whether under the Agreement or otherwise (including without limitation, any liquidated damages payable under any of the Clauses of the Agreement, or any amounts previously overpaid to Company).
19.7 The Agreement including all schedules and attachments hereto contains the entire agreement between the Parties with respect to the subject matter of the Agreement and supersedes all previous agreements and understandings between the Parties relating to the subject matter herein, whether oral or in writing.
19.8 Nothing in the Agreement shall create or be deemed to create a partnership or joint venture between the Parties and unless otherwise expressly provided in the Agreement no Party shall enter into or have authority to enter into any engagement or make any representation or warranty on behalf or pledge the credit of or otherwise bind or oblige the other Party thereto. The Parties enter into the Agreement as independent contractors.
19.9 All media releases, public announcements and public disclosures by Company relating to the Agreement, or the subject matter thereof, including but not limited to promotional marketing material, but not including any announcement intended solely for internal distribution by SIA and Company nor any disclosure required by legal, accounting or regulatory requirements, shall be approved by SIA in writing prior to release.
19.10 For the avoidance of doubt, the obligations of this Clause 19 shall survive the expiration or termination of the Agreement without limitation in point of time.
19.11 A person not party to the Agreement (other than a permitted assignee to whom rights have been assigned in accordance with the provisions of the Agreement) shall have no right under any legislation for the enforcement of contractual terms by a third party (whether in force now or to be enacted in the future and as the same may be modified, adapted or supplemented from time to time) to enforce any term of the Agreement.
19.12 Time is of the essence of the Agreement but no failure or delay on the part of SIA in exercising any right, power, privilege or remedy shall impair any such right, power, privilege or remedy or be construed as a waiver thereof or an acquiescence to such default.
19.13 Order of precedence:
(a) If there is any conflict or inconsistency between this Agreement and any previous passenger sales agency agreement and/or incentive or remuneration agreement entered into between SIA and the Agent, the terms of this Agreement shall prevail, subject to clause 19.13 (b) below.
(b) Where the Company has entered or enters into an SIA Passenger Sales Agency Agreement with SIA which (1) was executed by the Parties offline outside of the AGENT 360 platform (2) and came or comes into effect on or after 1 May 2020 (a “SIA Traditional PSAA”), the Parties agree that in the event of a conflict between this Agreement and an SIA Traditional PSAA, the terms of the relevant SIA Traditional PSAA shall prevail.
19.14 If there is any conflict in meaning between the English language version of this Agreement and any version or translation of this Agreement in any other language, the English language version shall prevail.
19.15 This Agreement was last updated on the date at the top of this page. No changes to this Agreement are valid or have any effect unless agreed by SIA in writing or made in accordance with this clause. SIA shall be entitled to vary the terms of this Agreement from time to time. The updated terms of the Agreement will be displayed on AGENT 360 and by continuing to use and access AGENT 360 following such changes, Company agrees to be bound by any variation or amendment made by SIA. Company agrees that it is its responsibility to check AGENT 360 from time to time to verify such variations. Notwithstanding the foregoing, no amendments or changes to any Key Terms agreed to by the Parties shall be effective unless made in writing and duly signed by authorized representatives of both Parties.
20. INTELLECTUAL PROPERTY
20.1 SIA agrees to grant Company a non-exclusive, revocable, non-sublicensable, non-transferable, and limited license to use SIA IPR, as solely determined by SIA for the Term, for the purpose of this Agreement.
20.2 Company agrees:
(a) that subject to Clause 20.1 above, Company shall comply with SIA’s guidelines for the use of any SIA IPR and reasonable instructions concerning the use of any SIA IPR, as informed and/or provided by SIA from time to time.
(b) that it shall not use or register a trademark, service mark, trade name, or logo that is likely to be confused with any SIA IPR; and
(c) that it shall not, without obtaining SIA’s prior written consent, authorise any third parties to use any SIA IPR.
20.3 Nothing in this Agreement shall give Company any rights in respect of SIA IPR, or of the goodwill associated thereof. Company acknowledges and agree that, except as expressly provided in this Agreement, it shall not acquire any rights in respect thereof.
20.4 For the avoidance of doubt, the licence granted by SIA to Company pursuant to this Clause will cease at the end of the Term.
SCHEDULE 1 – NON-IATA ACCREDITED AGENTS
If the Company is an ARC-accredited Agent and/or IATA-accredited Agent, this Schedule 1 will not apply to the Company.
1. DEFINITIONS1.1 Words and expressions in this Schedule 1 shall have the following meanings, unless the context requires otherwise:
Approved Locations includes Head Office and Branch Office locations specified by Company and approved by SIA;
Head Office means Company's principal place of business;
Branch Office means Company's place of business as a branch office location which is the same entity as its Head Office and which has been approved by SIA in writing, with the Head Office having full legal and financial responsibility of the administration, staff, liability maintenance and operational expense of the Branch Office;
Electronic Document means:
(a) an electronic record issued by an Approved Location, in accordance with applicable tariffs for the issuance of the passenger ticket or Order;
(b) an electronic record issued by SIA or Company, in accordance with applicable tariffs, for residual value (applicable to carriers only), refundable balance or, for the collection of miscellaneous charges, which depending on the conditions of issuance, may or may not be lifted with an electronic ticket flight coupon(s);
(c) SIA's own traffic documents – passenger ticket and baggage check forms, automated ticket/ boarding passes, miscellaneous charges orders, multiple purpose documents, agent refund vouchers and online tickets supplied by SIA to Company; and/or
(d) any electronic tickets and other electronic documents issued by SIA to Company.
GDS means a computerised system containing and/or facilitating access to information about schedules, availability, fares and related Services, and through which reservations can be made and/or tickets issued, and which makes some or all of these facilities available to subscribers, including Company.
Order means a uniquely identified record of the agreement of one party with another to receive products and Services under specified terms and conditions;
2. COMPANY'S ADDITIONAL OBLIGATIONS
2.1 The Company represents and warrants that it is established for no less than 1 year as at the date of this Agreement.
2.2 If requested by SIA, Company shall, as soon as reasonably practicable, furnish a security deposit as set out in the Key Terms or otherwise instructed by SIA by way of cash or a banker's guarantee issued by a reputable bank acceptable to SIA, on terms prescribed by SIA.
2.3 SIA and/or its designees may, by reasonable notice in writing and at any time during normal office hours, access the premises of Company to audit their facilities, equipment, documents (including without limitation, Electronic Documents), records and/or data, for the purposes of verifying compliance with the terms and conditions of this Agreement, including compliance with this Clause 2 set forth in this Schedule 1 and/or any other requirements under this Agreement. Company shall procure that its personnel provide SIA and/or its designees with full co-operation and assistance in connection with the audit at their own cost and expense, at no additional cost to SIA. Save for the foregoing, each such audit shall be carried out at SIA's sole cost and expense unless any unreported breach is uncovered in the course of such audit, in which case the reasonable costs of that particular audit shall be borne solely by Company.
