Customer terms of service

Last updated 30th June, 2020

Back to Legal Center

THESE TERMS OF SERVICE (“TERMS”) CONSTITUTE A CONTRACT BETWEEN YOU AND CONSENT KIT AND GOVERN USE OF AND ACCESS TO THE SERVICE AND WEBSITE BY YOU, USERS, AND END-USERS WHETHER IN CONNECTION WITH A PAID SUBSCRIPTION TO THE SERVICE OR A FREE TRIAL OF THE SERVICE.

Agreement

1. Definitions

In this Agreement, except to the extent expressly provided otherwise:

“Account” means an account enabling a person to access and use the Hosted Services, including both administrator accounts and user accounts;

“Affiliate” means an entity that Controls, is Controlled by, or is under common Control with the relevant entity;

“Agreement” means this agreement including any Schedules, and any amendments to this Agreement from time to time;

“Business Day” means any weekday other than a bank or public holiday in England;

“Business Hours” means the hours of 09:00 to 17:00 GMT/BST on a Business Day;

“Change” means any change to this Agreement;

“Charges” means the following amounts:

  1. such amounts as may be agreed in writing by the parties from time to time; and
  2. amounts calculated by multiplying the Provider’s standard time-based charging rates (as notified by the Provider to the Customer before the date of this Agreement) by the time spent by the Provider’s personnel performing the Support Services (rounded down by the Provider to the nearest quarter hour);

“Confidential Information” means the Provider Confidential Information and the Customer Confidential Information;

“Control” means the legal power to control (directly or indirectly) the management of an entity (and “Controlled” should be construed accordingly);

“Consent Kit” means Consent Kit, Ltd, a company incorporated in England and Wales (registration number 11960970) having its registered office at Federation House. In these Terms, Consent Kit may also be referred to through the use of “We” or “Our.”

“Customer” Your organisation or institution. In these Terms, the Customer may also be referred to through the use of “You” or “Your.”

“Customer Confidential Information” means:

  1. any information disclosed by or on behalf of the Customer to the Provider at any time before the termination of this Agreement (whether disclosed in writing, orally or otherwise) that at the time of disclosure:
    1. was marked or described as “confidential”; or
    2. should have been reasonably understood by the Provider to be confidential; and
  2. the Customer Data;

“Customer Data” means all data, works and materials: uploaded to or stored on the Platform by the Customer; transmitted by the Platform at the instigation of the Customer; supplied by the Customer to the Provider for uploading to, transmission by or storage on the Platform; or generated by the Platform as a result of the use of the Hosted Services by the Customer (but excluding analytics data relating to the use of the Platform and server log files);

“Customer Indemnity Event” has the meaning given to it in Clause 14.3;

“Customer Personal Data” means any Personal Data that is processed by the Provider on behalf of the Customer in relation to this Agreement, but excluding personal data with respect to which the Provider is a data controller;

“Data Protection Laws” means all applicable laws relating to the processing of Personal Data including, while it is in force and applicable to Customer Personal Data, the General Data Protection Regulation (Regulation (EU) 2016/679);

“Documentation” means the documentation for the Hosted Services produced by the Provider and delivered or made available by the Provider to the Customer;

“Effective Date” means the first date on which the Customer commences the Subscription Term;

“End-User” means any person or entity other than Subscriber or User with whom Subscriber or its Users interact using the Service.

“Expenses” means the travel, accommodation and subsistence expenses that are reasonably necessary for, and incurred by the Provider exclusively in connection with, the performance of the Provider’s obligations under this Agreement;

“Force Majeure Event” means an event, or a series of related events, that is outside the reasonable control of the party affected (including failures of the internet or any public telecommunications network, hacker attacks, denial of service attacks, virus or other malicious software attacks or infections, power failures, industrial disputes affecting any third party, changes to the law, disasters, pandemics, explosions, fires, floods, riots, terrorist attacks and wars);

“Hosted Services” means app.consentkit.io, which will be made available by the Provider to the Customer as a service via the internet in accordance with this Agreement;

“Hosted Services Defect” means a defect, error or bug in the Platform having a material adverse effect on the appearance, operation, functionality or performance of the Hosted Services, but excluding any defect, error or bug caused by or arising as a result of:

  1. any act or omission of the Customer or any person authorised by the Customer to use the Platform or Hosted Services;
  2. any use of the Platform or Hosted Services contrary to the Documentation, whether by the Customer or by any person authorised by the Customer;
  3. a failure of the Customer to perform or observe any of its obligations in this Agreement; and/or
  4. an incompatibility between the Platform or Hosted Services and the Supported Web Browsers;

“Intellectual Property Rights” means all intellectual property rights wherever in the world, whether registrable or unregistrable, registered or unregistered, including any application or right of application for such rights (and these “intellectual property rights” include copyright and related rights, database rights, confidential information, trade secrets, know-how, business names, trade names, trade marks, service marks, passing off rights, unfair competition rights, patents, petty patents, utility models, semi-conductor topography rights and rights in designs);

“Order Form” means any Consent Kit generated service order form executed or approved by You with respect to Your subscription to the Service, which form may detail, among other things, the number of Users authorised to use the Service under Your subscription to the Service and the Service Plan applicable to Your subscription to the Service.

