Current as at: March 2021

Glossary

This means the specific conditions that apply to your application to access or use the relevant System or receive Data or be granted API Client Credentials by or from us.

Access Permissions

This means the permission granted by us to you for your access to, use of or entry to any System or Data subject to the satisfaction and ongoing compliance with the applicable Access Conditions.

API

This means an application programming interface which are a mechanism by which a system can be made to interact with another system.

API Client Credentials

This means the client ID, secret, licence key and/or any token issued exclusively to you for your organisation to access or our API in the applicable environment (sandbox or production) subject to the satisfaction and ongoing compliance with the applicable conditions of access.

Data

This means all information (including, but not limited to, text, maps, drawings, GPS co-ordinates) and other materials in any form that Tuatahi First Fibre provides to you, or that you generate, collect, process, hold, store, or transmit in connection with your applicable Access Permissions.

Data Transmittal

This means the action of transmitting Data from an Tuatahi First Fibre system, portal or via a shapefile using a direct transmittal method (as opposed to a retrieval of such Data by you).

Intellectual Property Rights

This means any copyright, patent, trademark, design right, trade secret, eligible layout, or other industrial or intellectual property right.

Major Version Changes

This means is any API version change which would remove or change existing functionality (also commonly referred to as ‘breaking changes’).

Our Identity Provider

This is the identity and access management platform used by us to securely manage authentication and authorisation for our business partners and customers who require access to Tuatahi First Fibre’s Data and Systems

Rate Limit

This means any volume or user limitations imposed on your access to any API from time to time.

Retail Service Provider

This means a retail service provider who purchases a wholesale fibre broadband telecommunication service from Tuatahi First Fibre to a third party end user with whom they have the direct billing relationship.

Security Incident

This means the unauthorised access, use, alteration or destruction of any Data or Systems, or other compromises or breaches of your or our electronic or physical security.

Security Vulnerability

This means a weakness at the network, operating system, database, or application software level, or within associated functions (such as a physical vulnerability at the location where Tuatahi First Fibre’s Data is stored), that could allow a Security Incident to occur.

System

This means any electronic information technology system, including (but not limited to) hardware, software, services, websites, and communications networks and includes all and any Data contained within it.

Third Party Data
This means third party licenced data that may be amalgamated, merged, or otherwise contained within Data which we are authorised to disclose to you.

Tuatahi First Fibre, we, us and our

This means Tuatahi First Fibre Limited (registered company number 3226213).

Your Identity Provider

This refers to the system(s) your company uses to authenticate (login) and authorise users to access IT resources. This is often, Microsoft Active Directory, Azure AD, Amazon Cloud Directory or Google G-Suite.

You and your

This means the company, organisation, agency, or service provider you represent and its employees, agents, authorised representatives, and contractors.

Wholesale Services Agreement

This means the agreement in place between us and any Retail Service Provider for the wholesale purchase of a fibre broadband telecommunications service.

1. What these global terms of use cover

These Global Terms of Use apply to the specific terms of use described below and incorporate each of the specific Terms of Use listed in Parts A, B and C.

PART A: Systems Access – When you apply for Access Permissions to access our Systems.

PART B: APIs – Access to, use of, any or all, of our Application Programming Interfaces.

PART C: Data Transmittal – When you apply for access to retrieve any Data from us via a system or request a Data Transmittal from us directly.

Together these are the Access Methods

When you apply to use any one or more of the Access Methods, you agree that:

• You will apply for Access Permissions; and
• You will comply with all and any Access Conditions stipulated by us from time to time to be granted such Access Permissions and to maintain them; and
• You will be bound by these Global Terms of Use; and
• You have authority to agree to these Global Terms of Use on behalf of your organisation; and
• You accept that these Global Terms of Use apply to any ongoing and continuing use of any of our Systems or Data that you have been granted Access Permissions for prior to or after the date of publication of these Global Terms of Us

2. Who these global terms of use apply to

These Global Terms of Use apply if you are an organisation who:

• Is party to an existing agreement with us to supply us with services or buy wholesale services from us and to whom we have granted Access Permissions either under those agreements expressly or by our conduct;
• Has been granted Access Permissions by us for use or access to one or more of our Systems on a temporary basis;
• Has been granted Access Permissions to use your own system access credentials to a System we both hold a licence for;
• Has applied for transmittal of Data from us using any method we agree to from time-to-time.

3. How these global terms of use interact with contract agreements you have with us

These Global Terms of Use incorporate:

• The specific terms of use or conditions or security protocols stipulated as mandatory in any Access Conditions specific to an Access Permission; and
• Any terms and conditions set out in any contract or agreement you have with us that relate to confidentiality and conformance to our standards.