2.4 Company shall:
(a) carry out its business in Approved Locations;
(b) only issue the Electronic Documents in the form that has been approved by SIA;
(c) comply with any other terms and conditions imposed by SIA in relation to the issuance of Electronic Documents, including without limitation:
(i) all other instructions issued by SIA in relation to the issuance of an electronic miscellaneous document;
(ii) all other instructions issued by SIA in relation to the making of reservations, including without limitation, to:
(1) establish and verify the details of the required service, including but not limited to the complete itinerary, minimum connecting time intervals, flight number(s) and any special service information and requirements etc;
(2) obtain the emergency contact of a customer;
(3) ensure that the actual operating carrier is made clear to the customer for code-shared flights;
(4) make modifications to the original booking be made in the same computer reservation system;
(5) ensure that any documents are issued in accordance with the status for reservations;
(6) strictly adhere to time limits established by SIA when making reservations for a group;
(7) request or sell airline space only when Company has a request to do so from a customer;
(8) ensure reservations booking designator used in booking space corresponds to the applicable fare quoted to the customer;
(9) advise passengers of irregular flight operations and disruptions; and
(10) notify a customer of the reservations status of all segments and associated services and of any changes thereto;
(iii) all other instructions issued by SIA in relation to the use of its traffic documents, including without limitation, ensuring the safe custody and care of traffic documents whilst these traffic documents are in the possession, custody, or control of Company;
(iv) all other instructions issued by SIA in relation to the issuance of an electronic ticket, including without limitation, to:
(1) undertake appropriate measures to ensure clear identification of the ticket as an electronic transaction throughout all processing operations concerning such ticket;
(2) report and remit to SIA the monies due in respect of the electronic tickets in accordance with SIA's standard procedures;
(3) record the date of issuance for all electronic tickets;
(4) provide passenger with all applicable legal notices, and generate and furnish a receipt to the customer, such legal notices to be in accordance with any applicable laws, regulations and/or guidelines furnished by SIA;
(5) issue separate flight coupons for each portion of the journey where a change of flight, change in reservation booking designation or a stopover is involved;
(6) ensure that tickets issued initially in conjunction with one another shall be of the same form code and shall be in numeric sequence, which shall otherwise be in accordance with guidelines furnished by SIA from time to time;
(7) issue separate passenger tickets for each passengers;
(8) adhere strictly to all ticketing time limit requirements established by SIA, which may be amended by SIA from time to time;
(9) ensure that dates provided on electronic tickets to be composed of two numerics for day followed by first three letters of month and the last two digits of the year;
(10) ensure that country codes used to identify taxing countries shall be those established by the International Standards Organisation;
(11) ensure that currency codes used shall be approved by SIA;
(12) honour flight coupons only in the sequence stored in the ticket record;
(13) ensure that the fare paid by customer shall be that which is applicable when international travel actually commences in the country of the point of origin shown on the ticket;
(14) ensure that details of the passenger itinerary receipt comply with such guidelines as may be funished by SIA from time to time; and
(15) release cancelled reservations by a customer whenever a customer cancels a reservation.
2.5 Company shall not:
(a) accept money from a customer and retain such money without providing a customer air transportation or ancillary services;
(b) make a change, or reissue any Electronic Documents without the instructions of the customer; issue a miscellaneous document against an unused or partly used document;
(c) sell, validate or issue an Electronic Document of or in the name of SIA for Transportation solely on any other carrier, unless Company has been so authorised by SIA;
(d) knowingly accept in any manner whatsoever unissued Electronic Documents assigned to and or held by another travel agent, whether or not such documents have been validated. Should Company receive an offer of the nature described above, such offer shall be refused and shall be reported in detail to SIA;
(e) deliberately make duplicate or multiple reservations for the same customer(s);
(f) attempt to secure the required service for a group of 10 or more customers in smaller numbers;
(g) hold space under speculative names;
(h) make excessive reservations for the same customer; and input fictitious, used or expired ticket number
(i) input fictitious, used or expired ticket number
SCHEDULE 2 – DATA PROTECTION TERMS
To the extent that any of the terms or conditions contained in this Schedule may contradict or conflict with any of the terms or conditions of the Agreement, it is expressly understood and agreed that the terms of this Schedule shall take precedence and supersede the Agreement. Any terms not defined in this Schedule shall have the meaning ascribed to it under the Agreement.
The Parties agree as follows:
1. Definitions
1.1 For the purpose of this Schedule, the following terms shall have the following meanings:
"Business Day" means any day other than a Saturday, Sunday or public holiday in Singapore;
"California Personal Data" means all personal information (as defined in the CCPA) of individual customers of each Party who reside in the State of California, or any personal information of each Party’s employees employed and residing in the State of California;
“China Personal Data” means all personal information (as defined in the PIPL) of individual customers of each Party who reside in mainland China, or any personal information of each Party’s employees employed and residing in mainland China;
“Controller to Controller Clauses” means (i) in respect of transfers of EU Personal Data, the standard contractual clauses for the transfer of Personal Data to third countries set out in Commission Decision 2021/914 of 4 June 2021, specifically including Module 1 (Controller to Controller); and (ii) in respect of transfers of UK Personal Data, the standard contractual clauses issued by the Commissioner under s119A(1) Data Protection Act 2018, in each case as amended, updated or replaced from time to time;
"Data Protection Laws" means:
(a) in respect of EU Personal Data, any law, statute, declaration, decree, directive, legislative enactment, order, ordinance, regulation, rule or other binding instrument of the Party’s member state, including Regulation 2016/679 (the “GDPR”), Regulation (EU) 2017/003 (the “e-Privacy Regulation”) European Union Directive 95/46/EC, and Directive 2002/58/EC (the “e-Privacy Directive”);
(b) in respect of California Personal Data, the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100 et seq (the “CCPA”);
(c) in respect of China Personal Data, the Personal Information Protection Law of the People’s Republic of China and related laws and regulations (the “PIPL”);
(d) in respect of Personal Data, means the Singapore Personal Data Protection Act 2012 (the “PDPA”); and
(e) in respect of UK Personal Data, the UK Data Protection Act 2018 (“DPA”), the UK General Data Protection Regulation as defined by the DPA as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (together with the DPA, the “UK GDPR”), and the Privacy and Electronic Communications Regulations 2003, and any relevant law, statute, declaration, decree, directive, legislative enactment, order, ordinance, regulation, rule or other binding instrument which implements any of the above or which otherwise relates to data protection, privacy or the use of personal data, in each case as applicable and in force from time to time, and as amended, consolidated, re-enacted or replaced from time to time (“UK Data Protection Laws”);
(f) in respect of Shared Personal Data, all of the above.
