Stage Exec Limited (T/A PromptPad) Terms & Conditions of Service
Thank you for choosing PromptPad.
The Terms & Conditions of Service below, together with our Services Order Form, set out the terms and conditions on which PromptPad, the Provider, provides its subscription software services and professional services to the Client. Please afford this document due consideration.
Definitions
Except to the extent expressly provided otherwise, in these Terms of Service:
"Account" means an account enabling a Client User to access and use the Hosted Services (including accounts for different types of Client Administrative User with various access privileges);
"Affiliate" means an entity that Controls or is Controlled by, or is under common Control with a relevant entity;
"Agreement" means the agreement between the Provider and the Client for the provision of our Services, comprising one or more Services Order Forms, these Terms & Conditions of Service, and their respective annexes and schedules;
"Business Day" means any weekday other than a bank or public holiday in Republic of Ireland andUK;
"Business Hours" means the hours of 09:00 to 17:00 GMT/BST on a Business Day;
"CCN" means a change control notice issued in accordance with Clause 10;
"CCN Consideration Period" means the period of 10 Business Days following the receipt by a party of the relevant CCN from the other party;
"Change" means any change to the scope of the Services;
"Charges" means all of the amounts specified in the relevant Services Order Form for the Services;
"Client" means the person, organisation or group identified as such on the Services Order Form;
"Client Administrative User" means any and all persons, whether or not employees of the Client, authorised by the Client to use the Platform and/or Hosted Services via an Account;
"Client Content" means all content (including information, data, articles, documents, presentations, pictures, images, videos, audio visual works, brochures , other informational materials and any comments) provided to the Provider by the Client in connection with the Services; uploaded to or stored on the Platform by the Client; transmitted by the Platform at the instigation of the Client; supplied by the Client to the Provider for uploading to, transmission by or storage on the Platform; or generated by the Platform as a result of the use of the Hosted Services by the Client; "Client Indemnity Event" has the meaning given to it in Clause 17.5;
"Client Personal Data" means any Personal Data that is processed by the Provider as a processor on behalf of the Client in the course of providing the Services, as described more fully in Schedule 6 (Data processing information);
"Client Systems" means the hardware and software systems of the Client that interact with, or may reasonably be expected to interact with, the Hosted Services;
"Confidential Information" means:
any information disclosed directly or indirectly by one party (the "disclosing party") to the other party (the "recipient") at any time before the termination of the Agreement (whether disclosed in writing, orally or otherwise) that at the time of disclosure:
- was marked or described as 'confidential'; or
should have been reasonably understood by the recipient to be confidential; and
the Client Content (which shall be the Confidential Information of the Client; and
the terms of the Agreement (which shall be the Confidential Information of the Provider);
"Control" means the legal power to control (directly or indirectly) the management of an entity (and "Controlled" should be construed accordingly);
"Created App(s)" means any mobile software application(s) created by the Client using the Hosted Services, with or without assistance from the Provider;
"Customization" means a customization of the Hosted Services by the Provider for the Client, whether made through the development, configuration or integration of software or otherwise;
"Data Protection Laws" means all laws under GDPR (EU) 2016/679. applicable to the control and processing of Client Personal Data under the Agreement with the Client;
"Designated Point of Contact" means the individual representative appointed by each party as set out in Clause 7.1 to be responsible for ensuring that its obligations under the Agreement are performed properly and for communicating with the other party in relation to the Agreement;
"Documentation" means the documentation for the Hosted Services produced by the Provider for the Client, including any relevant App Scope and Build Configuration documentation;
"Effective Date" means: (i) in the case of an online Services Order Form, the date on which the Client submitted the Services Order Form; (ii) in the case of a hard-copy Services Order Form, the date expressed on the Services Order Form as the "Agreement Effective Date";
"End User" means any and all persons and organisations who create a PromptPad Account that use a Created App as an end user by downloading it, which may be the personnel and/or customers of the Client and/or any other categories of person;
"Expenses" means any travel, accommodation and subsistence expenses that are incurred by the Provider exclusively in connection with, the performance of the Provider's obligations under it's Agreement with the Client;
"Force Majeure Event" means an event, or a series of related events, that is outside the reasonable control of the party affected (including failures of the internet or any public telecommunications network, hacker attacks, denial of service attacks, virus or other malicious software attacks or infections, power failures, industrial disputes affecting any third party, changes to the law, disasters, explosions, fires, floods, riots, terrorist attacks and wars);
"GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
"Hosted Services" means: (i) the provision of the Platform to enable the Client to build, publish and edit/update Created Apps; (ii) such Platform being made available by the Provider to the Client as a subscription service via the Internet; and (iii) the provision of such additional software service packs or modules, again as a subscription service via the internet, as may be specified in the relevant Services Order Form;
"Hosted Services Defect" means a defect, error or bug in the Platform having an adverse effect on the appearance, operation, functionality or performance of the Hosted Services, but excluding any defect, error or bug caused by or arising as a result of:
any act or omission of the Client or any User;
any use of the Platform or Hosted Services contrary to the Documentation, whether by the Client or by any User;
a failure of the Client to perform or observe any of its obligations in the Agreement; and/or
an incompatibility between the Platform or Hosted Services and any other system, network, application, program, hardware or software not specified as compatible in the Hosted Services Specification.
"Hosted Services Specification" means the specifications or descriptions for the Platform and Hosted Services set out in the Services Order Form and relevant Documentation;
"Intellectual Property Rights" means all intellectual property rights wherever in the world, whether registrable or un-registrable, registered or unregistered, including any application or right of application for such rights (and these "intellectual property rights" include copyright and related rights, database rights, confidential information, trade secrets, know-how, business names, trade names, trademarks, service marks, passing off rights, unfair competition rights, patents, petty patents, utility models, semi-conductor topography rights and rights in designs);
"Maintenance Services" means the general maintenance of the Platform, Hardware, Software and Hosted Services, and the application of Updates and Upgrades;
"Maintenance SLA" means the document delivered or made available to the Client setting out the service levels for the Maintenance Services, as amended by the Provider from time to time, the current version of which is set out at Schedule 2;
"Permitted Purpose" means the building of Created Apps on Supported Mobile Operating Systems and Devices to support the internal business purposes of the Client during the Term.
