eGOLD Terms & Conditions

These terms and conditions (“Agreement”) apply to the Data Subscription service ("Service") provided by Executive Grapevine International Limited ("EGIL") and are to be read alongside our General Terms & Conditions, Privacy, and the specifics set out in the Booking Form.

1. Data Ownership

1.1 All Data (including business contact information, individual recruiting areas and other searchable attributes) is owned by and copyrighted to EGIL. Unless expressly agreed otherwise, access to the Data is leased to the Buyer for a 12-month term. No intellectual property rights in the Data are transferred to the Buyer.

1.2 The Buyer shall not copy, record, reproduce, distribute, or otherwise process the Data outside the scope of this Agreement, nor offer it for resale, without EGIL’s prior written consent.

2. Lawful Basis & Data Accuracy

2.1 EGIL collects and processes Personal Data in compliance with:

• EU General Data Protection Regulation (EU) 2016/679 (“EU GDPR”)
• UK Data Protection Act 2018 and UK GDPR
• Privacy and Electronic Communications Regulations (PECR)
• UK Data (Use and Access) Act 2025

2.2 EGIL relies on Legitimate Interests (Article 6(1)(f) GDPR and UK GDPR), balancing our interests in supplying business contact data with the rights and freedoms of data subjects (Recital 47).

2.3 EGIL uses reasonable endeavours to ensure Data accuracy, compiling lists from direct submissions and publicly available sources. However, no guarantee is given as to completeness or 100% accuracy.

2.4 Where EGIL derives inferred data (such as industry specialism, seniority level, or inferred role scope) through statistical modelling or behavioural analysis, it shall ensure such inferences are demonstrably relevant, non-discriminatory, and transparently disclosed to data subjects in accordance with DUAA Section 13. EGIL shall maintain a DUAA-compliant register of inferred attributes and ensure data subjects have the right to challenge or correct any such information.

2.5 The Buyer should download Data no more than five (5) days from the Service before attempting to use it. EGIL is not responsible or liable for any email addresses that prove undeliverable due to technical reasons.

2.5.1 The Buyer must return any undeliverable records—including the reason for non-delivery—in an Excel (.xlsx) or comma-separated values (.csv) format document within 30 days of the campaign send date to qualify for EGIL’s investigative support.

2.5.2 EGIL’s investigation obligations do not apply to messages sent via personal SMTP clients (e.g., Outlook, Netscape, Lotus) or similar methods of delivery.

3. Liability

3.1 EGIL warrants that it has complied with all relevant data protection laws (including without limitation the Data Protection Act, EU GDPR, UK GDPR and PECR) and industry codes in the collection and onward transfer of its Data.

3.2 To the fullest extent permitted by law, EGIL’s liability to the Buyer arising from or in connection with this Agreement or the use of the Data (whether in contract, tort—including negligence—or otherwise) is excluded for:

• any indirect or consequential losses, including but not limited to loss of profit, revenue, goodwill, opportunity, business interruption, third-party costs or ICO fines;
• any loss or corruption of data;
• any system downtime or unavailability;
• any viruses, worms, time locks or other contaminating or destructive properties;
• any failure of performance, negligence or workmanlike effort by EGIL.

3.3 EGIL’s total aggregate liability for direct losses arising under or in connection with this Agreement shall not exceed the total fees paid by the Buyer for the relevant Data subscription.

3.4 The Buyer indemnifies and holds EGIL harmless against all losses, damages, costs or expenses (including legal fees) incurred by EGIL as a result of any breach of this Agreement, misuse of the Data, or infringement of EGIL’s intellectual property rights.

4. Buyer’s Obligations & Compliance

4.1 Within twenty eight (28) days of purchase, the Buyer must submit the following to EGIL’s Data Controller Representative for approval:

• A completed Legitimate Interest Assessment questionnaire in the DMA/ICO template.
• A copy of the Buyer’s GDPR compliant Privacy Policy.
• A Data Protection Impact Assessment (DPIA) covering the planned processing.
• Sample communication templates demonstrating professional relevance, sender identity, and a clear optout mechanism.
• Evidence of GDPR compliance procedures, including breach response plans.

4.2 The Buyer shall:

• Process the Data solely for the purposes defined in the Booking Form and this Agreement.
• Forward any data subject requests (access, rectification, erasure, restriction, objection, or portability) to EGIL within thirty (30) days of receipt.
• Maintain and supply to EGIL, within thirty (30) days, detailed suppression lists for: i. Email optouts (including any recipient comments), in CSV or XLSX format. ii. Postal optouts (including any recipient comments), in CSV or XLSX format.
• Report and supply suppression of deceased individuals’ records within thirty (30) days of receiving such information.
• Notify EGIL within thirty (30) days of any disputed data identified as originating from the eGOLD database.
• Immediately inform EGIL in writing if the Buyer ceases to trade, enters administration or liquidation, or transfers assets, at which point all Data use must cease.
• Treat any inferred data fields (e.g. estimated job title, company size, or decision-making authority) as personal data under DUAA, and ensure any automated profiling or outreach based on such fields includes meaningful human oversight.

5. Acceptable Use & Monitoring

5.1 The Data may only be used by the Buyer and its authorized Users for internal business purposes consistent with this Agreement.