(in each case as amended, consolidated, re-enacted or replaced from time to time);
“EU Personal Data” means all personal data (as defined in the GDPR or any national legislation implementing the GDPR) of individual customers of each Party who are offered goods and services in the European Economic Area (“EEA”), and Switzerland (the “GDPR Countries”) or whose behaviour is monitored in the GDPR Countries, or any personal data of each Party’s employees employed in the GDPR Countries;
"Personal Data" means data, whether true or not, about an individual who can be identified either from that data or from that data when combined with other information to which an entity has access or is likely to have access;
"Process", "Processed", "Processing" means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
"Purpose" has the meaning given in Clause 2.2 of this Schedule;
"Representatives" means, as applicable in relation to a Party, its directors, officers, employees, agents, consultants, advisers, subcontractors or other representatives and the directors, officers, employees, agents, consultants, advisers, subcontractors or other representatives of each of the Parties;
"Shared Personal Data" means the EU Personal Data, California Personal Data, and/or the Personal Data each Party provides to or receives from the other; and
"Third Countries" means
(i) in relation to personal data transfers subject to the GDPR, all countries outside of the scope of the data protection laws of the EEA, excluding countries approved as providing adequate protection for personal data by the European Commission from time to time, which at the date of this Addendum include Andorra, Argentina, Canada, Faroe Islands, Guernsey, Isle of Man, Israel, Japan, Jersey, New Zealand, Republic of Korea, Switzerland, Uruguay and the UK; and
“UK Personal Data” means all personal data (as defined by UK Data Protection Laws) of individual customers of each Party who are offered goods and services in the UK or whose behaviour is monitored in the UK, or any personal data of each Party’s employees employed in the UK.
2. Purpose of Data Sharing
2.1 The Parties Process Shared Personal Data for the provision of a web-based meta search facility for available travel or travel-related options, presenting the results and enabling End Users to select a travel or other travel-related option and create and make changes to the order. Each Party shall in respect of EU Personal Data and UK Personal Data act as a data controller, subject to the terms of this Schedule. Such data sharing does not constitute joint control of the Parties under the PIPL.
2.2 Each Party agrees to only Process the Shared Personal Data in accordance with this Schedule, for the purposes of selling SIA’s tickets, and the Parties shall not Process Shared Personal Data in a way that is incompatible with the purposes described in this Schedule, more particularly described in Appendix 1 to this Schedule (the “Purpose”). In no event shall either Party Process any Shared Personal Data for the purpose of direct marketing to customers/employees of the Party from which it received the relevant Shared Personal Data.
2.3 The Parties shall ensure Shared Personal Data comprises only data or information of customers/employees that is necessary for the Purpose, including the customer’s/employee’s name and relevant information that is required to facilitate the flight booking (as prescribed at Appendix 1).
2.4 Each Party shall comply with all applicable Data Protection Laws to the extent relevant to its Processing of Shared Personal Data or its obligations under the Agreement and this Schedule.
3. Protection of Shared Personal Data
3.1 Each Party shall, and shall procure that its Representatives shall:
(a) in relation to the Shared Personal Data, obtain consent (where necessary) and/or provide notice to customers/employees in accordance with Data Protection Laws to enable Shared Personal Data to be provided to, and used by, the other Party as contemplated by the Agreement;
(b) Process the Shared Personal Data for no longer than is necessary to carry out the Purpose and in any event not longer than any statutory or professional retention periods applicable under any Data Protection Laws, and shall return or delete any Shared Personal Data once the Processing of the relevant Shared Personal Data is no longer necessary for the Purpose;
(c) where Shared Personal Data that constitutes EU Personal Data is transferred by a Party to a location outside of the EEA, the transferor shall comply with the data exporter’s obligations in the Controller to Controller Clauses in the form set out in Appendix 3, and the transferee shall comply with the data importers obligations in the Controller to Controller Clauses;
(i) For the purposes of Annex I of such Controller to Controller Clauses, the parties and processing details set out in Appendix 1 (Processing Details) shall apply;
(ii) For the purposes of Annex II of such Controller to Controller Clauses, the technical and organizational security measures set out in Appendix 2 (Technical and Organizational Security Measures) shall apply;
(d) where Shared Personal Data that constitutes UK Personal Data is transferred by a Party to a location outside of the UK, the transferor shall comply with the terms set out in the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (which incorporates the Standard Data Protection Clauses issued by the Information Commissioner’s Office under section 119A(1) of the Data Protection Act 2018), as updated from time to time, which are set out in Appendix 4 (the “UK SCCs”).
(i) For the purposes of Table 1 of the UK SCCs, the parties and processing details set out in Appendix 1 (Processing Details) shall apply;
(ii) For the purposes of Table 2 of the UK SCCs (Selected SCCs, Modules and Selected Clauses), the clauses as set out in Appendix 3, as read together with the UK SCCs, shall apply;
(iii) in relation to the appropriate standards of Technical and Organizational measures (including technical and organizational measures to ensure the security of the data) applicable, Appendix 2 shall apply;
(e) where Shared Personal Data that constitutes Personal Data is transferred outside the territory of the Republic of Singapore, the transferor shall
(i) obtain all necessary consents for such transfer;
(ii) ensure that the recipients of such Personal Data is (are) under contractual obligations to protect such Personal Data to the same or higher standards as those imposed under this Schedule and the PDPA; and
(iii) only Process or transfer such Personal Data to,
(a) in respect of transfers by either Party, any country or territory from or in which each Party’s customers are; and
(b) in respect of transfers by Company, any country or territory in which Company or its service providers operate, as specified by Company in the Agent 360 Registration Form or the Key Terms (where applicable);
and on the condition that the transferor shall notify the other Party in writing of any intended changes concerning arrangements to transfer or Process such Personal Data outside Singapore;
(f) where Shared Personal Data that constitutes China Personal Data is transferred outside China, the transferor shall comply with the data exporter’s obligations under Chapter 3 of the PIPL (Rules of Cross-Border Provision of Personal Information) and satisfy one of the following conditions:
(i) it has passed the privacy security assessment by the Cyberspace Administration of China (the “CAC”)
(ii) it has obtained the required privacy certification from the specialized organization designated by the CAC;
(iii) it has entered into the standard contract with the recipient in the form formulated and published by the CAC; or
(iv) where applicable Chinese laws and regulations otherwise allows.
(g) comply with its obligations pursuant to Chapter 3 of the GDPR (Rights of the data subject), Chapter IV of the PIPL (Individuals’ Rights in Personal Information Processing Activities), Part V of the PDPA (Access to and Correction of Personal Data), and pertaining to consumer rights under the CCPA, and where requested by the other Party in relation to any Shared Personal Data, assist the other Party to comply with the same rights to the extent necessary, including:
(i) assisting the other Party with any data subject access requests which it may receive from individuals to whom any Shared Personal Data relates; and
(ii) carrying out any reasonable request from the other Party to amend, restrict, or delete any Shared Personal Data;
3.2 A Party shall permit the other Party at any reasonable time upon five (5) Business Days’ notice, to be given in writing, to have access to the appropriate part of the data recipient’s premises, systems, equipment, and other materials and data Processing facilities to enable the other Party to inspect the same for the purposes of monitoring compliance with the data recipient’s obligations under the Agreement and this Schedule. Such inspection shall not relieve the data recipient of any of its obligations under the Agreement and this Schedule.
