Geschäftsbedingungen

CakeHR Terms & Conditions

These Terms govern the use of the Platform provided by HR Bakery Limited t/a CakeHR (registered company no. 09411353) of 62 Stakes Road Purbrook, Waterlooville, Hampshire, England, PO7 5NT (“CakeHR”) and are an agreement between you and CakeHR.

By signing an Order as part of the ordering process and/or your installation or use of the Platform, you agree to the following Terms governing your use of our Platform. If you are entering into these Terms on behalf of a company or other legal entity, you represent that you have the authority to bind such entity to these Terms. If you do not have such authority, or if you do not agree with these Terms, you must not use our Platform.

We may update these Terms at any time, and the most recent version can be accessed on the terms and conditions page of our website accessible via https://cake.hr/terms-and-conditions. We will make reasonable efforts to communicate any changes to you via a notification in the Platform or by sending an email to your billing contact, but it is up to you to ensure that you regularly check, read, understand and agree to the most recent version of these Terms as you will be deemed to accept all updates if you continue to access and use the Platform.

These Terms were updated on June 23, 2020.

1. DEFINITIONS

1.1 In these Terms, the following words shall have the following meanings:

“Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with, the subject entity, where “control” is the direct or indirect ownership or control of at least a majority of the voting rights in the entity, or otherwise the power to direct the management and policies of the entity. An entity is an Affiliate only so long as such control continues;

“Business Day” means a day other than a Saturday, Sunday or public holiday in England when banks in London are open for business;

“Business Hours” means 9:00 to 17:00 GMT (inclusive) on any Business Day;

“Commencement Date” means the earlier of the date on which we provide Professional Services to you or the date on which you commence operational use of the Platform provided to you from time to time (including the start date of any Trial Period);

“Confidential Information” has the meaning given to it in clause 10.1;

“Content” means any information, data (including personal data) and/or material uploaded into the Platform by you, your employees, your Affiliates, Users and/or representatives, or by us on your behalf, including (without limitation) any text or images;

“Data Protection Addendum” means the applicable data protection addendum attached hereto as Schedule 1 and Schedule 2. The data protection addendum attached at Schedule 1 shall automatically apply, except in those circumstances expressly set out in Schedule 2 in which case the data protection addendum in Schedule 2 shall apply;

“Data Protection Laws” has the meaning set forth in the applicable Data Protection Addendum;

“Discloser” has the meaning given to it in clause 10.1;

“Documentation” means the user guides, specifications, instructions and manuals relating to the use of the Platform that we may make made available to you from time to time;

“Feedback” has the meaning given to it in clause 7.3;

“Force Majeure Event” has the meaning given to it in clause 12.1;

“Initial Term” means a period of one (1) month or such other period set out in the Order from (and including) the Commencement Date which will on expiry automatically renew for the Renewal Term, unless terminated in accordance with these Terms;

“Intellectual Property Rights” means rights recognised by any jurisdiction with respect to intellectual work product, such as patent rights (including priority rights), design rights, copyrights and related rights (including moral rights), mask work rights, trade marks, service marks, domain name rights, database rights, patents, trade secrets, know-how, rights in confidential information and all other intellectual property rights, in each case whether registered or unregistered and including all applications (or rights to apply) for and renewals and extensions of, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world;

“Licence Fee” means the monthly, quarterly or annual licence fee payable by you for your access to and use of the Platform, as detailed on our website, Welcome/Logon information email and/or in any applicable Order which shall be stated exclusive of VAT as may be amended by us from time to time;

“Mobile Application” means the CakeHR application that we have developed for use on mobile phones which allows you and your Users to use the Platform in accordance with these Terms;

“Order” means an ordering document (such as a licence order or a work order) executed by you and us for subscription to the Platform and/or, if applicable, for the provision of Professional Services by us in our sole discretion;

“Party” means you and us, together the “Parties” ;

“personal data” has the meaning set forth in the applicable Data Protection Addendum;

“Platform” means the online platform upon which we host the service solutions, the Mobile Application and any other software and/or services that you procure from us under these Terms;

“Professional Services” means the professional services we and/or a Third-Party Provider acting on our behalf may provide to you from time to time, including but not being limited to consulting, training, development and/or implementation services;

“Recipient” has the meaning given to it in clause 10.1;

“Renewal Term” means a period of one (1) month or such other period set out in the Order automatically beginning from the date of expiry of the Initial Term and/or each subsequent Renewal Term, unless terminated in accordance with these Terms;

“Retention Period” has the meaning given to it in clause 9.6;

“Special Conditions” means the terms and conditions specified in the Order specifying any special terms and conditions which apply to that Order, and which override these Terms to the extent of any inconsistency in relation to that Order only;

“Term” means the period from (and including) the Commencement Date until your subscription licence to access and use the Platform is terminated in accordance with these Terms, including the Initial Term and any subsequent Renewal Term(s);

“Terms” means these terms and conditions, and any attachments, exhibits, annexes and Schedules hereto, and any applicable Order;

“Third-Party Services” means any product (e.g. software, cloud services, or forms), tool (e.g. integration or development tools) or service (e.g. implementation, configuration, development or accounting) including but not being limited to Professional Services, provided to you by a party other than us (a “Third-Party Provider”);

“Trial” has the meaning given to it in clause 2.1;

“Trial Period” means an initial period as set out in your Welcome/Logon information email, Order or as otherwise agreed between the Parties provided to you on your registration to use the Platform;

“us”, “we”, “our” means HR Bakery Limited t/a CakeHR (registered company no. 09411353) of 62 Stakes Road, Purbrook, Waterlooville, Hampshire, England, PO7 5NT;

“Usage Data” has the meaning given to it in clause 7.4;

“User” means a named individual authorised by you to use the Platform, for whom you have purchased a subscription, and who has been supplied with user credentials for the Platform by you or by us at your request;

“VAT”: any value added tax or sales tax applicable in a country in which the Platform is provided; and

“your” or “you” means the person accepting these Terms and/or signing the Order, provided that if such acceptance is on behalf of a company or other legal entity then: (i) the representative represents that they have the authority to bind such entity to these Terms; and (ii) “you” and “your” refers to such entity and, to the extent any of your Affiliates use the Platform, such Affiliates.

1.2 The Schedules form part of these Terms and shall have effect as if set out in full in the body of these Terms. Any reference to these Terms includes the Schedules, appendices, annexes, attachments and exhibits (if any).

1.3 A reference to a statute, statutory provision or subordinate legislation is a reference to it as it is in force from time to time, taking account of any amendment or re-enactment and includes any statute, statutory provision or subordinate legislation which it amends or re-enacts.

1.4 All references in these Terms to the singular shall mean the plural and vice versa, all references to persons shall include bodies corporate and other legal personae and vice versa, and all references to the masculine shall include the feminine and neutral and vice versa.

1.5 References to any party shall include that party’s personal representatives, successors and permitted assigns.

1.6 Headings are for convenience only and may not be used in interpretation.

1.7 Any words following the terms “including”, “include”, “in particular”, “for example” or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.

1.8 In the event and to the extent of any conflict or inconsistency between the clauses of these Terms and the Schedules and/or any annexures to the Schedules, then unless expressly stated otherwise, the conflict or inconsistency shall be resolved in accordance with the following descending order of precedence (from high priority to low priority);

1.8.1 the Special Conditions;
1.8.2 these Terms;
1.8.3 any Schedules to these Terms; and
1.8.4 any annexures to such Schedules.

2. TRIALS

2.1 From time to time, we may in our sole discretion offer trials to use the Platform for a Trial Period without payment of a Licence Fee or for a reduced rate Licence Fee (a “Trial” ). Any use of the Platform during a Trial shall be subject to these Terms to the extent applicable.

2.2 We may in our sole discretion determine your eligibility for a Trial and withdraw or modify a Trial at any time without prior notice and with no liability, to the maximum extent permitted by applicable law.

2.3 For some Trials we may require you to provide your payment details to start the Trial. By providing such details you agree that we may automatically begin charging you the Licence Fee on the first day immediately following the end of the Trial Period on a recurring basis. If you do not want to continue to use the Platform following any Trial Period, you must provide prior written notice to us by contacting [email protected]

2.4 We may in our sole discretion make available special price deals, discounts, free periods, promotional offers and other incentives in respect of the Licence Fees payable in relation to use of the Platform from time to time. Any such promotional offers will be subject to these Terms and we reserve the right to withdraw or cease to offer any special price deals, discounts, free periods, promotional offers and other incentives at any time without notice to you.

3. OUR OBLIGATIONS AND AVAILABILITY OF THE PLATFORM

3.1 For the duration of any Trial Period, we grant you a limited-term, non-exclusive, non-transferable, non-sublicensable licence for you to access and use (for you and your Affiliates’ own internal business purposes only) of the Platform so that you can evaluate whether you would like to subscribe to use and access the Platform. We may monitor your usage of the Platform during the Trial Period.

3.2 Following expiry of the Trial Period, we agree to provide to you a limited-term, non-exclusive, non-transferable, non-sublicensable licence for you to access and use (for you and your Affiliates’ own internal business purposes only) the Platform for the Term, subject to these Terms and your continued payment of the Licence Fee. Your subscription licence to use the Platform granted in accordance with this clause 3.2 includes onboarding support, which will be provided by us using a series of feature focused emails. You will also have access to our general support resources including knowledgebases, learning sites, communities and direct support as may be provided from time to time at our absolute discretion.

