Background
1 - Interpretation
1.1 - In this Agreement, where used, the following words and expressions have the meanings set opposite them:
- Acceptance: the acceptance or deemed acceptance of the MemberBase/CRM and MemberBase/CRM Software by You under Schedule 1;
- Agreement: this agreement including all the Schedules;
- Bespoke Features: MemberBase/CRM content and structure created specifically for You only, as part of the Services but which is not part of the generic functionality of our Software or third party modules within it;
- Business Day: any day (other than a Saturday or Sunday) when banks are generally open for normal business in London;
- Charges: the charges for the Services and any products set out in the relevant proposal, together with any charges for agreed variations to MemberBase/CRM, Services or products;
- Commencement Date: the date the trial was requested by you;
- Confidential Information: all information, whether technical or commercial (including all specifications, drawings, designs and source code) disclosed in writing, on disc, orally or by inspection of documents or pursuant to discussions between the Parties, where the information is:
- identified as confidential at the time of disclosure; or
- ought reasonably to be considered confidential given the nature of the information or the circumstances of disclosure;
- Customer Relationship Management ('CRM'): the 'MemberBase' CRM system used to deliver this service and owned by Us;
- Downtime: any service interruption of one minute or more in the availability to users of the MemberBase/CRM pursuant to the Services, but only if the interruption is due to Our default in circumstances other than a Force Majeure Event;
- Force Majeure Event: any event arising which is beyond the reasonable control of the affected Party (including any industrial dispute affecting any third party, governmental regulations, fire, flood, disaster, civil riot, terrorist act or war);
- IPR: all intellectual property rights wherever in the world arising, whether registered or unregistered (and including any application), including copyright, know-how, confidential information, trade secrets, business names and domain names, trademarks, trade names, patents, petty patents, utility models, design rights, rights, database rights and all rights in the nature of unfair competition rights or rights to sue for passing off;
- Materials: the content provided to Us by You from time to time for incorporation in the MemberBase/CRM system;
- Services: Our services to be supplied under this Agreement and Our obligations under this Agreement, together with any other services which You take from Us;
- MemberBase/CRM: the customer relationship management software developed by Us under this Agreement;
- MemberBase/CRM Software: the software for the MemberBase/CRM system under this Agreement;
- Software Code: the source code and database structure of the CRM;
- VAT: value added tax chargeable under English law for the time being and any similar additional tax;
- Data Subject: an individual who is the subject of Personal Data;
- Personal Data: means any information relating to an identified or identifiable natural person that is processed by us as a result of, or in connection with, the provision of the Services provided under this Agreement;
- Data Controller: Has the meaning given to the ‘Data Controller’, or ‘Controller’ as appropriate, in the Data Protection Laws;
- Data Breach: Means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed;
- Data Processor: Has the meaning given to ‘Data Processor’, or Processor as appropriate, in the Data Protection Laws;
- Data Protection Laws: Means any and all laws, statutes, enactments, orders or regulations or other similar instruments of general application and any other rules, instruments or provisions in force from time to time relation to the processing of personal data and privacy application to the performance of this Agreement, including where applicable the Data Protection Act 1998, the Data Protection Bill, the Regulation of Investigatory Powers Act 2000, the Privacy and Electronic communications (EC Directive) Regulations 2003 (SI 2426/2003) and the GDPR (Regulation EU) 2016/679), as amended or superseded;
- GDPR: Means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC as updated, superseded or repealed from time to time.
1.2 - References to Clauses, paragraphs and Schedules are (unless otherwise stated) references to the clauses, paragraphs and schedules of this Agreement and the particular Schedule in which they occur and headings used shall not affect interpretation of this Agreement.
1.3 - Words in the singular include the plural and in the plural include the singular.
1.4 - References to ‘including’ and ‘include(s)’ shall be deemed to mean respectively, ‘including without limitation’ and ‘include(s) without limitation’.
1.5 - References to ‘content’ include any kind of text, information, image, or audio or video material which can be incorporated in MemberBase/CRM for access by a user to that.