"Personal Data" has the meaning given to it in accordance with GDPR
"Platform" means the software platform developed and managed by the Provider and used by it to provide the Hosted Services, including the application and database software for the Hosted Services (including the content management system), the system and server software used to provide the Hosted Services, and the computer hardware on which that application, database, system and server software is installed;
"Professional Services" means professional services to be provided by the Provider to the Client, such as customization or configuration of the Platform, the development of Customizations, set-up or on-boarding services to enable the Client to access the Hosted Services, training or consultancy, design services and/or the provision of user support not included within the Support Services;
"Provider" means, Stage Exec. Limited (T/A PromptPad), a company incorporated in Ireland (registration number XXXXXXX) having its registered office at XXXXXXXXXXXXXXX;
"Provider Indemnity Event" has the meaning given to it in Clause 15.4;
"Services" means the Software Services and the Professional Services, as described in the applicable Services Order Form;
"Services Order Form" means: (i) an online order form published by the Provider and completed and submitted by the Client; or (ii) a hard-copy order form signed or otherwise agreed by or on behalf of each party, in each case incorporating these Terms of Service by reference and specifying the particular Services to be provided;
"Software Licence Term" means either an Initial Software Licence Term or a Software Licence Renewal Term (in each case as defined in Clause Error! Reference source not found.) during which the Software Services are supplied to the Client by the Provider;
"Software Services" means the provision of: (i) the Hosted Services, (ii) the Maintenance Services; and (iii) the Support Services;
"Standard Contractual Clauses" means the standard contractual clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection adopted by the European Commission pursuant to Commission Decision 2010/87/EU, completed with processing detail relevant to the provision of the Services as set out in Schedule 7 but excluding the optional illustrative indemnification clause;
"Support Description" means the support offering referred to in the Services Order Form;
"Support Services" means support in relation to the use of, and the identification and resolution of errors in, the Hosted Services, but shall not include the provision of training or consultancy services;
"Supported Web Browser" means the specific web browsers, and releases thereof, that the Provider agrees shall be supported, and listed on the Provider’s website and updated from time to time by the Provider;
"Supported Mobile Operating Systems and Devices" means specific mobile operating systems and mobile devices that the Provider agrees shall be supported, as listed on the Provider’s website and updated from time to time by the Provider;
"Support SLA" means the document delivered or made available to the Client setting out the service levels for the Support Services, as amended by the Provider from time to time, the current version of which is set out at Schedule 4;
"Term" means the term of the Agreement as defined in Clause Error! Reference source not found.;
"Update" means a hotfix, patch or minor version update to any Platform software;
"Upgrade" means a major version upgrade of any Platform software; and
"User" means a Client Administrative Users or an End Users.
In these Terms of Service, a reference to a statute or statutory provision includes a reference to:
- that statute or statutory provision as modified, consolidated and/or re-enacted from time to time; and
- any subordinate legislation made under that statute or statutory provision.
The clause headings do not affect the interpretation of these Terms of Service
References in these Terms of Service to 'calendar months' are to the twelve named periods meaning January, February and remaining months of a year.
In these Terms of Service, general words shall not be given a restrictive interpretation by reason of being preceded or followed by words indicating a particular class of acts, matters or things.
During the Software Licence Term, the Provider shall:
- provide the Hosted Services to the Client in accordance with this Clause Error! Reference source not found.;
- provide the Maintenance Services to the Client in accordance with the Maintenance SLA; and
- provide the Support Services to the Client in accordance with the applicable Support Description, or if no Support Description is specified in the relevant Services Order Form, in accordance with the Support SLA,
in each case in accordance with the standards of due skill and care as expected from a service provider in the Provider's industry.
The Provider hereby grants to the Client a non-exclusive and non-transferable license to use the Hosted Services by means of a Supported Web Browser for the Permitted Purpose during the Software Licence Term.
The license granted by the Provider to the Client under Clause 1.6 is subject to the Hosted Services only being used by Client Administrative Users that are the officers, employees, agents and subcontractors of either the Client or an Affiliate of the Client.
Except to the extent expressly permitted in the Agreement or required by law on a nonexcludable basis, the licence granted by the Provider to the Client under Clause 1.6 is subject to the following prohibitions:
- the Client must not sub-license its right to access and use the Hosted Services;
- the Client must not permit any unauthorized person to access or use the Hosted Services;
- the Client must not use the Hosted Services to provide services to third-parties;
- the Client must not republish or redistribute any content or material from the Hosted Services; and
- the Client must not make any alteration to the Platform.
The Client shall use reasonable endeavours, including reasonable security measures, appropriate to each type of Client Administrative User of the Hosted Services, to ensure that no unauthorized person may gain access to the Hosted Services.
The Client must comply with PromptPad Terms of Use of our website and shall ensure that all persons using the Hosted Services with the authority of the Client shall also comply.
The parties acknowledge and agree that the Availability SLA shall govern the availability of the Hosted Services.
The Client must not use the Hosted Services in any way that causes, or may cause, damage to the Hosted Services or Platform or impairment of the availability or accessibility of the Hosted Services.
The Client must not use the Hosted Services:
- in any way that is unlawful, illegal, fraudulent or harmful; or
- in connection with any unlawful, illegal, fraudulent or harmful purpose or activity.
For the avoidance of doubt, the Client has no right to access the software code (including object code, intermediate code and source code) of the Platform, either during or after the Software Licence Term.
The Client shall:
- not attempt to duplicate, modify or distribute any portion of the Platform;
- not reverse engineer, decompile, disassemble, or adapt any portion of the Platform, except as specifically permitted by the Agreement and/or applicable law;
- not attempt to obtain, or assist others in obtaining, unauthorised access to the Platform;
- not remove any proprietary notices from the Platform; and
- abide by all local and international laws and regulations applicable to the Client’s use of the Platform.
The Provider and the Client agree and acknowledge that the Provider shall have no contractual relationship with any User. Accordingly, the Client shall ensure that:
- each Client Administrative User, and any other person using the Hosted Services with the authority of the Client, uses the Platform and Hosted Services in accordance with the licence terms and prohibitions set out in this Clause Error! Reference source not found. and the Client’s obligations under the Agreement relating to use of the Platform and Hosted Services;
- End Users do not use the Platform or Hosted Services, unless the Provider has granted prior written consent; and each End User is provided with, agrees to and complies with suitable terms of use for the Created Apps.
Professional Services
If the Client requests and the Provider agrees to perform any Professional Services, the parties shall set forth the details of such Professional Services in a Services Order Form which should typically address (or refer to documents which address) the following:
- the description, scope, and estimate of times for performance of the Professional Services, together with the specification for any particular deliverables;
- the parties’ respective obligations and responsibilities in relation to the Professional Services to be provided (and in particular any dependencies to be provided by the Client, such as access to its premises, systems or personnel);
- the Charges payable by the Client for the Professional Services together with a schedule of invoicing and payment details;
- any assumptions on which Charges, specifications or timings are based;
- any specific provisions which will be applicable to the Services Order Form and which deviate from the standard position set out in these Terms of Service (for example, any particular treatment of the ownership and exploitation of Intellectual Property Rights).
In performing the Professional Services, the Provider will:
- use reasonable endeavours to meet any agreed time-table;
- perform the Professional Services with reasonable skill and care using suitably skilled personnel;
- comply with the Client’s internal policies and procedures relating to activities conducted at the Client’s premises, provided such policies and procedures have been provided to the Provider in advance and are referred to in the relevant Services Order Form; and
- take reasonable steps to keep the Client appraised of the progress of the Professional Services and of any delays which are reasonably anticipated by the Provider.
If in the Performance of any Professional Services the Provider develops any Customisation:
- all Intellectual Property Rights in the Customisation shall, as between the parties, be the exclusive property of the Provider;
- the Customisation shall form part of the Platform (and the Client's rights to use the Customization shall be governed by Clause Error! Reference source not found.).