3.3 Unless otherwise agreed by us, licences to use the Platform are purchased as time-based subscriptions. Each User must have a valid subscription for the Platform. User subscriptions are for named Users and cannot be shared with other person(s) but may be reassigned to new named Users from Users who you notify to us in writing have ceased using the Platform. We reserve the right to monitor your and your Users’ use of the Platform to effect these Terms and/or verify compliance with any subscription limits and/or these Terms.

3.4 In the event that your use of the Platform interferes with or disrupts the integrity, security, availability or performance of the Platform, we may modify or temporarily restrict or suspend your use of the Platform immediately and without notice to you. The Parties will cooperate in good faith to resolve the issue as soon as reasonably possible.

3.5 We will provide you with login details to enable you to connect to the Platform. You and your Users will be able to access the Platform using a verified email address and password.

3.6 The Mobile Application is accessible by you and your Users by entering the login details as per clause 3.5.

3.7 Subject to clause 3.8, we will use reasonable commercial endeavours to: (i) provide the Platform without major interruption; (ii) ensure that the Platform is materially error free; and (iii) ensure that the Platform is available with 99% uptime in aggregate for the duration of the Term.

3.8 Notwithstanding clause 3.7, we reserve the right at any time to suspend without notice your access to and/or use of the Platform for the purpose of enabling us to carry out essential emergency and/or urgent maintenance. We will use reasonable commercial endeavours to provide you with reasonable advance notice of any scheduled non-emergency maintenance. Scheduled non-emergency maintenance will be performed outside of Business Hours to the extent reasonably practicable. We will use commercially reasonable endeavours to notify you of any unplanned downtime of the Platform and to resolve the issue as soon as reasonably practicable.

3.9 Subject to clause 3.10, we will indemnify you against all loss, liability or reasonable expense arising out of any claim brought by a third-party that the Platform infringes the Intellectual Property Rights owned or controlled by a third-party, to the extent that the alleged infringement is not based on: (a) a modification of the Platform by anyone other than us; (b) use of the Platform in combination with any software, hardware, network or system not supplied or approved by us if the alleged infringement relates to such combination; or (c) use of the Platform in a manner contrary to our instructions and/or the Documentation. If the Platform infringes, or we reasonably believe it may infringe third-party Intellectual Property Rights, we may, at our own expense and option: (i) procure the right for you to continue use of the Platform; (ii) modify the Platform so that it becomes non-infringing without material loss of functionality; or (iii) if (i) or (ii) are not feasible, terminate your use of the Platform in accordance with these Terms and refund you a pro-rata portion of any prepaid fees for the Platform covering the period when you were unable to use the Platform due to the third-party infringement claim. The indemnification obligations set forth above represent our sole and exclusive liability and your exclusive remedy for any third-party infringement claim described in this clause 3.9.

3.10 In the event of a potential indemnity obligation under clause 3.9, you shall provide to us: (i) prompt written notice of the claim or a known threatened claim, such that our ability to defend the claim is not prejudiced; and (ii) control of, and reasonable assistance in, the defence and settlement of the claim, at our expense. Without our prior written consent, you shall not settle or consent to an adverse judgment in any such claim that adversely affects our rights or interests of or imposes additional obligations on us.

4. YOUR OBLIGATIONS

4.1 You agree that you will:

4.1.1 comply with any reasonable instructions or directions issued by us, our employees, representatives or Affiliates, from time to time;

4.1.2 conform to such protocols and standards as are issued by us, our employees, representatives or our Affiliates, from time to time in respect of the access and/or use of the Platform;

4.1.3 fully indemnify us, our employees, officers, directors representatives, agents and our Affiliates, against any and all claims, costs and expenses which we may incur resulting from your and your Users’ acts or omissions in respect of the Platform including (without limitation) you and your Users’ use of it and any Content and/or your breach of any of your obligations under these Terms including, but not being limited to, those claims arising out of a third-party claim alleging that your collection or use of Content or you and your Users’ use of the Platform in breach of these Terms infringes the rights of, or has caused harm to, a third-party, or violates applicable law; and

4.1.4 when using the Platform, comply with all applicable laws and regulations, including but not being limited to the Data Protection Laws.

4.2 In addition, you acknowledge and accept that you are solely responsible and liable for:

4.2.1 all access to, use of and the activity of your Users in the Platform, and your Users’ compliance with these Terms and any Documentation;

4.2.2 the establishment, maintenance and monitoring of adequate internal security measures in connection with the accessing and use of the Platform by you and your Users including without limitation ensuring the confidentiality and safe storage of all User login details, usernames and passwords and not using obvious passwords and updating them regularly. You shall immediately notify us if you suspect a breach of your internal security measures (e.g. the unauthorised use of any login details, usernames and/or passwords);

4.2.3 storing, maintaining and backing up the Content and ensuring the Platform includes the functionality to assist you in backing-up the Content;

4.2.4 ensuring that all Content (including without limitation any description, date or information relating to the Content) uploaded by you, your Users or by us on your behalf is accurate and up to date and is compliant with all applicable laws and regulations; and

4.2.5 ensuring that any security level set for any Content (whether by us or you) is appropriate.

4.3 You acknowledge and agree that:

4.3.1 your right to use (for you and your Affiliates’ own internal business purposes only) the Platform is personal to you and may not be assigned, sub-licensed, sold, resold, transferred, distributed or otherwise disposed of or commercially exploited in any way, including by way of charge, lien or other encumbrance;

4.3.2 we have the right to connect to and access your Content for the purposes of providing the Platform to you (including (without limitation) for maintenance and technical purposes) and to verify that you and your Users are complying with these Terms;

4.3.3 we do not owe to you, your Users, Affiliates or any third party any obligation to monitor, check or review the legality, validity or accuracy of any Content;

4.3.4 you will pay any Licence Fee and other such charges for your use of the Platform in accordance with these Terms;

4.3.5 the use of the Platform is entirely at your own risk; and

4.3.6 you shall notify us immediately if you become aware or reasonably suspect that your or any Users’ account security relating to the Platform has been compromised and you shall comply with our instructions and take all steps required by us at your cost to rectify any such security issue as described in this clause 4.3.6.

4.4 You agree that you will not (and you will ensure that your Users, employees, representatives and Affiliates will not):

4.4.1 permit any third-party other than your Users to access or use the Platform or otherwise violate or circumvent any use limitations or restrictions set forth in Platform or the Documentation;

4.4.2 derive the source code or use tools to observe the internal operation of, or scan, probe or penetrate the Platform, except as expressly permitted by applicable law;

4.4.3 copy modify or make derivative works of the Platform;

4.4.4 use the Platform or any materials provided by us to build a competitive product or service or to carry out any benchmarking exercise with a third-party product or service;

4.4.5 remove any proprietary markings or notices from any materials provided to you by us;

4.4.6 create internet links to or from, or frame or mirror any part of the Platform; or

4.4.7 use the Platform: (a) to send spam, duplicative or unsolicited messages in violation of applicable laws and/or regulations; (b) to send or store material that violates the rights of a third-party; (c) to send or store material containing viruses, worms, Trojan horses or other harmful computer code, files, scripts, agents or programs; (d) in a way that interferes with or disrupts the integrity, security, availability or performance of the Platform; and (e) for any other illegal or unlawful purpose, including infringing third-party Intellectual Property Rights.

5. SPECIAL CONDITIONS

An Order may include Special Conditions that shall apply in addition to these Terms and the subscription licence to the Platform supplied pursuant to it. The Special Conditions may (without limitation) disapply, amend and/or replace various provisions in these Terms.

6. FEES

6.1 Subject to these Terms you agree to pay us the Licence Fee for the Term. We shall be entitled to increase the Licence Fees and/or and any other applicable charges at any time upon prior written notice which will take effect upon your next payment date thereafter.

6.2 The Licence Fee and all other applicable charges are payable immediately on the date of the invoice. All payment obligations are non-cancellable and all amounts paid are non-refundable other than as set out in these Terms.

6.3 If we do not receive the Licence Fee and any other applicable charges you owe us by the due date in accordance with clause 6.2, the Licence Fee shall accrue interest at the lower of 1.5% per month or the maximum rate permitted by law from the due date until the date of payment. Non-payment of the Licence Fee for the use of the Platform or of any other amounts due by you to us is a material breach of these Terms.

6.4 Unless we notify you otherwise, you will not be charged for your use of the Mobile Application. Should a charge become payable, we shall inform you on reasonable notice as to the amount payable. You and/or your Users continued use of the Mobile Application shall constitute your deemed acceptance of such charges.

6.5 The termination, repudiation or expiry of these Terms shall not affect your obligation to pay Licence Fees to us in respect of any right of access to the Platform which was granted to you prior to the date of termination, repudiation or expiry of these Terms including for the avoidance of doubt any Term set out and agreed in the Order. All training days purchased and taken must be paid for immediately on termination. No refunds will be paid on a pro-rata basis for the use of the Platform and/or training days provided save as expressly set out in these Terms.

6.6 Following the expiry of the Trial and subject to you paying the applicable Licence Fees in accordance with this clause 6, your access to the Platform shall automatically continue in accordance with clause 2.3.

7. PROPRIETARY RIGHTS

7.1 Subject to the limited rights expressly granted hereunder, as between the Parties we own all rights, title and interest, including all Intellectual Property Rights, in and to the Platform, including any configurations, customisations, modifications, enhancements, updates and revisions thereof. All rights not expressly granted in these Terms are reserved by us. The names and logos and the product names associated with the Platform are our or our licensors’ trademarks, and no right or licence is granted under these Terms to use them.

7.2 Subject to the limited rights expressly granted hereunder, as between the Parties you own all rights, title and interest, including all Intellectual Property Rights, in and to the Content. You grant us, our Affiliates, employees, personnel, representatives, agents and subcontractors a worldwide, royalty-free, non-exclusive licence to host and use the Content to the extent necessary to provide the Platform and perform our rights and obligations under these Terms.

