Home

Terms and Conditions

1. Definitions and interpretation

1.1 In these Terms, unless the context otherwise requires, the following definitions apply.
1.2“Acceptable Use Rules” means the rules in clause 14 governing prohibited and restricted uses of the Services.
1.3 “Agreement” means the contract between the Supplier and the Client comprising these Terms, the applicable quotation or proposal, any statement of work, any order confirmation, the Privacy Policy and, where relevant, the Data Processing Addendum.
1.4 “Business Day” means a day other than a Saturday, Sunday or public holiday in England.
1.5 “Client Content” means all information, text, software, data, images, trademarks, logos, audio, video, files, credentials and other materials supplied by, on behalf of, or uploaded by the Client.
1.6 “Client” means the person or business purchasing Services from the Supplier.
1.7 “Deliverables” means any finished work product expressly identified in a quotation, proposal or statement of work as to be delivered by the Supplier to the Client, excluding Supplier Tools and Third Party Materials.
1.8 “Fees” means the charges payable by the Client for the Services, including recurring charges and any one-off project fees.
1.9 “Services” means the services supplied by the Supplier, including website design, website development, support, maintenance, managed hosting, cloud hosting, email-related services, domain registration, DNS, migrations and any related services described in the relevant quotation or proposal.
1.10 “Supplier Tools” means any know-how, templates, frameworks, libraries, scripts, routines, deployment methods, hosting configurations, documentation, processes and other materials used or developed by the Supplier in providing the Services, whether created before, during or after the Agreement.
1.11 References to writing include email. A reference to a statute includes any amendment, re-enactment or replacement of it.

2. Basis of contract and order of precedence

2.1 The Agreement takes effect when the Client accepts a quotation, approves a proposal, signs an order form, instructs the Supplier to begin work, pays an invoice or deposit, or otherwise uses or requests the Services.
2.2 These Terms apply to all Services and prevail over any terms or conditions of the Client, whether contained in a purchase order, onboarding document, procurement portal or elsewhere, unless expressly agreed in writing by the Supplier.
2.3 If there is any conflict between documents forming part of the Agreement, the order of precedence is: (a) any signed statement of work or order form; (b) any quotation or proposal; (c) these Terms; (d) the Privacy Policy; and (e) any other document expressly incorporated by reference.
2.4 The Client warrants that it is acting wholly or mainly for purposes relating to its business, trade, craft or profession. If the Client is in fact a consumer, clause 20.13 applies.

3. Quotations, proposals and scope

3.1 Unless stated otherwise, quotations remain open for acceptance for 30 days from their date and may be withdrawn, revised or re-priced after that period.
3.2 Any timeline, milestone plan, estimated launch date or delivery target is an estimate only unless the quotation expressly states that time is of the essence for that item.
3.3 The Services are limited to the scope expressly described in the quotation, proposal or statement of work. Anything outside that scope, including additional revisions, extra pages, integrations, migrations, training, consultancy, meetings, content entry or troubleshooting of third party systems, is chargeable at the Supplier’s then current rates unless expressly included.
3.4 The Supplier may reasonably rely on information, instructions and approvals supplied by the Client. The Supplier is not responsible for delay, rework or cost caused by incomplete, inaccurate or changing instructions.

4. Services generally

4.1 The Supplier shall perform the Services with reasonable skill and care and in accordance with generally accepted industry practice for a specialist independent web developer and managed hosting provider serving SME business customers.
4.2 The Supplier may use subcontractors, infrastructure providers, registrars, payment processors and other third party service providers in delivering the Services.
4.3 The Supplier may modify, replace or reconfigure the technical means by which the Services are provided where reasonably necessary for security, performance, resilience, compliance or operational efficiency, provided this does not materially reduce the overall nature of the Services purchased by the Client.
4.4 The Client acknowledges that the Services depend on third party networks, software, registries, data centres, internet service providers, cloud infrastructure and other external systems and that uninterrupted, secure and error-free operation cannot be guaranteed.