“Personal Data” has the meaning given to it in the Data Protection Laws applicable in the United Kingdom from time to time;

“Platform” means the platform managed by the Provider and used by the Provider to provide the Hosted Services, including the application and database software for the Hosted Services, the system and server software used to provide the Hosted Services, and the computer hardware on which that application, database, system and server software is installed;

“Provider Confidential Information” means:

  1. any information disclosed by or on behalf of the Provider to the Customer at any time before the termination of this Agreement (whether disclosed in writing, orally or otherwise) that at the time of disclosure was marked or described as “confidential” or should have been understood by the Customer (acting reasonably) to be confidential

“Provider Indemnity Event” has the meaning given to it in Clause 14.1;

“Schedule” means any schedule attached to the main body of this Agreement;

“Services” means any services that the Provider provides to the Customer, or has an obligation to provide to the Customer, under this Agreement;

“Service Plan(s)” means the packaged service plan(s) and the functionality and services associated therewith (as detailed on the Website applicable to the Service) for the Services to which You subscribe.

“Subscription Term” means the period during which You have agreed to subscribe to the Service with respect to any individual User.

“Support Services” means support in relation to the use of, and the identification and resolution of errors in, the Hosted Services, but shall not include the provision of training services;

“Supported Web Browser(s)” means the current release from time to time of Microsoft Edge, Mozilla Firefox, Google Chrome or Apple Safari, or any other web browser that the Provider agrees in writing shall be supported;

“Term” means the term of this Agreement, commencing in accordance with Clause 2.1 and ending in accordance with Clause 2.2;

“Third Party Services” means any hosted or cloud services provided by any third party that may transmit data to and/or from the Hosted Services;

“Update” means a hotfix, patch or minor version update to any Platform software; and

“Upgrade” means a major version upgrade of any Platform software.

“User” means an individual authorised to use a Service through Your Account as an administrator, member, contributor, and/or viewer as identified through a unique login.

2. Terms

2.1 This Agreement shall come into force upon the Effective Date.

2.2 This Agreement shall continue in force from the Effective Date, subject to termination in accordance with Clause 17 or any other provision of this Agreement.

2.3 If You register for a free trial for the Service, We will make the Service available to You on a trial basis free of charge until the earlier of

(a) the end of the free trial period for which You registered to use the Service;

(b) the start date of any subscription to the Service purchased by You for such Service; or

(c) termination of the trial by Us in our sole discretion.

Additional trial terms and conditions may appear on the trial registration web page. Any such additional terms and conditions are incorporated into these Terms by reference and are legally binding. Please review the applicable Documentation during the trial period so that You become familiar with the features and functions of the Services under applicable Service Plans before You make Your purchase.

3. Hosted Services

3.1 The Provider shall ensure that the Platform will, on the Effective Date, automatically generate an Account for the Customer and provide to the Customer login details for that Account.

3.2 The Provider hereby grants to the Customer a licence to use the Hosted Services by means of a Supported Web Browser for the internal business purposes of the Customer in accordance with the Documentation during the Term.

3.3 The licence granted by the Provider to the Customer under Clause 3.2 is subject to the following limitations:

(a) the Hosted Services may only be used by the officers, employees, agents and subcontractors of either the Customer or an Affiliate of the Customer;

3.4 Except to the extent expressly permitted in this Agreement or required by law on a non-excludable basis, the licence granted by the Provider to the Customer under Clause 3.2 is subject to the following prohibitions:

(a) the Customer must not sub-license its right to access and use the Hosted Services;

(b) the Customer must not permit any unauthorised person to access or use the Hosted Services;

(c) the Customer must not use the Hosted Services to provide services to third parties;

(d) the Customer must not republish or redistribute any content or material from the Hosted Services;

(e) the Customer must not make any alteration to the Platform, except as permitted by the Documentation; and

(f) the Customer must not conduct or request that any other person conduct any load testing or penetration testing on the Platform or Hosted Services without the prior written consent of the Provider.

3.5 The Customer shall use reasonable endeavours, including reasonable security measures relating to Account access details, to ensure that no unauthorised person may gain access to the Hosted Services using an Account.

3.6 The parties acknowledge and agree that Clause 4.1 shall govern the availability of the Hosted Services.

3.7 The Customer must comply with the Acceptable Use Policy, and must ensure that all persons using the Hosted Services with the authority of the Customer or by means of an administrator Account comply with the Acceptable Use Policy.

3.8 The Customer must not use the Hosted Services in any way that causes, or may cause, damage to the Hosted Services or Platform or impairment of the availability or accessibility of the Hosted Services.

3.9 The Customer must not use the Hosted Services:

(a) in any way that is unlawful, illegal, fraudulent or harmful; or

(b) in connection with any unlawful, illegal, fraudulent or harmful purpose or activity.

3.10 For the avoidance of doubt, the Customer has no right to access the software code (including object code, intermediate code and source code) of the Platform, either during or after the Term.

4. Customer Obligations

4.1 Save to the extent that the parties have agreed otherwise in writing, the Customer must provide to the Provider, or procure for the Provider, such:

(a) co-operation, support and advice; (b) information and documentation; and (c) governmental, legal and regulatory licences, consents and permits, as are reasonably necessary to enable the Provider to perform its obligations under this Agreement.

4.2 The Customer must provide to the Provider, or procure for the Provider, such access to the Customer’s computer hardware, software, networks and systems as may be reasonably required by the Provider to enable the Provider to perform its obligations under this Agreement.