7.3 You may, but are not required to, provide us or our Affiliates, employees, personnel, representatives, agents or subcontractors with ideas, suggestions, requests, recommendations or feedback about the Platform ( “Feedback” ). If you do so, you grant us and our Affiliates, employees, personnel, representatives and agents a non-exclusive, worldwide, perpetual, irrevocable licence to use, exploit, reproduce, incorporate, distribute, disclose, and sublicence the Feedback for any purpose.

7.4 We may collect non-personally identifiable data resulting from Users’ use of the Platform, such as metadata, performance metrics and usage trends or volume ( “Usage Data” ) for internal research and to make improvements to the Platform. Our use of Usage Data will be in an aggregated form that does not identify or otherwise permit the identification of named individual Users or other persons.

8. WARRANTIES AND LIABILITY

8.1 Each Party represents to the other that it has the authority to enter into these Terms and any applicable Order, to carry out its obligations under set out in these Terms and any applicable Order, and to give the rights and licences granted herein.

8.2 We warrant that:

8.2.1 the Platform will perform materially in accordance with the current Documentation issued from time to time; and

8.2.2 we will not materially decrease the functionality of the Platform during the Term.

8.3 If you notify us in writing that the Platform does not conform with any of the warranties in clause 8.2, we will use reasonable efforts to investigate and correct any such non-conformance promptly. You will use reasonable efforts to mitigate any damage you may incur as a result of such non-conformance. Subject to your right to terminate in accordance with these Terms, this clause 8.3 constitutes your sole and exclusive remedy for breach of the warranties in clause 8.2.

8.4 Except as expressly provided otherwise in these Terms, the Platform is provided on an “as is” and “as available” basis and we, on behalf of ourselves, our Affiliates and licensors, disclaim to the fullest extent permitted by law, all warranties, guarantees, conditions, terms, undertakings, representations and obligations express or implied by statute, common law, trade usage, course of dealing or otherwise, all of which are hereby excluded to the fullest extent permitted by law, including those (i) of merchantability or satisfactory quality, (ii) of fitness for a particular purpose, (iii) of non-infringement and (iv) arising from customer, trade usage, course of prior dealing or course of performance. Except as expressly provided herein, we do not represent nor do we give any warranty, guarantee or undertaking of any kind that the Platform is free from all bugs, errors or mistakes, or that it will meet your requirements or produce particular outcomes and/or results. You acknowledge and accept that it is your responsibility to ensure that the Platform will meet your requirements.

8.5 In no event shall we be liable for operational difficulties caused by or arising from the integration of the Platform with any equipment or software not supplied or approved by us or by any modifications, variations or additions made to the Platform not undertaken by us, or caused by any abuse, corruption or incorrect use of the Platform, including, without limitation, use of the Platform with hardware and/or software which is incompatible with the Platform.

8.6 Subject to clauses 8.7 and 8.8, both Parties’ maximum aggregate liability in contract, tort (including for negligence), misrepresentation and/or otherwise howsoever arising under or in connection with these Terms and their subject matter (including all losses, liabilities, claims, actions, demands, proceedings, damages, costs, charges and expenses in respect thereof or in relation thereto) shall be limited to the total Licence Fees paid or payable by you to us in the twelve (12) months immediately preceding the event giving rise to the claim.

8.7 Notwithstanding any other clause of these Terms, neither Party excludes or reduces its liability under or in connection with these Terms to the extent that it arises in respect of any of the following matters:

8.7.1 for death or personal injury resulting from negligence proved against either Party;

8.7.2 for fraud or fraudulent misrepresentation;

8.7.3 for any other matter for which it would be unlawful for either Party to exclude or limit or attempt to exclude or limit its liability; or

8.7.4 any amount paid or payable by a Party in relation to an indemnity provided in accordance with these Terms.

8.8 Subject to clause 8.7, neither Party shall have any liability to the other Party (howsoever arising, including any liability in tort) under or in connection with these Terms or their subject matter for any:

8.8.1 loss of profits, the loss of the use of money or anticipated savings;

8.8.2 loss of revenue;

8.8.3 business interruption; loss of or damage to reputation or goodwill;

8.8.4 loss of opportunity or contracts;

8.8.5 wasted management or other staff time;

8.8.6 losses or liabilities under or in relation to any other contract; loss of, damage to or corruption of data or information, in each case whether direct, indirect, special and/or consequential loss or damage; or

8.8.7 for any other indirect, special and/or consequential loss or damage of any kind.

9. DURATION AND TERMINATION

9.1 The Term shall commence on the Commencement Date and, subject to the provisions of this clause 9, shall continue until terminated in accordance with this clause 9.

9.2 Subject to clause 9.3, either Party may terminate these Terms by giving thirty (30) days written notice to the other Party prior to the expiry of the Initial Term and/or each subsequent Renewal Term which will take effect either:

9.2.1 at the end of the calendar month following the month in which the notice is served in accordance with this clause 9.2, if the duration of your Initial Term and/or Renewal Term is one (1) month or less; or

9.2.2 on the expiry of the Initial Term and/or Renewal Term if the duration of your Initial Term and/or Renewal Term is greater than one (1) month.

9.3 We shall be entitled (at our sole discretion) to suspend or terminate your access to and your right to use the Platform with immediate effect if:

9.3.1 you commit a material breach of these Terms;

9.3.2 you are unable to access the Platform due to a claim pursuant to clause 3.9;

9.3.3 you become the subject of a winding up petition in bankruptcy or another proceeding relating to insolvency (within the meaning of Section 123 Insolvency Act 1986), receivership, liquidation or assignment for the benefit of creditors;

9.3.4 any event occurs, or proceeding is taken, with respect to you in any jurisdiction to which you are subject that has an effect equivalent or is similar to any of the events set out in clause 9.3.3; or

9.3.5 there is a change in control that results in you being or being an Affiliate of any of our direct competitors.

9.4 Termination, repudiation or expiry of these Terms will be without prejudice to any accrued rights of either Party and will not affect any provision of these Terms that expressly, or by implication, is intended to operate after repudiation, expiration or termination of these Terms shall remain in full force and effect.

9.5 On termination for any reason:

9.5.1 all rights and applicable licences granted to you and your Users under these Terms shall cease immediately;

9.5.2 you shall cease all activities authorised by these Terms; and

9.5.3 you shall immediately pay to us any Licence Fees and any other applicable charges due to us under these Terms.

9.6 If requested by you within thirty (30) days after the effective date of termination or expiration of these Terms ( “Retention Period” ), we will make a file of the Content available to you for downloading in the format agreed between the parties from time to time. After the Retention Period, we will have the right to delete all the Content and will have no further obligation to make it available to you. We recommend that you download a copy of the Content before the Retention Period expires.

10. CONFIDENTIALITY AND DATA SECURITY

10.1 Each Party shall, while accessing and providing access to the Platform respectively under these Terms and thereafter, keep secret and confidential all business, technical or commercial information which may be intentionally or unintentionally disclosed or made available by one Party ( “Discloser” ) to the other Party or its Affiliates ( “Recipient“ ), whether orally or in writing, that is designated as confidential or that reasonably should be understood as confidential given the nature of the information and the circumstances of disclosure ( “Confidential Information” ).

10.2 Each Party shall use the same degree of care as it uses for its own Confidential Information to protect the Discloser’s Confidential Information from any use or disclosure. The Recipient may disclose the Confidential Information to its employees, Affiliates and service providers to the extent that it is necessary to perform its obligations pursuant to these Terms, provided that they are bound by confidentiality obligations no less restrictive than those set out herein. The Recipient may not disclose Confidential Information to any other person unless expressly authorised in writing to do so by the Discloser.

10.3 The obligations of confidentiality contained in this clause 10 shall not apply to information that:

10.3.1 at the time of its disclosure, by the Discloser, is already in the public domain or which subsequently enters the public domain other than by the breach of these Terms;

10.3.2 at the time of its disclosure by the Discloser is already known by the Recipient and the latter is not subject to any existing duty of confidence in respect of the information in question;

10.3.3 was rightfully received from a third-party authorised to make such disclosure without restriction;

10.3.4 that has been independently developed by the Recipient without use of, or reference to, the Discloser’s Confidential Information; or

10.3.5 is required to be disclosed under applicable law or order of a court of competent jurisdiction or government department or agency or by the London Stock Exchange (or other relevant Stock Exchange), provided that prior to such disclosure the Recipient shall, to the extent that is legally permitted to do so, advise the Discloser of the proposed form of disclosure.

10.4 You accept that nothing in this clause 10 shall require the Recipient to return or destroy any documents and materials containing or based on the Discloser's Confidential Information that the Recipient is required to retain by applicable law, or to satisfy the requirements of a regulatory authority or body of competent jurisdiction or the rules of any listing authority or stock exchange, to which it is subject. The provisions of these Terms shall continue to apply to any documents and materials retained by the Recipient pursuant to this clause 10.4.

10.5 A breach of the Recipient’s confidentiality obligations may cause irreparable damage, which money cannot satisfactorily remedy, and therefore the Discloser may seek the remedies of injunction, specific performance and other equitable relief for any threatened or actual breach of this clause 10 without the need to prove damages or post a bond or other surety.

10.6 Each Party will abide by the terms of the applicable Data Protection Addendum.

10.7 Subject to clause 10.6 and any erasure request made pursuant to the Data Protection Laws, we will process any request made by you to delete any part or all of your Content sixty (60) days after receiving this request, except to the extent that any such Content constitutes Usage Data and/or we are required to retain any part or all of the Content in accordance with applicable laws and/or regulations. Where we are permitted to comply with your deletion request, we will take all commercially reasonably efforts to irretrievably delete and/or destroy any part or all of your Content in accordance with this clause 10.7.

