Please read these Terms and Conditions carefully. All contracts that the Provider may enter into from time to time for the provision of the Hosted Services and related services shall be governed by these Terms and Conditions, and the Provider will ask the Customer for the Customer's express written or online acceptance of these Terms and Conditions before providing any such services to the Customer.
1.1 Except to the extent expressly provided otherwise, in these Terms and Conditions:
"Account" means an account enabling a person to access and use the Hosted Services, including both administrator accounts and user accounts;
"Agreement" means a contract between the parties incorporating these Terms and Conditions, and any amendments to that contract from time to time;
"Business Day" means any weekday other than a bank or public holiday in England;
"Charges" means the following amounts: (a) such amounts as may be agreed in writing by the parties from time to time;
"Controller", "Processor", "Data Subject", "Personal Data", "Personal Data Breach", "processing" and "appropriate technical and organisational measures" have the meanings defined in the Data Protection Laws.
"Customer" means the person or entity identified as such in Section 1 of the Services Order Form;
"Customer Confidential Information" means: (a) any information disclosed by or on behalf of the Customer to the Provider at any time before the termination of the Agreement (whether disclosed in writing, orally or otherwise) that at the time of disclosure: (i) was marked or described as "confidential"; or (ii) should have been reasonably understood by the Provider to be confidential; and (b) the Customer Data;
"Customer Data" means all data, works and materials: uploaded to or stored on the Platform by the Customer; transmitted by the Platform at the instigation of the Customer; supplied by the Customer to the Provider for uploading to, transmission by or storage on the Platform; or generated by the Platform as a result of the use of the Hosted Services by the Customer (but excluding analytics data relating to the use of the Platform and server log files);
"Customer Personal Data" means any Personal Data that is processed by the Provider on behalf of the Customer in relation to the Agreement, but excluding the data with respect to which the Provider is a Controller;
"Data Processing Information" means the data processing details set out in the Appendix to Schedule 2;
"Data Protection Laws" means : (a) To the extent that the UK GDPR applies, all applicable laws relating to the processing of Personal Data in the United Kingdom from time to time, including, while it is in force and applicable to Customer Personal Data, the UK General Data Protection Regulation, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended; (b) To the extent that the EU GDPR applies, all applicable laws relating to the processing of Personal Data in the European Union or in any member state of the European Union to which the Customer or Provider is subject, from time to time, including, while it is in force and applicable to Customer Personal Data, the EU GDPR;
"Documentation" means the documentation for the Hosted Services produced by the Provider and delivered or made available by the Provider to the Customer;
"Effective Date" means the date upon which the Customer completes and submits the online Services Order Form published by the Provider on the Provider's website;
"EU GDPR" means the General Data Protection Regulation ((EU) 2016/679);
"Force Majeure Event" means an event, or a series of related events, that is outside the reasonable control of the party affected (including failures of the internet or any public telecommunications network, hacker attacks, denial of service attacks, virus or other malicious software attacks or infections, power failures, industrial disputes affecting any third party, changes to the law, disasters, explosions, fires, floods, riots, terrorist attacks and wars);
"Hosted Services" means Beacon CRM which will be made available by the Provider to the Customer as a service via the internet in accordance with these Terms and Conditions;
"Hosted Services Defect" means a defect, error or bug in the Platform having a material adverse effect on the appearance, operation, functionality or performance of the Hosted Services, but excluding any defect, error or bug caused by or arising as a result of: (a) any act or omission of the Customer or any person authorised by the Customer to use the Platform or Hosted Services; (b) any use of the Platform or Hosted Services contrary to the Documentation, whether by the Customer or by any person authorised by the Customer; (c) a failure of the Customer to perform or observe any of its obligations in the Agreement; and/or (d) an incompatibility between the Platform or Hosted Services and any other system, network, application, program, hardware or software not specified as compatible in the Hosted Services Specification;
"Hosted Services Specification" means the specification for the Platform and Hosted Services set out in Section 2 of the Services Order Form and in the Documentation;
"Intellectual Property Rights" means all intellectual property rights wherever in the world, whether registrable or unregistrable, registered or unregistered, including any application or right of application for such rights (and these "intellectual property rights" include copyright and related rights, database rights, confidential information, trade secrets, know-how, business names, trade names, trade marks, service marks, passing off rights, unfair competition rights, patents, petty patents, utility models, semi-conductor topography rights and rights in designs);
"Maintenance Services" means the general maintenance of the Platform and Hosted Services, and the application of Updates and Upgrades;