5. Client responsibilities

5.1 The Client shall provide in a timely manner all information, instructions, approvals, access credentials, content, technical cooperation and decisions reasonably required by the Supplier.
5.2 The Client is solely responsible for the accuracy, quality, legality and ownership of Client Content and for obtaining all licences, permissions and consents required for its use.
5.3 The Client must review deliverables and requests for approval promptly. If the Client does not raise any substantive issue within 7 days of delivery or review request, the relevant item may be treated as approved for project progression purposes.
5.4 The Client shall keep all usernames, passwords, API keys and access credentials secure and must notify the Supplier promptly if it becomes aware of any suspected compromise.
5.5 The Client is responsible for all use of the Services under its account or credentials, whether by employees, contractors, agents or other persons using the Client’s systems or permissions.
5.6 The Client must maintain up to date and accurate contact details for billing, notices, project management and, where applicable, domain registrant information.

6. Development services

6.1 Project work may be delivered in phases. Unless otherwise stated, each phase is subject to the Client providing timely feedback and approvals.
6.2 Unless expressly included, the Supplier is not responsible for drafting copy, creating branding assets, sourcing stock photography, obtaining licences for third party plugins or themes, checking accessibility compliance to any specific standard, legal review of the Client’s website content, or reviewing the Client’s website for sector-specific regulatory compliance.
6.3 Minor defect corrections following delivery are included only to the extent they relate to the agreed scope and are notified promptly. Requests amounting to changes in design preference, functionality or scope are treated as change requests and are chargeable.
6.4 Unless expressly agreed otherwise, the Supplier may reference the Client and the completed website in its portfolio and case studies, subject to reasonable confidentiality concerns notified by the Client in writing.

7. Maintenance and support services

7.1 Where maintenance or support services are purchased, the Supplier shall provide the level of routine updates, checks and assistance described in the quotation or support plan.
7.2 Maintenance services commonly cover software updates, security patching, uptime monitoring, routine housekeeping and limited support requests. They do not include substantial new development, major version rebuilds, third party vendor support charges, recovery of websites materially altered by the Client or emergency incident response outside the agreed package unless specifically included.
7.3 Support is provided during the Supplier’s normal business hours unless a different support window is expressly agreed.
7.4 The Supplier may prioritise tickets by severity and operational impact. No response or resolution times are guaranteed unless expressly stated in writing.

8. Hosting services

8.1 Hosting services are provided on a subscription basis for the relevant billing period.
8.2 The Supplier may carry out scheduled or emergency maintenance, install updates, apply security controls, alter server configurations, move workloads between infrastructure or change third party providers where reasonably necessary.
8.3 The Supplier may suspend any part of the Services immediately, with or without notice, where reasonably required to protect systems, investigate suspected misuse, respond to security incidents, comply with law or third party provider requirements, or prevent actual or suspected harm to the Supplier, the Client, other customers or third parties.
8.4 The Supplier is not liable for losses arising from suspension carried out in accordance with clause 8.3 or clause 14.
8.5 Unless expressly included, the Supplier does not provide a guaranteed dedicated server environment, guaranteed bandwidth reservation, business continuity service, cyber insurance or managed legal compliance service.

9. Domains and DNS

9.1 Where the Supplier registers, renews, manages or transfers domain names, it acts either as registrar, reseller or agent using third party registrars and registry operators.
9.2 Domain registrations and renewals are subject to the applicable registry, registrar and naming authority rules, including any verification and data accuracy requirements. The Client shall promptly supply all information required for registration, renewal, transfer, validation or dispute processes.
9.3 The Client is responsible for ensuring invoices relating to domain renewals are paid before the relevant renewal or expiry date. If payment is not received in time, the domain may expire, be suspended, move into redemption or be lost. The Supplier accepts no liability for such loss where caused by non-payment, delay in Client instructions or registry processes outside the Supplier’s control.
9.4 The Client must notify the Supplier promptly of changes to registrant, administrative or billing contact information. The Supplier may require evidence and may refuse changes pending satisfactory verification.
9.5 DNS changes and propagation times depend on external systems and cannot be guaranteed to take effect immediately.

10. Fees, invoicing and payment

10.1 The Supplier shall invoice the Client in accordance with the quotation, proposal or order confirmation. Unless otherwise stated, invoices are due within 7 days of issue.
10.2 Recurring services are billed in advance unless the quotation states otherwise. Project fees may be invoiced on acceptance of the quote, on agreed milestones, monthly in arrears, on delivery, or partly in advance and partly on completion, depending on the proposal.
10.3 If any invoice is not paid in full by the due date, the Supplier may charge interest on the overdue amount at 2% per annum above the Bank of England base rate from time to time, accruing daily, or at 2% per annum for any period when that base rate is below 0%. The Supplier may also recover reasonable costs of collection.
10.4 The Client shall pay invoices in full without set-off, deduction or withholding except as required by law.
**10.5 **The Supplier may require payment in cleared funds before commencing work, renewing a domain, provisioning hosting, releasing deliverables, restoring services or carrying out migration or off-boarding work.