4. Your obligations regarding access permissions

You agree and accept that:

• You are obliged to keep your Access Permissions secure whether selected or generated by you or issued by us;
• You must not share your Access Permissions without express permission from us. You may not share or transfer those credentials to, or allow them to be used by, any other person (whether natural, incorporated or machine);
• You must ensure that your employees, agents, and sub-contractors are aware of, and comply with these Terms of Use.
• You must notify us as soon as you become aware of any breach of security or unauthorised use of your Access Permissions;
• You must inform us if you cease to comply with any Access Conditions;
• You must notify us within 24 hours if any of the following occurs:
  — if your password policy changes and no longer meet the access criteria relating to password protocols; and
  — you have or suspect you may have experienced a Security Incident;
• You must cease to use the System until we have reinstated your Access Permissions subject to our satisfaction (in our sole discretion) that you have re-satisfied that you are compliant with your Access Conditions;
• You agree and accept that you may only utilise your Access Permissions in accordance with any Rate Limit on your access to any Systems, API or Data from time to time; and
• You may only apply your Access Permissions in accordance with our Access Conditions.

5. Your warranties to us

You warrant on an ongoing and continued basis that as at the date of your application for Access Permissions and during all continued use of those Access Permissions that:

• All information in your application for Access Permissions is true, correct, accurate, up to date;
• You have all required protocols in place to ensure you comply with the Access Conditions; and
• Your internal protocols and use, collection, and storage of any Data complies with all applicable laws (including, but not limited to, all relevant requirements of the Privacy Act 2020 where such data is personal information as defined by that act or any subsequent Act).

6. Audit relating to access conditions

We reserve the following rights in respect of auditing your compliance with Access Conditions:

• To perform an audit on all and any use of your Access Permissions in our environments;
• To request evidence of your policies, procedures or technical controls that enforce policies or any aspect of any Access Conditions;
• To request that you provide evidence and results of a recent security assessment covering your Access Permissions; and
• To require you to engage an accredited independent third-party (at your sole cost) to undertake an assessment as outlined in the sub-clause above, where no such assessment exists, or the assessment is older than three years from the date of request.

7. Security assessment relating to access conditions

• If a security assessment reveals that your processes do not meet the minimum standards required by our Access Conditions or reveals significant deficiencies that result in an unacceptable level of risk to our Systems or Data then you must promptly meet with us to discuss and agree appropriate corrective steps and apply those steps without delay.
• We reserve all rights to withhold the grant of any Access Permissions during this security assessment or as a result of it.

8. Our warranties to you in relation to systems and data

The following applies in respect of any warranties we offer to you:

• We give no warranties (express or implied) that the any Data will meet your requirements;
• We make no guarantees as to the continuous availability of any System.

9. Prohibitions

You must not:

• Do anything that may damage or interfere with any Systems or Data made available to you by us;
• On-sell or supply any Data to any third parties; and
• Where you are a Retail Service Provider, not:
  — access (or seek to access) Data relating to any other Retail Service Providers, other service companies to us or any end user that is serviced by another Retail Service Provider; or
  — distribute, disclose, market, rent, lease, assign, novate, sublicense, or otherwise transfer possession or receipt of the Data or any of your rights or obligations under these Global Terms of Use to any third party unless such disclosure is required for the purposes stated and agreed to in the Access Permissions.

10. Your liability for breach of these terms

You acknowledge and accept that you are liable for:

• The acts and the omissions of your personnel, contractors (including their personnel) that use your Access Permissions, access, receive, utilise, or otherwise commercially exploit any Data; and
• Any breach of any Access Permissions.

11. Suspension and termination of access permissions

• We reserve the following rights in respect of suspension or termination of your Access Permissions:
• We can immediately withdraw, block, or terminate your Access Permissions without notice if we detect or reasonably believe that:there is or has been any misuse by you of your Access Permissions;
  — you are in breach of your ongoing compliance obligations with the Access Conditions;
  — a Security Incident has been experienced by you or caused by you;
  —  we suspect you may be contributing to or causing a Security Vulnerability;
  — you are exceeding any Rate Limit imposed;
  — where applicable, you are no longer a Retail Service Provider in a current Wholesale Services Agreement with us.
• We shall supply you with ten (10) calendar days’ notice to you through any applicable portal we operate or through the other business as usual notification mechanisms; and
• We reserve the right to withdraw or disable your Access Permissions where you have not utilised your account or permissions for a period of ninety (90) calendar days.