3.3 The Parties agree to negotiate in good faith modifications to this Schedule if changes are required for a Party to continue to Process the Shared Personal Data in compliance with Data Protection Laws or to address the legal interpretation of Data Protection Laws, including (i) to comply with any amendments to the PDPA; (ii) to comply with the GDPR or the UK Data Protection Laws and any guidance on the interpretation of its provisions; (iii) if changes to the membership status of a country in the European Union or the EEA require such modification, or (iv) to comply with the CCPA and any guidance on the interpretation of its provisions; or (v) to comply with the PIPL and any guidance on the interpretation of its provisions.
3.4 Both Parties acknowledge and agree that nothing in this Agreement or this Schedule creates or shall be interpreted as a joint data controller relationship under the PIPL between the Parties.
3.5 If Company Process and Shared Personal Data in violation of the Data Protection Laws or in breach of the terms and conditions of this Agreement, SIA shall be entitled to (i) require the Company to stop the violation or the breach immediately; and (ii) take (by itself and/or requiring the Company to do so) effective remedial or corrective measures to mitigate the risks or damages.
APPENDIX 1 TO SCHEDULE 2
PROCESSING DETAILS
A. LIST OF PARTIES
Party 1 (Data Exporter / Data Importer)
- Name: Singapore Airlines Limited
- Address: Airline House, 25 Airline Road, Singapore 819829
- Contact person’s name, position and contact details: Christian Stenkewitz, Data Protection Officer (EU) / General Manager Benelux, dpo@singaporeair.com.sg
- Activities relevant to the data transferred under these Clauses: Collection, Storage, Use, Alteration, Transmission, Dissemination, Erasure / Deletion.
- Role: Controller
Party 2 (Data Exporter / Data Importer)
- Name: As stated in Agent 360 Registration Form
- Address: As stated in Agent 360 Registration Form
- Contact person’s name, position and contact details: As stated in Agent 360 Registration Form
- Activities relevant to the data transferred under these Clauses: Collection, Storage, Use, Alteration, Transmission, Dissemination, Erasure / Deletion
- Role: Controller
For the purposes of this Agreement, each Party are both a Data Importer and Data Exporter.
B. PROCESSING DETAILS/ DESCRIPTION OF TRANSFER
Categories of Data subjects whose personal data is processed/transferred
The personal data transferred concern the following categories of data subjects (please specify):
Customers and Employees of Data Exporter.
Categories of data processed/transferred
The personal data transferred concern the following categories of data (please specify):
- Of customers,
- flight details (including ticket numbers, flight numbers, dates, origin, destination, etc), customer preferences / specifications for the booking, including meal preference, medical conditions, loyalty programme membership number, etc;
- any other details including and related to ancillary purchases and service requests for the booking.
- Personal particulars [required for bookings] including name, [sex, date of birth, nationality; passport number];
- Contact details including email, phone number[, and address];
- Booking details, being
- Of the parties’ employees, name, job title, and work contact details.
- Personal particulars of Travel Agents for the purpose of creating an account with AGENT 360
Special categories of data (if appropriate) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
The personal data transferred concern the following special categories of data (please specify):
- Meal preferences may reveal religious or philosophical beliefs;
- Service specifications or requests may include data concerning health.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
The data will be transferred on a continuous and regular basis throughout the operation of the Agreement, only in strict fulfilment of the Purposes of this Agreement.
Nature of the processing
The personal data transferred will be subject to the following basic processing activities (please specify):
- Collection by Data Importer from customers of Data Exporter;
- Storage, organisation, and structuring in Data Importer’s systems / equipment;
- Retrieval / consultation / use / alteration by Data Importer’s personnel / agents in locations as specified in the Agent 360 Registration Form;
- Transmission / dissemination to Data Importer’s personnel / agents in locations (as specified in the Agent 360 Registration Form) for purposes.
- Erasure / destruction of Personal Data,
- in respect of Personal Data processed and stored by Singapore Airlines, after 7 years; and
- in respect of Personal Data processed and stored by the Company, in accordance with any applicable law on personal data retention limitations.
Purpose(s) of the data processing/ data transfer and further processing
Processing is necessary for:
- To facilitate, make or service flight [or other] bookings of the Parties’ customers
Duration of the processing / the period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
- Any data will not be stored for longer than necessary for the legally permissible purpose(s) for which the data were collected and as required under applicable retention policies and/or in accordance with applicable law.
- The competent Supervisory Authority is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
APPENDIX 2 TO SCHEDULE 2
TECHNICAL AND ORGANISATIONAL SECURITY MEASURES TO ENSURE THE SECURITY OF THE DATA
1. Notices
Any notices regarding the day-to-day obligations should be communicated in writing via email or other written notice to each of the Data Protection Officers (or their designees).
2. General Security Practices
Parties have implemented and shall maintain appropriate technical and organizational measures to protect personal data against accidental loss, destruction or alteration, unauthorized disclosure or access, or unlawful destruction, including the policies, and procedures and internal controls set forth in this document for its personnel, equipment, and facilities at the Data Importer locations providing services to the Data Exporter (“Services”).
The Services are set forth in one or more agreements between the Data Importer and the Data Exporter.
3. Technical and Organizational Security Measures
3.1 Organization of Information Security
(a) Security Ownership. The Data Importer has appointed one or more security officers responsible for coordinating and monitoring the security rules and procedures.
(b) Security Roles and Responsibilities. The Data Importer personnel with access to personal data are subject to confidentiality obligations.
(c) Risk Management. The Data Importer performed a risk assessment before processing the personal data or offering the Services.
3.2 Human Resources Security
(a) General. The Data Importer informs its personnel about relevant security procedures and their respective roles. The Data Importer also informs its personnel of possible consequences of breaching its security policies and procedures. Employees who violate security policies may be subject to disciplinary action, up to and including termination of employment. A violation of this policy by a temporary worker or contractor may result in the termination of his or her contract or assignment with the Data Importer.
(i) annual security awareness and training regarding privacy and security procedures for the Services to aid in the prevention of unauthorized use (or inadvertent disclosure) of personal data;
(ii) training regarding effectively responding to security events; and
(iii) training is regularly reinforced through refresher training courses, emails, posters, notice boards and other training materials.
(c) Background Checks. The Data Importer personnel are subject to criminal background checks.
3.3 Asset Management
(a) Asset Inventory. Assets associated with information and information-processing facilities are identified and an inventory of assets is maintained.
(b) Information Classification. The Data Importer classifies personal data to help identify it and to allow for access to it to be appropriately restricted.
(c) Media Handling
Importer personnel:
i. Use trusted devices/corporate laptops/servers with encrypted storage that are configured with anti-malware software. All software including operating system and the anti-malware software on the machines should be updated and patched frequently.
ii. Protect/Encrypt personal data stored on a mobile device and external media, including laptops, smartphones, USB drives and DVDs; and
iii. Take measures to prevent accidental exposure of personal data, e.g. using privacy filters on laptops when in areas where over-the-shoulder viewing of personal data is possible.