Client obligations
Save to the extent that the parties have agreed otherwise in writing, the Client must provide to the Provider, or procure for the Provider, such:
- co-operation, support and advice;
- Client Content and other information as may reasonably be required by the Provider for the purpose of performance of the relevant Services;
- governmental, legal and regulatory licenses, consents and permits, as are reasonably necessary to enable the Provider to perform its obligations under the Agreement
The Client must provide to the Provider, or procure for the Provider, such access to the Client's computer hardware, software, networks and systems as may be reasonably required by the Provider to enable the Provider to perform its obligations under the Agreement.
The Client shall be solely responsible for its actions and the actions of the Users while using the Platform, Hosted Services and/or Created Apps.
If the performance of any of the Provider’s obligations under the Agreement is prevented or delayed by any act or omission on the part of the Client, by any failure by the Client to perform any relevant obligation, or by the failure of any assumption identified in the Services Order Form, subject to the same being brought to the notice of the Client:
- the Provider will be relieved from the performance of its obligations to the extent they are prevented or delayed as a result; and
- if as a result the Provider incurs additional time or costs in performing the Services, the Provider may invoice the Client for any additional time agreed in writing at its standard rates and/or for the relevant costs at the same time as the Provider next invoices the Client for any Charges payable under the Agreement.
Client Systems
The Client shall use reasonable endeavours to ensure that Client Systems comply and continue to comply during the Term and with any requirements published by the Provider in all material respects, subject to any changes agreed in writing by the Provider.
Client Content
The Client hereby grants to the Provider for the duration of the Term a non-exclusive license to copy, reproduce, store, distribute, publish, export, adapt, edit and translate the Client Content solely to the extent reasonably required for the performance of the Provider's obligations and the exercise of the Provider's rights under the Agreement, together with the right to sub-license these rights to its hosting, connectivity and telecommunications service providers, solely to the extent reasonably required for the performance of the Provider's obligations and the exercise of the Provider's rights under the Agreement.
The Client warrants to the Provider that the Client Content when used by the Provider in accordance with the Agreement will not infringe the Intellectual Property Rights or other legal rights of any person, and will not breach the provisions of any applicable law, statute or regulation, in any jurisdiction and under any applicable law.
The Client accepts that it is its responsibility to maintain a back-up copy of the Client Content that is uploaded onto the Platform, and that, in the circumstances where the Client accidentally deletes from the Platform some or all of the Client Content in error, that it is the Client’s responsibility to reload the data back onto the Platform.
The Provider shall also create a back-up copy of the Client Content at least daily, and shall use reasonable endeavours to ensure that each such copy is sufficient to enable the Provider to restore the Hosted Services to the state they were in at the time the backup was taken.
In the circumstances where it is clear to both parties that the Provider has accidentally deleted some or all of the Client Content from the Platform in error, then, the Provider shall use all reasonable endeavours to restore to the Platform within a reasonable time (typically within 8 Business Hours).The Client acknowledges that this process will overwrite the Client Content stored on the Platform prior to the restoration.
No assignment of Intellectual Property Rights
Nothing in the Agreement shall operate to assign or transfer any Intellectual Property Rights from the Provider to the Client, or from the Client to the Provider.
Governance and Management
Each party shall appoint a Designated Point of Contact and shall notify the other party in writing of the identity of its Designated Point of Contact at the Effective Date (which may be set out in the Services Order Form) and of any changes to the identity of the Designated Point of Contact during the Term. If a party does not notify the other party of the identity of its Designated Point of Contact, the person signing the relevant Services Order Form on behalf of the Provider shall be deemed to be the Provider’s Designated Point of Contact and the person to whom the relevant Services Order Form is addressed on behalf of the Client shall be deemed to be the Client’s Designated Point of Contact.
The Provider shall ensure that all instructions given by the Provider in relation to the matters contemplated in the Agreement will be given by its Designated Point of Contact to the Client’s Designated Point of Contact and the Client:
- may treat all such instructions as the fully authorized instructions of the Provider; and
- may decline to comply with any other instructions in relation to that subject matter.
The Client shall ensure that all instructions given by the Client in relation to the matters contemplated in the Agreement will be given by its Designated Point of Contact to the Provider’s Designated Point of Contact, and the Provider:
- may treat all such instructions as the fully authorized instructions of the Client; and
- may decline to comply with any other instructions from someone other than the Client’s Designated Point of Contact in relation to that subject matter.
Change Control
The provisions of this Clause 8 apply to each Change requested by a party.
Either party may request a Change at any time.
A party requesting a Change shall provide to the other party a completed CCN in the form specified in Schedule 5 (Form of CCN).
A party in receipt of a CCN may:
- accept the CCN, in which case that party must countersign the CCN and return it to the other party before the end of the CCN Consideration Period;
- reject the CCN, in which case that party must inform the other party of this rejection before the end of the CCN Consideration Period; or
- issue an amended CCN to the other party before the end of the CCN Consideration
Period, in which case this Clause 8 will re-apply with respect to the amended CCN.
A proposed Change will not take effect until such time as a CCN recording the Change has been signed by or on behalf of each party.
Charges
The Provider shall invoice the Charges to the Client and the Client shall pay the Charges to the Provider in accordance with these Terms of Service, and as further detailed on the relevant Services Order Form.
Charges for Software Services, unless agreed otherwise in writing between the parties, shall be payable in advance at the intervals set out in the Services Order Form.
All amounts stated in or in relation to the Agreement are, unless the context requires otherwise, stated exclusive of any applicable value added taxes, other taxes, levies, fees or duties applicable under any legal acts or imposed by tax authorities which will be added to those amounts, displayed separately on any invoice, and payable by the Client to the Provider.
The Provider may elect to vary any element of the Services and/or Charges from time to time by giving to the Client not less than 30 days' written notice of the variation. If the Client does not accept the variation, then it shall notify the Provider before the effective date of the variation and will be entitled to terminate the Agreement on the effective date of the variation. The Client’s continued use of the Services, or any part or element thereof, after the effective date of variations shall indicate its consent to the variations.
Expenses
Where payment of Expenses is expressly set out in the Services Order Form or is otherwise agreed in writing in advance by the Client, the Client shall reimburse the Provider in respect of any reasonably incurred Expenses.
The Provider shall retain evidence of Expenses incurred, during the Term and for a period of 90 days following the end of the Term.
Within 10 Business Days following receipt of a written request from the Client to do so, the Provider shall supply to the Client such copies of the evidence for the Expenses in the possession or control of the Provider as the Client may reasonably specify in that written request.
Payments
The Provider shall issue invoices for the Charges to the Client on or after the invoicing dates set out in the Services Order Form.
Unless agreed otherwise and stated on the Services Order Form, the Client must pay the Charges to the Provider within the period of 30 days following the receipt of an invoice issued in accordance with this Clause 11.
The Client must pay the Charges by direct debit, bank transfer or cheque, using such payment details as are notified by the Provider to the Client from time to time.
If the Client does not pay any undisputed amount due to the Provider under the Agreement, the Provider may, after giving 14 days written notice to the Client suspend the provision of any or all of its Services until such time as the sum is paid in full.
