Quadient Lead Generation Agreement
This Lead Generation Agreement (“Agreement”) is entered into on [STATE DATE](“Effective Date”) between: ………………………………………………………………………………………. (“Quadient”); and [STATE NAME OF SUPPLIER], with registered address at [STATE ADDRESS] (“Supplier”).
Whereas
The Supplier is in the business of identifying and supplying business to business lead generation information. Quadient desires to engage Supplier on a non-exclusive basis to identify suitable marketing lead generation lists as described in the Agreement (“Services”). For the avoidance of doubt Agreement consists of this form of Agreement, Service Schedule set out below and the General Terms and Conditions.
Service Schedule
| Term / Validity of Supplier appointment | Date of appointment: _______________________ Initial Term: Agreement shall continue in force from date of appointment, unless terminated according to the terms of this Agreement. |
| Contacts | Quadient Contacts: Name: Job Title: Email: Phone (mobile): |
Supplier Contacts: Name: Job Title: Email: Phone (mobile): Contact email for privacy matters: | |
| Description of the Services | Provision of suitable marketing lead generation lists subject to the Minimum Requirements noted below. Minimum Requirements: Delivery terms and guarantee: · 90% deliverability rate for emails (i.e. no more than 10% bounce rate) · 90% accuracy of all phone numbers and other information · 95% validity on identified application/technology usage by the contacts Replacement/Refund policy: Where the contacts on the list fall short of the Minimum Requirements the Supplier will at Quadient’s discretion either provide replacement contacts or issue a refund on a pro-rated basis for those contacts who do not meet the Minimum Requirements. The list should contain only valid business postal/ email addresses and phone numbers. There should not be any personal contact details or any generic emails (e.g. Yahoo@, Gmail@, Info@, sales@ etc.). File/List Update: List must be current as of the day of transfer of the list to Quadient. |
Compensation Schedule
| Fee | Add fee details for the services: |
| Payment | Quadient shall pay the Fee as follows: |
The Supplier’s engagement hereunder is governed by the General Terms & Conditions.
Each Party warrants that the Agreement is signed by its duly authorised representative.
| [Supplier FULL COMPANY NAME] | Name: ___________________________ Title: ______________ Signature: _________________________ Date: _____________________ |
| [Quadient] | Name: _____________________ Title: ______________ Signature: _________________________ Date: _____________________ |
General Terms & Conditions
1 Definitions
"Affiliate” means, as to a party, any other entity that directly or indirectly controls, is controlled by, or is under common control with such party. For the purpose of this definition “control” means direct or indirect ownership or control of more than 50% of the voting interests or the possession, directly or indirectly, of power to direct the management or policies of an entity;
“Data Protection Legislation” means the GDPR (Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC, UK GDPR the UK General Data Protection Regulations 2018, Data Protection Act 1998, the Electronic Communications Data Protection Directive (2002/58/EC), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426), the Swiss Federal Act of 19 June 1992 on Data Protection and any successor legislation upon its effective date, and the United States’ state and federal laws regarding data privacy, including the California Consumer Privacy Act and its implementing regulations (the “CCPA”), in each case only to the extent applicable to Service Provider’s Processing of Customer Personal Data under the Agreement in each case as amended, replaced, re-enacted or updated from time to time, together with any other legislation introduced from time to time to protect individuals’ privacy and to govern marketing rights.
“Data Privacy Framework” means the EU-U.S Data Privacy Framework, as defined by the Decision (UE) 2023/1795 of the European Commission, and the Swiss-U.S Data Privacy Framework as defined by the Federal Act on Data Protection (FADP), SR 235.1 and the Decision of the Swiss Federal Council dated 14 August 2024.
The terms: “Controller”, “Processor”, “Data Subject”, “Personal Data”, “Personal Data Breach”; “Process” and “Processing” have the meanings ascribed to them in the GDPR or any other applicable data protection laws.
“Data Incident” or “Personal Data Breach” means the actual or reasonably suspected theft, destruction, alteration, damage, loss, unauthorized disclosure of, or unauthorized access to Personal Data that is unlawful, unauthorized, made by a person not authorized to do so, or that violates this Agreement or Data Protection Laws.
“Fee” means the amount specified in the Service Schedule.
“Contact(s)” a non-consumer organization who may be a potential lead for Quadient to pursue.
“Valid Contact List” List of Contacts for lead generation provided by the Supplier which meets the minimum requirements set out in the Service Schedule with an aim for such organization to become Quadient customer.