11. THIRD PARTY SERVICES

11.1 We may present to you (including on our websites) Third-Party Services. We do not endorse or make any representation, warranty or promise regarding, and do not assume any responsibility for, any such Third-Party Service, regardless of whether it is described as “authorised”, “certified”, “recommended” or the like. We have no obligation to make available or provide support for Third-Party Services and do not guarantee the initial or continuing interoperability of the Platform with any Third-Party Services.

11.2 We are not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet by your Third-Party Provider, and you acknowledge that the Platform may be subject to limitations, delays and other problems inherent in the use of such communications facilities. This shall not relieve us of our responsibility in respect of the operation of our internal communications networks and facilities that are within our control.

11.3 If you use a Third-Party Service that requires access to or transfer of the Content, you acknowledge that any such access or transfer is between you and the Third-Party Provider pursuant to the Third-Party Provider’s own terms and conditions and privacy notices, and that we are authorised to provide the Content as requested by the Third-Party Services. We shall not be liable or responsible for any modification, loss, damage or deletion of the Content by any Third-Party Services obtained by you.

12. FORCE MAJEURE

12.1 We shall not be liable or responsible for any failure to perform, or delay in performance of, any of our obligations under these Terms that are caused by events outside of our reasonable control ( “Force Majeure Event” ).

12.2 A Force Majeure Event includes in particular (but without limitation) the following:

12.2.1 strikes, lockouts or other industrial action;

12.2.2 civil commotion, riot, invasion, terrorist attack or threat of terrorist attack, war (whether declared or not) or threat or preparation for war;

12.2.3 fire, explosion, storm, flood, earthquake, subsidence, epidemic, pandemic or other natural disaster or Act of God;

12.2.4 nuclear, chemical or biological contamination or sonic boom;

12.2.5 impossibility of the use of public or private telecommunications networks;

12.2.6 the acts, decrees, legislation, regulations or restrictions of any government;

12.2.7 the non-delivery or late delivery of products or services to us by third parties; or

12.2.8 any other event beyond a Party’s reasonable control.

12.3 Our performance under these Terms is deemed to be suspended for the period that the Force Majeure Event continues and we will have an extension of time for performance for the duration of that period.

13. NOTICES

All notices given by you to us must be given in writing (including by email) to HR Bakery Limited’s registered office address: 62 Stakes Road, Purbrook, Waterlooville, Hampshire, PO7 5NT, United Kingdom, as may be updated from time to time, or by email to [email protected] We may give notice to you at either the e-mail or postal address provided to us when registering for a Trial. Notice will be deemed received and properly served twenty-four (24) hours after an e-mail is sent, or five days after the date of posting any letter. In proving the service of any notice, it will be sufficient to prove, in the case of a letter, that such letter was properly addressed, stamped and placed in the post and, in the case of an e-mail, that such e-mail was sent to the specified e-mail address of the addressee.

14. UNFAIR COMPETITION

You shall not use the Platform, Documentation or any other materials provided by us from time to time, including but not being limited to our Intellectual Property Rights or Confidential Information, to build a competitive product or service or to benchmark with a product or service not provided by us.

15. ASSIGNMENT

15.1 We may sub-licence, transfer, assign, sub-contract, charge or otherwise dispose of any of our rights or obligations under these Terms, provided we give you written notice of the same.

15.2 You may not sub-licence, transfer, assign, sub-contract, charge or otherwise dispose of any of your rights or obligations under these Terms without our prior written consent.

16. WAIVER

If we fail at any time to insist upon strict performance of any of your obligations under any of these Terms, or if we fail to exercise any of the rights or remedies to which we are entitled under these Terms, this shall not constitute a waiver of such rights or remedies and shall not relieve you from compliance with such obligations. A waiver by us of any default shall not constitute a waiver of any subsequent default. No waiver by us of any of these Terms shall be effective unless it is expressly stated to be a waiver and is communicated to you in writing in accordance with these Terms.

17. THIRD PARTY RIGHTS

Nothing in these Terms is intended to confer a benefit on, or to be enforceable by, any person who is not a Party to these Terms. These Terms do not create any right enforceable by any person who is not a Party to them under the Contracts (Rights of Third Parties) Act 1999.

18. NO PARTNERSHIP OR AGENCY

Each Party is an independent contractor, and neither Party has any authority to act on behalf of the other. Neither Party will represent itself as agent, servant, franchisee, joint venturer or legal partner of the other. We are entering into these Terms as principal and not as agent for any other Affiliate company, and claims under these Terms may be brought only against us and not against any of our Affiliates.

19. SEVERABILITY

If any of these Terms are determined by any competent authority to be invalid, unlawful or unenforceable to any extent, such term or condition will to that extent be severed from the remaining Terms which will continue to be valid to the fullest extent permitted by law.

20. ENTIRE AGREEMENT

These Terms contain and constitute the entire understanding and agreement between us in connection with and about the subject matter of these Terms and supersede all earlier and other agreements and understandings between us and all earlier representations by either of us about such subject matter. Any prior representations, warranties, statements and assurances which are not expressly set out in these Terms will not be of any effect. Each Party warrants that there is no representation, warranty, promise, term, condition, obligation or statement upon which they have relied in entering into these Terms and which is not expressly set out in these Terms and no such representation, warranty, promise, obligation, statement or any other term or condition is to be implied in them whether by virtue of any usage or course of dealing or otherwise (including, subject to clause 8, by statute or common law) except as expressly set out in these Terms. If a Party has given any representation, warranty, promise or statement then (except to the extent that it has been set out in these Terms) the Party to whom it is given waives any rights or remedies which it may have in respect of it. This clause 20 shall not exclude the liability of a Party for fraud or fraudulent misrepresentation or concealment or any resulting right to rescind these Terms.

21. AMENDMENT

These Terms may not be amended, modified, varied or supplemented except in writing signed by or on behalf of both Parties.

22. COMPLIANCE WITH LAWS

Each party shall comply with all applicable laws, statutes, codes and regulations in relation to the Platform, including applicable anti-bribery and anti-corruption laws, Data Protection Laws and tax evasion laws. The Platform may be subject to export laws and regulations of the United States and other jurisdictions. Each party represents that it is not named on any U.S. government denied persons list and that it is not owned or controlled by a politically exposed person. You shall be obliged to notify CakeHR if, during the Term, you become named on any U.S. government denied persons list or you become owned or controlled by a politically exposed person. In the event that these circumstances arise, CakeHR shall be entitled to terminate these Terms immediately on written notice to you. You shall not permit Users to access or use the Platform in violation of any U.S. export law or regulation or in any Restricted Territories. “Restricted Territories” means (i) Cuba, Iran, North Korea, Syria and the territory of Crimea / Sevastopol, and (ii) any other country or territory that is subject to sanctions by the United Kingdom, the European Union, or the U.S (iii) any other country or territory that becomes subject to sanctions by the United Kingdom, the European Union, or the U.S after Commencement Date. Each party will promptly report to the other party if it has violated, or if a third party has a reasonable basis for alleging that it has violated, this section. In the event that this section is breached, CakeHR shall have a right to terminate these Terms immediately on written notice to you.

23. GOVERNING LAW AND JURISDICTION

These Terms shall be governed in all respects by and be construed in accordance with the law of the applicable territory set forth bellow (including all non-contractual disputes or claims arising out of the subject matter or formation of these Terms). Any claim or dispute arising from or related to these Terms (including their enforcement or their termination) shall be subject to the exclusive jurisdiction provisions of the applicable territory set forth bellow and the Parties hereby irrevocably submit to such jurisdiction. The applicable territory is determined by where your business (and not CakeHR) is located. To the extent the applicable territory is not set forth below, then your applicable territory shall automatically be deemed to be the United Kingdom.

Your Territory Governing Law Jurisdiction
United Kingdom England and Wales Courts of England and Wales
Canada Ontario, Canada The Parties agree to resolve all disputes related to these Terms by binding individual arbitration before one arbitrator and will not bring or participate in any representative action. The arbitration shall be administered by JAMS pursuant to its Comprehensive Arbitration Rules and Procedures and in accordance with the Expedited Procedures in those Rules, and shall take place in Toronto, Ontario. Any challenge to arbitrability shall be decided by the arbitrator. Judgment on the arbitration award may be entered in any court having jurisdiction. In the event a party seeks injunctive relief from a court, the parties consent to the exclusive jurisdiction and venue of the courts located in Toronto, Ontario.
United States Georgia, United States The Parties agree to resolve all disputes related to these Terms by binding individual arbitration before one arbitrator and will not bring or participate in any representative action. The arbitration shall be administered by JAMS pursuant to its Comprehensive Arbitration Rules and Procedures and in accordance with the Expedited Procedures in those Rules, and shall take place in Atlanta, Georgia. Any challenge to arbitrability shall be decided by the arbitrator. Judgment on the arbitration award may be entered in any court having jurisdiction. In the event a party seeks injunctive relief from a court, the parties consent to the exclusive jurisdiction and venue of the federal and state courts located in Atlanta, Georgia.
South Africa South African Law These Terms and any disputes or claims arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) are governed by and construed in accordance with the laws of the Republic of South Africa. The parties irrevocably agree that the High Court of the Republic of South Africa has exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with these Terms.