Confidentiality Obligations
Each party shall, in relation to any Confidential Information of the other party that it receives:
- keep the Confidential Information strictly confidential;
- not disclose the Confidential Information to any person without the disclosing party’s prior written consent;
- use the same degree of care to protect the confidentiality of the Confidential Information as the recipient uses to protect its own confidential information of a similar nature, being a reasonable degree of care
- act in good faith at all times in relation to the Confidential Information; and
- not use the Confidential Information for any purpose other than performance of the recipient’s obligations and exercise of the recipient’s rights under the Agreement.
Notwithstanding Clause 12.1, the recipient may disclose the Confidential Information to those of its officers, employees, professional advisers, insurers, agents and subcontractors who have a need to access the Confidential Information for the purposes of performance the recipient’s obligations or exercising the recipient’s rights under the Agreement and who are bound by a written agreement or professional obligation to protect the confidentiality of the Confidential Information that is no less protective than the confidentiality obligations set out in this Clause 12.
This Clause 12 imposes no obligations upon either party with respect to Confidential Information that:
- is known to the recipient before disclosure under the Agreement and is not subject to any other obligation of confidentiality
- is or becomes publicly known through no act or default of the recipient; or
- is obtained by the recipient from a third party in circumstances where the recipient has no reason to believe that there has been a breach of an obligation of confidentiality.
The restrictions in this Clause 12 do not apply to the extent that any Confidential Information is required to be disclosed by any law or regulation, by any judicial or governmental order or request, or pursuant to disclosure requirements relating to the listing of the stock of the Provider on any recognized stock exchange.
The provisions of this Clause 12 shall continue in force indefinitely following the termination of the Agreement.
Publicity
Unless the Client objects in writing, the Provider may refer to the Client’s name and logo and any Created App for promotional and marketing purposes (provided that the Provider does not disclose any of the Client’s Confidential Information).
Subject to the Client’s prior written agreement, the Client will assist the Provider in contributing to such promotional video, case study and/or client reference as the Provider may reasonably require, provided that the Provider shall act at all times in good faith and not to bring the Client’s reputation in any way into disrepute.
Nothing in this Clause 13 shall be construed as limiting the obligations of the parties under Clause 12.
Data protection
Each party shall comply with its obligations under GDPR (EU) 2016/679 Data Protection Laws with respect to the processing of Client Personal Data and other Personal Data processed in connection with the Agreement.
The parties agree that Schedule 5 (Data processing information) sets out the types of Personal Data that will be processed by the Provider on behalf of the Client, the categories of data subjects to whom those Personal Data relate and the purposes of that processing.
The Provider shall only process the Client Personal Data from the Effective Date of the relevant Services Order Form until the end of the Software Licence Term under the relevant Services Order Form and for such a period after that time as is reasonably required to comply with the Client’s instructions for the return and/or deletion of the Client Personal Data after the provision of the Services pursuant to Clause 14.12, subject to the other provisions of this Clause 14.
The Provider shall only process the Client Personal Data on the documented instructions of the Client (including with regard to transfers of the Client Personal Data to any place outside the European Economic Area), as set out in the Agreement or any other document agreed by the parties in writing. The Client hereby instructs the Provider to process Client Personal Data as reasonably necessary to provide the Services in accordance with the Agreement and to transfer the Client Personal Data outside the European Economic Area as set out in Part 6 of Schedule 5 (Data Processing Information).
Notwithstanding any other provision of the Agreement, the Provider may process the Client Personal Data other than on the documented instructions of the Client if and to the extent that the Provider is required to do so by applicable law. In such a case, the Provider shall inform the Client of the legal requirement before processing, unless the relevant law prohibits such information.
The Provider shall ensure that persons authorised to process the Client Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality consistent with the Provider’s confidentiality obligations under the Agreement.
The Provider and the Client shall each implement appropriate technical and organizational measures to ensure an appropriate level of security for the Client Personal Data, including those measures specified in Part 4 of Schedule 5 (Data Processing Information).
The Provider must not engage any third party to process the Client Personal Data without the prior written authorization of the Client. The Provider is hereby given general authorization by the Client, as at the Effective Date, to engage third parties falling within the processor categories specified in Part 5 of Schedule 5 (Data Processing Information) to process the Client Personal Data. The Provider shall inform the Client at least 14 days in advance of any intended changes concerning the addition or replacement of any third party processor, and if the Client objects to any such changes, then the Client may terminate the Agreement on 7 days' written notice to the Provider, providing that such notice must be given within the period of 7 days following the date that the Provider informed the Client of the intended changes. The Provider shall ensure that each third party processor is subject to legal obligations that are equivalent to those imposed on the Provider by this Clause 14.
The Provider shall, insofar as possible and taking into account the nature of the processing, take appropriate technical and organisational measures to assist the Client with the fulfilment of the Client's obligation to respond to requests exercising a data subject's rights under the Data Protection Laws with respect to Client Personal Data.
The Provider shall assist the Client in ensuring compliance with the Client’s obligations relating to the security of processing of Personal Data, notification of Personal Data breaches to the supervisory authority, communication of Personal Data breaches to the data subject, data protection impact assessments and prior consultation in relation to high-risk processing under the Data Protection Laws, to the extent that such obligations relate to Client Personal Data.
The Provider shall make available to the Client all information necessary to demonstrate the compliance of the Provider with its obligations under this Clause 14 and GDPR Data Protection Laws.
The Provider shall, at the choice of the Client, delete or return all of the Client Personal Data to the Client after the provision of services relating to the processing, and shall delete existing copies save to the extent that applicable law requires storage of the relevant Personal Data.
The Provider shall allow for and contribute to audits, including inspections, conducted by the Client or another auditor mandated by the Client in respect of the compliance of the Provider's processing of Client Personal Data with the Data Protection Laws and this Clause 14. The Provider may charge the Client at its standard charge-out rates for any work performed by the Provider at the request of the Client pursuant to this Clause 14.13.
If any changes or prospective changes to the Data Protection Laws result or will result in one or both parties not complying with the Data Protection Laws in relation to processing of Personal Data carried out under the Agreement, then the parties shall use their best endeavours promptly to agree such variations to the Agreement as may be necessary to remedy such non-compliance and, if the parties cannot agree to such variations, either party may terminate the Agreement by giving written notice to the other.
The provisions of this Clause 14.15 shall apply if the Client is not established in the European Economic Area and is not governed by an Adequacy Decision:
- the Standard Contractual Clauses are hereby incorporated into the Agreement by reference, with Appendices 1 and 2 deemed to be completed with the processing detail relevant to the provision of the Services as set out in Schedule 6;
- the Client agrees to be bound by the Standard Contractual Clauses as the data exporter and comply with the obligations applicable to the data exporter under the Standard Contractual Clauses;
- the Provider agrees to be bound by the Standard Contractual Clauses as the data importer and comply with the obligations applicable to the data importer under the Standard Contractual Clauses;
- the Client acknowledges and agrees that the authorisation to engage third party processors granted pursuant to Clause 14.8 above shall constitute the Client's prior written consent to sub-processing for the purposes of clauses 5(h) and 11(1) of the Standard Contractual Clauses and that the Provider’s compliance with its obligations under Clause 14.8 above shall constitute compliance with its obligations under clauses 5(h) and 11(1) of the Standard Contractual Clauses in respect of obtaining the Client's prior written consent to sub-processing;
Warranties
The Provider and the Client warrants as to each other (each a "party") that:
- each party has the legal right and authority to enter into the Agreement and to perform its obligations under the Agreement; and
- each party will comply with all applicable legal and regulatory requirements applying to the exercise of the party’s rights and the fulfilment of the party’s obligations under the Agreement.