"Platform" means the platform managed by the Provider and used by the Provider to provide the Hosted Services, including the application and database software for the Hosted Services, the system and server software used to provide the Hosted Services, and the computer hardware on which that application, database, system and server software is installed;
"Provider" means Beacon Apps Ltd, a company incorporated in England and Wales (registration number 11097096) having its registered office at 11 Kingfisher Business Park, Arthur Street, Redditch, England, B98 8LG;
"Services" means any services that the Provider provides to the Customer, or has an obligation to provide to the Customer, under these Terms and Conditions;
"Services Order Form" means an online order form published by the Provider and completed and submitted by the Customer, or a hard-copy order form signed or otherwise agreed by or on behalf of each party, in each case incorporating these Terms and Conditions by reference;
"Support Services" means support in relation to the use of, and the identification and resolution of errors in, the Hosted Services, but shall not include the provision of training services;
"Supported Web Browser" means the current release from time to time of Microsoft Edge, Mozilla Firefox, Google Chrome or Apple Safari, or any other web browser that the Provider agrees in writing shall be supported;
"Term" means the term of the Agreement, commencing in accordance with Clause 2.1 and ending in accordance with Clause 2.2;
"Terms and Conditions" means all the documentation containing the provisions of the Agreement, namely the Services Order Form, the main body of these Terms and Conditions and the Schedules, including any amendments to that documentation from time to time;
"UK GDPR" means the UK General Data Protection Regulation, as defined in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018;
"Update" means a hotfix, patch or minor version update to any Platform software; and
"Upgrade" means a major version upgrade of any Platform software.
2.1 The Agreement shall come into force upon the Effective Date.
2.2 The Agreement shall continue in force indefinitely, subject to termination in accordance with Clause 16.
2.3 Unless the parties expressly agree otherwise in writing, each Services Order Form shall create a distinct contract under these Terms and Conditions.
3. Hosted Services
3.1 The Provider shall ensure that the Platform will, on the Effective Date, automatically generate an Account for the Customer and provide to the Customer login details for that Account.
3.2 The Provider hereby grants to the Customer a worldwide, non-exclusive licence to use the Hosted Services by means of a Supported Web Browser for the internal business purposes of the Customer in accordance with the Documentation during the Term.
3.3 The licence granted by the Provider to the Customer under Clause 3.2 is subject to the following limitations: (a) the Hosted Services may only be used by the officers, employees, agents and subcontractors of the Customer; and (b) the Hosted Services may only be used by the named users identified in the Customer Team settings, providing that the Customer may change, add or remove a designated named user in accordance with the procedure set out therein; and (c) a Hosted Services Account may only be used by the named person identified in the Customer Team settings; and (d) the password to a Hosted Services Account must not be shared with any other party.
3.4 Except to the extent expressly permitted in these Terms and Conditions or required by law on a non-excludable basis, the licence granted by the Provider to the Customer under Clause 3.2 is subject to the following prohibitions: (a) the Customer must not sub-license its right to access and use the Hosted Services; (b) the Customer must not permit any unauthorised person to access or use the Hosted Services; (c) the Customer must not use the Hosted Services to provide services to third parties; (d) the Customer must not republish or redistribute any content or material from the Hosted Services; (e) the Customer must not make any alteration to the Platform, except as permitted by the Documentation; and (f) the Customer must not conduct or request that any other person conduct any load testing or penetration testing on the Platform or Hosted Services without the prior written consent of the Provider.
3.5 The Customer shall use reasonable endeavours, including reasonable security measures relating to administrator Account access details, to ensure that no unauthorised person may gain access to the Hosted Services using an Account.
3.6 The Provider shall use all reasonable endeavours to maintain the availability of the Hosted Services to the Customer at the gateway between the public internet and the network of the hosting services provider for the Hosted Services, but does not guarantee 100% availability.
3.7 For the avoidance of doubt, downtime caused directly or indirectly by any of the following shall not be considered a breach of the Agreement: (a) a Force Majeure Event; (b) a fault or failure of the internet or any public telecommunications network; (c) a fault or failure of the Customer's computer systems or networks; (d) any breach by the Customer of the Agreement; or (e) scheduled maintenance carried out in accordance with the Agreement.
3.8 The Customer must comply with Schedule 1 (Acceptable Use Policy), and must ensure that all persons using the Hosted Services with the authority of the Customer or by means of an Account comply with Schedule 1 (Acceptable Use Policy).
3.9 The Customer must not use the Hosted Services in any way that causes, or may cause, damage to the Hosted Services or Platform or impairment of the availability or accessibility of the Hosted Services.
3.10 The Customer must not use the Hosted Services: (a) in any way that is unlawful, illegal, fraudulent or harmful; or (b) in connection with any unlawful, illegal, fraudulent or harmful purpose or activity.