1.6 - A “person” includes a natural person, corporate or unincorporated body (whether or not having separate legal personality and that person’s legal and personal representatives, successors, and permitted assigns.
2 - Payment of charges
2.1 - The Agreement commences on the Commencement Date and continues for a period of ninety (90) days thereafter.
2.2 - During this period, we hereby grant you a non-exclusive, revocable and non-transferable right to use MemberBase/CRM solely for the purpose of internally evaluating the suitability of MemberBase/CRM for your internal business purposes. You may, using the functionality within MemberBase/CRM, configure and, modify certain available features and functionality of the MemberBase Software offered as part of its evaluation process free of charge.
2.3 - After this period, we shall be entitled to invoice You for the Charges in accordance with Your usage of MemberBase/CRM Software. Our VAT invoices for the Charges which are properly due and submitted will be paid by You within 30 days of the date of Our invoice to a bank account nominated in writing from time to time by Us to You.
2.4 - All Charges are stated exclusive of VAT and any additional or replacement tax.
2.5 - Any invoice disputes shall be raised by You within 15 days of receipt. Where any part of the invoice is disputed, payment of that part not in dispute shall be made in accordance with the terms of this Clause 2.
2.6 - Any delay in payment of the Charges shall not entitle Us to suspend the provision of the Services.
2.7 - If You fail to pay any amount due under this Agreement, We shall be entitled, but not obliged, to charge You interest on the overdue amount. Such interest shall be payable by You forthwith on demand, from the due date up to the date of actual payment, after as well as before judgment, at the rate of 4% per annum above the base rate for the time being of Lloyds Bank plc. Such interest shall accrue on a daily basis and be compounded quarterly.
2.8 - We shall maintain complete and accurate records of the time spent and materials used by Us in providing the Services in such form as You shall approve. We shall allow You to inspect such records at all reasonable times on request.
3 - Limitation of remedies and liability
3.1 - Nothing in this Agreement shall operate to exclude to limit either party for:
- 3.1.1 - death or personal injury caused by its negligence; or
- 3.1.2 - any breach of the terms implied by section 12 of the Sale of Goods Act 1979 or section 2 of the Supply of Goods and Services Act 1982; or
- 3.1.3 - fraud; or
- 3.1.4 - any other liability which cannot be excluded or limited under applicable law.
3.2 - Neither party shall in any event be liable to the other for any indirect or consequential loss, or loss of profit, anticipated profits, revenues, grants, anticipated savings, goodwill or business opportunity.
3.3 - Subject to Clause 3.1, each Party’s aggregate liability, for claims arising out of or in connection with this Agreement or any collateral contract, whether in contract or tort (including negligence) or otherwise, shall be limited to the value of your project.
3.4 - This Agreement sets out the full extent of Our obligations and liabilities in respect of the supply of the Services and any ancillary products. All conditions, warranties or other terms concerning the Services or products which might otherwise be implied into this Agreement or any collateral contract (whether by statute or otherwise) are hereby expressly excluded to the extent allowed by law.
4 - IPR
4.1 - All IPR in the MemberBase/CRM; and the MemberBase/CRM Software Code shall remain Our IPR. We shall grant you a licence to use the Customer Relationship Management software for the duration of this Agreement in accordance with Schedule 1 Clause 7.
4.2 - You shall indemnify us against all damages, losses and expenses arising as a result of any action or claim that the Materials provided by you infringe the IPR rights of a third party.
4.3 - We shall indemnify You against all damages, losses and expenses arising as a result of any action or claim of infringement of IPR rights of a third party against Senior where Materials or services have been supplied by us.
4.4 - The indemnities in Clauses 4.3 and 4.4 are subject to the following conditions:
- 4.4.1 - the indemnified Party promptly notifies the indemnifier in writing of the claim;
- 4.4.2 - the indemnified Party makes no admissions or settlements without the indemnifier’s prior written consent;
- 4.4.3 - the indemnified Party gives the indemnifier all information and assistance that the indemnifier may reasonably require; and
- 4.4.4 - the indemnified Party allows the indemnifier complete control over the litigation and settlement of any action or claim.