(d) Data Disposal. The Data Importer shall have a documented data disposal strategy that includes identification/detection and secured data removal/disposal of sensitive data in physical/electronic media. This includes degaussing of tapes/hard drives/electronic media.
3.4 Personnel Access Controls
(a) Access Policy. An access control policy is established, documented, and reviewed based on business and information security requirements.
(b) Access Recordkeeping. The Data Importer maintains a record of security privileges of its personnel that have access to personal data, networks and network services.
(c) Access Authorization.
i. The Data Importer must have data access policies which implements the following:\
a. Principle of least privilege access
b. Regular reviews of personnel needing access to data
c. Regular reviews of the rights of personnel to grant such access
d. Traceability of every login to a single person.
e. Lock-outs of accounts due to failed login attempts
f. Locking access of unattended laptops/devices after a short predefined time (example 15 minutes)
g. Secure password/credential storage
h. Review and Detection of unauthorised access to data where data includes personal data, credentials storage, logs and audit trails.
i. Logs of access to data and regular reviews of this access.
ii. The Data Importer must have password policies that follow industry best practices (example NIST) with password length/complexity requirements
3.5 Cryptography
(a) Cryptographic controls policy
i. The Data Importer must have a policy on the use of cryptographic controls based on assessed risks.
ii. The Data Importer must ensure that the cryptographic standards used adhere to industry standards adopted by US government/military or driven by internet leaders, e.g. Google and Amazon.
(b) Key management. The Data Importer must have measures for managing keys and detecting any compromise/unauthorised access in its key system.
3.6 Physical and Environmental Security
(a) Physical Access to Facilities
i. The Data Importer limits access to facilities where systems that process personal data are located to authorized individuals.
ii. Access is controlled through key card and/or appropriate sign-in procedures for facilities with systems processing personal data. Personnel must be registered and are required to carry appropriate identification badges.
iii. A security alarm system or other appropriate security measures shall be in place to provide alerts of security intrusions after normal working hours.
(b) Physical Access to Equipment. The Data Importer equipment that is located off premises is protected using industry standard process to limit access to authorized individuals.
(c) Protection from Disruptions. The Data Importer uses a variety of industry standard systems to protect against loss of data due to power supply failure or line interference.
(d) Clear Desk. The Data Importer has policies requiring a “clean desk/clear screen” at the end of the workday.
3.7 Operations Security
(a) Operational Policy. The Data Importer must maintain policies describing its security measures and the relevant procedures and responsibilities of its personnel who have access to personal data and to its systems and networks.
(b)The Data Importer continues to update its operational processes, procedures and/or practices in a timely manner to ensure that they are effective against the latest threats discovered.
(c) Mobile Devices. Mobile devices should have access control measures and remote wipe capability turned on. Procedures should be in place to report and wipe data off lost mobile devices immediately after detection of loss.
(d) Backup recovery media, where possible, shall be kept in an encrypted format.
3.8 Communications Security and Data Transfer
(a) The Data Importer has network policies which implements the following:
i. Segregation and Filtering of Traffic between Internet and Corporate Zones and between the different Corporate Zones
ii. Intrusion Detection Capability
iii. Access Control and Password Policies on Network Devices
iv. Regular Network vulnerability/Penetration tests conducted by an independent third party at least annually.
3.9 System Acquisition, Development and Maintenance
(a) Security Requirements. The Data Importer must adopt security requirements for the purchase or development of information systems, including for application services delivered through public networks.
(b) Development Requirements. The Data Importer has policies for secure development, system engineering and support. The Data Importer conducts appropriate tests for system/application security as part of acceptance testing processes.
3.10 Supplier Relationships
(b) Management. The Data Importer performs periodic audits on key suppliers and manages service delivery by its suppliers and reviews security against the agreements with suppliers.
3.11 Information Security Incident Management
(b) Reporting. The Data Importer will report within 48 hours to a designated response center any security incident that has resulted in a loss, misuse or unauthorized acquisition of any personal data.
3.12 Information Security Aspects of Business Continuity Management
(a) Planning. The Data Importer maintains emergency and contingency plans for the facilities in which the Data Importer information systems that process personal data are located.
(b) Data Recovery. The Data Importer’s redundant storage and its procedures for recovering data are designed to attempt to reconstruct personal in its original state from before the time it was lost or destroyed.
3.13 Audit and Assessment
The Data Exporter reserves the right to perform an onsite audit for the purpose of completing our due diligence in security matters.
APPENDIX 3 TO SCHEDULE 2
STANDARD CONTRACTUAL CLAUSES
for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679, and in accordance with Commission Implementing Decision (EU) 2021/914 of 4 June 2021
MODULE 1: CONTROLLER TO CONTROLLER TRANSFER
SECTION I
Clause 1
Purpose and scope
[1] Where the data exporter is a processor subject to Regulation (EU) 2016/679 acting on behalf of a Union institution or body as controller, reliance on these Clauses when engaging another processor (sub-processing) not subject to Regulation (EU) 2016/679 also ensures compliance with Article 29(4) of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295 of 21.11.2018, p. 39), to the extent these Clauses and the data protection obligations as set out in the contract or other legal act between the controller and the processor pursuant to Article 29(3) of Regulation (EU) 2018/1725 are aligned. This will in particular be the case where the controller and processor rely on the standard contractual clauses included in Decision 2021/914 of 4 June 2021.
(b) The Parties:
(i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter “entity/ies”) transferring the personal data, as listed in Schedule 1 (hereinafter each “data exporter”), and
(ii) the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Schedule 1 (hereinafter each “data importer”)
have agreed to these standard contractual clauses (hereinafter: “Clauses”).
(c) These Clauses apply with respect to the transfer of personal data as specified in Schedule 1.(d) The Schedules to to the Addendum (the “Schedules”) therein forms an integral part of these Clauses.
(a) These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46 (2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.
(b) These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.
(i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;
(ii) Clause 8 - Clause 8.5 (e) and Clause 8.9(b);
(iii) Clause 12 - Clause 12(a) and (d);
(iv) Clause 13;
(v) Clause 15.1(c), (d) and (e);
(vi) Clause 16(e);
(vii) Clause 18 - Clause 18(a) and (b).
(b) Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.
(b) These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.
(c) These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.
In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.
Clause 6
The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Schedule 1.
(b) Once it has completed the Appendix and signed Schedule 1, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Schedule 1.
(c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.
The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.
8.1 Purpose limitation
The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Schedule 1 It may only process the personal data for another purpose:
(i) where it has obtained the data subject’s prior consent;(ii) where necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings; or
(iii) where necessary in order to protect the vital interests of the data subject or of another natural person.
8.2 Transparency
(a) In order to enable data subjects to effectively exercise their rights pursuant to Clause 10, the data importer shall inform them, either directly or through the data exporter:(i) of its identity and contact details;
(ii) of the categories of personal data processed;
(iii) of the right to obtain a copy of these Clauses;
(iv) where it intends to onward transfer the personal data to any third party/ies, of the recipient or categories of recipients (as appropriate with a view to providing meaningful information), the purpose of such onward transfer and the ground therefore pursuant to Clause 8.7.