3.11 For the avoidance of doubt, the Customer has no right to access the software code (including object code, intermediate code and source code) of the Platform, either during or after the Term.
3.12 The Provider may suspend the provision of the Hosted Services if any amount due to be paid by the Customer to the Provider under the Agreement is overdue, and the Provider has given to the Customer at least 7 days written notice, following the amount becoming overdue, of its intention to suspend the Hosted Services on this basis.
4. Maintenance Services
4.1 The Provider shall provide the Maintenance Services to the Customer during the Term.
4.2 The Provider shall where practicable give to the Customer at least 5 Business Days' prior written notice of scheduled Maintenance Services that are likely to affect the availability of the Hosted Services or are likely to have a material negative impact upon the Hosted Services, without prejudice to the Provider's other notice obligations under this main body of these Terms and Conditions.
4.3 The Provider shall provide the Maintenance Services in accordance with the standards of skill and care reasonably expected from a leading service provider in the Provider's industry.
4.4 The Provider may suspend the provision of the Maintenance Services if any amount due to be paid by the Customer to the Provider under the Agreement is overdue, and the Provider has given to the Customer at least 7 days' written notice, following the amount becoming overdue, of its intention to suspend the Maintenance Services on this basis.
5. Support Services
5.1 The Provider shall provide the Support Services to the Customer during the Term.
5.2 The Provider shall make available to the Customer a helpdesk in accordance with the provisions of this main body of these Terms and Conditions.
5.3 The Provider shall provide the Support Services in accordance with the standards of skill and care reasonably expected from a leading service provider in the Provider's industry.
5.4 The Customer may use the helpdesk for the purposes of requesting and, where applicable, receiving the Support Services; and the Customer must not use the helpdesk for any other purpose.
5.5 The Provider shall respond promptly to all requests for Support Services made by the Customer through the helpdesk.
5.6 The Provider may suspend the provision of the Support Services if any amount due to be paid by the Customer to the Provider under the Agreement is overdue, and the Provider has given to the Customer at least 7 days written notice, following the amount becoming overdue, of its intention to suspend the Support Services on this basis.
6. Customer Data
6.1 The Customer hereby grants to the Provider a non-exclusive licence to copy, reproduce, store, distribute, publish, export, adapt, edit and translate the Customer Data to the extent reasonably required for the performance of the Provider's obligations and the exercise of the Provider's rights under the Agreement. The Customer also grants to the Provider the right to sub-license these rights to its hosting, connectivity and telecommunications service providers, subject to any express restrictions elsewhere in the Agreement.
6.2 The Customer warrants to the Provider that the Customer Data will not infringe the Intellectual Property Rights or other legal rights of any person, and will not breach the provisions of any law, statute or regulation, in any jurisdiction and under any applicable law.
6.3 The Provider shall create a back-up copy of the Customer Data at least daily, shall ensure that each such copy is sufficient to enable the Provider to restore the Hosted Services to the state they were in at the time the back-up was taken, and shall retain and securely store each such copy for a minimum period of 14 days.
7. No assignment of Intellectual Property Rights
7.1 Nothing in these Terms and Conditions shall operate to assign or transfer any Intellectual Property Rights from the Provider to the Customer, or from the Customer to the Provider.
8.1 The Customer shall pay the Charges to the Provider in accordance with these Terms and Conditions.
8.2 If the Charges are based in whole or part upon the time spent by the Provider performing the Services, the Provider must obtain the Customer's written consent before performing Services that result in any estimate of time-based Charges given to the Customer being exceeded or any budget for time-based Charges agreed by the parties being exceeded; and unless the Customer agrees otherwise in writing, the Customer shall not be liable to pay to the Provider any Charges in respect of Services performed in breach of this Clause 8.2.
8.3 The Provider may elect to vary any element of the Charges by giving to the Customer not less than 7 days' written notice of the variation
9.1 The Provider shall issue invoices for the Charges to the Customer from time to time during the Term.
9.2 The Customer must pay the Charges to the Provider within the period of 7 days following the issue of an invoice in accordance with this Clause 9, providing that the Charges must in all cases be paid before the commencement of the period to which they relate.
9.3 The Customer must pay the Charges by debit card or credit card (using such payment details as are notified by the Provider to the Customer from time to time).
9.4 If the Customer does not pay any amount properly due to the Provider under these Terms and Conditions, the Provider may: (a) charge the Customer interest on the overdue amount at the rate of 4% per annum above the Bank of England base rate from time to time (which interest will accrue daily until the date of actual payment and be compounded at the end of each calendar month); or (b) claim interest and statutory compensation from the Customer pursuant to the Late Payment of Commercial Debts (Interest) Act 1998.