5.2 EGIL reserves the right to embed a reasonable quantity of seed names (dummy entries) within the Data to detect unauthorized usage at all times during and after the License term. Unauthorized usage includes, but is not limited to, disclosure, transfer, resale, reuse, data capture, copying or modification in part or in whole.

Upon confirmed unauthorized usage, EGIL may:

• Charge a penalty of £5,000, payable immediately, and require the Buyer to expunge all Data and derived materials from any storage under its control.
• Impose a fine of £10,000, payable immediately, and notify the Information Commissioner’s Office and relevant law enforcement authorities if the Buyer has supplied or resold EGIL’s Data in breach of this Agreement.

5.3 EGIL may monitor system access, usage volume, and frequency and suspend access for breaches.

6. Security & Breach Notification

6.1 Both parties are data controllers and shall implement appropriate technical and organisational measures to protect Personal Data.

6.2 In the event of any personal data breach (regardless of scale), the Buyer shall:

• Notify EGIL without undue delay and, where feasible, within seventy-two (72) hours of becoming aware of the breach;
• Notify the Information Commissioner’s Office promptly, if required under GDPR or applicable law;
• Provide EGIL with comprehensive details of the breach, including its nature, scope, affected records, and any immediate remedial actions taken;
• Assist EGIL in preparing and disseminating any required public communications to data subjects, clearly outlining the nature of the breach, potential risks, and mitigation measures;
• Take all reasonable steps to contain, mitigate, and prevent any further unauthorized access or data loss.

6.3 The Buyer shall maintain and furnish, upon EGIL’s request, its internal breach response plan and incident reports to demonstrate compliance with these obligations.

7. Service Access & Infrastructure

7.1 EGIL grants access to the Service via specified IP ranges or Buyer’s infrastructure upon request.

7.2 The Buyer is responsible for all hardware, software, connection costs and other equipment required to access and use the Service. EGIL does not warrant uninterrupted performance; service speed and availability depend on the Buyer’s system specifications, internet connectivity, and usage levels.

7.3 All access credentials (PINs, IDs) must be kept confidential; the Buyer must notify EGIL immediately of any unauthorized use.

8. Intellectual Property & Database Use

8.1 EGIL retains all intellectual property rights (IPRs) in the Database. No rights or licences (express or implied) to copy, cut & paste, email, reproduce, publish, distribute, redistribute, broadcast, transmit, modify, adapt, edit, abstract, create derivative works of, store, archive, publicly display, sell or otherwise commercially exploit any part of the Database are granted, except as explicitly permitted below.

8.2 Subject to clause 8.3, authorised Users may:

• Perform searches of the Database;
• Extract and re-utilise insubstantial parts of search results for research and current-awareness purposes only, provided that such use: i. Conflicts not with the normal exploitation of the Database; ii. Causes no prejudice to EGIL’s legitimate interests; iii. Does not result in systematic extraction or re-utilisation beyond insubstantial parts;
• Make one or more hard-copy prints of search outputs for internal use only, so long as they are not sold or distributed to non-Users;
• Download search results to local storage, provided the data is not shared with non-Users.

8.3 EGIL reserves the right to:

• Modify, add to, remove or edit the Database content, features or technical specifications at any time (temporary or permanent), with reasonable endeavours to maintain overall service quality;
• Monitor Database usage (volume, frequency or otherwise) and embed seed records to detect unauthorised usage;
• Suspend or block access for any User or Buyer in the event of breach of this Agreement.

9. Termination & Post Termination

9.1 On termination or expiry of this Agreement, all rights to use the Service and Data shall immediately cease. The Buyer shall:

• Notify its authorized Users that they no longer have access and must cease all use;
• Delete or securely destroy all copies of the Data and any derivatives, unless the Buyer can demonstrate and document a separate lawful retention basis for each individual data subject;
• Retain only those contacts for which a formal connection has been established—beyond mere email opens—by obtaining explicit consent or acknowledged request from the data subject to continue communication.

9.2 Any use of the Data after termination constitutes an unauthorized breach, entitling EGIL to pursue the penalties set out in Section 5 and other remedies at law.

9.3 Buyers must also delete any inferred profiling or categorisation derived from eGOLD Data unless they have a separate lawful basis under DUAA to retain and use such inferences.

10. DUAA Compliance Acknowledgment

Both parties acknowledge that inferred and derived data—such as predicted job role, behavioural engagement, or contact seniority—are treated as personal data under the UK Data (Use and Access) Act 2025. The Buyer agrees to uphold all relevant DUAA provisions, including transparency, fairness, and human intervention requirements for any automated or profile-based processing. EGIL will provide reasonable assistance to ensure compliance, including the provision of attribute audit trails and source verification summaries.

---

Executive Grapevine International Ltd

Registered in England & Wales: 2789779 | VAT: 6259453 20

Gate House, Fretherne Road, Welwyn Garden City, AL8 6NS, United Kingdom | +44 (0)1707 351451

Last reviewed by: Chris Lewis, Chief Executive Officer

16/06/2025

Updated by Chris Lewis on 23/07/2025 to include DUAA provisions