We can provide a copy of your Agreement to you at the request from a member of your Legal Department.

The Licensed Software documentation is set out here: https://code.kx.com/home/

If you have purchased professional services in your Agreement, service levels are as set out therein and in any Statement of Work or Service Pack between us.

We monitor, and you may monitor, any response times commencing from the point the support ticket was raised by you.

You can contact our Support Portal for information on any vulnerabilities affecting the Licensed Software of which we are aware, which will include those that can reasonably be expected to have a material impact on the Licensed Software.

FD Technologies Plc, as parent of the KX group, is subject to public disclosure requirements applicable to companies listed on the AIM Market of the London Stock Exchange.

• significant breaches by the ICT third-party service provider of applicable laws, regulations or contractual terms;
• circumstances identified throughout the monitoring of ICT third-party risk that are deemed capable of altering the performance of the functions provided through the contractual arrangement, including material changes that affect the arrangement or the situation of the ICT third-party service provider;
• ICT third-party service provider’s evidenced weaknesses pertaining to the overall ICT risk management and in particular in the way it ensures the availability, authenticity, integrity and confidentiality of data, whether personal or otherwise sensitive data, or non-personal data;
• where the competent authority can no longer effectively supervise the financial entity as a result of the conditions of, or circumstances related to, the respective contractual arrangement.

You may terminate the Agreement in whole or in part by notice in writing with immediate effect in the following events:

1. A material breach by us or any of our subcontractors of laws and/or regulations which are applicable to us in the performance of the Agreement;
2. where circumstances capable of materially and detrimentally altering the performance of our services to you are identified and these circumstances have not been remediated within 30 days;
3. where material weaknesses are identified regarding the management and security of your Confidential Information, personal information or otherwise sensitive data which is under our control, such as material deviations from the Technical and Organizational Measures, and we have not been able to remediate such weaknesses within 30 days; and
4. where instructions are given by your competent authority to terminate this Agreement, e.g. in the case that the competent authority is no longer in a position to effectively supervise you as a result of the Agreement (or the services provided under it).

• during which the ICT third-party service provider will continue providing the respective functions or ICT services with a view to reducing the risk of disruption at the financial entity or to ensure its effective resolution and restructuring;
• allowing the financial entity to migrate to another ICT third-party service provider or change to in-house solutions consistent with the complexity of the service provided.

1. If the Licensed Software is no longer to be made generally available by us to our customers, we will provide customers with at least twenty-four (24) months’ notice via our web pages; and
2. Upon termination of the Agreement other than where we terminate for cause, and where reasonably requested by you, we will provide you with reasonable transition services to the extent necessary to assist you with your smooth transition from our Licensed Software and associated services to an alternative provider for a maximum period of six months from the date of termination. Such transition services shall be charged at the applicable fees/ rates under the Agreement (as if it had auto-renewed, or if no fees are stipulated, at our then current list price) and the parties shall enter into an appropriate professional services agreement (where necessary) and Statement of Work to determine the scope, duration and fees for such services.

1. we will enter into a written agreement with the subcontractor reflecting, to the extent required based on the specific role of the subcontractor, obligations that are consistent with our obligations under the relevant terms of the Agreement
2. any such subcontracting will not diminish our responsibility towards you under the Agreement, and
3. we will provide appropriate governance and oversight of the subcontractor’s performance.

Each Party shall comply with its applicable obligations under Data Protection Laws in relation to its processing of personal data under the Agreement. If, in the course of providing any services to you, we are a processor of your personal data, the provisions of the Data Processing Agreement will apply. You acknowledge that we or any of our Affiliates may process any personal data that is collected by us in connection with registration to receive Software Support Services or support and maintenance services (as applicable), in accordance with the privacy notice (as amended from time to time) that can be found or linked on the designated support portal or that may otherwise be provided to you by us from time to time.

“Data Protection Laws” means any applicable data protection laws including, without limitation, the General Data Protection Regulation (EU) 2016/679 as it applies in the European Union (“GDPR”), the UK Data Protection Act 2018, the GDPR as it forms part of UK law by virtue of the European Union (Withdrawal) Act 2018 (“UK GDPR”), and any other applicable legislation in respect of privacy and/or processing Personal Data, each to the extent applicable to the activities or obligations of the parties under or pursuant to the Agreement, and as may be amended, supplemented or replaced from time to time.

• unrestricted rights of access, inspection and audit by the financial entity, or an appointed third-party, and by the competent authority, and the right to take copies of relevant documentation on-site if they are critical to the operations of the ICT third-party service provider, the effective exercise of which is not impeded or limited by other contractual arrangements or implementation policies;
• the right to agree alternative assurance levels if other clients’ rights are affected;
• the obligation of the ICT third-party service provider to fully cooperate during the onsite inspections performed by the competent authorities, the lead overseer, financial entity or an appointed third party;
• the obligation to provide details on the scope and procedures to be followed and frequency of such inspections and audits.

You may, no more than annually, review and inspect our information security policies, practices, and procedures to confirm our compliance with the Agreement (including this document). You shall provide us with at least 30 days’ prior notice of such audit and agree with us the scope and duration of such audit in advance. An inspection shall not unreasonably interfere with the normal conduct of our business. If you engage an independent third party to conduct such audit, this shall be at your sole expense and such third party must be subject to industry standard confidentiality undertakings, and it shall provide summary copies of any resulting report to us. We shall fully cooperate as reasonably requested with you and/or your competent authorities, and any auditor appointed by you and/or your competent authorities in any audit permitted under the Agreement (including this document). In relation to any such audit, we shall supply you, and any competent authorities with any information reasonably requested by you or the competent authorities in connection with the software or services provided under the Agreement.

Upon your request, we will take reasonable steps to destroy or erase any of your Confidential Information we hold, provided that we may retain copies of Confidential Information:

1. That is securely stored in archival or computer back-up systems,
2. To meet legal or regulatory obligations, or
3. In accordance with bona fide record retention policies,

subject to the Agreement’s terms.

You are responsible for testing the Licensed Software and any release or version thereof prior to releasing it into a production environment.

We will conduct penetration tests of the Licensed Software annually. The summary reports for such third-party penetration tests are available upon request to you, subject to the confidentiality provisions of the Agreement.

We will use commercial reasonable efforts to verify, using industry standard tooling and methodology, that the Licensed Software and any Version thereof does not contain any Malicious Code on delivery to you.

“Malicious Code” means any software, script, code, file, program, or other harmful or unwanted computer instructions that are designed to infiltrate, disrupt, damage, or gain unauthorized access to computer systems, networks, data, or software. This includes, but is not limited to, viruses, worms, spyware, adware, ransomware, Trojan horses, logic bombs, or any other similar malicious programs or code designed to impair the functionality, security, or performance of the software, hardware, or data.

Upon our confirmation of a Security Incident, we will: (i) notify you without undue delay; (ii) provide you with reasonable information detailing the cause of the Security Incident, the impact of the Security Incident on your Confidential Information, the corrective actions taken to resolve the Security Incident; and (iii) cooperate fully with you to respond to the Security Incident. A “Security Incident” is any event caused by us or originating from the Licensed Software which results in (A) unauthorized access to, disclosure or use of, or loss of integrity to your Confidential Information; or (B) the unavailability of any service provided to you that is a result of malicious activity, as well as any material violation or imminent threat of material violation of security policies, acceptable use policies, or standard security practices.