10. Provider's confidentiality obligations
10.1 The Provider must: (a) keep the Customer Confidential Information strictly confidential; (b) not disclose the Customer Confidential Information to any person without the Customer's prior written consent, and then only under conditions of confidentiality no less onerous than those contained in these Terms and Conditions; (c) use the same degree of care to protect the confidentiality of the Customer Confidential Information as the Provider uses to protect the Provider's own confidential information of a similar nature, being at least a reasonable degree of care; and (d) act in good faith at all times in relation to the Customer Confidential Information.
10.2 Notwithstanding Clause 10.1, the Provider may disclose the Customer Confidential Information to the Provider's officers, employees, professional advisers, insurers, agents and subcontractors who have a need to access the Customer Confidential Information for the performance of their work with respect to the Agreement and who are bound by a written agreement or professional obligation to protect the confidentiality of the Customer Confidential Information.
10.3 This Clause 10 imposes no obligations upon the Provider with respect to Customer Confidential Information that: (a) is known to the Provider before disclosure under these Terms and Conditions and is not subject to any other obligation of confidentiality; (b) is or becomes publicly known through no act or default of the Provider; or (c) is obtained by the Provider from a third party in circumstances where the Provider has no reason to believe that there has been a breach of an obligation of confidentiality.
10.4 The restrictions in this Clause 10 do not apply to the extent that any Customer Confidential Information is required to be disclosed by any law or regulation, by any judicial or governmental order or request, or pursuant to disclosure requirements relating to the listing of the stock of the Provider on any recognised stock exchange.
10.5 The provisions of this Clause 10 shall continue in force indefinitely following the termination of the Agreement.
11. Data protection
11.1 Each party shall comply with the Data Protection Laws and act in accordance with the data processing terms contained in Schedule 2 (Data Processing Schedule), with respect to the processing of the Customer Personal Data.
12.1 The Provider warrants to the Customer that: (a) the Provider has the legal right and authority to enter into the Agreement and to perform its obligations under these Terms and Conditions; (b) the Provider will comply with all applicable legal and regulatory requirements applying to the exercise of the Provider's rights and the fulfilment of the Provider's obligations under these Terms and Conditions; and (c) the Provider has or has access to all necessary know-how, expertise and experience to perform its obligations under these Terms and Conditions.
12.2 The Provider warrants to the Customer that: (a) the Platform and Hosted Services will conform in all material respects with the Hosted Services Specification; (b) the Hosted Services will be free from Hosted Services Defects; (c) the application of Updates and Upgrades to the Platform by the Provider will not introduce any Hosted Services Defects into the Hosted Services; (d) the Platform will be free from viruses, worms, Trojan horses, ransomware, spyware, adware and other malicious software programs; and (e) the Platform will incorporate security features reflecting the requirements of good industry practice.
12.3 The Provider warrants to the Customer that the Hosted Services, when used by the Customer in accordance with these Terms and Conditions, will not breach any laws, statutes or regulations applicable under English law.
12.4 The Provider warrants to the Customer that the Hosted Services, when used by the Customer in accordance with these Terms and Conditions, will not infringe the Intellectual Property Rights of any person in any jurisdiction and under any applicable law.
12.5 If the Provider reasonably determines, or any third party alleges, that the use of the Hosted Services by the Customer in accordance with these Terms and Conditions infringes any person's Intellectual Property Rights, the Provider may at its own cost and expense: (a) modify the Hosted Services in such a way that they no longer infringe the relevant Intellectual Property Rights; or (b) procure for the Customer the right to use the Hosted Services in accordance with these Terms and Conditions.
12.6 The Customer warrants to the Provider that it has the legal right and authority to enter into the Agreement and to perform its obligations under these Terms and Conditions.
12.7 All of the parties' warranties and representations in respect of the subject matter of the Agreement are expressly set out in these Terms and Conditions. To the maximum extent permitted by applicable law, no other warranties or representations concerning the subject matter of the Agreement will be implied into the Agreement or any related contract.
13. Acknowledgements and warranty limitations
13.1 The Customer acknowledges that complex software is never wholly free from defects, errors and bugs; and subject to the other provisions of these Terms and Conditions, the Provider gives no warranty or representation that the Hosted Services will be wholly free from defects, errors and bugs.
13.2 The Customer acknowledges that complex software is never entirely free from security vulnerabilities; and subject to the other provisions of these Terms and Conditions, the Provider gives no warranty or representation that the Hosted Services will be entirely secure.