The Provider warrants to the Client that:
the Platform and Hosted Services will conform in all material respects with the Hosted Services Specification;the Platform will incorporate security features reflecting the requirements of good industry practice (including, without limitation, use of industry standard virus protection software); andthe Services will be provided in accordance with good industry practice.The Provider warrants to the Client that the Services, when used by the Client in accordance with the Agreement, will not breach any laws, statutes or regulations applicable under English law.
The Provider warrants to the Client that the Services, to its reasonable knowledge and belief, when used by the Client in accordance with the Agreement, will not infringe the Intellectual Property Rights of any person in any jurisdiction and under any applicable law, and that if the use of the Services by the Client in accordance with the Agreement infringes any third party’s Intellectual Property Rights (a "Provider Indemnity Event"), without prejudice to its indemnity obligations under Clause 17.1, the Provider will at its own cost and expense:
- modify the Hosted Services in such a way that they no longer infringe the relevant Intellectual Property Rights; or
- procure for the Client the right to use the Hosted Services in accordance with the Agreement, provided that, if neither (a) nor (b) is possible, the Client may terminate the Agreement by giving written notice to the Provider and the Provider shall promptly refund all Charges for Services not provided as a result of such termination and/or Provider Indemnity Event.
The Client warrants to the Provider that the Client Content, when used by the Provider in accordance with the Agreement, will not infringe the Intellectual Property Rights or other rights of any person in any jurisdiction and under any applicable law (a "Client Indemnity Event").
All of the parties' warranties and representations in respect of the subject matter of the Agreement are expressly set out in the Agreement. To the maximum extent permitted by applicable law, no other warranties or representations concerning the subject matter of the Agreement will be implied into the Agreement or any related contract.
Acknowledgements and warranty limitations
The Client acknowledges that complex software is never wholly free from defects, errors and bugs; and subject to the other provisions of the Agreement, the Provider gives no warranty or representation that the Hosted Services will be wholly free from defects, errors and bugs.
The Client acknowledges that complex software is never entirely free from security vulnerabilities; and subject to the other provisions of the Agreement, the Provider gives no warranty or representation that the Hosted Services will be entirely secure.
The Client acknowledges that the Hosted Services are designed to be compatible only with that software and those systems specified as compatible in the Hosted Services Specification; and the Provider does not warrant or represent that the Hosted Services will be compatible with any other software or systems.
The Client acknowledges that the Provider will not provide any legal, financial, accountancy or taxation advice under the Agreement or in relation to the Hosted Services; and, except to the extent expressly provided otherwise in the Agreement, the Provider does not warrant or represent that the Hosted Services or the use of the Hosted Services by the Client will not give rise to any legal liability on the part of the Client or any other person.
Indemnities
The Provider shall indemnify and shall keep indemnified the Client against any and all liabilities, damages, losses, costs and expenses (including legal expenses and amounts reasonably paid in settlement of legal claims) suffered or incurred by the Client and arising directly or indirectly as a result of a Provider Indemnity Event.
The Client shall indemnify and shall keep indemnified the Provider against any and all liabilities, damages, losses, costs and expenses (including legal expenses and amounts reasonably paid in settlement of legal claims) suffered or incurred by the Provider and arising directly or indirectly as a result of a Client Indemnity Event.
If either party (the "indemnified party") is entitled to be indemnified by the other party (the "indemnifying party") under this Clause 17, the indemnified party must:
- upon becoming aware of an actual or potential Client or Provider Indemnity Event (as applicable), notify the indemnifying party; (b) provide to the indemnifying party all such assistance as may be reasonably requested by the indemnifying party in relation to the Indemnity Event;
- allow the indemnifying party the exclusive conduct of all disputes, proceedings, negotiations and settlements with third parties relating to the Indemnity Event (provided that the indemnifying party shall not agree any settlement that would have a material adverse effect on the indemnified party without the prior written consent of the indemnified party); and
- not admit liability to any third party about the Indemnity Event or settle any disputes or proceedings involving a third party and relating to the Indemnity Event without the prior written consent of the indemnifying party,and the indemnifying party’s obligations to indemnify the indemnified party under this Clause 17 shall not apply unless the indemnified party complies with the requirements of this Clause 17.3.
The indemnity protection set out in this Clause 17 shall be subject to the limitations and exclusions of liability set out in Clause 18 of the Agreement.
Limitations and exclusions of liability
Nothing in the Agreement will:
- limit or exclude any liability for death or personal injury resulting from negligence;
- limit or exclude any liability for fraud or fraudulent misrepresentation;
- limit any liabilities in any way that is not permitted under applicable law;
- or exclude any liabilities that may not be excluded under applicable law.
The limitations and exclusions of liability set out in this Clause 18 and elsewhere in the Agreement:
- are subject to Clause 18.1; and
- govern all liabilities arising under the Agreement or relating to the subject matter of the Agreement, including liabilities arising in contract, in tort (including negligence) and for breach of statutory duty, except to the extent expressly provided otherwise in the Agreement.
Neither party shall be liable to the other party in respect of any losses arising out of a Force Majeure Event.
Neither party shall be liable to the other party in respect of any loss of profits or anticipated savings, any economic losses including loss of business, revenue, income, goodwill, reputation, contracts, opportunities, use of money or anticipated savings, loss of use or production, loss of, or damage to, any database or software or any special, incidental, indirect or consequential loss or damage.
The Provider shall not be liable to the Client in respect of any loss or corruption of any data, except to the extent caused by the Provider’s breach of its obligations under Clause 5.4 (Client Content back-up), Clause 12 (confidentiality) or Clause 14 (data protection).
Subject to Clause 18.7, the liability of the Provider to the Client under the Agreement in respect of any event or series of related events shall not exceed the greater of:
- £1,000; and
- an amount equal to 150% of the total amount paid and payable by the Client to the Provider under the Agreement in the 12 months period immediately preceding the event or events giving rise to the claim.
The liability of each party to the other party arising out of a breach of Clause 12 or Clause 14 or under the indemnities in Clause 17 shall not exceed £1,000.
Each provision of this Clause 18 shall be construed separately and shall continue and survive even if for any reason one or other of those provisions is held invalid or unenforceable in any circumstances.
Force Majeure Event
If a Force Majeure Event gives rise to a failure or delay in either party performing any obligation under the Agreement (other than any obligation to make a payment), that obligation will be suspended for the duration of the Force Majeure Event.
A party that becomes aware of a Force Majeure Event which gives rise to, or which is likely to give rise to, any failure or delay in that party performing any obligation under the Agreement, must:
- promptly notify the other; and
- inform the other of the period for which it is estimated that such failure or delay will continue.