(b) Paragraph (a) shall not apply where the data subject already has the information, including when such information has already been provided by the data exporter, or providing the information proves impossible or would involve a disproportionate effort for the data importer. In the latter case, the data importer shall, to the extent possible, make the information publicly available.
(c) On request, the Parties shall make a copy of these Clauses, including the Schedules as completed by them, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including personal data, the Parties may redact part of the text of the Schedules prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information.
(d) Paragraphs (a) to (c) are without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679.
8.3 Accuracy and data minimisation
(a) Each Party shall ensure that the personal data is accurate and, where necessary, kept up to date. The data importer shall take every reasonable step to ensure that personal data that is inaccurate, having regard to the purpose(s) of processing, is erased or rectified without delay.
(b) If one of the Parties becomes aware that the personal data it has transferred or received is inaccurate, or has become outdated, it shall inform the other Party without undue delay.
(c) The data importer shall ensure that the personal data is adequate, relevant and limited to what is necessary in relation to the purpose(s) of processing.
8.4 Storage limitation
The data importer shall retain the personal data for no longer than necessary for the purpose(s) for which it is processed. It shall put in place appropriate technical or organisational measures to ensure compliance with this obligation, including erasure or anonymisation[2] of the data and all back-ups at the end of the retention period.
[2] This requires rendering the data anonymous in such a way that the individual is no longer identifiable by anyone, in line with recital 26 of Regulation (EU) 2016/679, and that this process is irreversible.
8.5 Security of processing
(a) The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the personal data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter “personal data breach”). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subject. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner.
(b) The Parties have agreed on the technical and organisational measures set out in Schedule 3. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.
(c) The data importer shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
(d) In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the personal data breach, including measures to mitigate its possible adverse effects.
(e) In case of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, the data importer shall without undue delay notify both the data exporter and the competent supervisory authority pursuant to Clause 13. Such notification shall contain i) a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), ii) its likely consequences, iii) the measures taken or proposed to address the breach, and iv) the details of a contact point from whom more information can be obtained. To the extent it is not possible for the data importer to provide all the information at the same time, it may do so in phases without undue further delay.
(f) In case of a personal data breach that is likely to result in a high risk to the rights and freedoms of natural persons, the data importer shall also notify without undue delay the data subjects concerned of the personal data breach and its nature, if necessary in cooperation with the data exporter, together with the information referred to in paragraph (e), points ii) to iv), unless the data importer has implemented measures to significantly reduce the risk to the rights or freedoms of natural persons, or notification would involve disproportionate efforts. In the latter case, the data importer shall instead issue a public communication or take a similar measure to inform the public of the personal data breach.
(g) The data importer shall document all relevant facts relating to the personal data breach, including its effects and any remedial action taken, and keep a record thereof.
8.6 Sensitive data
Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions or offences (hereinafter “sensitive data”), the data importer shall apply specific restrictions and/or additional safeguards adapted to the specific nature of the data and the risks involved. This may include restricting the personnel permitted to access the personal data, additional security measures (such as pseudonymisation) and/or additional restrictions with respect to further disclosure.
8.7 Onward transfers
The data importer shall not disclose the personal data to a third party located outside the European Union[3] (in the same country as the data importer or in another third country, hereinafter “onward transfer”) unless the third party is or agrees to be bound by these Clauses, under the appropriate Module. Otherwise, an onward transfer by the data importer may only take place if:
(i) it is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer;(ii) the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 of Regulation (EU) 2016/679 with respect to the processing in question;
(iii) the third party enters into a binding instrument with the data importer ensuring the same level of data protection as under these Clauses, and the data importer provides a copy of these safeguards to the data exporter;
(iv) it is necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings;
(v) it is necessary in order to protect the vital interests of the data subject or of another natural person; or
(vi) where none of the other conditions apply, the data importer has obtained the explicit consent of the data subject for an onward transfer in a specific situation, after having informed him/her of its purpose(s), the identity of the recipient and the possible risks of such transfer to him/her due to the lack of appropriate data protection safeguards. In this case, the data importer shall inform the data exporter and, at the request of the latter, shall transmit to it a copy of the information provided to the data subject.
Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation.
[3] The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union's internal market to the three EEA States Iceland, Liechtenstein and Norway. The Union data protection legislation, including Regulation (EU) 2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto. Therefore, any disclosure by the data importer to a third party located in the EEA does not qualify as an onward transfer for the purpose of these Clauses.
8.8 Processing under the authority of the data importer
The data importer shall ensure that any person acting under its authority, including a processor, processes the data only on its instructions.
8.9 Documentation and compliance
(a) Each Party shall be able to demonstrate compliance with its obligations under these Clauses. In particular, the data importer shall keep appropriate documentation of the processing activities carried out under its responsibility.
(a) The data importer, where relevant with the assistance of the data exporter, shall deal with any enquiries and requests it receives from a data subject relating to the processing of his/her personal data and the exercise of his/her rights under these Clauses without undue delay and at the latest within one month of the receipt of the enquiry or request.[4] The data importer shall take appropriate measures to facilitate such enquiries, requests and the exercise of data subject rights. Any information provided to the data subject shall be in an intelligible and easily accessible form, using clear and plain language.
[4] That period may be extended by a maximum of two more months, to the extent necessary taking into account the complexity and number of requests. The data importer shall duly and promptly inform the data subject of any such extension.
(b) In particular, upon request by the data subject the data importer shall, free of charge:
(i) provide confirmation to the data subject as to whether personal data concerning him/her is being processed and, where this is the case, a copy of the data relating to him/her and the information in Annex I; if personal data has been or will be onward transferred, provide information on recipients or categories of recipients (as appropriate with a view to providing meaningful information) to which the personal data has been or will be onward transferred, the purpose of such onward transfers and their ground pursuant to Clause 8.7; and provide information on the right to lodge a complaint with a supervisory authority in accordance with Clause 12(c)(i);
(ii) rectify inaccurate or incomplete data concerning the data subject;
(iii) erase personal data concerning the data subject if such data is being or has been processed in violation of any of these Clauses ensuring third-party beneficiary rights, or if the data subject withdraws the consent on which the processing is based.
(c) processing for such purposes if the data subject objects to it.
(d) The data importer shall not make a decision based solely on the automated processing of the personal data transferred (hereinafter “automated decision”), which would produce legal effects concerning the data subject or similarly significantly affect him / her, unless with the explicit consent of the data subject or if authorised to do so under the laws of the country of destination, provided that such laws lays down suitable measures to safeguard the data subject’s rights and legitimate interests. In this case, the data importer shall, where necessary in cooperation with the data exporter:
(i) inform the data subject about the envisaged automated decision, the envisaged consequences and the logic involved; and
(ii) implement suitable safeguards, at least by enabling the data subject to contest the decision, express his/her point of view and obtain review by a human being.
(e) Where requests from a data subject are excessive, in particular because of their repetitive character, the data importer may either charge a reasonable fee taking into account the administrative costs of granting the request or refuse to act on the request.