13.3 The Customer acknowledges that the Hosted Services are designed to be compatible only with that software and those systems specified as compatible in the Hosted Services Specification; and the Provider does not warrant or represent that the Hosted Services will be compatible with any other software or systems.
13.4 The Customer acknowledges that the Provider will not provide any legal, financial, accountancy or taxation advice under these Terms and Conditions or in relation to the Hosted Services; and, except to the extent expressly provided otherwise in these Terms and Conditions, the Provider does not warrant or represent that the Hosted Services or the use of the Hosted Services by the Customer will not give rise to any legal liability on the part of the Customer or any other person.
14. Limitations and exclusions of liability
14.1 Nothing in these Terms and Conditions will: (a) limit or exclude any liability for death or personal injury resulting from negligence; (b) limit or exclude any liability for fraud or fraudulent misrepresentation; (c) limit any liabilities in any way that is not permitted under applicable law; or (d) exclude any liabilities that may not be excluded under applicable law.
14.2 The limitations and exclusions of liability set out in this Clause 14 and elsewhere in these Terms and Conditions: (a) are subject to Clause 14.1; and (b) govern all liabilities arising under these Terms and Conditions or relating to the subject matter of these Terms and Conditions, including liabilities arising in contract, in tort (including negligence) and for breach of statutory duty, except to the extent expressly provided otherwise in these Terms and Conditions.
14.3 Neither party shall be liable to the other party in respect of any losses arising out of a Force Majeure Event.
14.4 Neither party shall be liable to the other party in respect of any loss of profits or anticipated savings.
14.5 Neither party shall be liable to the other party in respect of any loss of revenue or income.
14.6 Neither party shall be liable to the other party in respect of any loss of use or production.
14.7 Neither party shall be liable to the other party in respect of any loss of business, contracts or opportunities.
14.8 Neither party shall be liable to the other party in respect of any loss or corruption of any data, database or software; providing that this Clause 14.8 shall not protect the Provider unless the Provider has fully complied with its obligations under Clause 6.3.
14.9 Neither party shall be liable to the other party in respect of any special, indirect or consequential loss or damage.
14.10 The liability of each party to the other party under the Agreement in respect of any event or series of related events shall not exceed the greater of: (a) £5,000; and (b) the total amount paid and payable by the Customer to the Provider under the Agreement in the 12 month period preceding the commencement of the event or events.
14.11 The aggregate liability of each party to the other party under the Agreement shall not exceed the greater of: (a) £5,000; and (b) the total amount paid and payable by the Customer to the Provider under the Agreement.
15. Force Majeure Event
15.1 If a Force Majeure Event gives rise to a failure or delay in either party performing any obligation under the Agreement (other than any obligation to make a payment), that obligation will be suspended for the duration of the Force Majeure Event.
15.2 A party that becomes aware of a Force Majeure Event which gives rise to, or which is likely to give rise to, any failure or delay in that party performing any obligation under the Agreement, must: (a) promptly notify the other; and (b) inform the other of the period for which it is estimated that such failure or delay will continue.
15.3 A party whose performance of its obligations under the Agreement is affected by a Force Majeure Event must take reasonable steps to mitigate the effects of the Force Majeure Event.
16.1 Either party may terminate the Agreement by giving to the other party at least 30 days' written notice of termination.
16.2 Either party may terminate the Agreement immediately by giving written notice of termination to the other party if the other party commits a material breach of these Terms and Conditions.
16.3 Either party may terminate the Agreement immediately by giving written notice of termination to the other party if: (a) the other party: (i) is dissolved; (ii) ceases to conduct all (or substantially all) of its business; (iii) is or becomes unable to pay its debts as they fall due; (iv) is or becomes insolvent or is declared insolvent; or (v) convenes a meeting or makes or proposes to make any arrangement or composition with its creditors; (b) an administrator, administrative receiver, liquidator, receiver, trustee, manager or similar is appointed over any of the assets of the other party; (c) an order is made for the winding up of the other party, or the other party passes a resolution for its winding up (other than for the purpose of a solvent company reorganisation where the resulting entity will assume all the obligations of the other party under the Agreement); or (d) if that other party is an individual: (i) that other party dies; (ii) as a result of illness or incapacity, that other party becomes incapable of managing his or her own affairs; or (iii) that other party is the subject of a bankruptcy petition or order.
17. Effects of termination
17.1 Upon the termination of the Agreement, all of the provisions of these Terms and Conditions shall cease to have effect, save that the following provisions of these Terms and Conditions shall survive and continue to have effect (in accordance with their express terms or otherwise indefinitely): Clauses 1, 3.11, 9.2, 9.4, 10, 11, 14, 17, 19 and 20.