The party claiming a Force Majeure Event shall take all action that is reasonable under the circumstances to overcome any such cause of prevention or delay and to proceed with the performance of its obligations hereunder.
If the Provider is prevented from providing the Services as a result of a Force Majeure Event, the Client’s obligations to pay the Charges will be suspended for the duration of the relevant Force Majeure Event.
Either party may terminate the Agreement in the event that a Force Majeure Event has occurred preventing either party from performing or continuing to perform its obligations for a period of more than one month. If the Agreement is terminated under this Clause 19.5, the Provider must refund to the Client any Charges paid by the Client to the Provider in respect of Services that were not provided as a result of a Force Majeure Event affecting the Provider. 19.6. Neither party may rely upon this Clause 19 and be relieved of the performance of any of its obligations under the Agreement if a Force Majeure Event is proven reasonably by the other party to be caused by the deliberate, direct or indirect instigation of the party claiming the Force Majeure Event.
Termination
Either party may terminate the Agreement (together with all Services Order Forms incorporated in it) or any Services Order Form for convenience by giving to the other party no less than 30 days’ written notice of termination, provided that no such termination may take effect in relation to any Software Services until the end of the then-current Software Licence Term. This means that Professional Services may be terminated on no less than 30 days’ notice at any time, but Software Services will if terminated continue until the end of the thencurrent Software Licence Term or as specified in the Service Order Form.
Either party may terminate the Agreement immediately by giving written notice of termination to the other party if:
- the other party commits any material breach of the Agreement, and the breach is not remediable;
- the other party commits a material breach of the Agreement, and the breach is remediable but the other party fails to remedy the breach within the period of 30 days following the giving of a written notice to the other party requiring the breach to be remedied; or
- the other party persistently breaches the Agreement (irrespective of whether such breaches collectively constitute a material breach);
Either party may terminate the Agreement immediately by giving written notice of termination to the other party if:
- the other party is dissolved, ceases to conduct all (or substantially all) of its business, is or becomes unable to pay its debts as they fall due, is or becomes insolvent or is declared Insolvent or convenes a meeting or makes or proposes to make any arrangement or composition with its creditors;
- an administrator, administrative receiver, liquidator, receiver, trustee, manager or similar is appointed over any of the assets of the other party;
- an order is made for the winding up of the other party, or the other party passes a resolution for its winding up (other than for the purpose of a solvent company reorganization where the resulting entity will assume all the obligations of the other party under the Agreement); or
- that other party is an individual and dies, becomes incapable of managing his or her own affairs as a result of illness or incapacity or is the subject of a bankruptcy petition or order.
The Provider may terminate the Agreement immediately by giving written notice to the Client if:
- any amount due to be paid by the Client to the Provider under the Agreement is unpaid by the due date and remains unpaid upon the date that that written notice of termination is given (except where such amounts are the subject of a bona fide dispute between the parties that is being negotiated in good faith); and
- the Provider has given to the Client at least 30 days' written notice, following the failure to pay, of its intention to terminate the Agreement in accordance with this Clause 20.4.
Termination of the Agreement under any of Clauses 20.2, 20.3 or 20.4 shall automatically terminate all Services Order Forms comprised in the Agreement.
Effects of termination
Upon the termination of the Agreement: all of the provisions of the Agreement shall cease to have effect, save that the following provisions of the Agreement shall survive and continue to have effect (in accordance with their express terms or otherwise indefinitely): Error! Reference source not found., Error! Reference source not found., 1.14, 5.2, 6, 9.1, 10.1, 10.2, Error! Reference source not found., Error! Reference source not found., 12, 13, 14, 15, 16, 17, 18, 21, 22, 23, 31 and 3232.
Except to the extent that the Agreement expressly provide otherwise, the termination of the Agreement shall not affect the accrued rights of either party.
Upon termination of the Agreement:
- any and all licenses granted by the Provider to the Client will terminate with immediate effect;
- Client Content will no longer be retained in the Platform and/or any Created App (save to the extent that the Provider is obliged to retain the same by operation of any law or regulatory body or to the extent that the parties agree in writing to an extended retention period).
Within 30 days following the termination of the Agreement for any reason, and without prejudice to the parties' other legal rights:
- the Client must pay to the Provider any Charges in respect of Services provided to the Client before the termination of the Agreement; and
- the Provider must refund to the Client any Charges paid by the Client to the Provider in respect of Services that were to be provided to the Client after the termination of the Agreement.
Non-solicitation of personnel
Neither party shall, without the prior written consent of the other party, either during the Term or within the period of 6 months following the end of the Term, engage, employ or solicit for engagement or employment any employee or subcontractor of the other party who has been involved in any way in the negotiation or performance of the Agreement.
Notices
Any notice given under the Agreement must be in writing, whether or not described as a "written notice" in the Agreement.
Any notice given by either party under the Agreement must either be sent by email or by recorded signed-for post using the following contact details:
- notices sent to the Provider must be addressed to the Provider’s Designated Point of Contact using the email or postal address of the Designated Point of Contact or the Provider’s postal address, in either case as shown on the relevant Services Order Form;
- notices sent to the Client must be addressed to the Client’s Designated Point of Contact using the email or postal address of the Designated Point of Contact shown on the relevant Services Order Form.
The addressee and contact details described in Clause 23.2 may be updated from time to time by a party giving written notice of the update to the other party in accordance with this Clause 23.
A party receiving from the other party a notice by email must acknowledge receipt by email promptly, and in any event within 2 Business Days following receipt of the notice.
A notice will be deemed to have been received at the relevant time set out below or, where such time is not within Business Hours, when Business Hours next begin after the relevant time set out below:
- at the time of the sending of the email (providing that the sending party retains written evidence that the email has been sent);
- in the case of notices sent by post, 48 hours after posting.
Subcontracting
Subject to Clause 14.8, the Provider may subcontract to any reputable third party hosting business the hosting of the Platform. It may also subcontract any of its other obligations under the Agreement, such as software development. However, the Provider shall in all cases remain responsible to the Client for the performance of any subcontracted obligations.
Assignment
Neither party may assign, transfer or otherwise deal with its contractual rights and/or obligations under the Agreement without the prior written consent of the other party, such consent not to be unreasonably withheld or delayed, providing that either party may assign the entirety of its rights and obligations under the Agreement to any of its Affiliates or to any successor to all or a substantial part of its business from time to time.
No waivers
No breach of any provision of the Agreement will be waived except with the express written consent of the party not in breach.
No waiver of any breach of any provision of the Agreement shall be construed as a further or continuing waiver of any other breach of that provision or any breach of any other provision of the Agreement.
Severability
If a provision of the Agreement is determined by any court or other competent authority to be unlawful and/or unenforceable, the other provisions will continue in effect.
If any unlawful and/or unenforceable provision of the Agreement would be lawful or enforceable if part of it were deleted, that part will be deemed to be deleted, and the rest of the provision will continue in effect.
Third party rights
The Agreement is for the benefit of the parties and is not intended to benefit or be enforceable by any third party.
The exercise of the parties" rights under the Agreement is not subject to the consent of any third party.