5. Customer Data

5.1 The Customer hereby grants to the Provider a non-exclusive, non-transferable licence to copy, reproduce, store, distribute, publish, export, adapt, edit and translate the Customer Data (excluding any Customer Personal Data) to the extent reasonably required for the performance of the Provider’s obligations and the exercise of the Provider’s rights under this Agreement. The Customer also grants to the Provider the right to sub-license these rights to its hosting, connectivity and telecommunications service providers, subject to any express restrictions elsewhere in this Agreement.

5.2 The Customer warrants to the Provider that the Customer Data will not infringe the Intellectual Property Rights or other legal rights of any person, and will not breach the provisions of any law, statute or regulation, in any jurisdiction and under any applicable law.

5.3 The Provider shall create a back-up copy of the Customer Data at least daily, shall ensure that each such copy is sufficient to enable the Provider to restore the Hosted Services to the state they were in at the time the back-up was taken, and shall retain and securely store each such copy for a minimum period of 7 days.

5.4 Within the period of 1 Business Day following receipt of a written request from the Customer, the Provider shall use all reasonable endeavours to restore to the Platform the Customer Data stored in any back-up copy created and stored by the Provider in accordance with Clause 5.3. The Customer acknowledges that this process will overwrite the Customer Data stored on the Platform prior to the restoration.

6. Integrations with Third Party Services

6.1 The Hosted Services are integrated with those Third Party Services identified in the Data Processors policy as at the Effective Date. The Provider may integrate additional Third Party Services with the Hosted Services at any time.

6.2 The Provider may remove, suspend or limit any Third Party Services integration at any time in its sole discretion.

6.3 The supply of Third Party Services shall be under a separate contract or arrangement between the Customer and the relevant third party. The Provider does not contract to supply the Third Party Services and is not a party to any contract for, or otherwise responsible in respect of, the provision of any Third Party Services. Fees may be payable by the Customer to the relevant third party in respect of the use of Third Party Services.

6.4 The Customer acknowledges that:

(a) the integration of Third Party Services may entail the transfer of Customer Data from the Hosted Services to the relevant Third Party Services; and (b) the Provider has no control over, or responsibility in respect of, any disclosure, modification, deletion or other use of Customer Data resulting from any integration with any Third Party Services.

6.5 Without prejudice to its other obligations under this Clause 6, the Customer must ensure that it has in place the necessary contractual safeguards to ensure that both:

(a) the transfer of relevant Customer Personal Data to a provider of Third Party Services is lawful; and (b) the use of relevant Customer Personal Data by a provider of Third Party Services is lawful.

6.6 The Customer shall have the opportunity to consent to transfers of Customer Data to any Third Party Services operator. The Provider must ensure that such transfers shall not take place without the consent of the Customer.

6.7 The Customer hereby consents to the transfer of the Customer Data to the Third Party Services.

6.8 The use of some features of the Hosted Services may depend upon the Customer enabling and agreeing to integrations between the Hosted Services and Third Party Services.

6.9 The Customer warrants to the Provider that the transfer of Customer Data by the Provider to a provider of Third Party Services in accordance with this Clause 6 will not infringe any person’s legal or contractual rights and will not put the Provider in breach of any applicable laws.

6.10 Additional Charges may be payable by the Customer to the Provider in respect of a Third Party Services integration.

6.11 Save to the extent that the parties expressly agree otherwise in writing and subject to Clause 15.1:

(a) the Provider gives no warranties or representations in respect of any Third Party Services; and (b) the Provider shall not be liable to the Customer in respect of any loss or damage that may be caused by any Third Party Services or any provider of Third Party Services.

7. No assignment of Intellectual Property Rights

7.1 Nothing in this Agreement shall operate to assign or transfer any Intellectual Property Rights from the Provider to the Customer, or from the Customer to the Provider.

8. Representatives

8.1 The Provider shall ensure that all instructions given by the Provider in relation to the matters contemplated in this Agreement will be given by a Provider Representative to a Customer Representative, and the Customer:

(a) may treat all such instructions as the fully authorised instructions of the Provider; and (b) may decline to comply with any other instructions in relation to that subject matter.

8.2 The Customer shall ensure that all instructions given by the Customer in relation to the matters contemplated in this Agreement will be given by a Customer Representative to a Provider Representative, and the Provider:

(a) may treat all such instructions as the fully authorised instructions of the Customer; and (b) may decline to comply with any other instructions in relation to that subject matter.

9. Billing, plan modifications and payments

9.1 Unless otherwise indicated on a Form referencing these Terms and subject to Section

9.2, all charges associated with Your access to and use of the Service (“Subscription Charges”) are due in full upon commencement of Your Subscription Term. If You fail to pay Your Subscription Charges or charges for other services indicated on any Form referencing these Terms within five (5) business days of Our notice to You that payment is due or delinquent, or if You do not update payment information upon Our request, in addition to Our other remedies, We may suspend or terminate access to and use of the Service by You, Users and End-Users.

9.3 If You choose to upgrade Your Service Plan or increase the number of authorised Users during Your Subscription Term (a “Subscription Upgrade”), any incremental Subscription Charges associated with such Subscription Upgrade will be prorated over the remaining period of Your then-current Subscription Term, charged to Your Account and due and payable upon implementation of such Subscription Upgrade. In any future Subscription Term, Your Subscription Charges will reflect any such Subscription Upgrades.