4.5 - The provisions of this Clause 4 shall survive termination.
5 - Term and termination
5.1 - We shall provide the Services from the Commencement Date.
5.2 - The Services supplied under this Agreement shall continue to be supplied for a period of ninety (90) days’ from the Commencement Date and, after that, shall continue to be supplied and charged unless and until this Agreement is terminated by either party by giving to the other not less than 5 days’ written notice.
5.3 - After the initial 90 day period, this Agreement can be terminated by either party by giving to the other not less than 30 days’ written notice.
5.4 - Without prejudice to any other rights or remedies which the Parties may have, either Party may terminate this Agreement immediately on giving notice to the other Party if:
- 5.4.1 - the other Party commits any material breach of its obligations under this Agreement which is not remediable or if it is remediable is not remedied within 30 days after the service of written notice specifying the breach and requiring it to be remedied (non-payment on time being taken as irremediable); or
- 5.4.2 - the other Party ceases to trade; or:
- 5.4.3 - the other Party becomes insolvent or unable to pay its debts within the meaning of the insolvency legislation applicable to that part; or
- 5.4.4 - the ability of that Party’s creditors to take any action to enforce their debts is suspended, restricted or prevented or some or all of that Party’s creditors accept, by agreement or pursuant to a court order, an amount of less than the sums owing to them in satisfaction of those sums; or
- 5.4.5 - any process is instituted which could lead to that Party being dissolved and its assets being distributed to its creditors, shareholders or other contributors (other than for the purposes of solvent amalgamation or reconstruction); or
- 5.4.6 - the Party reasonably apprehends that any of the events mentioned in Clauses 5.1.1 to 5.1.5, inclusive are about to occur and notifies the other Party accordingly.
5.5 - On the event of the sales of substantially all of Your assets to a single purchaser or group of associated purchasers; or the sale, exchange, or other disposition, in one transaction of the majority of Your outstanding corporate shares; or the merger or consolidation of You with another company this Agreement will transfer to the new company as long as all debts are paid and future payments are maintained.
5.6 - On termination of this Agreement:
- 5.6.1 - We may immediately deactivate your trial account and any data within the MemberBase/CRM Software will be deleted.
- 5.6.2 - all provisions of this Agreement shall cease to have effect, except that any provision which can reasonably be inferred as continuing or is expressly stated to continue, shall continue in full force and effect as well as accrued rights under this Agreement; and
- 5.6.3 - all licences granted under this Agreement shall terminate immediately.
6 - Change control
6.1 - If either Party requests a change to the scope or execution of the Services, We shall, within a reasonable time (and in any event not more than 5 Business Days after receipt of Your request, provide a written estimate to You of:
- 6.1.1 - the likely time required to implement the change;
- 6.1.2 - any necessary variations to the Charges arising from the change; and
- 6.1.3 - any other impact of the change on this Agreement.
6.2 - Unless both Parties consent to a proposed change, there shall be no change to this Agreement.
6.3 - If both Parties consent to a proposed change, the change shall be made, only after agreement of necessary variations to the Change, the Services and any relevant terms of this Agreement to take account of the charge that has been reached and this Agreement has been varied in accordance with Clause 12.
7 - Force majeure
A Party who becomes aware of a Force Majeure Event which gives rise to, or which is likely to give rise to, any failure or delay in performing its obligations under this Agreement shall forthwith notify the other and shall inform the other of the period for which it is estimated that such failure or delay will continue. The affected Party shall take reasonable steps to mitigate the effect of the Force Majeure Event but shall be excused from performance to the extent prevented by Force Majeure Event. If the period of delay or non-performance continues for 30 Business Days, the party not affected may terminate this agreement by giving 10 Business Days' written notice to the affected party.
8 - Confidentiality
8.1 - Both You and We shall both during this Agreement and after its termination keep confidential and not (except as authorised or required for the purpose of this Agreement) use or disclose or attempt to use or disclose to anyone any of each other’s Confidential Information.