Variation
The Provider may vary the Agreement by giving to the Client at least 14 days' written notice of the proposed variation if and to the extent that such variation is required by applicable law.
Subject to Clause 29.1, the Provider may vary the Agreement by giving to the Client at least 30 days' written notice of the proposed variation, providing that if the Provider gives to the Client a notice under this Clause 29.2Error! Reference source not found., the Client shall have the right to terminate the Agreement by giving written notice of termination to the Provider at any time during the period of 14 days following receipt of the Provider's notice.
Subject to Clause 29.1 and Clause 29.2, the Agreement may not be varied except by means of a written document signed by or on behalf of each party, without prejudice to the requirements of Clause 8 relating to Change Control.
Entire agreement
The Agreement shall constitute the entire agreement between the parties in relation to the subject matter of the Agreement, and shall supersede all previous agreements, arrangements and understandings between the parties in respect of that subject matter.
Subject to Clause 18.1, neither party will have any remedy in respect of any misrepresentation (whether written or oral) made to it upon which it relied in entering into the Agreement.
Law and jurisdiction
The Agreement shall be governed by and construed in accordance with the Laws of Ireland.
Any disputes relating to the Agreement shall be subject to the exclusive jurisdiction of the Courts of Ireland.
Dispute resolution
The parties shall attempt, in good faith, to resolve any dispute promptly by negotiation. If reasonable efforts to resolve any dispute fail, then each party shall refer the matter to a nominated senior manager.
If the dispute is not resolved within 14 days of the reference to senior management in accordance with Clause 32.1, the parties will attempt to resolve the dispute by mediation before exercising any remedy available at law or equity.
Schedule 1 (Availability SLA)
Introduction to availability SLA
This Schedule 1 sets out the Provider's availability commitments relating to the Hosted Services.
In this Schedule 1, "uptime" means the percentage of time during a given period when the Hosted Services are available at the gateway between public internet and the network of the hosting services provider for the Hosted Services.
Availability
The Provider shall use all reasonable endeavours to ensure that the uptime for the Hosted Services is at least 99.9% during each calendar month.
The Provider shall be responsible for measuring uptime and shall do so using any reasonable methodology.
Exceptions
Downtime caused directly or indirectly by any of the following shall not be considered when calculating whether the Provider has met the uptime guarantee given in Paragraph 2.1:
- a Force Majeure Event;
- a fault or failure of the internet or any public telecommunications network;
- a fault or failure of the Client's computer systems or networks;
- any breach by the Client of the Agreement; or
- scheduled maintenance of up to 4 hours per month carried out in accordance with the Agreement.
Schedule 2 (Maintenance SLA)
Introduction
This Schedule 2 sets out the service levels applicable to the Maintenance Services.
Scheduled Maintenance Services
The Provider shall use all reasonable endeavours to give to the Client at least 3 Business days' prior written notice of scheduled Maintenance Services that are likely to affect the availability of the Hosted Services or are likely to have a material negative impact upon the Hosted Services, without prejudice to the Provider's other notice obligations under this Schedule 2.
The Provider shall use all reasonable endeavours to ensure that scheduled Maintenance Services are kept to a minimum and to carry out such work during periods of lower usage of the Platform and Hosted Services.
Updates
The Provider shall use all reasonable endeavours to give to the Client written notice of the application of any security Update to the Platform and at least 3 Business Days' prior written notice of the application of any non-security Update to the Platform.
The Provider shall apply Updates to the Platform as follows:
- third party security Updates shall be applied to the Platform promptly following release by the relevant third party, providing that the Provider may acting reasonably decide not to apply any particular third-party security Update;
- the Provider's security Updates shall be applied to the Platform promptly following the identification of the relevant security risk and the completion of the testing of the relevant Update; and
- other Updates shall be applied to the Platform in accordance with any timetable notified by the Provider to the Client or agreed by the parties from time to time.
Upgrades
The Provider shall produce Upgrades at least once in each calendar year during the Term.
The Provider shall give to the Client at least 3 Business Days' prior written notice of the application of an Upgrade to the Platform.
The Provider shall apply each Upgrade to the Platform within any period notified by the Provider to the Client or agreed by the parties in writing.
Schedule 3 (Support SLA)
Introduction
This Schedule 3 sets out the service levels applicable to the Support Services.
The Provider will endeavour to support the most commonly used mobile operating systems (OS) and mobile devices. The list of Supported Mobile Operating Systems and Devices is always available and regularly updated by the Provider on its website. It is acknowledged that this list is subject to change over time as new versions of each operating systems and device hardware becomes prominent in the market. The Provider’s general rule is to support the latest two major versions of mobile OS, however, this is tempered with market realities, and so an OS that fails to gain any significant market share may not be supported.
The Provider will provide regular technology updates for both Apple and Android operating systems.
Helpdesk
The Provider shall make available to the Client a helpdesk in accordance with the provisions of this Schedule 3.
The Client may use the helpdesk for the purposes of requesting and, where applicable, receiving the Support Services; and the Client must not use the helpdesk for any other purpose.
The Provider shall ensure that the helpdesk is accessible by telephone, email and, where applicable, using the Provider's web-based ticketing system.
The Provider shall ensure that the helpdesk is operational and adequately staffed during Business Hours during the Term.
The Client shall ensure that all requests for Support Services that it may make from time to time shall be made through the helpdesk.
Response and resolution
Issues raised through the Support Services shall be categorized as follows:
- critical: the Hosted Services are inoperable or a core function of the Hosted Services is unavailable;
- serious: a core function of the Hosted Services is significantly impaired;
- moderate: a core function of the Hosted Services is impaired, where the impairment does not constitute a serious issue; or a non-core function of the Hosted Services is significantly impaired; and
- minor: any impairment of the Hosted Services not falling into the above categories; and any cosmetic issue affecting the Hosted Services.
The Provider shall determine, acting reasonably, into which severity category an issue falls.
The Provider shall use all reasonable endeavours to respond to requests for Support Services promptly, and in any case in accordance with the following time periods:
- critical: 2 Business Hours;
- serious: 4 Business Hours;
- moderate: 1 Business Day; and
- minor: 5 Business Days.
The Provider shall ensure that its response to a request for Support Services shall include the following information (to the extent such information is relevant to the request): an acknowledgement of receipt of the request, where practicable an initial diagnosis in relation to any reported error, and an anticipated timetable for action in relation to the request.
The Provider shall use all reasonable endeavours to resolve issues raised through the Support Services promptly, or where further investigation is required, agree a workaround with the Client, and in any case in accordance with the following targeted time periods:
- critical: 4 Business Hours;
- serious: 8 Business Hours;
- moderate: 4 Business Days; and
- minor: 10 Business Days or by agreement (typically next release of the Platform).
Provision of Support Services
The Support Services shall be provided remotely, save to the extent that the parties agree otherwise in writing.
Limitations on Support Services
The Provider shall have no obligation to provide Support Services in respect of any issue caused by:
- the improper use of the Hosted Services by the Client; or
- any alteration to the Hosted Services made without the prior consent of the Provider.