12. Our liability to you

The following applies in respect of the liability of Ultrafast Fibre to you:

• To the maximum extent permitted by law, we exclude all liability to you or any third party under or in connection with your use of any System or the Data, regardless of whether the liability arises in contract, tort (including negligence), statute or otherwise; and
• If we are liable to you or any third party under or in connection with these Global Terms of Use for any reason, our maximum aggregate liability, whether in contract, tort (including negligence), statute or otherwise, is limited to NZD100.

13. Your liability to indemnify us

The following applies in respect of your liability to indemnify us:

• You indemnify us from and against any claim, proceeding, damage, liability, loss, cost, or expense (including legal costs on a solicitor and own client basis), whether arising in contract, tort (including for negligence), statute or otherwise, arising out of or in connection with your or your customer’s breach of these Global Terms of Use; and
• You will be liable for all acts and omissions of any person who uses the Access Permissions.

14. Intellectual property and confidentiality

• We own, or license from a third party, all rights, title, and interest, including Intellectual Property Rights, in and to the Data all other software and systems used by us and our licensors in connection with the Data.
• You may not:
  — use any of our trademarks, business names or logos without our express written approval;
  — not remove or tamper with any logos, business names or trademarks, or disclaimer or copyright notice attached to or used in relation to any Data or our services;
  — promote or provide any goods or services in any way which is misleading or deceptive or which suggests the goods or services are provided or endorsed by, or in any way affiliated with, us or any other member of Tuatahi First Fibre; and
  — make any statement or claim relating to any Data being approved, recommended, or endorsed by us or any other member of Tuatahi First Fibre, except as approved by us in writing.

15. Third party licensors of data

You acknowledge and accept that:

• Some Data extracted or sourced from a System, via an API or a Data Transmittal, may be annotated with a usage or ownership clause which requires you to abide by the terms and conditions of a Third Party. Your use of such Data indicates your acceptance of those additional terms and conditions; and
• The Data may, from time to time, comprise Third Party Licensed Data that we are authorised to disclose to you. Your Access Permissions to receive or direct access any Data is subject to you agreeing to comply with any accreditation requirements we stipulate in any Access Conditions relating to that Data. You acknowledge and agree that the provisions above are also for the benefit of, and enforceable by any Third Party Licensor to the Data under Subpart 1 of Part 2 of the Contract and Commercial Law Act 2017; and
• Data may be updated from time to time in accordance with our obligations to the owner of any Third Party Data and we are not liable to you for a change to the format of any Third Party Data, including where any change to the Third Party Data may be inconsistent with any previous versions of the Data that we have supplied to you.

16. Miscellaneous

The following shall apply:

• All Access Permissions are requested and granted for the purposes of conducting a business and the Consumer Guarantees Act 1993 shall not apply; and
• No failure, delay or indulgence by us in exercising any power or right under these Global Terms of Use will operate as a waiver of that power or right. A single or partial exercise of any power or right will not preclude further exercises of that power or right or the exercise of any other power or right under these Global Terms of Use; and
• If any part of these Global Terms of Use is held by any court or administrative body to be illegal, void or unenforceable, that determination will not impair the enforceability of the remaining parts of these Terms of Use which will remain in full force; and
• No assignment or transfer any of your rights or obligations under these Global Terms of Use (or any Access Permissions granted under them) may be effected without our prior written consent; and
• These Global Terms of Use are governed by, and are to be construed in accordance with, New Zealand law. You and Tuatahi First Fibre submit to the exclusive jurisdiction of the courts of New Zealand in relation to all disputes arising out of or in connection with these Global Terms of Use.

PART A: SYSTEMS ACCESS TERMS OF USE

17. Systems access terms of use

These Systems Access Terms of Use apply for the specific use case of Systems Access.

18. Application for access permissions for systems use

• You must apply to us for Access Permissions to access one or more of our Systems;
• You must comply with any Access Conditions that we stipulate;
• If you already have access to one or more of our Systems, you agree and accept that you may be required to re-apply for Access Permissions using any new or revised criteria set out in our Access Conditions that we require from time to time.

PART B: DATA TRANSMITTAL TERMS OF USE

19. Data transmittal terms of use

These Data Transmittal Terms of Use apply for the specific use case for a Data Transmittal from us to you.

20. Application for a data transmittal

You must apply to receive a Data Transmittal by application as specified on our website or via any service desk instruction or under any agreement you have in place with us relating to such Data Transmittal from time to time.