(f) The data importer may refuse a data subject’s request if such refusal is allowed under the laws of the country of destination and is necessary and proportionate in a democratic society to protect one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679.
(g) If the data importer intends to refuse a data subject’s request, it shall inform the data subject of the reasons for the refusal and the possibility of lodging a complaint with the competent supervisory authority and/or seeking judicial redress.
(a) The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.
(b) In case of a dispute between a data subject and one of the Parties as regards compliance with these Clauses, that Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep each other informed about such disputes and, where appropriate, cooperate in resolving them.
(c) Where the data subject invokes a third-party beneficiary right pursuant to Clause 3, the data importer shall accept the decision of the data subject to:
(i) lodge a complaint with the supervisory authority in the Member State of his/her habitual residence or place of work, or the competent supervisory authority pursuant to Clause 13;
(ii) refer the dispute to the competent courts within the meaning of Clause 18.
(d) The Parties accept that the data subject may be represented by a not-for-profit body, organisation or association under the conditions set out in Article 80(1) of Regulation (EU) 2016/679.
(e) The data importer shall abide by a decision that is binding under the applicable EU or Member State law.
(f) The data importer agrees that the choice made by the data subject will not prejudice his/her substantive and procedural rights to seek remedies in accordance with applicable laws.
(a) Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.
(b) Each Party shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages that the Party causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter under Regulation (EU) 2016/679.
(c) Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.
(d) The Parties agree that if one Party is held liable under paragraph (c), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its / their responsibility for the damage.
(e) The data importer may not invoke the conduct of a processor or sub-processor to avoid its own liability.
(a) The supervisory authority with responsibility for ensuring compliance by the data exporter with Regulation (EU) 2016/679 as regards the data transfer, as indicated in Schedule 1, shall act as competent supervisory authority.
(b) The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken.
(b) The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements:
(i) the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred;
(ii) the laws and practices of the third country of destination– including those requiring the disclosure of data to public authorities or authorising access by such authorities – relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards[5];
(iii) any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination.
[5] As regards the impact of such laws and practices on compliance with these Clauses, different elements may be considered as part of an overall assessment. Such elements may include relevant and documented practical experience with prior instances of requests for disclosure from public authorities, or the absence of such requests, covering a sufficiently representative time-frame. This refers in particular to internal records or other documentation, drawn up on a continuous basis in accordance with due diligence and certified at senior management level, provided that this information can be lawfully shared with third parties. Where this practical experience is relied upon to conclude that the data importer will not be prevented from complying with these Clauses, it needs to be supported by other relevant, objective elements, and it is for the Parties to consider carefully whether these elements together carry sufficient weight, in terms of their reliability and representativeness, to support this conclusion. In particular, the Parties have to take into account whether their practical experience is corroborated and not contradicted by publicly available or otherwise accessible, reliable information on the existence or absence of requests within the same sector and/or the application of the law in practice, such as case law and reports by independent oversight bodies.
(c) The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses.
(d) The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request.
(e) The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a).
(f) Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organisational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.
15.1 Notification
(a) The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary with the help of the data exporter) if it:
(i) receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or
(ii) becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer.
(b) If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter.
(c) Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.).
(d) The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority on request.
(e) Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.
15.2 Review of legality and data minimisation
(a) The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).(b) The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request.
(c) The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.
SECTION IV – FINAL PROVISIONS
Clause 16
Non-compliance with the Clauses and termination
(b) In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).
(c) The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:
(i) the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;
(ii) the data importer is in substantial or persistent breach of these Clauses; or
(iii) the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.
In these cases, it shall inform the competent supervisory authority of such non-compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise.
(d) Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall at the choice of the data exporter immediately be returned to the data exporter or deleted in its entirety. The same shall apply to any copies of the data. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.
(e) Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.
Clause 17
Governing law
These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third-party beneficiary rights. The Parties agree that this shall be the law of the Netherlands.
Clause 18
Choice of forum and jurisdiction
(b) The Parties agree that those shall be the courts of the Netherlands.
(c) A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence.
(d) The Parties agree to submit themselves to the jurisdiction of such courts.
APPENDIX 4 TO SCHEDULE 2
International Data Transfer Addendum to the EU Commission Standard Contractual Clauses
VERSION B1.0, in force 21 March 2022
This addendum has been issued by the Information Commissioner for Parties making Restricted Transfers. The Information Commissioner considers that it provides Appropriate Safeguards for Restricted Transfers when it is entered into as a legally binding contract (“UK SCCs”).
Part 1: Tables
- In relation to Table 1 of Part 1 to these UK SCCs (Parties), please refer to Appendix 1 (Processing Details)
- In relation to Table 2 of Part 1 to these UK SCCs (Selected SCCs, Modules and Selected Clauses), please refer to the Controller to Processor Clauses as set out in Appendix 3
Table 3: Appendix Information
“Appendix Information” means the information which must be provided for the selected modules as set out in the Appendix of the Approved EU SCCs (other than the Parties), and which for this Addendum is set out in:
Annex 1A: List of Parties: Please refer to Appendix 1 |
Annex 1B: Description of Transfer: Please refer to Appendix 1 |
Annex II: Technical and organisational measures including technical and organisational measures to ensure the security of the data: Please refer to Appendix 2 |
Annex III: List of Sub processors (Modules 2 and 3 only): NA |
Table 4: Ending this Addendum when the Approved Addendum Changes
Ending this Addendum when the Approved Addendum changes |
Which Parties may end this Addendum as set out in Section 19: X Importer X Exporter neither Party |
Part 2: Mandatory Clauses
Entering into this Addendum
- Each Party agrees to be bound by the terms and conditions set out in this Addendum, in exchange for the other Party also agreeing to be bound by this Addendum.
- Although Annex 1A and Clause 7 of the Approved EU SCCs require signature by the Parties, for the purpose of making Restricted Transfers, the Parties may enter into this Addendum in any way that makes them legally binding on the Parties and allows data subjects to enforce their rights as set out in this Addendum. Entering into this Addendum will have the same effect as signing the Approved EU SCCs and any part of the Approved EU SCCs.
3. Where this Addendum uses terms that are defined in the Approved EU SCCs those terms shall have the same meaning as in the Approved EU SCCs. In addition, the following terms have the following meanings:
Addendum |
This International Data Transfer Addendum which is made up of this Addendum incorporating the Addendum EU SCCs. |
Addendum EU SCCs |
The version(s) of the Approved EU SCCs which this Addendum is appended to, as set out in Table 2 (Appendix 3 of this Schedule 2), including the Appendix Information. |
Appendix Information |
As set out in Table 3 (Appendix 1 of this Schedule 2). |
Appropriate Safeguards |
The standard of protection over the personal data and of data subjects’ rights, which is required by UK Data Protection Laws when you are making a Restricted Transfer relying on standard data protection clauses under Article 46(2)(d) UK GDPR. |
Approved Addendum |
The template Addendum issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18. |
Approved EU SCCs |
The Standard Contractual Clauses set out in the Annex of Commission Implementing Decision (EU) 2021/914 of 4 June 2021. |
ICO |
The Information Commissioner. |
Restricted Transfer |
A transfer which is covered by Chapter V of the UK GDPR. |
UK |
The United Kingdom of Great Britain and Northern Ireland. |
UK Data Protection Laws |
All laws relating to data protection, the processing of personal data, privacy and/or electronic communications in force from time to time in the UK, including the UK GDPR and the Data Protection Act 2018. |
UK GDPR |
As defined in section 3 of the Data Protection Act 2018. |
4. This Addendum must always be interpreted in a manner that is consistent with UK Data Protection Laws and so that it fulfils the Parties’ obligation to provide the Appropriate Safeguards.