Any capitalized terms not defined in these General Terms shall have the meaning ascribed to them elsewhere in the Agreement.
2 Quadient’s Obligations
Provision of information. To enable the Supplier to provide suitable lead generation information, Quadient shall promptly provide the information below to the Supplier: An executive summary of Quadient, including the sector, solutions and any information relevant to enable to Supplier to determine marketing leads suitable for Quadient.
3 Supplier’s Obligations
To provide the Valid Contact Lists. Prior to generating any Contacts for Quadient and Quadient Affiliates, the Supplier will use its best efforts to determine that each Contact meets Quadient’s minimum requirements and search criteria through a careful screening of the Contacts by the Supplier. During the screening process, and prior to presenting any Contact List to Quadient for consideration, the Supplier is expected to: (i) confirm that the data subject has consented (in accordance with Data Protection Legislation) to receive marketing content from Quadient or any Quadient affiliate; (ii) On request from Quadient, the supplier will provide a copy of proof of consent as justification from the provided contacts (iii) confirm that the data subject is aware of their rights under data protection laws.
4 Fee
As consideration for the Services, Quadient shall pay the Fee according to the payment terms in the Service Schedule. If a purchase order is issued for the Services, all invoices must reference the applicable purchase order number. Quadient reserves the right to return all incorrect invoices. Quadient shall pay all correct and undisputed invoices within sixty (60) days of receipt. Save as excepted by the applicable law, in no event shall Quadient’s liability under or in relation to the Agreement shall exceed the amount of Fee payable to the Supplier.
5 Representations and Warranties
Supplier represents and warrants that: (a) it shall provide the Services in a professional and workmanlike manner and in accordance with the highest applicable standards; (b) it shall not refer to or identify Quadient or its affiliates, or use Quadient’s or its affiliates’ names or marks or any likeness thereof or marks similar thereto, in any marketing, advertising, press releases or public statements without prior written consent by Quadient; (c) the performance of Services under this Agreement will not conflict with, or be prohibited in any way by, any other agreement or statutory restriction to which Supplier is bound; and (d) it shall comply with the Compliance Provisions set out in Exhibit 1 attached hereto.
6 Independent Supplier
Quadient is interested only in the results obtained under this Agreement; the manner and means of achieving the results are subject to Supplier's sole control. Supplier is an independent Supplier for all purposes, without express or implied authority to bind Quadient. Neither Supplier nor its employees, agents or subcontractors (“Supplier’s Assistants”) are entitled to any employee benefits of Quadient. As noted above, Supplier shall be responsible for all costs and expenses incident to performing the Services.
7 Indemnity
Supplier shall indemnify, hold harmless, and defend Quadient, its officers, directors, agents and employees, against all claims, liabilities, damages, losses and expenses, including attorneys' fees and cost of suit arising out of (i) use of the Contacts by Quadient; and (ii) any claim by a third party against Quadient alleging that the Services, the results of such Services, or any other products or processes provided under this Agreement, infringe any third party intellectual property rights.
8 Confidentiality
Supplier shall ensure that any confidential information or material which is obtained during the scope of this Agreement or in negotiation thereof is kept confidential and not shared with any third party. Supplier undertakes that he shall not expose any confidential information except with the prior written consent of Quadient or if directed to do so by a competent court provided always that such information has not previously entered the public domain by other means. Upon the expiration or termination of this Agreement for any reason, the Supplier will promptly notify Quadient of all confidential information in its possession and upon Quadient’ s request will promptly deliver or destroy all such confidential information.
9 Privacy
For avoidance of doubt both parties are deemed to be ‘Controller’ of the data contained on lead generation lists
Both Parties shall comply at all times with the Data Protection Legislation and shall not perform their obligations under this Agreement or any other agreement or arrangement between themselves in such way as to cause either party to breach any of its applicable obligations under the Applicable Law.
Both parties shall provide all reasonable assistance in complying with their obligations under the Data Protection Legislation with respect to the security of processing, respecting access rights, the notification of Personal Data Breaches, the conduct of data protection impact assessments, and in dealings with the data control authority (eg. CNIL, Information Commissioner’s Office);
International Transfers. Where Personal Data is transferred between the Parties as Controllers under Chapter V of the GDPR or equivalent provisions of UK or Swiss law:
(a) the Parties shall primarily rely on the EU–U.S. Data Privacy Framework, the UK Extension, and/or the Swiss–U.S. Data Privacy Framework, where applicable;
(b) where such frameworks do not apply, the Parties shall rely on the SCC, together with the UK Addendum or Swiss Addendum where applicable; and
Supplier warrants that (i) it has obtained the consent required by Data Protection Legislation from all data subjects to collect and share personal data with Quadient for its legitimate business reasons, including the provision of the Services in this Agreement; ii) It represents and undertakes that the collection and provision of Personal Data for the purpose of the Services shall comply with the Data Protection Legislation in all respects including; and iii) Quadient’s Processing of such Personal Data for such purposes shall not result in Quadient breaching any Data Protection Legislation.