11. Suspension, reactivation and termination

11.1 If any invoice remains unpaid for 30 days after the invoice date, the Supplier may suspend some or all of the Services, including website availability, email availability, access to control panels, deployment activity and support responses.
11.2 If any invoice remains unpaid for 90 days after the invoice date, the Supplier may terminate some or all recurring Services by written notice.
11.3 Where Services are suspended or terminated for non-payment, the Supplier is not liable for any business interruption, data loss, lost revenue, missed renewals, reputational damage or other consequences resulting from the suspension or termination.
11.4 Reactivation after suspension is at the Supplier’s discretion and may be conditional upon full payment of all outstanding sums, payment of any applicable reactivation fees and completion of any technical work reasonably required to restore service.
11.5 Either party may terminate the Agreement or any affected Service on written notice if the other commits a material breach which, if remediable, is not remedied within 14 days after written notice requiring remedy.
11.6 The Supplier may terminate immediately where the Client commits a serious or repeated breach of clause 14, where continued provision would expose the Supplier or its providers to legal, regulatory or security risk, or where a third party provider withdraws a critical service and no commercially reasonable replacement is available.

12. Service levels and service credits

12.1 Where hosting services are supplied, the Supplier targets 99.9% uptime in each calendar month for the hosted service as a whole.
12.2 Downtime for service level purposes excludes: scheduled maintenance; emergency maintenance; failures of third party infrastructure outside the Supplier’s reasonable control; internet routing or DNS issues outside the Supplier’s direct managed environment; force majeure events; suspension under the Agreement; and downtime caused by the Client, Client Content, third party software chosen by the Client, or code changes made by anyone other than the Supplier.
12.3 Downtime counts only where the hosted service cannot be accessed externally from multiple locations and the issue is not attributable to local connectivity, browser, device or internal client network problems.
12.4 If the uptime target is not met, the Client may claim service credits equal to 5% of the relevant monthly hosting fee for each complete 60 minutes of qualifying downtime in that calendar month, capped at 100% of the relevant monthly hosting fee. Where the service is billed annually, the monthly hosting fee is calculated as one twelfth of the annual hosting fee.
12.5 Service credits are the Client’s sole and exclusive remedy for failure to meet the uptime target and may only be applied as a credit against future hosting invoices. No cash refund is payable unless required by law.
12.6 A claim for service credits must be submitted in writing within 7 days after the end of the relevant incident and must include reasonable supporting evidence. The Supplier’s logs and monitoring data shall be the primary evidence in determining eligibility.

13. Backups, disaster recovery and off-boarding

13.1 The Supplier may perform routine backups, snapshots or retention processes as part of the Services, but unless expressly agreed otherwise the Client acknowledges that such processes are provided for operational resilience only and are not a substitute for the Client maintaining its own independent backups.
13.2 The Supplier does not guarantee that any backup will be complete, current, error-free, virus-free, or successfully restorable in every case.
13.3On termination of hosting or other managed services, the Supplier shall on request provide one export or copy of the Client’s website files, email data, database or other hosted data in a reasonably available format, without additional charge, provided all outstanding sums have been paid and the request is made within the retention period.
13.4 Unless otherwise agreed, migration assistance, reconfiguration, import into a new platform, specialist handover work, extraction into bespoke formats, consultancy and project management relating to off-boarding are chargeable services.
13.5 Unless a longer period is expressly stated in the proposal, the Supplier may delete hosted data 30 days after termination or expiry of the relevant Service. Where termination occurs for prolonged non-payment, the Supplier may retain a downloadable backup for up to 90 days from termination where reasonably practicable, but does not guarantee continued availability for the whole period.