5. If the provisions included in the Addendum EU SCCs amend the Approved SCCs in any way which is not permitted under the Approved EU SCCs or the Approved Addendum, such amendment(s) will not be incorporated in this Addendum and the equivalent provision of the Approved EU SCCs will take their place.
6. If there is any inconsistency or conflict between UK Data Protection Laws and this Addendum, UK Data Protection Laws applies.
7. If the meaning of this Addendum is unclear or there is more than one meaning, the meaning which most closely aligns with UK Data Protection Laws applies.
8. Any references to legislation (or specific provisions of legislation) means that legislation (or specific provision) as it may change over time. This includes where that legislation (or specific provision) has been consolidated, re-enacted and/or replaced after this Addendum has been entered into.
Hierarchy
9. Although Clause 5 of the Approved EU SCCs sets out that the Approved EU SCCs prevail over all related agreements between the parties, the parties agree that, for Restricted Transfers, the hierarchy in Section 10 will prevail.10. Where there is any inconsistency or conflict between the Approved Addendum and the Addendum EU SCCs (as applicable), the Approved Addendum overrides the Addendum EU SCCs, except where (and in so far as) the inconsistent or conflicting terms of the Addendum EU SCCs provides greater protection for data subjects, in which case those terms will override the Approved Addendum.
11. Where this Addendum incorporates Addendum EU SCCs which have been entered into to protect transfers subject to the General Data Protection Regulation (EU) 2016/679 then the Parties acknowledge that nothing in this Addendum impacts those Addendum EU SCCs.
Incorporation of and changes to the EU SCCs
a. together they operate for data transfers made by the data exporter to the data importer, to the extent that UK Data Protection Laws apply to the data exporter’s processing when making that data transfer, and they provide Appropriate Safeguards for those data transfers;
b. Sections 9 to 11 override Clause 5 (Hierarchy) of the Addendum EU SCCs; and
c. this Addendum (including the Addendum EU SCCs incorporated into it) is (1) governed by the laws of England and Wales and (2) any dispute arising from it is resolved by the courts of England and Wales, in each case unless the laws and/or courts of Scotland or Northern Ireland have been expressly selected by the Parties.
13. Unless the Parties have agreed alternative amendments which meet the requirements of Section 12, the provisions of Section 15 will apply.
14. No amendments to the Approved EU SCCs other than to meet the requirements of Section 12 may be made.
15. The following amendments to the Addendum EU SCCs (for the purpose of Section 12) are made:
a. References to the “Clauses” means this Addendum, incorporating the Addendum EU SCCs;
b. In Clause 2, delete the words:
“and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679”
c. Clause 6 (Description of the transfer(s)) is replaced with:
“The details of the transfers(s) and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred) are those specified in Appendix 1 where UK Data Protection Laws apply to the data exporter’s processing when making that transfer.”;
d. Clause 8.7(i) of Module 1 is replaced with: “it is to a country benefitting from adequacy regulations pursuant to Section 17A of the UK GDPR that covers the onward transfer”;
“the onward transfer is to a country benefitting from adequacy regulations pursuant to Section 17A of the UK GDPR that covers the onward transfer;”
f. References to “Regulation (EU) 2016/679”, “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)” and “that Regulation” are all replaced by “UK Data Protection Laws”. References to specific Article(s) of “Regulation (EU) 2016/679” are replaced with the equivalent Article or Section of UK Data Protection Laws;g. References to Regulation (EU) 2018/1725 are removed;
h. References to the “European Union”, “Union”, “EU”, “EU Member State”, “Member State” and “EU or Member State” are all replaced with the “UK”;
i. The reference to “Clause 12(c)(i)” at Clause 10(b)(i) of Module one, is replaced with “Clause 11(c)(i)”;
j. Clause 13(a) and Part C of Appendix 1 are not used;
k. The “competent supervisory authority” and “supervisory authority” are both replaced with the “Information Commissioner”;
l. In Clause 16(e), subsection (i) is replaced with:
“the Secretary of State makes regulations pursuant to Section 17A of the Data Protection Act 2018 that cover the transfer of personal data to which these clauses apply;”;
m. Clause 17 is replaced with:
“These Clauses are governed by the laws of England and Wales.”;
n. Clause 18 is replaced with:“Any dispute arising from these Clauses shall be resolved by the courts of England and Wales. A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of any country in the UK. The Parties agree to submit themselves to the jurisdiction of such courts.”; and
o. The footnotes to the Approved EU SCCs do not form part of the Addendum, except for footnotes 8, 9, 10 and 11.
Amendments to this Addendum
16. The Parties may agree to change Clauses 17 and/or 18 of the Addendum EU SCCs to refer to the laws and/or courts of Scotland or Northern Ireland.17. If the Parties wish to change the format of the information included in Part 1: Tables of the Approved Addendum, they may do so by agreeing to the change in writing, provided that the change does not reduce the Appropriate Safeguards.
18. From time to time, the ICO may issue a revised Approved Addendum which:
a. makes reasonable and proportionate changes to the Approved Addendum, including correcting errors in the Approved Addendum; and/or
b. reflects changes to UK Data Protection Laws;
The revised Approved Addendum will specify the start date from which the changes to the Approved Addendum are effective and whether the Parties need to review this Addendum including the Appendix Information. This Addendum is automatically amended as set out in the revised Approved Addendum from the start date specified.
19. If the ICO issues a revised Approved Addendum under Section 18, if any Party selected in Table 4 “Ending the Addendum when the Approved Addendum changes”, will as a direct result of the changes in the Approved Addendum have a substantial, disproportionate and demonstrable increase in:
a. its direct costs of performing its obligations under the Addendum; and/or
b. its risk under the Addendum,
and in either case it has first taken reasonable steps to reduce those costs or risks so that it is not substantial and disproportionate, then that Party may end this Addendum at the end of a reasonable notice period, by providing written notice for that period to the other Party before the start date of the revised Approved Addendum.
20. The Parties do not need the consent of any third party to make changes to this Addendum, but any changes must be made in accordance with its terms.Alternative Part 2 Mandatory Clauses:
Mandatory Clauses |
Part 2: Mandatory Clauses of the Approved Addendum, being the template Addendum B.1.0 issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses. |