17.2 Except to the extent that these Terms and Conditions expressly provides otherwise, the termination of the Agreement shall not affect the accrued rights of either party.
17.3 Within 30 days following the termination of the Agreement for any reason the Customer must pay to the Provider any Charges in respect of Services provided to the Customer before the termination of the Agreement;
18.1 Subject to any express restrictions elsewhere in these Terms and Conditions, the Provider may subcontract any of its obligations under the Agreement.
18.2 The Provider shall remain responsible to the Customer for the performance of any subcontracted obligations.
18.3 Notwithstanding the provisions of this Clause 18 but subject to any other provision of these Terms and Conditions, the Customer acknowledges and agrees that the Provider may subcontract to any reputable third party hosting business the hosting of the Platform and the provision of services in relation to the support and maintenance of elements of the Platform.
19.1 No breach of any provision of the Agreement shall be waived except with the express written consent of the party not in breach.
19.2 If any provision of the Agreement is determined by any court or other competent authority to be unlawful and/or unenforceable, the other provisions of the Agreement will continue in effect. If any unlawful and/or unenforceable provision would be lawful or enforceable if part of it were deleted, that part will be deemed to be deleted, and the rest of the provision will continue in effect (unless that would contradict the clear intention of the parties, in which case the entirety of the relevant provision will be deemed to be deleted).
19.3 The Agreement is made for the benefit of the parties, and is not intended to benefit any third party or be enforceable by any third party. The rights of the parties to terminate, rescind, or agree any amendment, waiver, variation or settlement under or relating to the Agreement are not subject to the consent of any third party.
19.4 The Agreement shall be governed by and construed in accordance with English law.
19.5 The courts of England shall have exclusive jurisdiction to adjudicate any dispute arising under or in connection with the Agreement.
19.6 If there is a conflict between these Terms and Conditions and a signed Beacon Cloud Services Agreement, then the Beacon Cloud Services Agreement shall take precedence.
19.7 The Provider may make changes to the Terms and Conditions from time to time. When these changes are made, the Provider will make a new copy of the Terms and Conditions on the Provider’s website, and notify the Customer of the change in writing.
19.8 The Customer agrees that if they use the Services after the date on which the Terms and Conditions have changed, the Provider will treat the Customer’s use as acceptance of the updated Terms and Conditions.
20.1 In these Terms and Conditions, a reference to a statute or statutory provision includes a reference to: (a) that statute or statutory provision as modified, consolidated and/or re-enacted from time to time; and (b) any subordinate legislation made under that statute or statutory provision.
20.2 The Clause headings do not affect the interpretation of these Terms and Conditions.
20.3 References in these Terms and Conditions to "calendar months" are to the 12 named periods (January, February and so on) into which a year is divided.
20.4 In these Terms and Conditions, general words shall not be given a restrictive interpretation by reason of being preceded or followed by words indicating a particular class of acts, matters or things.
Schedule 1 (Acceptable Use Policy)
1.1 This acceptable use policy (the "Policy") sets out the rules governing: (a) the use of the website at www.beaconcrm.org any successor website or subdomain, and the services available on that website or any successor website (the "Services"); and (b) the transmission, storage and processing of content by you, or by any person on your behalf, using the Services ("Content").
1.2 References in this Policy to "you" are to any customer for the Services and any individual user of the Services (and "your" should be construed accordingly); and references in this Policy to "us" are to Beacon (and "we" and "our" should be construed accordingly).
1.3 By using the Services, you agree to the rules set out in this Policy.
1.4 We will ask for your express agreement to the terms of this Policy before you upload or submit any Content or otherwise use the Services.
1.5 You must be at least 18 years of age to use the Services; and by using the Services, you warrant and represent to us that you are at least 18 years of age.
2. General usage rules
2.1 You must not use the Services in any way that causes, or may cause, damage to the Services or impairment of the availability or accessibility of the Services. 2.2 You must not use the Services: (a) in any way that is unlawful, illegal, fraudulent, deceptive or harmful; or (b) in connection with any unlawful, illegal, fraudulent, deceptive or harmful purpose or activity.
2.3 You must ensure that all Content complies with the provisions of this Policy.
3. Unlawful Content
3.1 Content must not be illegal or unlawful, must not infringe any person's legal rights, and must not be capable of giving rise to legal action against any person (in each case in any jurisdiction and under any applicable law).