14. Acceptable use

14.1 The Client shall use the Services only for lawful purposes and in a manner that complies with all applicable laws, regulations and industry rules and does not infringe the rights of any third party.
14.2 Without limitation, the Client must not use, permit or attempt to use the Services to host, transmit, distribute, store, facilitate or link to material or activity involving: illegal content; fraud; phishing; malware; ransomware; spyware; credential harvesting; unsolicited bulk email; abusive mailing practices; denial of service activity; vulnerability exploitation; unauthorised access; copyright infringement; hosting of other persons’ copyrighted material without permission; or any activity likely to damage, disable, overburden or impair the Services or any connected system.
14.3 The Client must not use the Services to send or facilitate spam, operate open proxies, run unauthorised stress testing, consume disproportionate shared resources, bypass security measures, or interfere with other customers’ services.
14.4 The Supplier may investigate suspected breaches of this clause, may request information from the Client, may disable content, filter traffic, suspend services, remove access, block ports or terminate the affected service. The Supplier is not liable for action taken in good faith under this clause.
14.5 This clause applies whether the prohibited activity is carried out by the Client directly, by a user of the Client’s website or systems, by malware or compromise affecting the Client environment, or by a third party using the Client’s credentials or infrastructure.

15. Intellectual property

15.1 All intellectual property rights in the Services, the Supplier Tools and all methods, code frameworks, deployment routines, templates, know-how and materials used or developed by the Supplier remain vested in the Supplier or its licensors.
15.2 Subject to full payment of all Fees, the Supplier grants the Client a non-exclusive, non-transferable licence to use the Deliverables and any specifically created website output for the Client’s own internal business purposes and public-facing website operations.
15.3 Unless expressly stated in a signed proposal, no assignment of intellectual property rights is given and the Agreement operates on a licence basis. The Supplier may reuse any generic know-how, code techniques, routines, design approaches, configurations and non-client-specific components in other projects.
15.4 Any third party plugins, frameworks, themes, fonts, libraries, APIs, stock assets or other third party materials are subject to their own licences and terms. The Client is responsible for ongoing licence fees and compliance where those items are procured in the Client’s name or for the Client’s account.
15.5 The Client grants the Supplier a non-exclusive licence to use the Client Content to the extent reasonably necessary to provide the Services.

16. Confidentiality

16.1 Each party shall keep confidential all confidential information of the other disclosed in connection with the Agreement and shall not use such information except for the purposes of performing or receiving the Services.
16.2 This clause does not apply to information that is or becomes public other than through breach, was lawfully known to the recipient before disclosure, is received lawfully from a third party without confidentiality restriction, or is required to be disclosed by law, court order or regulator.
16.3 The Supplier may disclose confidential information to employees, contractors and professional advisers who need to know it for the purposes of the Agreement and who are subject to appropriate confidentiality obligations.

17. Data protection

17.1 The Supplier shall process personal data in accordance with the Privacy Policy. Where the Supplier processes personal data on behalf of the Client as processor, Schedule 2 applies.
17.2 The Client warrants that it has all necessary rights, notices and lawful bases to permit the Supplier to process personal data supplied by or on behalf of the Client in connection with the Services.
17.3 The Supplier may use sub-processors and third party providers in accordance with the Privacy Policy and Schedule 2.

18. Warranties and disclaimers

18.1 Except as expressly stated in the Agreement, all warranties, representations, conditions and other terms implied by statute, common law or otherwise are excluded to the fullest extent permitted by law.
18.2 The Supplier does not warrant that the Services will be uninterrupted, error-free, compatible with every third party system, or fit for any purpose not expressly stated in the quotation.
18.3 The Supplier does not provide legal, regulatory, tax, accessibility, cyber security certification, search engine ranking or business continuity advice unless expressly stated in writing.
18.4 The Client is responsible for checking that the website, content and business processes are suitable for its commercial, legal and regulatory requirements.

19. Limitation of liability

19.1 Nothing in the Agreement limits or excludes liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, or any liability that cannot lawfully be limited or excluded.
19.2 Subject to clause 19.1, the Supplier shall not be liable for loss of profits, loss of revenue, loss of sales, loss of business, loss of goodwill, loss of anticipated savings, loss of use, loss or corruption of data, interruption to business, wasted management time, or any indirect or consequential loss.
19.3 Subject to clauses 19.1 and 19.2, the Supplier’s total aggregate liability arising out of or in connection with the Agreement in any 12 month period shall not exceed a sum equal to the Fees actually paid by the Client to the Supplier in the 12 months immediately preceding the event giving rise to the claim.
19.4 The parties agree that the Fees reflect the allocation of risk in the Agreement and that the limitations in this clause are reasonable.