8.2 - We shall not, for marketing purposes, name You as a client or link Our and Your internet sites unless You consent to such use in writing. Unless it:
- 8.2.1 - is or has become publicly known other than through breach of this Clause 8; or
- 8.2.2 - was in possession of the receiving Party prior to disclosure by the other Party; or
- 8.2.3 - was received by the receiving Party from an independent third party who has full right of disclosure; or
- 8.2.4 - was required to be disclosed by law, court order or any governmental or regulatory authority;
8.3 - This Clause 8 supersedes the terms of any existing non-disclosure agreement between Us and You, which is hereby terminated.
8.4 - We shall not use Your Confidential Information for any purpose other than to perform Our obligations under this Agreement.
8.5 - The provisions of this Clause 8 shall survive termination of this Agreement, howsoever arising.
9 - Service of notices
9.1 - Any notice given under this Agreement shall be in writing and may be served:
- 9.1.1 - Personally, at Senior Internet HO, Unit 13 Poplars Court, Lenton Lane, Nottingham NG7 2RR;
- 9.1.2 - By first class mail Senior Internet HO, Unit 13 Poplars Court, Lenton Lane, Nottingham NG7 2RR;
- 9.1.3 - By email (followed by phone call) to accounts@senior.co.uk or;
- 9.1.4 - By other means which any party specifies by notice to the other.
A notice shall be deemed to have been served:
- 9.1.5 - if it was served in person, at the time of service;
- 9.1.6 - if it was served by post, 48 hours after it was posted pre-paid; and
- 9.1.7 - if it was served by email at the date and time its been acknowledged by email reply by Senior.
10 - Assignment
Neither Party shall assign, transfer, charge, mortgage, subcontract, sub-licence or deal in any other manner with all or any of its rights or obligations under this Agreement without the prior written consent of the other Party.
11 - Entire agreement
Except as provided in this Clause 11, neither Party shall have any remedy in respect of any untrue statement (whether written or oral) made to it on which it by the other relied in entering into this Agreement (“Misrepresentation”), and neither Party shall have any liability other than pursuant to the express terms of this Agreement. Nothing in this Agreement shall exclude or limit either Your or Our liability for any Misrepresentation made knowing that it was untrue. Each Party's liability for Misrepresentation as to a fundamental matter, including as to a matter fundamental to that Party's ability to perform its obligations under this Agreement, shall be subject to the limit set out in Clause 3.3.
12 - Variation and waiver
12.1 - Any variation of this Agreement shall be in writing and signed by or on behalf of You and Us.
12.2 - A waiver of any right under this Agreement is only effective if it is in writing, and it applies only to the Party to whom the waiver is addressed and the circumstances for which it is given. Taking or failing to take any other action shall imply no waiver.
12.3 - Unless specifically provided otherwise, rights arising under this Agreement are cumulative and do not exclude rights provided by law.
13 - Severance
13.1 - If any provision (or part of a provision) of this Agreement is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, the other provisions shall remain in force.
13.2 - If any invalid, unenforceable or illegal provision would be valid, enforceable or legal if some part of it were deleted, the provision shall apply with whatever modification is necessary to give effect to the Parties’ commercial intention.
14 - Relationship of the parties
14.1 - Nothing in this Agreement and no action taken by You or Us pursuant to this Agreement shall constitute, or be deemed to constitute, the Parties in partnership, association, joint venture or any other co-operative entity or the agents of each other.
14.2 - During the term of this Agreement You agree that and for an additional period of 6 months after termination or expiry, You shall not directly or indirectly canvas with a view to offering or providing employment to, offer to contract with or entice to leave, any employee of or contractor to Us engaged in the performance of the Services without Our prior written consent.
14.3 - During the term of this Agreement You agree to co-operate with Us and provide such information and documents as are reasonably required to assist Us in the performance of Our obligations under this Agreement;
15 - Rights of Third Parties
15.1 - A person who is not a Party to this Agreement shall not have any rights under or in connection with it.