The Provider will not be obliged to diagnose and rectify any fault in the Platform resulting from:
- any modifications made by or on behalf of the Client by any person other than the Provider:
- minor defects which do not significantly affect or impair the use of the Platform;
- any incorrect or improper use of the Platform, or any use of the Platform for any purpose for which it was not designed;
- an issue has been reported only on devices which are not currently supported by the Provider
- the Client has prevented the Provider from performing required maintenance and update tasks;
- the failure by the Client to implement recommendations in respect of any solutions to faults previously advised by the Provider; or
- in a situation where the Client is in breach of its contract with the Provider for any reason (e.g. late payment of fees).
Schedule 4 (Form of CCN)
Introduction
Title of Change: [insert title]
CCN number: [insert number]
Change proposed by: [insert individual name(s)]
Date of issue of CCN: [insert date]
Summary details of proposed Change: [insert details]
Change details
[Insert full details of proposed Chance]
Impact of Change
Impact upon resources: [insert details]
Impact upon timetable: [insert details]
Impact upon Charges: [insert details]
Other effects of Change: [insert details]
Agreement to Change
The parties have indicated their acceptance of the Change described in this CCN by signing below
SIGNED BY [[individual name] on [...............], the Provider / [individual name] on [...............], duly authorized for and on behalf of the Provider]:....................
SIGNED BY [[individual name] on [...............], the Client / [individual name] on [...............], duly authorized for and on behalf of the Client]:....................
Schedule 5 (Data Processing Information)
Categories of data subject
- End Users
- Anyone else to whom any Personal Data contained within Client Content accessible via the Created App(s) relate
Types of Personal Data
The types of Personal Data comprised in the Client Personal Data depends largely on the nature of the relevant Created App and the Client’s use of the relevant Created App.
Usernames and passwords for End Users are required to enable End Users to access and use the Created App, so will always form part of Client Personal Data.
The Client may also choose to collect or upload the following types of Personal Data using the Hosted Services:
- contact details: emails and phone numbers
- role
- postal business addresses
- unique identifiers relating to End User devices (to the extent that the Client has opted to use push notification tools and End Users have opted to allow notifications)
- tracking/analytics/usage data relating to End Users (to the extent that the Client has opted to use usage statistics tools)
- any other types of Personal Data that the Client chooses to collect from End Users via the Created App(s) or that may be contained within Client Content accessible via the Created App(s)
Purposes of processing
To provide the Services that the Client has requested the Provider to provide in the Agreement, which may include:
- enabling the Client to use the Created Apps in accordance with the Agreement
- enabling End Users to access content on the Created Apps
- enabling End Users to access other Client systems where the Platform acts as a portal and to authenticate End Users onto other software of the Client
- enabling the Client to send push notifications relating to the Created App(s) to End Users (where the Client has opted to use push notification tools and where the End User has opted to allow notifications)
- enabling the Client to collect usage statistics relating to the Created App(s) (where the Client has opted to use usage statistics tools)
Security measures for Personal Data
The Provider is ISO27001 accredited, meaning that the Provider implements the security measures required in order to achieve such accreditation.
The Platform is subject to regular penetration testing by an external body to ensure it has an appropriate level of control against intrusion.
The Platform meets and exceeds the L1 Mobile Application Security Verification Standard (MASVS).
Sub-processors of Personal Data
The Provider uses the following category of third-party processors in connection with the processing of Client Personal Data:
- Platform hosting service provider is XXXXXXXXXXXXXXXX
Transfers outside the European Economic Area
The Client authorises transfers of Client Personal Data to the Provider and the subprocessors authorised by the Client pursuant to Clause 14.8.
The Client’s use of any of the third-party tools made available via the Hosted Services may involve transfers of Client Personal Data outside the EEA. Use of these third-party tools is governed by legal agreements directly between the Client and the providers of the third-party tools and subject to the privacy notices made available by the providers of the third-party tools. Any transfers of Client Personal Data that occur as a result of the Client’s use of the third-party tools will be deemed to be made by the Client to the provider of the third-party tools. However, if any such transfers are routed via the Hosted Services and/or if any such transfers occur as a result of the Provider assisting the Client in using the third party tools in connection with the provision of the Services, the Client agrees that the Provider may transfer Client Personal Data as reasonably necessary to enable the Client to use the third party tools via the Hosted Services or to enable the Provider to assist the Client in using the third party tools in connection with the provision of the Services.
APPENDIX 1 TO THE STANDARD CONTRACTUAL CLAUSES
Data exporter
The data exporter is a client of the data importer, who has purchased various software-related services from the data importer under a contract for the supply of services (the “Agreement”).
Data importer
The data importer is a provider of a communications platform, hosted subscription software services and related professional services that enable its clients to create mobile apps to connect, communicate and engage with their workforces and provide access to company-wide information.
Data subjects
The personal data transferred concern the following categories of data subjects:
- any and all persons that use the data exporter’s mobile app as an end user by downloading it, which may be the personnel and/or customers of the data exporter and/or any other category of person, depending on the intended user audience for the data exporter’s mobile app (“End Users”)
- anyone else to whom any personal data contained within content accessible via the data exporter’s mobile app relate
Categories of data
The personal data transferred concern the following categories of data:
The types of personal data transferred depends largely on the nature of the data exporter’s mobile app and the data exporter’s use of its mobile app.
Usernames and passwords for End Users are required to enable End Users to access and use the data exporter’s mobile app, so will always form part of the transferred personal data.
The data exporter may also choose to collect or upload the following types of personal data using the data importer’s platform and software services:
- contact details: emails and phone numbers
- role
- postal business addresses
- unique identifiers relating to End User devices (to the extent that the data exporter has opted to use push notification tools and End Users have opted to allow notifications)
- tracking/analytics/usage data relating to End Users (to the extent that the data exporter has opted to use usage statistics tools)
- any other types of personal data that the data exporter chooses to collect from End Users via the data exporter’s mobile app or that may be contained within content accessible via the data exporter’s mobile app
Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data:
It is not expected that the transferred personal data will contain any special categories of data.
Processing operations
The personal data transferred will be subject to the following basic processing activities:
The transferred personal data will be processed by the data importer in order to provide the services that the data exporter has requested the data importer to provide in the Agreement, which may include:
- enabling the data exporter to use the data exporter’s mobile app in accordance with the Agreement
- enabling End Users to access content on the data exporter’s mobile app
- enabling End Users to access other data exporter systems where the data importer’s platform acts as a portal and to authenticate End Users onto other software of the data exporter
- enabling the data exporter to send push notifications relating to the data exporter’s mobile app to End Users (where the data exporter has opted to use push notification tools and where the End User has opted to allow notifications)
- enabling the data exporter to collect usage statistics relating to the data exporter’s mobile app (where the data exporter has opted to use usage statistics tools)
APPENDIX 2 TO THE STANDARD CONTRACTUAL CLAUSES
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
The data importer is ISO27001 accredited, meaning that the data importer implements the security measures required in order to achieve such accreditation.
The data importer’s platform is subject to regular penetration testing by an external body to ensure it has an appropriate level of control against intrusion.
The data importer’s platform meets and exceeds the L1 Mobile Application Security Verification Standard (MASVS).