20. General

20.1 The Supplier may update these Terms from time to time for legal, regulatory or operational reasons. Updated Terms shall apply to renewed or continuing recurring Services from the next renewal or billing cycle after reasonable notice, unless the change is required immediately by law or critical provider requirements.
20.2 No failure or delay by either party to exercise any right or remedy shall operate as a waiver of that or any other right or remedy.
20.3 If any provision is found invalid or unenforceable, the remaining provisions shall continue in full force and effect.
20.4 The Client may not assign, transfer, charge, subcontract or deal in any other manner with any of its rights or obligations under the Agreement without the Supplier’s prior written consent. The Supplier may assign or subcontract its rights and obligations.
20.5 Nothing in the Agreement creates any partnership, joint venture, agency or employment relationship between the parties, except that the Supplier may act as the Client’s agent solely to the limited extent necessary to procure domains, licences or third party services expressly requested by the Client.
20.6 A person who is not a party to the Agreement has no right under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of the Agreement, save that a third party licensor or provider may rely on any exclusion or limitation expressed to benefit it.
20.7 The Agreement constitutes the entire agreement between the parties relating to its subject matter and supersedes all prior discussions, correspondence and understandings.
20.8 Any notice under the Agreement shall be in writing and sent to the last notified business email or postal address of the other party. Notices sent by email are deemed received at 9.00 am on the next Business Day after transmission, unless an error message is received.
20.9 The Agreement and any dispute or claim arising out of or in connection with it is governed by the laws of England and Wales and the courts of England and Wales shall have exclusive jurisdiction.
20.10 If the Client is or becomes insolvent, enters administration or liquidation, ceases trading or the Supplier reasonably believes payment is at serious risk, the Supplier may suspend Services, require advance payment or terminate on notice.
20.11 Nothing in these Terms obliges the Supplier to continue supplying Services where doing so would breach law, third party provider terms, sanctions, export rules or a court or regulatory requirement.
20.12 Clauses which by their nature are intended to survive termination, including clauses relating to payment, confidentiality, data retention, liability, intellectual property and governing law, shall survive termination.
20.13 Consumer safeguard. The Agreement is intended for business customers. If the Client is a consumer, nothing in the Agreement affects statutory rights and any provision inconsistent with mandatory consumer law shall be read down accordingly. Where a consumer requests immediate commencement of Services, the consumer acknowledges that cancellation rights may be affected once digital services begin or bespoke work is started.

Schedule 1 - Privacy Policy

P1.1 This Privacy Policy explains how the Supplier collects, uses, stores and shares personal data in connection with its website, enquiries, client onboarding, billing and provision of Services.
P1.2 The Supplier is Thomas Erbe trading as Grizzly Pumpkin. Contact email for privacy matters: tom@grizzlypumpkin.com. Registered or principal business address: 14 Malting Yard, Ramsey, PE26 1DL.

1. Categories of personal data

P1.3 The Supplier may collect and process contact details, billing details, correspondence, support requests, technical logs, IP addresses, device and browser information, domain registration details, hosting account data, and any personal data contained in Client Content or provided in the course of the Services.
P1.4 If the Client submits personal data relating to its own customers, users, employees or contacts, the Supplier may process that data as processor on the Client’s behalf, as described in Schedule 2.

2. Purposes and legal bases

P2.1 The Supplier processes personal data to respond to enquiries, prepare quotations, enter into and perform contracts, provide support, administer domains and hosting, issue invoices, collect payment, maintain security, prevent abuse, keep records, comply with law and pursue legitimate business interests.
P2.2 The legal bases relied upon include performance of a contract, taking steps at the request of a data subject prior to entering into a contract, compliance with legal obligations, and legitimate interests including operating and securing the business, recovering debts, improving services and maintaining client relationships.

3. Sharing and providers

P3.1 The Supplier may share personal data with carefully selected service providers and sub-processors where reasonably necessary to provide the Services, including hosting and infrastructure providers, domain registrars, DNS and CDN providers, backup providers, accounting providers and payment processors.
P3.2 The Supplier’s providers may include, depending on the Services purchased, Krystal, DigitalOcean, Netistrar, Stripe, Backblaze, Cloudflare, CrowdSec and Pandle, together with any replacement or equivalent provider used from time to time.
P3.3 The Supplier may also disclose personal data where required by law, court order, regulator or to protect the Supplier’s rights, property or safety or that of clients or third parties.