9.4 No refunds or credits for Subscription Charges or other fees or payments will be provided to You if You elect to downgrade Your Service Plan. Downgrading Your Service Plan may cause loss of content, features, or capacity of the Service as available to You under Your Account, and Consent Kit does not accept any liability for such loss. Consent Kit reserves the right to contact You about special pricing if You maintain an exceptionally high number of Users, End-Users or other excessive stress on the Service.

9.5 Unless otherwise stated, Our charges do not include any taxes, levies, duties or similar governmental assessments, including value-added, sales, use or withholding taxes assessable by any local, state, provincial or foreign jurisdiction (collectively “Taxes”). You are responsible for paying Taxes except those assessable against Consent Kit based on its income. We will invoice You for such Taxes if We believe We have a legal obligation to do so and You agree to pay such Taxes if so invoiced.

9.6 If You pay by credit card, the Service provides an interface for the account owner to change credit card information (e.g. upon card renewal). The Account owner will receive a receipt upon each receipt of payment by Consent Kit, or they may obtain a receipt from within the Service to track subscription status. You hereby authorise Consent Kit to bill Your credit card or another payment instrument in advance on a periodic basis in accordance with the terms of the Service Plan until you terminate your Subscription, and you further agree to pay any Subscription Charges so incurred. Consent Kit uses a third-party intermediary to manage credit card processing and this intermediary is not permitted to store, retain or use Your billing information except to process Your credit card information for Consent Kit.

10. Confidentiality obligations

10.1 The Provider must:

(a) keep the Customer Confidential Information strictly confidential;

(b) not disclose the Customer Confidential Information to any person without the Customer’s prior written consent, and then only under conditions of confidentiality approved in writing by the Customer;

(c) use the same degree of care to protect the confidentiality of the Customer Confidential Information as the Provider uses to protect the Provider’s own confidential information of a similar nature, being at least a reasonable degree of care;

(d) act in good faith at all times in relation to the Customer Confidential Information; and

(e) not use any of the Customer Confidential Information for any purpose other than the provision of Hosted Services.

10.2 The Customer must:

(a) keep the Provider Confidential Information strictly confidential;

(b) not disclose the Provider Confidential Information to any person without the Provider’s prior written consent, and then only under conditions of confidentiality approved in writing by the Provider;

(c) use the same degree of care to protect the confidentiality of the Provider Confidential Information as the Customer uses to protect the Customer’s own confidential information of a similar nature, being at least a reasonable degree of care;

(d) act in good faith at all times in relation to the Provider Confidential Information; and

(e) not use any of the Provider Confidential Information for any purpose other than the use of Hosted Services.

10.3 Notwithstanding Clauses 10.1 and 10.2, a party’s Confidential Information may be disclosed by the other party to that other party’s officers, employees, professional advisers, insurers, agents and subcontractors who have a need to access the Confidential Information that is disclosed for the performance of their work with respect to this Agreement and who are bound by a written agreement or professional obligation to protect the confidentiality of the Confidential Information that is disclosed.

10.4 No obligations are imposed by this Clause 11 with respect to a party’s Confidential Information if that Confidential Information:

(a) is known to the other party before disclosure under this Agreement and is not subject to any other obligation of confidentiality;

(b) is or becomes publicly known through no act or default of the other party; or

(c) is obtained by the other party from a third party in circumstances where the other party has no reason to believe that there has been a breach of an obligation of confidentiality.

10.5 The restrictions in this Clause 11 do not apply to the extent that any Confidential Information is required to be disclosed by any law or regulation, by any judicial or governmental order or request, or pursuant to disclosure requirements relating to the listing of the stock of either party on any recognised stock exchange.

10.6 Upon the termination of this Agreement, each party must immediately cease to use the other party’s Confidential Information.

10.7 Following the termination of this Agreement, and within 5 Business Days following the date of receipt of a written request from the other party, the relevant party must destroy or return to the other party (at the other party’s option) all media containing the other party’s Confidential Information, and must irrevocably delete the other party’s Confidential Information from its computer systems.

10.8 The provisions of this Clause 11 shall continue in force for a period of 5 years following the termination of this Agreement, at the end of which period they will cease to have effect.

11. Data protection

11.1 Each party shall comply with the Data Protection Laws with respect to the processing of the Customer Personal Data.

11.2 The Customer warrants to the Provider that it has the legal right to disclose all Personal Data that it does in fact disclose to the Provider under or in connection with this Agreement.

11.3 The Customer shall only supply to the Provider, and the Provider shall only process, in each case under or in relation to this Agreement:

(a) the Personal Data of data subjects falling within the categories specified in the Data Subprocessors policy; and

(b) Personal Data of the types specified in the Data Subprocessors policy.

11.4 The Provider shall only process the Customer Personal Data for the purposes specified in the Data Subprocessors policy.

11.5 The Provider shall only process the Customer Personal Data during the Term and for not more than 30 days following the end of the Term, subject to the other provisions of this Clause 11.

11.6 The Provider shall only process the Customer Personal Data on the documented instructions of the Customer (including with regard to transfers of the Customer Personal Data to any place outside the European Economic Area), as set out in this Agreement or any other document agreed by the parties in writing.