21. Third party licensors of data

• A Data Transmittal may, from time to time, comprise Third Party licensed data that we are authorised to disclose to you;
• Your Access Permissions to receive such a Data Transmittal is subject to you agreeing to comply with any accreditation requirements we stipulate in any Access Conditions relating to that Data Transmittal;
• You acknowledge and agree that the provisions above are also for the benefit of, and enforceable by any Third Party Licensor to the applicable Data Set under Subpart 1 of Part 2 of the Contract and Commercial Law Act 2017;
• Data sets to be issued via a Data Transmittal may be updated from time to time in accordance with our obligations to the owner of any Third Party Data and we are not liable to you for a change to the format of any Third Party Data, including where any change to the Third Party Data may be inconsistent with any previous versions of the Address Data Set that we have supplied to you.

22. Retail service providers and data sets containing address data

• Where you are a Retail Service Provider, you agree that:
  — any Data which comprises or contains address data, GPS co-ordinates or any x or y co-ordinates shall be classed for the purposes of this clause as an “Address Data Set”; and
  — Address Data Sets constitutes “confidential information” as defined in the Wholesale Services Agreement to which you are a party. These obligations are to read in conjunction these Data Transmittal Terms of Use and apply concurrently; and
  — where you access or download Address Data Sets via a platform to which you have direct access, you warrant that you will only use that Platform to service a request for an Ultrafast Fibre customer order.
• We make no warranty that an address which refers to a land parcel and an address recorded in the Address Data Set may will be the same as the address used by the owner/occupier of that land parcel.

23. Warranties and representations relating to data transmittals

We make no representations or warranties of any kind, express or implied, about the completeness, accuracy or reliability of the information contained in a Data Transmittal.

24. Your obligations

Your use of the Data supplied via a Data Transmittal shall be strictly at your own risk and receipt of a Data set from us or via access by platform-to-platform does not relieve you of your obligation to make the necessary enquiries to determine the adequacy or suitability of that Data set for your specific use case.

PART C: API TERMS OF USE

25. API terms of use

These API Terms of Use terms apply to your access to, and use of, any or all APIs.

26. When these API terms of use start to apply to you

By clicking any “Agree” button in our APIHub or by using an API you agree that:

• You will be bound by these API Terms of Use; and
• You accept that these API Terms of Use apply to any ongoing and continuing use of any of our APIs for which you have been granted API Client Credentials prior to or after the date of publication of these API Terms of Use; and
• By completing any registration for access or use of an API, you represent that you are an authorised representative of company, organisation, agency, or service provider and that you have the requisite authority by it to accept and be bound by, these API Terms of Use.

27. Who these API terms of use apply to

These API Terms of Use apply if you are an organisation who:

• Is party to an existing agreement with us to supply us with services or buy wholesale services from us and to whom we have granted API Client Credentials either under those agreements expressly or by our conduct; and/or
• Has been granted API Client Credentials by us for use one or more of our APIs on a temporary basis.

28. Application for API client credentials

The application process is subject to the following and is subject to change at our sole discretion (with such changes communicated on the API Hub site):

• You must complete any registration form or process that we require or specify to be granted API Client Credentials;
• We reserve all rights to determine any conditions that require to be satisfied for the issuance of any API Client Credentials; and
• We reserve the right to require any existing user who has previously been issued with API Client Credentials prior to the introduction of any API registration process to register. This is at our sole discretion and your continued use or access is contingent on you completing a registration request, if deemed necessary by us.

29. Issue of API client credentials

Once we issue you with API Client Credentials, you are granted a non-exclusive, non-transferable, terminable, limited licence under our Intellectual Property Rights in the API to use the API for the specific purposes you described in your application for API Client Credentials.

30. Your warranties to us for API use

You warrant on an ongoing and continued basis that as at the date of your application for API Client Credentials and during all continued use of those API Client Credentials that:

• All information in your application for API Client Credentials is true, correct, accurate, up to date, including any information relating to your likely user or volume usage of any API; and
• You have all required protocols in place to ensure you comply with any Access Conditions.