Both Controller agrees that where transfer of personal data occurs between two data Controllers within the meaning of Chapter V of Regulation (EU) 2016/679, the Controllers should use Module 1 (Exhibit 2) of standard contractual clauses as adopted by the Commission in accordance with of Article 46(2) of Regulation (EU) 2016/679, provided the conditions for the use of those standard contractual clauses are met.
10 (c) in the absence of the foregoing, the Parties shall implement another lawful transfer mechanism in accordance with Data Protection Laws.Term; Termination
a. The initial term of this Agreement shall commence on the date of the last signature of this Agreement.
b. Quadient may terminate this Agreement: (i) for convenience at any time by giving 30 days prior written notice to the Supplier; or (ii) immediately upon written notice to Supplier if Supplier fails to perform or breaches any of Supplier's obligations under this Agreement, files a petition in bankruptcy, becomes insolvent, or dissolves. In the event of such termination, Quadient shall pay Supplier for the Services satisfactorily performed through the date of termination, less appropriate offsets, including any additional costs to be incurred by Quadient in completing the Services.
c. Supplier may terminate this Agreement upon written notice to Quadient if Quadient fails to make any undisputed payment to Supplier within thirty (30) days after Supplier notifies Quadient in writing that payment is past due.
11 Miscellaneous
a. In the event any provision of this Agreement shall be deemed to be invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions shall not in any way be affected or impaired thereby.
b. Neither Party may not assign or transfer, in whole or in part, any of its rights or obligations under this Agreement, without prior written consent from the other (such consent not to be unreasonably withheld or delayed). Nothing in this Agreement shall restrict the transfer of Quadient’ s rights and/or obligations under this Agreement upon notice to Supplier for purposes of an intra- group reorganization, transfer of business or in the event of its change of control. Agreement is made solely for the benefit of the Parties hereto and their respective successors and permitted assigns, and no other person or entity will have or acquire any right or benefit under the Agreement
c. Failure or delay by Quadient to exercise any right, power or remedy provided hereunder will not operate as a waiver or modification of any such right, power or remedy.
d. Save as otherwise specified in the Agreement (eg notice of renewal cancellation), any notice served under this Agreement is sufficiently served if sent by prepaid letter post to the usual or last known place of business of the addressee, and proof of dispatch shall be conclusive evidence of receipt by the addressee in due course of transmission.
e. This Agreement shall be governed by the laws of France and the Parties hereby agree to submit to the exclusive jurisdiction of the courts of Paris.
f. Any obligations and duties which by their nature extend beyond the expiration or termination of this Agreement shall survive the expiration or termination of this Agreement.
g. This Agreement supersedes all prior agreement, arrangements and undertakings between the parties and constitutes the entire agreement between the parties relating to the subject matter thereof. This Agreement may not be varied, modified, altered, or amended except in writing, signed by the parties.
Exhibit 1
Compliance Provisions
a. Compliance with laws. Each party declares that it strictly complies and ensures compliance with all applicable laws, regulations, rules, and orders including United Nations, World Trade Organization, and other international organisations resolutions with respect to business conditions, trade, competition, and business ethics, and with all applicable laws, regulations, rules, and orders applicable to each party’s performance under this Agreement.
b. Compliance with Quadient’s Partner Code of Conduct. As a United Nations Global Compact signatory company, Quadient (including subsidiaries and Affiliates) is committed to conducting business with integrity in an ethical and honest manner, whilst complying with laws. By entering into the Agreement, Supplier (and its affiliates) agrees to comply with Quadient’s Partner Code of Conduct and to the highest performance, ethical and compliance standards, including basic human rights. Additionally, Supplier acknowledges that there are specific legal and ethical requirements for doing business and Supplier is solely responsible for its compliance with these requirements.
c. Payment terms. (a) Parties shall not offer or accept payments in cash; and (b) Payments must be made from account held by the invoiced company to an account held by the company that issued the invoice, except in exceptional circumstances subject to the prior written approval of Quadient after communication of all the supporting documents required.