4. International transfers

P4.1 Some providers may process personal data outside the UK. Where that occurs, the Supplier will use appropriate safeguards recognised under UK data protection law, such as adequacy regulations or standard contractual clauses, as applicable.

5. Retention

P5.1 Personal data is retained only for as long as reasonably necessary for the purposes for which it was collected, including to comply with legal, accounting, tax, contractual and record-keeping requirements.
P5.2 Technical logs may be kept for security and audit purposes for a limited period. Client account and billing records may be retained for longer where required for tax, accounting or dispute purposes.

6. Rights

P6.1 Individuals may, subject to applicable law, request access to personal data, rectification of inaccurate data, erasure, restriction, objection to certain processing and data portability.
P6.2 Complaints may be made to the Information Commissioner’s Office, although the Supplier encourages concerns to be raised first so they can be addressed directly.

7. Cookies and website data

P7.1 The Supplier’s website may collect limited technical data necessary for security, hosting and server administration. The Client should publish a separate cookies notice if and to the extent required by the website’s actual use of cookies and similar technologies.

Schedule 2 - Data Processing Addendum

D1.1 This Schedule applies where the Supplier processes personal data on behalf of the Client in the course of providing the Services.
D1.2 For the purposes of this Schedule, the Client is the controller and the Supplier is the processor, except to the extent the Supplier acts as an independent controller for its own client administration, billing, legal compliance and business operations.

1. Processing details

D1.3 Subject matter of processing: provision of website, hosting, support, maintenance, migration, domain and related services.
D1.4 Duration of processing: for the duration of the relevant Services and any agreed retention period or lawful post-termination retention.
D1.5 Nature and purpose of processing: hosting, storage, transmission, organisation, access, support, backup, restoration, security monitoring and other processing reasonably required to provide the Services.
D1.6 Categories of data subjects and personal data: as determined by the Client and may include the Client’s employees, contractors, customers, users, subscribers and website visitors, together with identifiers, contact information, account data, IP addresses, correspondence, content and any other data uploaded or made available by the Client.

2. Processor obligations

D2.1 The Supplier shall process personal data only on documented instructions from the Client unless required to do otherwise by law.
D2.2 The Supplier shall ensure that persons authorised to process personal data are subject to a duty of confidentiality.
D2.3 The Supplier shall implement appropriate technical and organisational measures taking into account the nature of the processing, the risks involved and the state of the art, including measures appropriate to protect against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
D2.4 The Supplier shall assist the Client, taking into account the nature of the processing and the information available to the Supplier, with responding to requests from data subjects and with compliance obligations relating to security, breach notification, impact assessments and regulatory consultation, to the extent required by law and reasonably requested.
D2.5 The Supplier shall notify the Client without undue delay after becoming aware of a personal data breach affecting personal data processed on behalf of the Client.

3. Sub-processors

D3.1 The Client grants a general authorisation to the Supplier to appoint sub-processors for the purposes of providing the Services.
D3.2 The Supplier shall ensure that sub-processors are subject to written terms imposing data protection obligations materially consistent with those in this Schedule, to the extent applicable to the nature of the services supplied.
D3.3 A current list of principal sub-processors may be made available in the Privacy Policy, on the Supplier’s website or on request.

4. International transfers and audits

D4.1 Where personal data is transferred outside the UK, the Supplier shall use an appropriate lawful transfer mechanism.
D4.2 On reasonable written request and no more than once in any 12 month period, the Supplier shall make available information reasonably necessary to demonstrate compliance with this Schedule. Any formal audit or detailed questionnaire is subject to reasonable confidentiality protections, advance notice and payment of the Supplier’s reasonable costs unless the audit is required due to a proven material breach by the Supplier.

5. Return and deletion

D5.1 On termination of the relevant Services, the Supplier shall, at the Client’s election where practicable and subject to payment of all outstanding sums, return or make available the relevant personal data and shall thereafter delete it in accordance with clause 13 and the Supplier’s retention practices, unless retention is required by law or reasonably necessary for the establishment, exercise or defence of legal claims.
D5.2 Liability under this Schedule is subject to the exclusions and limitations in clause 19 of the Terms, save to the extent prohibited by law.