← Back to RegisterRegister

Support Access Protocol Schedule

Operational rules for Bhalekar accessing customer data

1. APPLICATION

This Schedule operationalises clauses 7.3 and 7.3A of the Customer Licence Agreement (CLA) by setting out the steps and controls Bhalekar follows when accessing the Customer's installation or Customer Data for support purposes. It forms part of the CLA. Defined terms have the meanings given in the CLA.

2. ACCESS REQUEST

Bhalekar will not access the Customer's installation or Customer Data unless:

  • the Customer has logged a support request through one of the channels in the Support Schedule;
  • Bhalekar has identified that access is necessary to investigate or resolve the issue and has explained that necessity to the Customer;
  • an Authorised User who is identified by the Customer as a support-access approver expressly grants access using the Software's built-in support access controls;
  • the access is granted for a defined and limited duration; and
  • a documented reason for the access is recorded with the support ticket.

3. ACCESS LIMITS

Bhalekar will:

  • access the smallest scope of Customer Data necessary to investigate or resolve the issue;
  • use read-only access by default and request elevated permissions only where read-only access is genuinely insufficient, and only with the Customer's express approval for the elevated permission;
  • not export, copy or download the Customer's production database except where strictly necessary, and only with the Customer's express approval for that specific export;
  • not capture screenshots of sensitive Customer Data unless reasonably necessary for diagnosis, and only minimally;
  • not use Customer Data for any purpose other than investigating or resolving the support issue identified in the access request; and
  • treat all Customer Data accessed during support as the Customer's Confidential Information.

4. TEMPORARY EXTRACTS

Where a temporary extract of Customer Data is strictly necessary for troubleshooting (for example, to reproduce an issue in a controlled environment), Bhalekar will:

  • keep the extract on a system controlled by Bhalekar and protected by access controls equivalent to those Bhalekar applies to its own confidential information;
  • not retain the extract longer than necessary, and in any event delete or destroy the extract within seven (7) days of the support issue being resolved or the Customer's consent being revoked, whichever is earlier;
  • confirm deletion or destruction in writing to the Customer; and
  • not transfer the extract to any third party other than Bhalekar personnel bound by confidentiality obligations no less protective than those in the CLA.

5. PERSONNEL

Bhalekar will:

  • limit access to Bhalekar personnel who have a need to know for the specific support issue;
  • ensure all personnel accessing the Customer's installation are bound by written confidentiality obligations no less protective than those in clause 11 of the CLA; and
  • maintain its own internal records of personnel access for audit purposes.

6. AUDIT TRAIL

Bhalekar acknowledges that the Customer's installation logs Bhalekar's access in the Customer's environment. Bhalekar will not interfere with or attempt to alter those logs. The Customer is responsible for retaining the logs in accordance with its own retention policies.

7. EMERGENCY ACCESS

In a genuine emergency where the Customer's primary support-access approver is unavailable and immediate intervention is reasonably necessary to prevent imminent material harm to the Customer (for example, an active security incident affecting the Customer's installation), Bhalekar may request emergency access from any Authorised User identified to Bhalekar as authorised to grant such access. Where emergency access is granted:

  • Bhalekar will limit the access to what is necessary to address the emergency;
  • Bhalekar will document the access and the basis for treating it as an emergency;
  • Bhalekar will notify the Customer's primary contact in writing as soon as reasonably practicable; and
  • the obligations in this Schedule otherwise apply unchanged.

8. INCIDENT NOTIFICATION

If Bhalekar becomes aware of any unauthorised access, use, disclosure, alteration or loss of Customer Data involving Bhalekar's support activities, Bhalekar will notify the Customer in writing in accordance with clause 7.3A(f) of the CLA without undue delay, and in any event within seventy-two (72) hours of becoming aware. The notification will include all reasonably available details to assist the Customer to assess and respond to the incident, including (where known) the nature of the incident, the data affected, the personnel involved, and the steps Bhalekar has taken or proposes to take.

9. CHANGES TO THIS SCHEDULE

Bhalekar may update this Schedule from time to time in accordance with clause 14.3 of the CLA. Updates will not materially diminish the protections afforded to the Customer under this Schedule during the then-current Subscription Term without the Customer's consent.

— END OF SUPPORT ACCESS PROTOCOL SCHEDULE —

Onboard Support Access Protocol Schedule v1.0 DRAFT · Bhalekar Pty Ltd · ABN 22 642 063 385

Questions about these terms? sales@bhalekar.com.au