d. Anti-bribery. (a) Each party represents and warrants to the other party that neither party, nor any of its officers, directors, employees, agents, contractors, sub-contractors, or other authorized representatives has, at any time including prior to entering into this Agreement, performed or will perform (or has any knowledge of) any of the following acts in connection with this Agreement, or any sale made or to be made hereunder, any compensations paid or to be paid hereunder, or any other transactions involving the business interests of either party, pay, offer or promise to pay, authorize the payment of, any money, or give or promise to give, or authorize the giving of, any services or anything else of value, either directly or through a third party, to any person or entity, whether public, private or governmental, for the purpose of (i) improperly influencing any act or decision of that person in his or her official capacity, including a decision to fail to perform his official functions, (ii) inducing such person to use his or her influence to improperly affect or influence any act or decision thereof or (iii) securing improper advantage, all of the foregoing defined as “Prohibited Acts”; (b) Each party will comply with all legislation and common law anywhere in the world creating offense in respect of bribery or fraudulent or corrupt acts. These laws may include but are not limited to the U.S. Foreign Corrupt Practices Act, UK Bribery Act, Inter-American Convention Against Corruption, the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, the Council of Europe Criminal Law Convention on Corruption, the Council of Europe Civil Law Convention on Corruption, the United Nations Convention Against Corruption, the Anti-corruption Action Plan for Asia and the Pacific, the United Nationals Convention against Transnational Organized Crime, the African Union Convention on Preventing and Combating Corruption; (c) Both parties shall have in place adequate procedures and policies designed to prevent any of the Prohibited Acts.
e. Competition law compliance. Each party represents and warrants that it is not engaged in any agreement, arrangement, practice or conduct which amounts to an infringement of the competition, anti-trust, anti-monopoly or anti-cartel laws of any jurisdiction in which the party conducts business and no director or officer is engaged in any activity which would be an offence or infringement under any such laws. Each party shall adopt or maintain measures to prohibit anti-competitive business conduct and take appropriate action with respect thereto. To the extent that a party has adopted and applied measures to address anti-competitive practices and arrangements, those measures shall be consistent with competition principles.
ANNEX I
A. LIST OF PARTIES
1. Name: Quadient as defined in the beginning of this Agreement
Address: as defined in the beginning of this Agreement Contact person’s name, position and contact details: privacyteam@quadient.com
Signature and date: …
Role: Controller (data Exporter in case SCCs and UK addendum is applicable)
2. Name: Company Supplier as defined in the beginning of this Agreement
Address: Supplier as defined in the beginning of this Agreement
Contact person’s name, position and contact details as defined in service Schedule
Activities relevant to the data transferred under these Clauses as defined in order form or Agreement. Signature and date: …
Role Controller (data importer in case SCCs and UK addendum is applicable)
B. DESCRIPTION OF TRANSFER / PROCESSING ACTIVITIES
Categories of data subjects whose Personal Data is transferred
(a) leads, prospects, , suppliers, and customers and their respective employees, agents, and end users
(b) Quadient employees, agents, and end users as well as Quadient’s contractors.
Categories of Personal Data transferred
(a) First and last name,
(b) contact information (email, phone, physical address),
Sensitive data transferred (if applicable)
None
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
Continuous
Nature of the processing
As set out in the Agreement.
Purpose of the data transfer and further processing
The Parties will process the Controller Personal Data as part of the Controller Services in accordance with the Agreement.
The period for which the Personal Data will be retained, or, if that is not possible, the criteria used to determine that period
The later of XX months from the date of collection, or for the Term of the Agreement.
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
As above
C. COMPETENT SUPERVISORY AUTHORITY
The French CNIL.
ANNEX II
Notwithstanding any additional measures agreed to in the Main Contract, both Parties agreed to implement and maintain for both Corporate and Customer Data (‘Data’) the following security measures, which in conjunction with the security commitments in this Data Processing Agreement (‘DPA’) (including the GDPR Terms), are Party’s only responsibility with respect to the security of that data.