3.2 Content, and the use of Content by us in any manner licensed or otherwise authorised by you, must not: (a) be libellous or maliciously false; (b) be obscene or indecent; (c) infringe any copyright, moral right, database right, trade mark right, design right, right in passing off, or other intellectual property right; (d) infringe any right of confidence, right of privacy or right under data protection legislation; (e) constitute negligent advice or contain any negligent statement; (f) constitute an incitement to commit a crime, instructions for the commission of a crime or the promotion of criminal activity; (g) be in contempt of any court, or in breach of any court order; (h) constitute a breach of racial or religious hatred or discrimination legislation; (i) constitute a breach of official secrets legislation; or (j) constitute a breach of any contractual obligation owed to any person.
3.3 You must ensure that Content is not and has never been the subject of any threatened or actual legal proceedings or other similar complaint.
4. Graphic material
4.1 Content must be appropriate for all persons who have access to or are likely to access the Content in question.
4.2 Content must not depict violence in an explicit, graphic or gratuitous manner.
4.3 Content must not be pornographic.
5.1 Content must not be offensive, deceptive, threatening, abusive, harassing, menacing, hateful, discriminatory or inflammatory.
5.2 You must not use the Services to send any hostile communication or any communication intended to insult, including such communications directed at a particular person or group of people.
5.3 You must not use the Services for the purpose of deliberately upsetting or offending others.
6.1 You acknowledge that we may actively monitor the Content and the use of the Services.
7. Data mining
7.1 You must not conduct any systematic or automated data scraping, data mining, data extraction or data harvesting, or other systematic or automated data collection activity, by means of or in relation to the Services.
8. Harmful software
8.1 The Content must not contain or consist of, and you must not promote, distribute or execute by means of the Services, any viruses, worms, spyware, adware or other harmful or malicious software, programs, routines, applications or technologies.
8.2 The Content must not contain or consist of, and you must not promote, distribute or execute by means of the Services, any software, programs, routines, applications or technologies that will or may have a material negative effect upon the performance of a computer or introduce material security risks to a computer.
Schedule 2 (Data Processing Schedule)
The parties acknowledge that for the purposes of the Data Protection Laws, the Customer is the Controller and the Provider is the Processor. The Data Processing Information sets out the scope, nature and purpose of processing by the Provider, the duration of the processing and the types of Personal Data and categories of Data Subject.
The Customer warrants to the Provider that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Provider and lawful collection of the Personal Data by the Provider on behalf of the Customer for the duration and purposes of this Agreement.
The Provider shall only process the Customer Personal Data on the documented instructions of the Customer (including with regard to transfers of the Customer Personal Data to any place outside the United Kingdom or the European Economic Area), as set out in these Terms and Conditions or any other document agreed by the parties in writing.
Notwithstanding any other provision of the Agreement, the Provider may process the Customer Personal Data if and to the extent that the Provider is required to do so by applicable law. In such a case, the Provider shall inform the Customer of the legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
The Provider shall promptly inform the Customer if, in the opinion of the Provider, an instruction of the Customer relating to the processing of the Customer Personal Data infringes applicable law.
Subject to Paragraph 7 below, the Provider shall not transfer any Customer Personal Data outside of the UK or EEA unless the prior written consent of the Customer has been obtained and the following conditions are fulfilled: (a) the Customer or the Provider has provided appropriate safeguards in relation to the transfer; (b) the Data Subject has enforceable rights and effective legal remedies; (c) the Provider complies with its obligations under the Data Protection Laws by providing an adequate level of protection to any Customer Personal Data that is transferred; and (d) the Provider complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Customer Personal Data;
The Customer hereby authorises the Provider to make the following transfers of Customer Personal Data:
(a) the Provider may transfer the Customer Personal Data internally to its own employees, offices and facilities in the United Kingdom or Worldwide, providing that such transfers must be protected by appropriate safeguards, namely firewalls, encryption at rest, and encryption in transit (TLS); and (b) the Provider may transfer the Customer Personal Data to its sub-Processors in the jurisdictions identified in Part 5 of the Data Processing Information, provided that such transfers must be protected by any appropriate safeguards identified herein.
Where the EU GDPR applies to the processing, if any European Union adequacy decision in respect of the UK is rescinded, such that additional safeguards are required in respect of the transfer of Customer Personal Data from the Customer to the Provider, then the parties hereby enter into Module 2 of the standard contractual clauses ("SCCs") in the EU Commission's decision 2021/914 and agree, where no other appropriate safeguard or exemption applies, that the Customer Personal Data will be transferred in accordance with the SCCs as of that date. The parties agree to use best endeavours to complete the annexes to the SCCs promptly for the purpose of giving full effect to the SCCs. If there is any conflict between this Agreement and the SCCs the terms of the SCCs shall apply.