Schedule 1 - Data Protection Addendum

BACKGROUND:

This Schedule 1 ( Data Protection Addendum ) sets out the measures to be taken by the Parties to ensure the protection and security of data which is shared by you with us and/or accessed by us for processing on your behalf in connection with the Terms pursuant to Data Protection Laws, except to the extent Schedule 2 applies.

1. DEFINITIONS & INTERPRETATION

1.1 In this Schedule 1, unless the context otherwise requires:

“Agreement” means the Terms between you and us that link to this Schedule 1. Any words and/or phrases defined in the Terms and used in this Schedule 1 without further definition have the meaning given to them in the Terms;

“Data Protection Laws” means all applicable European Union and UK laws and regulations governing the use or processing of personal data, including the General Data Protection Regulation (EU) 2016/679 (“ GRPR ”) and any national laws implementing or supplementing or superseding the foregoing; “binding corporate rules”, “controller”, “data subject”, “personal data”, “personal data breach”, “processing”, “processor”, “pseudonymisation” and “supervisory authority” have the meanings given to them in Data Protection Laws and the term “supervisory authority” shall be deemed to include the UK Information Commissioner;

“European Law” means European Union law, member state law and/or the law in any part of the UK;

“International Transfer” means a transfer of Relevant Data from the European Union or the UK to a third country or international organisation;

“Relevant Data” means all Content: (i) which relate to a data subject; and (ii) in respect of which you (the customer) are the controller; and (iii) which will be processed by us on your behalf in connection with the Agreement, as more particularly described in Annex 1 of the Schedule 1 ( Specification of processing );

“Security Incident” means a personal data breach in respect of the Relevant Data;

“Security Programme” has the meaning given to it in paragraph 3.1.4 of this Schedule 1;

“Sub-processor” means another processor of Relevant Data engaged by us; and

“Your Data Responsibilities” means your data protection responsibilities under or in connection with the Terms and this Schedule 1, including (without limitation):

  • your contractual relationships with third parties, other members of your group and your other processors;

  • the compliance of your processing (and of other members of your group, if any) under this Schedule 1 and the Terms as controller;

  • the compliance of your business with applicable Data Protection Laws;

  • the compliance of your intra-group transfers (if any) of personal data;

  • the compliance of your transfers (if any) of personal data to processors and/or other suppliers;

  • the compliance of your processing of Relevant Data as controller;

  • the compliance of your handling of and response to data subjects’ requests under applicable Data Protection Laws, regardless of any assistance we may provide; and

  • the compliance of your remote use of our systems from a third country or international organisation (if any),

and otherwise complying with your controller obligations under applicable Data Protection Laws.

2. PROCESSING RELEVANT DATA

2.1 The parties acknowledge that, for the purposes of the Agreement, you are the controller and we are the processor of the Relevant Data. Details of the processing of Relevant Data we shall carry out for you are set out in Annex 1 of this Schedule 1 (Specification of Processing), which you agree that you have checked and confirmed as correct or have changed as necessary to reflect the processing of Relevant Data under the Agreement. To change Annex 1 of this Schedule 1 ( Specification of Processing ), please notify us by email to [email protected] We reserve the right to challenge any changes which we consider to be incorrect. If you have changed Annex 1 of this Schedule 1 (Specification of Processing), it is your responsibility to provide it to us and to agree the changes with us before you enter into the Agreement. The parties may update Annex 1 of this Schedule 1 (Specification of Processing) during the Term, in accordance with the Agreement or by mutual written agreement, to reflect changes in processing or for other reasons. Each updated version shall form part of this Schedule 1.

2.2 You warrant and represent that:

2.2.1 you will comply, and will ensure that your instructions for the processing of Relevant Data will comply, with Data Protection Laws;

2.2.2 you are authorised by the relevant data subjects, or are otherwise permitted pursuant to Data Protection Laws, to disclose the Relevant Data to us;

2.2.3 you will, where necessary, and in accordance with Data Protection Laws, obtain all necessary consents and rights and provide all necessary information and notices to data subjects in order for:

  • (i) you to disclose the Relevant Data to us; and

  • (ii) us to process the Relevant Data for the purposes set out in the Terms and this Schedule 1 and in accordance with Data Protection Laws; and

2.2.4 your instructions to us and/or to any Sub-processor(s) relating to processing of Relevant Data will not put us or any Sub-processor(s) in breach of Data Protection Laws.

2.3 You acknowledge and agree that we may be required or permitted by European Law to disclose certain personal data or other information relating to you, the Platform and/or the Agreement to third parties. We may also be required by European Law to process the Relevant Data other than on your documented instructions under paragraph 3.1.1. If that happens, we will inform you of that legal requirement before the processing, unless that legal requirement or law prohibits us from doing so on important grounds of public interest. Where we are prohibited from informing you of the legal requirement, and/or where we are subject to an ongoing legal requirement to process, you give us general authorisation and consent to carry out that processing without your specific authorisation or consent. Just to be clear, that authorisation/consent is from you as a business customer: it is not consent from you as an individual under the GDPR.

2.4 Where we assist you with your compliance with data protection requirements or where we otherwise assist you under or pursuant to this Schedule 1, we reserve the right to charge you on the basis of our standard applicable pricing. In addition you will be responsible for the cost of engaging any third-party auditor you wish to commission to conduct an audit pursuant to this Schedule 1. You will reimburse us for all additional costs and liabilities incurred by us resulting from any failure or delay(s) by you to comply with your obligations under this Schedule 1. Nothing in this paragraph 2.4 shall affect our rights to charge you under the Terms.

3. OUR OBLIGATIONS

3.1 We shall:

3.1.1 Lawful Instructions: except as indicated in paragraph 2.3 and paragraph 5.1.5, only process the Relevant Data in accordance with your documented instructions including with regard to International Transfers; you hereby instruct us to process the Relevant Data in order to provide the Platform in accordance with the Agreement; nothing in this paragraph 3.1.1 will permit you to vary our obligations and/or any instructions under the Agreement other than with our prior written agreement; if we reasonably consider that any of your instructions may put us and/or any Sub-processor(s) in breach of Data Protection Laws and/or any provision of the Agreement, we shall be entitled not to carry out that processing and will not be in breach of the Agreement or otherwise liable to you as a result of our failure to carry out or delays in carrying out that processing;

3.1.2 Security of Processing: implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks that are presented by processing (in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Relevant Data), taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Relevant Data, as well as the risk of varying likelihood and severity for the rights and freedoms of the data subjects, and including, as and where appropriate, measures to ensure:

(a) the pseudonymisation and/or encryption of the Relevant Data;

(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services (including but not being limited to the Platform);

(c) the ability to restore the availability of and access to the Relevant Data in a timely manner in the event of physical or technical incident; and

(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing;

3.1.3 take steps to ensure that any natural person acting under our authority who has access to Relevant Data does not process them except on your instructions, unless he or she is required to do so by European Law; and

3.1.4 operate, maintain and enforce an information security management programme (“ Security Programme ”) which is consistent with recognised industry practice; the Security Programme contains appropriate administrative, physical, technical and organisational safeguards, policies and controls in the following areas:

  • Information security policies

  • Organisation of information security

  • Human resources security

  • Asset management

  • Access control

  • Cryptography

  • Physical and environmental security

  • Operations security

  • Communications security

  • System acquisition, development and maintenance

  • Supplier relationships

  • Information security incident management

  • Information security aspects of business continuity management

  • Legislative, regulatory and contractual compliance;

3.1.5 Assistance in Compliance: taking into account the nature of the processing, assist you by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of your obligation to respond to requests by data subjects exercising their rights under Data Protection Laws; please note that if we assist you in responding to requests, including the provision of tools or reports within the Platform to support your searches, we give no warranty and make no representation as to the compliance of the nature and scope of the search with applicable Data Protection Laws, nor do we warrant or represent the accuracy or completeness of the output of our assistance: it is your responsibility, and not our responsibility, to determine the nature and scope of the search, validate the output and ensure that your response to the data subject is compliant in all respects with applicable Data Protection Laws, as further referred to in paragraph 7;

3.1.6 assist you, by providing you with necessary information in our possession, in ensuring compliance with the obligations in Data Protection Laws in respect of security of processing, notification of a Security Incident to a supervisory authority, communication of a Security Incident to the data subject, data protection impact assessments and prior consultation, taking into account the nature of processing and the information available to us;

3.1.7 notify you without undue delay after we become aware of a Security Incident;

3.1.8 Staff Confidentiality Obligations: ensure that our staff who are authorised to process the Relevant Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; and

3.1.9 Return or Deletion of Relevant Data: at your option (to be exercised by written notice from you) delete or return to you (as provided in the Agreement), all the Relevant Data after the end of the provision of the Platform relating to the processing, and (in the case of return), delete existing copies of the Relevant Data unless any European Law requires us to store the Relevant Data; however we will be entitled to retain any Relevant Data which: (a) we have to keep to comply with any applicable laws; (b) we are required to keep for insurance, accounting, taxation, legal, regulatory or record keeping purposes; or (c) is necessary to investigate and resolve performance or security issues, and this Schedule 1 will continue to apply to retained Relevant Data; notwithstanding any provision to the contrary in the Terms, we shall be entitled to delete the Relevant Data in accordance with our normal data cleansing policies; in respect of Relevant Data which are archived/backed up, you instruct us to retain those archived/backed up Relevant Data in accordance with the typical period for which those Relevant Data are archived/backed up by us in relation to the Platform.

4. USE OF SUB-PROCESSORS

4.1 Without prejudice to any provisions in the Terms relating to sub-contracting, you hereby give your general written authorisation to us engaging Sub-processors to process the Relevant Data. Where the Sub-processor is in a third country, you hereby instruct us to make an International Transfer under paragraph 5.