Domain | Practices |
|---|---|
Organization of Information Security | Security Responsibility. Each Party shall appoint one or more security officers responsible for coordinating and monitoring the security rules and procedures. Security Roles and Responsibilities. Each Party’s personnel with access to Data shall be subject to confidentiality obligations. Risk Management Program. Each Party shall perform a risk assessment before processing the Data or launching the corresponding service. Each Party shall retain its security documents pursuant to its retention requirements after they are no longer in effect. |
Asset Management | Asset Inventory. Each Party’s shall maintain an inventory of all assets on which Data is stored. Access to the inventories of such assets shall be restricted to personnel authorized in writing to have such access. Asset Handling Each Party shall classify Data to help identify it and to allow for access to it to be appropriately restricted. Each Party shall impose restrictions on printing Data and shall have procedures for disposing of printed materials that contain Data. One Party personnel shall obtain internal authorization prior to storing Data on portable devices, remotely accessing Data, or processing Data outside its facilities. |
Human Resources Security | Security Training. Each Party shall inform its personnel about relevant security procedures and their respective roles. Each Party shall also inform its personnel of possible consequences of breaching the security rules and procedures. Each Party shall only use anonymous data in training. |
Physical and Environmental Security | Physical Access to Facilities. Each Party shall limit access to facilities where information systems that process Data are located to identified authorized individuals. Protection from Disruptions. Each Party shall use a variety of technical measures to protect against loss of Data due to power supply failure or network disruption. Component Disposal. Data Processor shall use industry standard processes to delete Data when it is no longer needed. |
| Communications and Operations Management | Operational Policy. Each Party shall maintain security documents describing its security measures and the relevant procedures and responsibilities of its personnel who have access to Data. Data Recovery Procedures - On an ongoing basis, but in no case less frequently than once a week (unless no updates have occurred during that period), Each Party shall maintain multiple backups of Data from which such data can be recovered. - Each Party shall store backups of Data and data recovery procedures in a different place from where the primary computer equipment processing the Data are located. - Each Party shall have specific procedures in place governing access to backups of Data. - Each Party shall log data restoration efforts, including the person responsible, the description of the restored Data and where applicable, the person responsible and which Data (if any) had to be input manually in the data recovery process. Malicious Software. Each Party shall have anti-malware controls to help avoid malicious software gaining unauthorized access to Data, including malicious software originating from public networks. Data Beyond Boundaries - Each Party shall encrypt Data that is transmitted over public networks. - Each Party shall restrict access to Data stored on media leaving its facilities. Event Logging. Each Party shall log, access and use of information systems containing Data, registering the access ID, time, authorization granted or denied, and relevant activity. |
Access Control | Access Policy. Each Party shall maintain a record of security privileges of individuals having access to Data. Access Authorization - Each Party shall maintain and update a record of personnel authorized to access its systems that contain Data. - Each Party shall deactivate authentication credentials that have not been used for a period of time not to exceed six months. - Each Party shall identify those personnel who may grant, alter or cancel authorized access to Data and resources. - Each Party shall ensure the individuals have separate identifiers/log-ins. Need to Know - Technical support personnel are only permitted to have access to Data when needed. - Each Party shall restrict access to Data to only those individuals who require such access to perform their job function. Integrity and Confidentiality - Each Party shall instruct its personnel to disable administrative sessions when leaving premises under its controls or when computers are otherwise left unattended. - Each Party shall store passwords in a way that makes them unintelligible while they are in force. Authentication - Each Party shall use industry standard practices to identify and authenticate users who attempt to access information systems. - Where authentication mechanisms are based on passwords, Each Party shall require that the passwords are renewed regularly. - Where authentication mechanisms are based on passwords, Each Party shall require the password to be at least eight characters long. - Each Party shall ensure that de-activated or expired identifiers are not granted to other individuals. - Each Party shall monitor repeated attempts to gain access to the information system using an invalid password. - Each Party shall maintain industry standard procedures to deactivate passwords that have been corrupted or inadvertently disclosed. - Each Party shall use industry standard password protection practices, including practices designed to maintain the confidentiality and integrity of passwords when they are assigned and distributed, and during storage. Network Design. Each Party shall have controls to avoid individuals assuming access rights they have not been assigned to gain access to Data they are not authorized to access. |
| Information Security Incident Management | Incident Response Process - Each Party shall maintain a record of security breaches with a description of the breach, the time period, the consequences of the breach, the source of the reporting, and the main mitigation and recovery actions. - For each breach that is a Security Incident, notification by Data Processor to Data Controller shall be made without undue delay. Service Monitoring. Each Party operation personnel shall verify logs on a regular basis to propose remediation efforts if necessary. |
Business Continuity Management | - Data Processor shall maintain emergency and contingency plans for the facilities in which its information systems that process Data are located. - Data Processor redundant storage and its procedures for recovering data shall be designed to attempt to reconstruct Data in its original or last-replicated state from before the time it was lost or destroyed. |