11.7 The Customer hereby authorises the Provider to make the following transfers of Customer Personal Data:

(a) the Provider may transfer the Customer Personal Data internally to its own employees, offices and facilities in England and the European Union, providing that such transfers must be protected by appropriate safeguards, namely encrypted HTTPS traffic using TLS v1.2 and emails encrypted TLS;

(b) the Provider may transfer the Customer Personal Data to its sub-processors in the jurisdictions identified in the Data Subprocessors policy, providing that such transfers must be protected by any appropriate safeguards identified therein; and

(c) the Provider may transfer the Customer Personal Data to a country, a territory or sector to the extent that the European Commission has decided that the country, territory or sector ensures an adequate level of protection for Personal Data.

11.8 The Provider shall promptly inform the Customer if, in the opinion of the Provider, an instruction of the Customer relating to the processing of the Customer Personal Data infringes the Data Protection Laws.

11.9 Notwithstanding any other provision of this Agreement, the Provider may process the Customer Personal Data if and to the extent that the Provider is required to do so by applicable law. In such a case, the Provider shall inform the Customer of the legal requirement before processing, unless that law prohibits such information on important grounds of public interest.

11.10 The Provider shall ensure that persons authorised to process the Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

11.11 The Provider and the Customer shall each implement appropriate technical and organisational measures to ensure an appropriate level of security for the Customer Personal Data, including those measures specified in the Data Subprocessors policy.

11.12 The Provider must not engage any third party to process the Customer Personal Data without the prior specific or general written authorisation of the Customer. In the case of a general written authorisation, the Provider shall inform the Customer at least 14 days in advance of any intended changes concerning the addition or replacement of any third party processor, and if the Customer objects to any such changes before their implementation, then the Customer may terminate this Agreement on 7 days’ written notice to the Provider, providing that such notice must be given within the period of 7 days following the date that the Provider informed the Customer of the intended changes. The Provider shall ensure that each third party processor is subject to equivalent legal obligations as those imposed on the Provider by this Clause 11.

11.13 As at the Effective Date, the Provider is hereby authorised by the Customer to engage, as sub-processors with respect to Customer Personal Data, the third parties identified in the Data Subprocessors policy.

11.14 The Provider shall, insofar as possible and taking into account the nature of the processing, take appropriate technical and organisational measures to assist the Customer with the fulfilment of the Customer’s obligation to respond to requests exercising a data subject’s rights under the Data Protection Laws.

11.15 The Provider shall assist the Customer in ensuring compliance with the obligations relating to the security of processing of personal data, the notification of personal data breaches to the supervisory authority, the communication of personal data breaches to the data subject, data protection impact assessments and prior consultation in relation to high-risk processing under the Data Protection Laws. The Provider may charge the Customer for any work performed by the Provider at the request of the Customer pursuant to this Clause 11.14.

11.16 The Provider must notify the Customer of any Personal Data breach affecting the Customer Personal Data without undue delay and, in any case, not later than 24 hours after the Provider becomes aware of the breach.

11.17 The Provider shall make available to the Customer all information necessary to demonstrate the compliance of the Provider with its obligations under this Clause 12 and the Data Protection Laws. The Provider may charge the Customer for any work performed by the Provider at the request of the Customer pursuant to this Clause 11.17, providing that no such charges shall be levied with respect to the completion by the Provider (at the reasonable request of the Customer, not more than once per calendar year) of the standard information security questionnaire of the Customer.

11.18 The Provider shall, at the choice of the Customer, delete or return all of the Customer Personal Data to the Customer after the provision of services relating to the processing, and shall delete existing copies save to the extent that applicable law requires storage of the relevant Personal Data.

11.19 The Provider shall allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer in respect of the compliance of the Provider’s processing of Customer Personal Data with the Data Protection Laws and this Clause 11. The Provider may charge the Customer for any work performed by the Provider at the request of the Customer pursuant to this Clause 11.19, providing that no such charges shall be levied where the request to perform the work arises out of any breach by the Provider of this Agreement or any security breach affecting the systems of the Provider.

11.20 If any changes or prospective changes to the Data Protection Laws result or will result in one or both parties not complying with the Data Protection Laws in relation to processing of Personal Data carried out under this Agreement, then the parties shall use their best endeavours promptly to agree such variations to this Agreement as may be necessary to remedy such non-compliance.

12. Warranties

12.1 The Provider warrants to the Customer that:

(a) the Provider has the legal right and authority to enter into this Agreement and to perform its obligations under this Agreement;

(b) the Provider will comply with all applicable legal and regulatory requirements applying to the exercise of the Provider’s rights and the fulfilment of the Provider’s obligations under this Agreement; and

(c) the Provider has or has access to all necessary know-how, expertise and experience to perform its obligations under this Agreement.

12.2 The Provider warrants to the Customer that:

(a) the Hosted Services will be free from Hosted Services Defects;

(b) the application of Updates and Upgrades to the Platform by the Provider will not introduce any Hosted Services Defects into the Hosted Services;

(c) the Platform will be free from viruses, worms, Trojan horses, ransomware, spyware, adware and other malicious software programs; and

(d) the Platform will incorporate security features reflecting the requirements of good industry practice.

12.3 The Provider warrants to the Customer that the Hosted Services, when used by the Customer in accordance with this Agreement, will not breach any laws, statutes or regulations applicable under English law.