4.2 We shall respect the conditions referred to in Article 28(2) GDPR for engaging a Sub-processor.

4.3 If we appoint a Sub-processor, we will put a written contract in place between us and the Sub-processor that specifies the Sub-processor’s processing activities and imposes on the Sub-processor substantially similar terms, appropriate to the sub-processing they will undertake. If that Sub-processor fails to fulfil its data protection obligations, we shall remain liable to you for the performance of that Sub-processor's obligations.

5. TRANSFERS OF PERSONAL DATA TO A THIRD COUNTRY OR INTERNATIONAL ORGANISATION

5.1 We shall only make an International Transfer to a recipient:

5.1.1 on the basis of an adequacy decision made under Data Protection Laws;

5.1.2 on the basis of appropriate safeguards that are in place, and you agree to execute any documents (including data transfer agreements) relating to that International Transfer which we request that you to execute from time to time for that purpose;

5.1.3 on the basis of binding corporate rules approved by a competent supervisory authority; or

5.1.4 on the basis of an applicable derogation in Data Protection Laws which in each case applies to the International Transfer in question; or

5.1.5 if we are required to make the International Transfer to comply with European Law, in which case we will notify you of the legal requirement prior to that International Transfer unless the European Law prohibits us from notifying you on public interest grounds. Where we are prohibited from informing you of the legal requirement, and/or where we are subject to an ongoing legal requirement to transfer, you (a business customer) give us general authorisation and consent to carry out that transfer without your specific authorisation or consent.

5.2 You acknowledge and agree that you shall be responsible, and we shall not be responsible, for the compliance of any International Transfers that occur when Users access the Platform through a browser from a third country or international organisation, as further referred to in paragraph 7.

6. RIGHTS OF AUDIT

6.1 At your reasonable request and subject to you (and any third-party auditor) entering into an appropriate confidentiality agreement, we shall:

6.1.1 make available to you such information as may reasonably be necessary to demonstrate compliance with the obligations for processor agreements laid down in Data Protection Laws; and

6.1.2 subject to paragraphs 6.3 and 6.4 below, allow you (or an independent, third-party professional auditor mandated by you and acceptable to us, both of us acting reasonably) to conduct an audit, including inspection, of our processing of Relevant Data pursuant to the Agreement, and contribute to that audit,

except that you agree that nothing in this paragraph 6.1 shall require us to act in breach of an obligation of confidentiality owed to a third party.

6.2 With respect to paragraph 6.1, we shall immediately inform you in writing, but without any obligation to monitor or enquire as to the legality of your instructions or to give legal advice if, in our opinion, to follow an instruction given by you would give rise to a breach of applicable Data Protection Laws.

6.3 Where we have commissioned audit report(s) which we offer to make available to you, you agree that you may only proceed with your own audit/inspection if, acting in good faith, you are reasonably dissatisfied with the audit report(s), and that your own audit/inspection is subject to our rights in paragraph 2.4. You must coordinate with us on the timing and scope of any such audit/inspection and refrain from any act or omission that could lead to the degradation, overload or unavailability of the Platform. The scope of your audit must exclude other customers’ data and/or Content. Any testing, probing or scanning tools used on our infrastructure must be pre-approved by us. You must not and must instruct any third-party auditor not to) include in your audit report any sensitive information that could be used by a third party to the detriment of the security of the Platform (including, but not only, details of vulnerabilities). You must instruct any third-party auditor to give us the reasonable opportunity to review the report before it is provided to you in final form and to communicate with the auditor to resolve any questions or issues of fact. You and the auditor must keep the results and findings of any audits confidential and disclose them to third parties only to the extent required by law.

6.4 In relation to any Sub-processors that are engaged pursuant to paragraph 4 and/or any data centre facilities used by us, you acknowledge and agree that it is sufficient, for the purposes of satisfying the requirements of paragraph 6.1, that we shall have a right to audit or inspect those Sub-processors and/or those data centre facilities or their available audit reports on your behalf, subject to reasonable restrictions.

7. YOUR OBLIGATIONS

7.1 You shall comply with Your Data Responsibilities. We are not in any way responsible for Your Data Responsibilities.

8. CAKEHR AS CONTROLLER

8.1 We will process personal data as a controller under the Terms and/or this Schedule 1, for example but not exhaustively, in the management of our relationship with you, or in our use of Usage Data under paragraph 9. Please see our website privacy notice for further details. Paragraphs 2.1 (and Annex 1 of this Schedule 1 (Specification of Processing)) and paragraphs 3 to 6 inclusive of this Schedule 1 shall not apply to personal data of which we are a controller.

9. JOINT CONTROLLERS

9.1 As at the Commencement Date of the Terms, the parties do not consider themselves to be joint controllers (that is, where two or more controllers jointly determine the purposes and means of processing of the Relevant Data) for the purpose of the processing activities referred to in this Schedule 1.

9.2 If and to the extent that the parties later determine that their arrangement has become one of joint controllers of the Relevant Data, they shall comply with the requirements set out in article 26 GDPR.

Annex 1 - Specification of Processing

Subject matter and duration of the processing of Relevant Data:

Subject matter: the provision of the Platform and any Professional Services under the Terms

Duration: the term of the agreement as set out in the Terms including any transitional periods on entrance or exit and any archival/backup period references in paragraph 3.1.9 of this Schedule 1.

Nature and purpose of the processing of Relevant Data:

Any or all of the following processing operations for the purpose of providing the Platform for which you subscribe; your use of and requirements for the Platform; any Professional Services under the Terms; the requirements in the Terms; and third party requests and other extraneous events (the “Purposes” ):

  • Collection

  • Recording

  • Organisation

  • Structuring

  • Storage

  • Adaptation/alteration

  • Retrieval

  • Consultation

  • Use

  • Disclosure by transmission / dissemination or otherwise making available

  • Alignment / combination

  • Restriction

  • Erasure / destruction

  • Others: ...........................................

Type of Relevant Data (including any special categories of Relevant Data or other sensitive data):

Any or all of the following depending on the Purposes:

  • Personal details (any information that identifies the data subject and their personal characteristics e.g. name, address, contact details, age, sex, date of birth, physical description and any identifier issued by a public body, e.g. National Insurance number or social security number)

  • Education and training details (any information which relates to the education and any professional training of the data subject e.g. academic records, qualifications, skills, training records, professional expertise, and student and pupil records)

  • Family, lifestyle and social circumstances (any information relating to the family of the Data subject and the data subject's lifestyle and social circumstances e.g. current marriage and partnerships and marital history, details of family and other household members, habits, housing, travel details, leisure activities and membership of charitable or voluntary organisations)

  • Employment details (any information relating to the employment of the data subject e.g. employment and career history, recruitment and termination details, attendance records, health and safety records, performance appraisals, training records and security records) and pension information)

  • Financial details (any information relating to the financial affairs of the data subject e.g. income, salary, assets and investments, payments, creditworthiness, loans, benefits, grants, insurance details and pension information)

  • Goods and services provided (any information relating to goods and services that have been provided e.g. goods or services supplied, licences issued, agreements and contracts)

  • Special categories of personal data (racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a data subject, data concerning health or data concerning a data subject's sex life or sexual orientation)

  • Criminal data (criminal convictions and offences or related security measures, including personal data relating to: (a) the alleged commission of offences by the individual (b) proceedings for an offence committed or alleged to have been committed by the individual or the disposal of such proceedings, including sentencing)

  • Others: ...........................................

Categories of data subjects:

Any or all of the following depending on the Purposes:

  • Staff including volunteers, agents, temporary and casual workers of yours

  • Customers/clients (who are individuals or sole traders) of yours

  • Suppliers (sole traders) of yours

  • Contact persons of corporate entities (e.g. at suppliers or customers, where supplier is not a sole trader or customer is not an individual) of yours

  • Members or supporters (e.g. shareholders) of yours

  • Complainants, correspondents and enquirers of yours

  • Relatives, guardians and associates (of data subjects) of your staff

  • Advisers, consultants and other professional experts or legal representatives (individuals/sole traders) of yours

  • Partners, resellers (individuals/sole traders) of yours

  • Donors, supporters (individuals/sole traders) of yours

  • Students if input by you

  • Offenders and suspected offenders if input by you

  • Landlords/tenants of yours

  • Users of the Platform not included in the above

  • Others: ...........................................

Controller’s obligations and rights:

The obligations in paragraph 2.2 and paragraph 7.

The rights to enforce the data processing terms in paragraphs 3, 4, 5 and 6 against us as your processor.

Schedule 2 - Data Protection Addendum (South Africa)

BACKGROUND:

This Schedule 2 ( Data Protection Addendum ) shall apply where you and/or any of your Users which are located in South Africa and sets out the measures to be taken by the Parties to ensure the protection and security of data which is shared by you with us and/or accessed by us for processing on your behalf in connection with the Terms pursuant to Data Protection Laws.