31. Your obligations regarding API client credentials

You agree and accept that:

• You are obliged to keep your API Client Credentials secure whether selected or generated by you or issued by us;
• You must not share your API Client Credentials without express permission from us. You may not share or transfer those API Client Credentials to, or allow them to be used by, any other person (whether natural, incorporated or machine);
• You must ensure that your employees, agents, and sub-contractors are aware of and comply with these API Terms of Use;
• You must notify us as soon as you become aware of any breach of security or unauthorised use of your API Client Credentials (this includes any unauthorised access to our APIs through your systems);
• You must inform us if you cease to comply with any Access Conditions;
• You must notify us within 24 hours if any of the following occurs:
  — if you cease to hold a valid licence key (including where the licence key is cancelled by us) for an API;
  — if your password policy changes and no longer meet the access criteria relating to password protocols; and
  — you have or suspect you may have experienced a Security Incident;
• You must cease to use the APIs if any of the above scenarios above from (i) to (iii) inclusive occur until we have reinstated your API Client Credentials subject to our satisfaction (in our sole discretion) that you have re-satisfied that you are compliant with Access Conditions;
• You may only utilise your API Client Credentials in accordance with any Rate Limit;
• You may only apply your API Client Credentials in accordance with the purpose stated in your registration application; and
• Your use of scripts, automation or other forms of machine-based login are only to be undertaken using the security tokens issued by us and against officially supported API endpoints.

32. Testing and acceptance of APIs

The following apply to you:

• You must perform user acceptance testing of the API against any acceptance criteria notified to you as applicable in any conditions of access; and
• You are deemed to have accepted the API upon going into a production environment.

33. Our API versioning

We may, from time to time notify you that we have or will:

• Alter the Rate Limit applicable to your use of any APIs, this site or the Data;
• Replace, update or upgrade the API and or the Data (including the Data schema or structure of the Data), and that those changes may require you to make updates to your systems or applications accessing the API;
• Make changes to our APIs from time to time to enhance and improve them;
• Decommission a deprecated API; and
• Make test or non-production versions of APIs available to you.

34. Prohibitions relating to API client credentials

You must not:

• Decompile, disassemble, copy, modify, reverse engineer, or attempt to derive the source code of any API made available to you by us;
• Do anything that may damage or interfere with any Systems or Data made available to you by us;
• Access (or seek to access) Data relating to any other Retail Service Providers, other service companies to us or any end user that is serviced by another Retail Service Provider;
• Distribute, disclose, market, rent, lease, assign, novate, sublicense, or otherwise transfer possession or receipt of the Data received via any API or any of your rights or obligations under these API Terms of Use to any third party unless such disclosure is required for the purposes stated and agreed to in the API Client Credentials; and
• On-sell or supply any Data to any Third Parties.

35. Audit relating to API client credentials

We reserve the following rights in respect of auditing your use of API Client Credentials:

• To perform an audit on all and any use of your API Client Credentials in our environments;
• To request evidence of your policies, procedures or technical controls that enforce policies or any aspect of any conditions of access to APIs;
• To request that you provide evidence and results of a recent security assessment covering the scope of your service delivery to us (where applicable);
• To require you to engage an accredited independent third-party (at your sole cost) to undertake an assessment as outlined in the sub-clause above, where no such assessment exists, or the assessment is older than 3 years from the date of request.

36. Security assessment relating to API client credentials

If a security assessment reveals that your processes do not meet the minimum standards required by the conditions for issuance of your API Client Credentials or reveals significant deficiencies that result in an unacceptable level of risk to us, then you must promptly meet with us to discuss and agree appropriate corrective steps and apply those steps without delay.

37. Suspension and termination of API client credentials for APIs

We reserve the following rights in respect of suspension or termination of your API Client Credentials:

• We can immediately withdraw, block, or terminate your access to the API and this site without notice if we detect or reasonably believe that:
  — there is or has been any misuse by you of your API Client Credentials;
  — you are in breach of your ongoing compliance obligations with the Access Conditions;
  — a Security Incident has been experienced by you or caused by you;
  — we suspect you may be contributing to or causing a Security Vulnerability;
  — you are exceeding any Rate Limit imposed;
  — you are no longer a Retail Service Provider in a current Wholesale Services Agreement with us.
• We shall supply you with ten (10) calendar days’ notice to you through any applicable portal we operate or through the other business as usual notification mechanisms; and
• We reserve the right to withdraw or disable your API Client Credentials where you have not utilised your account or permissions for a period of ninety (90) calendar days.

38. Our warranties to you in relation to APIs

The following applies in respect of any warranties we offer to you:

• We give no warranties (express or implied) that the APIs or the Data will meet your requirements;
• We do not warrant or make any representation or commitment that we shall make production versions of any non-production APIs or any similar applications available as a production release and this extends to any tools or functionality included in non-production APIs; and
• We make no guarantees as to the continuous availability of any API.

END OF SYSTEMS ACCESS, DATA SHARING AND API GLOBAL TERMS OF USE