12.4 The Provider warrants to the Customer that the Hosted Services, when used by the Customer in accordance with this Agreement, will not infringe the Intellectual Property Rights of any person in any jurisdiction and under any applicable law.

12.5 If the Provider reasonably determines, or any third party alleges, that the use of the Hosted Services by the Customer in accordance with this Agreement infringes any person’s Intellectual Property Rights, the Provider may at its own cost and expense:

(a) modify the Hosted Services in such a way that they no longer infringe the relevant Intellectual Property Rights; or

(b) procure for the Customer the right to use the Hosted Services in accordance with this Agreement.

12.6 The Customer warrants to the Provider that it has the legal right and authority to enter into this Agreement and to perform its obligations under this Agreement.

12.7 All of the parties’ warranties and representations in respect of the subject matter of this Agreement are expressly set out in this Agreement. To the maximum extent permitted by applicable law, no other warranties or representations concerning the subject matter of this Agreement will be implied into this Agreement or any related contract.

13. Acknowledgements and warranty limitations

13.1 The Customer acknowledges that complex software is never wholly free from defects, errors and bugs; and subject to the other provisions of this Agreement, the Provider gives no warranty or representation that the Hosted Services will be wholly free from defects, errors and bugs.

13.2 The Customer acknowledges that complex software is never entirely free from security vulnerabilities; and subject to the other provisions of this Agreement, the Provider gives no warranty or representation that the Hosted Services will be entirely secure.

13.3 The Customer acknowledges that the Hosted Services are designed to be compatible only with the Supported Web Browsers; and the Provider does not warrant or represent that the Hosted Services will be compatible with any other software or systems.

13.4 The Customer acknowledges that the Provider will not provide any legal, financial, accountancy or taxation advice under this Agreement or in relation to the Hosted Services; and, except to the extent expressly provided otherwise in this Agreement, the Provider does not warrant or represent that the Hosted Services or the use of the Hosted Services by the Customer will not give rise to any legal liability on the part of the Customer or any other person.

14. Indemnities

14.1 The Provider shall indemnify and shall keep indemnified the Customer against any and all liabilities, damages, losses, costs and expenses (including legal expenses and amounts reasonably paid in settlement of legal claims) suffered or incurred by the Customer and arising directly or indirectly as a result of any breach by the Provider of this Agreement (a “Provider Indemnity Event”).

14.2 The Customer must:

(a) upon becoming aware of an actual or potential Provider Indemnity Event, notify the Provider;

(b) provide to the Provider all such assistance as may be reasonably requested by the Provider in relation to the Provider Indemnity Event;

(c) allow the Provider the exclusive conduct of all disputes, proceedings, negotiations and settlements with third parties relating to the Provider Indemnity Event; and

(d) not admit liability to any third party in connection with the Provider Indemnity Event or settle any disputes or proceedings involving a third party and relating to the Provider Indemnity Event without the prior written consent of the Provider, and the Provider’s obligation to indemnify the Customer under Clause 14.1 shall not apply unless the Customer complies with the requirements of this Clause 14.2.

14.3 The Customer shall indemnify and shall keep indemnified the Provider against any appropriate third party liabilities, damages, losses, costs and expenses (including legal expenses and amounts reasonably paid in settlement of legal claims) suffered or incurred by the Provider and arising directly or indirectly as a result of any breach by the Customer of this Agreement (a “Customer Indemnity Event”).

14.4 The Provider must:

(a) upon becoming aware of an actual or potential Customer Indemnity Event, notify the Customer;

(b) provide to the Customer all such assistance as may be reasonably requested by the Customer in relation to the Customer Indemnity Event;

(c) allow the Customer the exclusive conduct of all disputes, proceedings, negotiations and settlements with third parties relating to the Customer Indemnity Event; and

(d) not admit liability to any third party in connection with the Customer Indemnity Event or settle any disputes or proceedings involving a third party and relating to the Customer Indemnity Event without the prior written consent of the Customer, and the Customer’s obligation to indemnify the Provider under Clause 14.3 shall not apply unless the Provider complies with the requirements of this Clause 14.4.

14.5 The indemnity protection set out in this Clause 15 shall be subject to the limitations and exclusions of liability set out in this Agreement.

15. Limitations and exclusions of liability

15.1 Nothing in this Agreement will:

(a) limit or exclude any liability for death or personal injury resulting from negligence;

(b) limit or exclude any liability for fraud or fraudulent misrepresentation;

(c) limit any liabilities in any way that is not permitted under applicable law; or

(d) exclude any liabilities that may not be excluded under applicable law.

15.2 The limitations and exclusions of liability set out in this Clause 16 and elsewhere in this Agreement:

(a) are subject to Clause 15.1; and

(b) govern all liabilities arising under this Agreement or relating to the subject matter of this Agreement, including liabilities arising in contract, in tort (including negligence) and for breach of statutory duty, except to the extent expressly provided otherwise in this Agreement.

15.3 Neither party shall be liable to the other party in respect of any losses arising out of a Force Majeure Event.

15.4 Neither party shall be liable to the other party in respect of any loss of profits or anticipated savings.

15.5 Neither party shall be liable to the other party in respect of any loss of revenue or income.

15.6 Neither party shall be liable to the other party in respect of any loss of use or production.

15.7 Neither party shall be liable to the other party in respect of any loss of business, contracts or opportunities.

15.8 Neither party shall be liable to the other party in respect of any loss or corruption of any data, database or software; providing that this Clause 15.8 shall not protect the Provider unless the Provider has fully complied with its obligations under Clause 5.3 and Clause 5.4.