The Provider shall ensure that persons who have access to and/or are authorised to process the Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
The Provider and the Customer shall each implement appropriate technical and organisational measures, including those measures specified in Part 4 of the Data Processing Information, to protect against unauthorised or unlawful processing of Customer Personal Data and against accidental loss or destruction of, or damage to, Customer Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Customer Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Customer Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it).
As of the Effective Date, the Customer consents to the Provider appointing the third parties identified in Part 5 of the Data Processing Information as third party Processors of Customer Personal Data under this Agreement. Where the Provider wishes to add or replace any third-party Processor of the Customer Personal Data, the Provider shall inform the Customer at least 7 days in advance of any intended changes, and if the Customer objects to any such changes before their implementation, then the Customer may terminate the Agreement on 7 days' written notice to the Provider, providing that such notice must be given within the period of 7 days following the date that the Provider informed the Customer of the intended changes. The Provider shall ensure that each third party Processor is subject to equivalent legal obligations as those imposed on the Provider by this Schedule.
The Provider shall, insofar as possible and taking into account the nature of the processing, take appropriate technical and organisational measures to assist the Customer with the fulfilment of the Customer's obligation to respond to requests exercising a Data Subject's rights under the Data Protection Laws.
The Provider shall assist the Customer in ensuring compliance with the obligations relating to the security of processing of Personal Data, the notification of Personal Data Breaches to the supervisory authority, the communication of Personal Data Breaches to the Data Subject, data protection impact assessments and prior consultation in relation to high-risk processing under the Data Protection Laws. The Provider may charge the Customer at its standard time-based charging rates for any work performed by the Provider at the request of the Customer pursuant to this Paragraph 13.
The Provider must notify the Customer of any Personal Data Breach affecting the Customer Personal Data without undue delay and, in any case, not later than 24 hours after the Provider becomes aware of the breach.
The Provider shall make available to the Customer all information necessary to demonstrate the compliance of the Provider with its obligations under this Schedule and the Data Protection Laws. The Provider may charge the Customer at its standard time-based charging rates for any work performed by the Provider at the request of the Customer pursuant to this Paragraph 15.
The Provider shall, at the choice of the Customer, delete or return all of the Customer Personal Data to the Customer after the provision of services relating to the processing, and shall delete existing copies save to the extent that applicable law requires storage of the relevant Personal Data.
The Provider shall maintain complete and accurate records and information to demonstrate its compliance with this Schedule and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer in respect of the compliance of the Provider's processing of Customer
If any changes or prospective changes to the Data Protection Laws result or will result in one or both parties not complying with the Data Protection Laws in relation to processing of Personal Data carried out under the Agreement, then the parties shall use their best endeavours promptly to agree such variations to the Agreement as may be necessary to remedy such non-compliance.
The parties may, by agreement in writing, revise this Schedule by replacing it with any applicable Controller to Processor standard clauses or similar terms adopted under the Data Protection Laws or forming part of an applicable certification scheme (which shall apply when replaced by attachment to this Agreement).
Appendix: Data Processing Information
1. Categories of Data Subject
The customers, donors, volunteers, beneficiaries, supporters, and other contacts of the Customer. The Customer may share other categories of Data Subject not included in this list, and these categories should fall under the scope of this Agreement unless agreed in writing otherwise.
2. Types of Personal Data
Names, postal addresses, email addresses, dates of birth, gender, job information, links to social media profiles, interests, supporter preferences. Financial information, attendance of events, marketing information. The Customer may share other types of Personal Data not included in this list, and these types should fall under the scope of this Agreement unless agreed in writing otherwise.
3. Processing by the Provider
(a) Scope of processing
The Customer shall only supply to the Provider, and the Provider shall only process, in each case under or in relation to the Agreement: (a) the Personal Data of Data Subjects falling within the categories specified in Part 1 above (or such other categories as may be agreed by the parties in writing); and (b) Personal Data of the types specified in Part 2 above (or such other types as may be agreed by the parties in writing).
(b) Nature of processing
The Provider shall only process the Customer Personal Data for the purposes specified in Part 3 of the Data Processing Information.
(c) Purposes of processing
Provision of the Hosted Services, data migration, product development, customer support, and training.
(d) Duration of the processing
During the Term and for not more than 30 days following the end of the Term, subject to the other provisions of this Schedule.
4. Security measures for Personal Data
The Provider employs extensive security measures for securing Personal Data, including encryption, password security, firewalls, and two-factor authentication. For an up-to-date list of the publicly available security measures employed by the Provider, visit the Trust page on the Provider's website: https://www.beaconcrm.org/trust
5. Sub-Processors of Personal Data
The full list of sub-Processors is available on the Provider's website: https://www.beaconcrm.org/sub-processors