16 - Governing law and jurisdiction
16.1 - This Agreement and any disputes or claims arising out of or in connection with its subject matter are governed by and construed in accordance with the law of England.
16.2 - The parties irrevocably agree that the courts of England have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this Agreement and all correspondence and proceedings shall be in English.
17 - Data protection
17.1 - Where Senior, pursuant to the Agreement, processes Personal Data on behalf of the Client, Senior acknowledges that the Client is the Data Controller and the owner of such Personal Data, and that Senior is the Data Processor.
17.2 - The Data Processor is operating within reasonable compliance, and shall continue to comply, with the requirements of the applicable Data Protection Laws and all other data protection legislation in and jurisdiction relevant to the exercise of its right of the performance of its obligations under this Agreement.
17.3 - The Data Controller shall, for all categories of personal data (including special categories) processed under this Agreement, either;
- 17.3.1 - Obtain the consent of the data subject to the processing; or
- 17.3.2 - Confirm the ground upon which the Personal Data is being processed
17.4 - The Data Controller shall indemnify the Data Processor against all liabilities, costs, expenses, damages and losses (including reasonable professional costs and expenses) suffered or incurred by the Data Processor as a result of the Data Controller’s breach of its obligations pursuant to paragraph 17.3.1 above.
17.5 - In respect of any Personal Data to be processed by the Data Processor pursuant to this Agreement for which the Customer is Data Controller, the Data Processor shall;
- 17.5.1 - Have in place and at all times maintain appropriate technical and organisational measures in such a manner as is designed to ensure the protection of the rights of the data subject and to ensure a level of security appropriate to the risk;
- 17.5.2 - Not engage any sub-processor without the prior specific or general written authorisation of the Customer (and in the case of general written authorisation; the Data Processor shall inform the Customer of any intended changes concerning the addition or replacement of other processors and the Customer shall have the right to object to such changes.);
- 17.5.3 - Ensure that each of the Data Processor’s employees, agents, consultants, subcontractors and sub-processors are made aware of the Data Processor’s obligations under this Schedule and enter into binding obligations with the Data Processor to maintain the levels of security and protection required under this Schedule. The Data Processor shall ensure that the terms of this Schedule are incorporated into each agreement with any sub processor, subcontractor, agent or consultant to the effect that the sub-processor, agent or consultant shall be obligate to act at all times in accordance with duties and obligations of the Data Processor under this Schedule. Subject to clause 17.5.4 The Data Processor shall at all times be and remain liable to the Client for any failure of any employee, agent, consultant, subcontractor or sub-processor to act in accordance with the duties and obligations of the Data Processor under this Schedule;
- 17.5.4 - Senior are not liable to the Client for any failures of other Data Processors or Sub Processors obligations under this Schedule who are engaged with by the client and with whom Senior are instructed to integrate with; including but not restricted to; direct debit systems, online payment providers, email services, CRMs and analytics;
- 17.5.5 - Process that personal Data only on behalf of the Client in accordance with the Client’s instructions and to perform its obligation under this agreement or other documented instructions and for no other purpose save to the limited extent required by law;
- 17.5.6 - Upon the request of the Client, within 30 days of the expiry or termination of this agreement, Senior shall make available to the Client for download a full and complete file of the Customer Data. After the expiry of the 30 day period, Senior shall, unless required otherwise by law, delete all of the Customer Data in its live and staging systems or otherwise in its possession or control, note; in the case of backups these will be deleted in a 60 day cycle (30 days following deletion of live database);
- 17.5.7 - Ensure that all persons authorised to access the Personal Data are subject to oblations of confidentiality and receive training to ensure compliance with the Agreement and the Data Protection Laws;
- 17.5.8 - Make available to the Client all information necessary to demonstrate compliance with the obligations laid out in Article 28 of GDPR and this Schedule and allow for and contribute to audits, including inspections, conducted by the Client or another auditor mandated by the Client, provided that, in respect of this provision the Data Processor shall immediately inform the Client if, in its opinion, an instruction infringes Data Protection Laws, subject to clause 17.5.14;