1. DEFINITIONS & INTERPRETATION

1.1 In this Schedule 2, unless the context otherwise requires:

Agreement ” means the Terms between you and us that link to this Schedule 2. Any words and/or phrases defined in the Terms and used in this Schedule 2 without further definition have the meaning given to them in the Terms;

Customer ” means the business entity or person with whom CakeHR enters into the Agreement, and represented by their authorised representative and whose identification document number or business registration number and domicilium is that reflected on the Order;

Customer Data ” means all data that you provide us through the use of the Platform;

Data Protection Laws ” means all applicable South African laws and regulations governing the use or processing of personal information, including the Protection of Personal Information Act, 2013 (“ POPIA ”), any national laws implementing or supplementing or superseding the foregoing and the General Data Protection Regulation (EU) 2016/679 (“ GDPR ”); “binding corporate rules”, “responsible party”, “data subject”, “personal information”, “processing”, “operator”, “pseudonymisation” and “supervisory authority” have the meanings given to them in Data Protection Laws and the term “supervisory authority” shall be deemed to include the South African Information Regulator. In the event that two or more conflicting provisions regulating the processing of personal information applies, the provision providing the greater protection to the data subject will prevail;

International Transfer ” means a transfer of Relevant Data outside of South Africa to a third country or international organisation;

Relevant Data ” means all Customer Data: (i) which relate to a data subject; and (ii) in respect of which you (the Customer) are the responsible party; and (iii) which will be processed by us on your behalf in connection with the Agreement, as more particularly described in Annex 1 of this Schedule 2 (Specification of processing);

Security Incident ” means a security compromise, where there are reasonable grounds to believe that Relevant Data has been accessed or acquired by any unauthorised person;

South Africa ” means the Republic of South Africa, and South African means relating to South Africa;

Sub-operator ” means another operator engaged by us;

Working Day ” means a day other than a Saturday, Sunday or public holiday in South Africa when banks are open for business; and

Your Data Responsibilities ” means your protection responsibilities under or in connection with the Agreement, including:

  • your contractual relationships with third parties, other members of your group and your other operators;

  • the compliance of your processing (and of other members of your group, if any) under this Schedule 2 and the Terms as responsible party;

  • the compliance of your business with applicable Data Protection Laws;

  • the compliance of your intra-group transfers (if any) of personal information;

  • the compliance of your transfers (if any) of personal information to operators and/or other suppliers;

  • the compliance of your processing of Relevant Data as responsible party;

  • the compliance of your handling of and response to data subjects’ requests under applicable Data Protection Laws, regardless of any assistance we may provide; and

  • the compliance of your remote use of our systems from a third country or international organisation (if any) and otherwise complying with your responsible party obligations under applicable Data Protection Laws.

2. PROCESSING RELEVANT DATA

2.1 The parties acknowledge that, for the purposes of the Agreement, you are the responsible party and we are the operator of the Relevant Data. Details of the processing of Relevant Data we shall carry out for you are set out in Annex 1 of this Schedule 2 (Specification of processing), which you agree that you have checked and confirmed as correct or have changed as necessary to reflect the processing of Relevant Data under the Agreement. If you have changed Annex 1 of this Schedule 2 (Specification of processing), it is your responsibility to provide it to us and to agree the changes with us before you enter into the Agreement. The parties may update Annex 1 of this Schedule 2 (Specification of processing) during the Term, in accordance with the Agreement or by mutual written agreement, to reflect changes in processing or for other reasons. Each updated version shall form part of the Schedule 2.

2.2 You warrant and represent that:

2.2.1 you will comply, and will ensure that your instructions for the processing of Relevant Data will comply, with Data Protection Laws;

2.2.2 you are authorised by the relevant data subjects, or are otherwise permitted pursuant to Data Protection Laws, to disclose the Relevant Data to us;

2.2.3 you will, where necessary, and in accordance with Data Protection Laws, obtain all necessary consents and rights and provide all necessary information and notices to data subjects in order for:

  • (i) you to disclose the Relevant Data to us; and

  • (ii) us to process the Relevant Data for the purposes set out in the Terms and this Schedule 2 and in accordance with Data Protection Laws; and;

  • (iii) your instructions to us and/or to any Sub-operator(s) relating to processing of Relevant Data will not put us or any Sub-operator(s) in breach of Data Protection Laws.

2.3 You acknowledge and agree that we may be required or permitted by Data Protection Laws to disclose certain personal information or other information relating to you, the Platform and/or the Agreement to third parties. We may also be required by Data Protection Laws to process the Relevant Data other than on your documented instructions under paragraph 3.1.1. If that happens, we will inform you of that legal requirement before the processing, unless that legal requirement or law prohibits us from doing so on important grounds of public interest. Where we are prohibited from informing you of the legal requirement, and/or where we are subject to an ongoing legal requirement to process, you give us general authorisation and consent to carry out that processing without your specific authorisation or consent. Such authorisation/consent shall constitute authorisation/consent from you as a business Customer: it is not consent from you as an individual under POPIA.

2.4 Where we assist you with your compliance with data protection requirements or where we otherwise assist you under or pursuant to this Schedule 2, we reserve the right to charge you on the basis of our standard applicable pricing. In addition you will be responsible for the cost of engaging any third-party auditor you wish to commission to conduct an audit. You will reimburse us for all additional costs and liabilities incurred by us resulting from any failure or delay(s) by you to comply with your obligations under this Schedule 2. Nothing in this paragraph 2.4 shall affect our rights to charge you under the Terms.

3. OUR OBLIGATIONS

3.1 We shall:

3.1.1 Lawful Instructions: except as indicated in paragraph 2.3 and paragraph 5.1.5, only process the Relevant Data in accordance with your documented instructions including with regard to International Transfers; you hereby instruct us to process the Relevant Data in order to provide the Platform and in accordance with any other instructions set out in the Agreement; nothing in this paragraph 3.1.1 will permit you to vary our obligations and/or any instructions under the Agreement other than with our prior written agreement; if we reasonably consider that any of your instructions may put us and/or any Sub-operator(s) in breach of Data Protection Laws and/or any provision of the Agreement, we shall be entitled not to carry out that processing and will not be in breach of the Agreement or otherwise liable to you as a result of our failure to carry out or delays in carrying out that processing;

3.1.2 Security of Processing: implement appropriate, reasonable technical and organisational measures to prevent: (a) loss of, damage to or unauthorised destruction of Relevant Data; and (b) unlawful access to or processing of Relevant Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Relevant Data, as well as the risk of varying likelihood and severity for the rights and freedoms of the data subjects, and including, as and where appropriate, measures to ensure:

(a) the pseudonymisation and/or encryption of the Relevant Data;

(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

(c) the ability to restore the availability of and access to the Relevant Data in a timely manner in the event of physical or technical incident; and

(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing;

3.1.3 take steps to ensure that any natural person acting under our authority who has access to Relevant Data does not process them except on your instructions, unless he or she is required to do so by the applicable Data Protection Laws; and

3.1.4 operate, maintain and enforce an information security management programme (“ Security Programme ”) which is consistent with generally accepted information security practices and procedures and recognised industry practice; the Security Programme contains measures to—(a) identify all reasonably foreseeable internal and external risks to personal information in its possession; (b) establish and maintain appropriate safeguards against the risks identified; () regularly verify that the safeguards are effectively implemented; and (d) ensure that the safeguards are continually updated in response to new risks or deficiencies in previously implemented safeguards; as well as appropriate administrative, physical, technical and organisational safeguards, policies and controls in the following areas:

  • Information security policies

  • Organisation of information security

  • Human resources security

  • Asset management

  • Access control

  • Cryptography

  • Physical and environmental security

  • Operations security

  • Communications security

  • System acquisition, development and maintenance

  • Supplier relationships

  • Information security incident management

  • Information security aspects of business continuity management

  • Legislative, regulatory and contractual compliance;

3.1.5 Assistance in Compliance : taking into account the nature of the processing, assist you by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of your obligation to respond to requests by data subjects exercising their rights under Data Protection Laws; please note that if we assist you in responding to requests, including the provision of tools or reports within the Platform to support your searches, we give no warranty and make no representation as to the compliance of the nature and scope of the search with applicable Data Protection Laws, nor do we warrant or represent the accuracy or completeness of the output of our assistance: it is your responsibility, and not our responsibility, to determine the nature and scope of the search, validate the output and ensure that your response to the data subject is compliant in all respects with applicable Data Protection Laws, as further referred to in paragraph 7;

3.1.6. assist you in ensuring compliance with the obligations in Data Protection Laws in respect of processing, security of notification of a Security Incident to a supervisory authority, communication of a Security Incident to the data subject, data protection impact assessments and prior consultation, taking into account the nature of processing and the information available to us;

3.1.7. notify you as soon as reasonably possible, without undue delay after discovery of a Security Incident, taking into account the legitimate needs of law enforcement or any measures reasonably necessary to determine the scope of the Security Incident and to restore the integrity of the information system;

3.1.8 Staff Confidentiality Obligations: ensure that our staff who are authorised to process the Relevant Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; and

3.1.9. Return or Deletion of Relevant Data: at your option (to be exercised by written notice from you within 30 (thirty) days from the date of termination of the Terms) delete or return to you, all the Relevant Data after the end of the provision of the Platform relating to the processing, and (in the case of return), delete existing copies of the Relevant Data unless any Data Protection Laws require us to store the Relevant Data; however we will be entitled to retain any Relevant Data which: (a) we have to keep to comply with any applicable laws; (b) we are required to keep for insurance, accounting, taxation, legal, regulatory or record keeping purposes; or (c) is necessary to investigate and resolve performance or security issues, and this Schedule 2 will continue to apply to retained Relevant Data; notwithstanding any provision to the contrary in the Terms, we shall be entitled to delete the Relevant Data in accordance with our normal data cleansing policies; in respect of Relevant Data which are archived/backed up, you instruct us to retain those archived/backed up Relevant Data in accordance with the typical period for which those Relevant Data are archived/backed up by us for the Platform in question. In the event that you do not request the return or deletion of the Relevant Data, you agree that such Relevant Data will be subject to our retention policies.