15.9 Neither party shall be liable to the other party in respect of any special, indirect or consequential loss or damage.

15.10 The liability of each party to the other party under this Agreement in respect of any event or series of related events shall not exceed the greater of:

(a) £10,000 GBP; and

(b) the total amount paid and payable by the Customer to the Provider under this Agreement in the 12 month period preceding the commencement of the event or events.

15.11 The aggregate liability of the Provider to the Customer under this Agreement in respect of any breach of confidentiality and Data Protection obligations shall not exceed the greater of:

(a) £10,000 GBP; or

(b) any damages, penalties or fines issued by a relevant authority.

In the case of the Customer, the aggregate liability in respect of confidentiality and Data Protection obligations shall not exceed the total amount paid and payable by the Customer to the Provider under this Agreement in the 12 month period preceding the commencement of the event or events.

16. Force Majeure Event

16.1 If a Force Majeure Event gives rise to a failure or delay in either party performing any obligation under this Agreement (other than any obligation to make a payment), that obligation will be suspended for the duration of the Force Majeure Event.

16.2 A party that becomes aware of a Force Majeure Event which gives rise to, or which is likely to give rise to, any failure or delay in that party performing any obligation under this Agreement, must:

(a) promptly notify the other; and

(b) inform the other of the period for which it is estimated that such failure or delay will continue.

16.3 A party whose performance of its obligations under this Agreement is affected by a Force Majeure Event must take reasonable steps to mitigate the effects of the Force Majeure Event.

17. Cancellation and Termination

17.1 Either You or Consent Kit may elect to terminate Your Account and subscription to the Service as of the end of your then-current Subscription Term by providing notice, in accordance with these Terms, on or prior to the date thirty (30) days preceding the end of such Subscription Term. Unless Your Account and subscription to the Service is so terminated, Your subscription to the Service will renew for a Subscription Term equivalent in length to the then expiring Subscription Term. Unless otherwise provided for in any Form, the Subscription Charges applicable to Your subscription to the Service for any such subsequent Subscription Term shall be Our standard Subscription Charges for the Service Plan to which You have subscribed as of the time such subsequent Subscription Term commences.

17.2 No refunds or credits for Subscription Charges or other fees or payments will be provided to You if You elect to terminate Your subscription to the Service or cancel Your Account prior to the end of Your then effective Subscription Term. Following the termination or cancellation of Your subscription to the Service and/or Account, We reserve the right to delete all Your Data in the normal course of operation. Your Data cannot be recovered once Your Account is cancelled.

17.3 If You terminate Your subscription to the Service or cancel Your Account prior to the end of Your then effective Subscription Term or We effect such termination or cancellation pursuant to Clause 17.5(c) or 17.4, in addition to other amounts You may owe Consent Kit, You must immediately pay any then unpaid Subscription Charges associated with the remainder of such Subscription Term. This amount will not be payable by You in the event You terminate Your subscription to the Service or cancel Your Account as a result of a material breach of these Terms by Consent Kit, provided that You provide advance notice of such breach to Consent Kit and afford Consent Kit not less than thirty (30) days to reasonably cure such breach.

17.4 Consent Kit reserves the right to modify, suspend or terminate the Service (or any part thereof), Your Account or Your and/or Users’ and/or End-Users’ rights to access and use the Service, and remove, disable and discard any of Your Data if We believe that You, Users or End-Users have violated these Terms. Unless legally prohibited from doing so, Consent Kit will use commercially reasonable efforts to contact You directly via email to notify You when taking any of the foregoing actions. Consent Kit shall not be liable to You, Users, End-Users or any other third party for any such modification, suspension or discontinuation of Your rights to access and use the Service. Any suspected fraudulent, abusive, or illegal activity by You, Users or End-Users may be referred to law enforcement authorities at Our sole discretion.

17.5 In addition to Our rights as set forth in this Agreement, Consent Kit reserves the right, in Consent Kit’s reasonable discretion, to temporarily suspend Your access to and use of the Service:

(a) during planned downtime for upgrades and maintenance to the Service (of which Consent Kit will use commercially reasonable efforts to notify You in advance both through Our forum page and a notice to Your Account owner and Users) (“Planned Downtime”);

(b) during any unavailability caused by circumstances beyond Our reasonable control, such as, but not limited to, acts of God, acts of government, acts of terror or civil unrest, pandemic, technical failures beyond Our reasonable control (including, without limitation, inability to access the Internet), or acts undertaken by third parties, including without limitation, distributed denial of service attacks; or

(c) if We suspect or detect any Malicious Software connected to Your Account or use of the Service by You, Users or End-Users. We will use commercially reasonable efforts to schedule Planned Downtime for weekends (GMT/BST time zone) and other off-peak hours.

19. Effects of termination

19.1 Upon the termination of this Agreement, all of the provisions of this Agreement shall cease to have effect, save that the following provisions of this Agreement shall survive and continue to have effect (in accordance with their express terms or otherwise indefinitely): Clauses 1, 3.10, 6.11, 9.2, 9.4, 9.5, 11, 11.1, 11.3, 11.4, 11.5, 11.6, 11.7, 11.8, 11.9, 11.10, 11.11, 11.12, 11.13, 11.14, 11.15, 11.16, 11.17, 11.18, 11.19, 11.20, 15, 16, 19, 20, 23, 24, 25, 26, 27, 28, 29 and 30.