- 17.5.9 - Taking into account the nature of the processing, provide assistance to the Client, within such timescales as the Client may be required from time to time, in connection with the fulfilment of the Client’s obligation as Data Controller to respond to requests for the exercise of data subjects’ right pursuant to Chapter III of the GDPR to the extent applicable, subject to clause 17.5.14;
- 17.5.10 - Provide the Client with assistance in ensuring compliance with articles 32 to 36 (inclusive) of the GDPR (concerning security of processing, data breach notification, communication of a personal data breach to the data subject, data protection impact assessments, and prior consultation with supervisory authorities) to the extent applicable to the Client, subject to clause 17.5.14 and taking into account the nature of the processing and the information available to the Data Processor;
- 17.5.11 - Immediately notify the Client in writing about;
- a - Any data breach of any accidental loss, disclosure or unauthorised access of which the Data Processor becomes aware in respect of Personal Data that it processes on behalf of the Client;
- b - Any request for disclosure of the Personal Data by a law enforcement authority (unless otherwise prohibited);
- c - Any access request or complaint received directly from a data subject (without responding other than to acknowledge receipt);
- 17.5.12 - Maintain a record of its processing activities in accordance with article 30 of the GDPR;
- 17.5.13 - The Data Processor shall, at the Client’s expense to be calculated based upon the Data Processor’s standard hourly charge out rates:
- a - Deal promptly and properly with all enquiries or requests from the Client relating to the Personal Data and the data processing actives, promptly provide to the Client in such form as the Client may request, as copy of any Personal data requested by the Customer; and
- b - Assist the Client (where requested by the Client) in connection with any regulatory or law enforcement authority or law enforcement or enforcement action in respect of the Personal Data.
17.6 - In respect of any Personal Data to be processed by a party acting as Data Processor pursuant to this Agreement for which the other party is Data Controller, the Data Processor shall not transfer the Personal Data outside the UK/EEA or to an internal organisation without:
- 17.6.1 - Obtaining the written permission of the Data Controller
- 17.6.2 - Ensuring appropriate levels of protection, including any appropriate safeguards if required, are in place for the Personal Data in accordance with the Data Protection Laws;
- 17.6.3 - Notifying the Data Controller of the protections and appropriate safeguard in paragraph 17.6.2 above; and
- 17.6.4 - Documenting and evidencing the protections and appropriate safeguards in paragraph 17.6.2 above and allowing the Data Controller access to any relevant documents and evidence.
17.7 - The following table sets out the details of processing as required by Article 28 of GDPR;
Details of processing activities:
Purposes of which the Personal Data shall be processed
|
Senior provides various web-based systems where forms are used to collect and store an amount of personal data that is core to enabling our Clients to deliver their core services
|
Description of the categories of the data subjects
|
Employers, Employees, Members, potential members, referees names and contact details, or individuals that sign up to receive information from our Clients
|
Description of transfers of Personal Data to a country outside of the UK/EEA
|
Senior’s systems, servers and data storage are based in secure environments in the EEU.
|
The envisaged time limits for erasure of the different categories of Personal Data
|
Following termination or expiry of a Client’s contract, personal Data held processed on behalf of the Customer’s may be returned to the Data Controller at its own option and cost. 30 days after termination or expiry of the agreement, all personal Data processed on behalf of the Customer shall be permanently deleted. Historical data stored on backup systems will be deleted within a 60 day cycle
|
General description of technical and organisational security measures
|
Data is transferred from Web system to database via SSL. Senior is working towards encrypting all data in databases at rest. Availability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and Process for regularly testing, assessing and evaluating the effectiveness or technical and organisational measures for ensuring the security of the processing
|
Authorised Sub-processors
|
Upon instruction from Client Senior passes personal name, email address data to other data processors (sub-processors); including but not restricted to; Microsoft Dynamics (River CRM), Om.net, other CRM providers (as instructed by client), Mailchimp; Campaign monitor; Pardot, Payment gateways (Sage Pay, WorldPay, PayPal), Go Cardless and Audis
|