4. USE OF SUB-OPERATORS

4.1. Without prejudice to any provisions in the Terms relating to sub-contracting, you hereby give your general written authorisation to us engaging Sub-operator(s) to process the Relevant Data. We will inform you of any intended changes concerning the addition or replacement of other operators, thereby giving you the opportunity to object to such changes, in writing to us within 3 (three) Working Days of us notifying you of such change. Where the Sub-operator is in a third country, you hereby instruct us to make an International Transfer under paragraph 5.

4.2. We shall respect the conditions referred to in Article 28(2) GDPR for engaging a Sub-processor, to the extent applicable.

4.3. If we appoint a Sub-operator, we will put a written contract in place between us and the Sub-operator that specifies the Sub-operator’s processing activities and imposes on the Sub-operator the same data protection obligations undertaken by us. If that Sub-operator fails to fulfil its data protection obligations, we shall remain liable to you for the performance of that Sub-operator's obligations.

5. TRANSFERS OF PERSONAL INFORMATION TO A THIRD COUNTRY OR INTERNATIONAL ORGANISATION

5.1. We shall only make an International Transfer to a recipient:

5.1.1. on the basis of an adequacy decision made under Data Protection Laws;

5.1.2. on the basis of appropriate safeguards that are in place, and you agree to execute any documents (including data transfer agreements) relating to that International Transfer which we request that you to execute from time to time for that purpose;

5.1.3. on the basis of binding corporate rules approved by a competent supervisory authority; or

5.1.4. on the basis of an applicable derogation in Data Protection Laws which in each case applies to the International Transfer in question;

5.1.5. if we are required to make the International Transfer to comply with Data Protection Laws, in which case we will notify you of the legal requirement prior to that International Transfer unless the law prohibits us from notifying you. Where we are prohibited from informing you of the legal requirement, and/or where we are subject to an ongoing legal requirement to transfer, you (as a business Customer) give us general authorisation and consent to carry out that transfer without your specific authorisation or consent; or

5.1.6. where you have confirmed that the data subject has consented to the transfer of the Relevant Data.

5.2. You acknowledge and agree that you shall be responsible, and we shall not be responsible, for the compliance of any International Transfers that occur when users access the Platform through a browser from a third country or international organisation, as further referred to in paragraph 7.

6. RIGHTS OF AUDIT

6.1. At your reasonable request and subject to you (and any third-party auditor) entering into an appropriate confidentiality agreement, we shall:

6.1.1. make available to you such information as may reasonably be necessary to demonstrate compliance with the obligations for operator agreements laid down in Data Protection Laws; and

6.1.2. subject to paragraphs 6.3 and 6.4 below, allow you (or an independent, third-party professional auditor mandated by you and acceptable to us, both of us acting reasonably) to conduct an audit, including inspection, of our processing of Relevant Data pursuant to the Agreement, and contribute to that audit, except that you agree that nothing in this paragraph 6.1 shall require us to act in breach of an obligation of confidentiality owed to a third party.

6.2. With respect to paragraph 6.1, we shall immediately inform you in writing, but without any obligation to monitor or enquire as to the legality of your instructions or to give legal advice if, in our opinion, to follow an instruction given by you would give rise to a breach of applicable Data Protection Laws.

6.3. Where we have commissioned audit report(s) which we offer to make available to you, you agree that you may only proceed with your own audit/inspection if, acting in good faith, you are reasonably dissatisfied with the audit report(s), and that your own audit/inspection is subject to our rights in paragraph 2.4. You must coordinate with us on the timing and scope of any such audit/inspection and refrain from any act or omission that could lead to the degradation, overload or unavailability of the Platform. The scope of your audit must exclude other customers’ data. Any testing, probing or scanning tools used on our infrastructure must be pre-approved by us. You must not and must instruct any third-party auditor not to) include in your audit report any sensitive information, personal information or special personal information that could be used by a third party to the detriment of the security of the Platform (including, but not only, details of vulnerabilities). You must instruct any third-party auditor to give us the reasonable opportunity to review the report before it is provided to you in final form and to communicate with the auditor to resolve any questions or issues of fact. You and the auditor must keep the results and findings of any audits confidential and disclose them to third parties only to the extent required by law.

6.4. In relation to any Sub-operators that are engaged pursuant to paragraph 4 and/or any data centre facilities used by us, you acknowledge and agree that it is sufficient, for the purposes of satisfying the requirements of paragraph 6.1, that we shall have a right to audit or inspect those Sub-operators and/or those data centre facilities on your behalf, subject to reasonable restrictions.

7. YOUR OBLIGATIONS

7.1. You shall comply with Your Data Responsibilities. We are not in any way responsible for Your Data Responsibilities.

8. CAKEHR AS RESPONSIBLE PARTY

8.1. We will process personal information as a responsible party under the Terms and/or this Schedule 2, for example but not exhaustively, in the management of our relationship with you, in our use of Usage Data under paragraph 9, for analytics under paragraph 10 or for marketing under paragraph 12. Please see our website privacy notice for further details. Paragraphs 2.1 (and Annex 1 of this Schedule 2) and paragraphs 3 to 6 inclusive of this Schedule 2 shall not apply to personal information of which we are a responsible party.

9. USAGE DATA

9.1 We may collect or create data resulting from users’ use of the Platform, such as metadata, performance metrics, and usage trends or volume (“ Usage Data ”). We may use Usage Data for our legitimate business purposes, including network and information security, Customer support, data analytics and marketing, provided that, except to provide the Platform or as required or permitted by law, any external disclosure of Usage Data by us will be in an aggregated form that does not identify or otherwise permit the identification of you, any users or other persons, unless you consent otherwise or initiate the sharing of Usage Data yourself.

10. JOINT RESPONSIBLE PARTIES

10.1 As at the date of the Terms, the parties do not consider themselves to be joint responsible parties (that is, where two or more responsible parties jointly determine the purposes and means of processing) for the purpose of the processing activities referred to in this Schedule 2.

10.2 If and to the extent that the parties later determine that their arrangement has become one of joint controllers under GDPR, they shall comply with the requirements set out in article 26 GDPR, to the extent applicable.

Annex 1 - Specification of Processing

Subject matter and duration of the processing of Relevant Data:

Subject matter: the provision of the Platform and any professional services under the Terms.

Duration: the term of the agreement as set out in the Terms including any transitional periods on entrance or exit and any archival/backup period references in paragraph 3.1.9 of this Schedule 2.

Nature and purpose of the processing of Relevant Data: Any or all of the following processing operations for the purpose of providing the Platform for which you subscribe; your use of and requirements for the Platform; any Professional Services under the Terms; the requirements in the Terms; and third party requests and other extraneous events (the “ Purposes ”):

  • Collection

  • Recording

  • Organisation

  • Structuring

  • Storage

  • Adaptation/alteration

  • Retrieval

  • Consultation

  • Use

  • Disclosure by transmission / dissemination or otherwise making available

  • Alignment / combination

  • Restriction

  • Erasure / destruction

  • Others: ...........................................

Type of Relevant Data (including any special categories of Relevant Data or other special information):

Any or all of the following depending on the Purposes:

  • Personal details (any information that identifies the data subject and their personal characteristics e.g. name, address, contact details, age, sex, date of birth, physical description and any identifier issued by a public body, e.g. National identity number or passport number)

  • Education and training details (any information which relates to the education and any professional training of the data subject e.g. academic records, qualifications, skills, training records, professional expertise, and student and pupil records)

  • Family, lifestyle and social circumstances (any information relating to the family of the data subject and the data subject's lifestyle and social circumstances e.g. current marriage and partnerships and marital history, details of family and other household members, habits, housing, travel details, leisure activities and membership of charitable or voluntary organisations)

  • Employment details (any information relating to the employment of the data subject e.g. employment and career history, recruitment and termination details, attendance records, health and safety records, performance appraisals, training records and security records) and pension information)

  • Financial details (any information relating to the financial affairs of the data subject e.g. income, salary, assets and investments, payments, creditworthiness, loans, benefits, grants, insurance details and pension information)

  • Goods and services provided (any information relating to goods and services that have been provided e.g. goods or services supplied, licences issued, agreements and contracts)

  • Special categories of personal data (racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a data subject, data concerning health or data concerning a data subject's sex life or sexual orientation)

  • Criminal data (criminal convictions and offences or related security measures, including personal data relating to: (a) the alleged commission of offences by the individual (b) proceedings for an offence committed or alleged to have been committed by the individual or the disposal of such proceedings, including sentencing)

  • Others: ...........................................

Categories of data subjects:

Any or all of the following depending on the Purposes:

  • Staff including volunteers, agents, temporary and casual workers of yours

  • Customers/clients (who are individuals or sole traders) of yours

  • Suppliers (sole traders) of yours

  • Contact persons of corporate entities (e.g. at suppliers or customers, where supplier is not a sole trader or customer is not an individual) of yours

  • Members or supporters (e.g. shareholders) of yours

  • Complainants, correspondents and enquirers of yours

  • Relatives, guardians and associates (of data subjects) of your staff

  • Advisers, consultants and other professional experts or legal representatives (individuals/sole traders) of yours

  • Partners, resellers (individuals/sole traders) of yours

  • Donors, supporters (individuals/sole traders) of yours

  • Students if input by you

  • Offenders and suspected offenders if input by you

  • Landlords/tenants of yours

  • Users of the Platform not included in the above

  • Others: ..........................................

Responsible Party’s obligations and rights:

The obligations in paragraph 2.2 and paragraph 7.

The rights to enforce the data processing terms in paragraphs 3, 4, 5 and 6 against us as your operator.

Starte jetzt deine kostenlose Testversion

Einfache Einstellung
Kostenlose 14-tägige Testversion
Jederzeit abbrechen

Vertrauenswürdiger Personalpartner

Badges