19.2 Except to the extent that this Agreement expressly provides otherwise, the termination of this Agreement shall not affect the accrued rights of either party.

19.3 Within 30 days following the termination of this Agreement for any reason:

(a) the Customer must pay to the Provider any Charges in respect of Services provided to the Customer before the termination of this Agreement; and

(b) the Provider must refund to the Customer any Charges paid by the Customer to the Provider in respect of Services that were to be provided to the Customer after the termination of this Agreement, without prejudice to the parties’ other legal rights.

20. Non-solicitation of personnel

20.1 Either Party must not, without the prior written consent of the other Party, either during the Term or within the period of 6 months following the end of the Term, engage, employ or solicit for engagement or employment any employee or subcontractor of the Provider who has been involved in any way in the negotiation or performance of this Agreement (other than by way of general advertisement).

21. Notices

21.1 Any notice given under this Agreement must be in writing, whether or not described as “written notice” in this Agreement.

21.2 Any notice given by the Customer to the Provider under this Agreement must be:

(a) delivered personally;

(b) sent by courier;

(c) sent by recorded signed-for post;

(d) sent by email;

21.3 Any notice given by the Provider to the Customer under this Agreement must be:

(a) delivered personally;

(b) sent by courier;

(c) sent by recorded signed-for post;

(d) sent by email;

21.4 A party receiving from the other party a notice by email must acknowledge receipt by email promptly, and in any event within 2 Business Days following receipt of the notice.

21.5 A notice will be deemed to have been received at the relevant time set out below or, where such time is not within Business Hours, when Business Hours next begin after the relevant time set out below:

(a) in the case of notices delivered personally, upon delivery;

(b) in the case of notices sent by courier, upon delivery;

(c) in the case of notices sent by post, 48 hours after posting;

(d) at the time of the sending of the email (providing that the sending party retains written evidence that the email has been sent); and

(e) in the case of notices submitted using an online contractual notification facility, upon the submission of the notice form.

22. Subcontracting

22.1 Subject to any express restrictions elsewhere in this Agreement, the Provider may subcontract any of its obligations under this Agreement, providing that the Provider must give to the Customer, promptly following the appointment of a subcontractor, a written notice specifying the subcontracted obligations and identifying the subcontractor in question.

22.2 The Provider shall remain responsible to the Customer for the performance of any subcontracted obligations.

22.3 Notwithstanding the provisions of this Clause 22 but subject to any other provision of this Agreement, the Customer acknowledges and agrees that the Provider may subcontract to any reputable third party hosting business the hosting of the Platform and the provision of services in relation to the support and maintenance of elements of the Platform.

23. Assignment

23.1 The Customer hereby agrees that the Provider may assign, transfer or otherwise deal with the Provider’s contractual rights and obligations under this Agreement.

23.2 The Provider hereby agrees that the Customer may assign, transfer or otherwise deal with the Customer’s contractual rights and obligations under this Agreement.

24. No waivers

24.1 No breach of any provision of this Agreement will be waived except with the express written consent of the party not in breach.

24.2 No waiver of any breach of any provision of this Agreement shall be construed as a further or continuing waiver of any other breach of that provision or any breach of any other provision of this Agreement.

25. Severability

25.1 If a provision of this Agreement is determined by any court or other competent authority to be unlawful and/or unenforceable, the other provisions will continue in effect.

25.2 If any unlawful and/or unenforceable provision of this Agreement would be lawful or enforceable if part of it were deleted, that part will be deemed to be deleted, and the rest of the provision will continue in effect.

26. Third party rights

26.1 This Agreement is for the benefit of the parties, and is not intended to benefit or be enforceable by any third party.

26.2 The exercise of the parties’ rights under this Agreement is not subject to the consent of any third party.

27. Variation

27.1 This Agreement may not be varied except by means of a written document signed by or on behalf of each party.

28. Entire agreement

28.1 The main body of this Agreement and the Schedules shall constitute the entire agreement between the parties in relation to the subject matter of this Agreement, and shall supersede all previous agreements, arrangements and understandings between the parties in respect of that subject matter.

28.2 Neither party will have any remedy in respect of any misrepresentation (whether written or oral) made to it upon which it relied in entering into this Agreement.

28.3 The provisions of this Clause 28 are subject to Clause 28.1.

29. Law and jurisdiction

29.1 This Agreement shall be governed by and construed in accordance with English law.

29.2 Any disputes relating to this Agreement shall be subject to the exclusive jurisdiction of the courts of England and Wales.

30. Interpretation

30.1 In this Agreement, a reference to a statute or statutory provision includes a reference to:

(a) that statute or statutory provision as modified, consolidated and/or re-enacted from time to time; and

(b) any subordinate legislation made under that statute or statutory provision.

30.2 The Clause headings do not affect the interpretation of this Agreement.

30.3 References in this Agreement to “calendar months” are to the 12 named periods (January, February and so on) into which a year is divided.

30.4 In this Agreement, general words shall not be given a restrictive interpretation by reason of being preceded or followed by words indicating a particular class of acts, matters or things.