Terms of business

Definitions:

“Assignment” means the professional consultancy services which Senior Internet agrees to provide to Customer in accordance with a Proposal submitted by Senior;

“Customer” means the person for whom Senior Internet carry out an Assignment;

"Data Protection Laws" Means any and all laws, statutes, enactments, orders or regulations or other similar instruments of general application and any other rules, instruments or provisions in force from time to time relation to the processing of personal data and privacy application to the performance of this Agreement, including where applicable the Data Protection Act 1998, the Data Protection Bill, the Regulation of Investigatory Powers Act 2000, the Privacy and Electronic communications (EC Directive) Regulations 2003 (SI 2426/2003) and the GDPR (Regulation EU) 2016/679), as amended or superseded;

"GDPR" Means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC as updated, superseded or repealed from time to time.

“Senior” means Senior Internet Ltd;

“Liability” means liability for any and all damages, claims, proceedings, actions, awards, expenses, costs and any other losses and/or liabilities;

“Proposal” means the description of the services which we propose to provide and which is submitted by Senior to Customer; and

“Working Day” means any 7 hour day which is not a Saturday, Sunday or statutory public holiday in England.

  1. These Terms of Business are to be read in conjunction with quotations dated up to 1st January 2016.
  2. These Terms of Business and any relevant Proposal will govern an Assignment to the exclusion of any other terms and conditions. No variation to these Terms of Business and/or any Proposal shall bind Senior unless agreed in writing by one of Senior’s Directors.
  3. If there is any conflict between any Proposal and these Terms of Business, the terms of the Proposal shall prevail.
  4. Proposals are not binding and are an estimate only of the number of Working Days to perform the Assignment and Senior’s charges and related expenses for the Assignment. Unless otherwise stated, a Proposal is not to be construed as an offer to perform the Assignment within a fixed time or for a fixed price.
  5. The contract between Customer and Senior shall come into effect only when the Customer has signed these Terms.
  6. Senior’s charges, as set out in the applicable Proposal, cover all consultant time spent on the Assignment. Charges quoted at a daily rate are for a Working Day and any additional hours or parts of a Working Day will be charged additionally at a proportionate amount of the daily rate.
  7. The Customer will bear any expenses incurred by Senior as a direct result of performing the Assignment, including but not limited to Senior’s travel and subsistence costs, reasonable administrative costs, and 3rd party costs. Expenses will not exceed the amount estimated in the relevant Proposal without Customer’s prior agreement.
  8. During an Assignment, if additional services and/or expenses not identified in the Proposal become, in Senior’s reasonable opinion, necessary and/or desirable, Senior will not perform those services and/or incur additional expenditure without Customer’s prior agreement.
  9. Unless stated otherwise in the Proposal, Senior’s charges are invoiced monthly in arrears and are payable, with any applicable Value Added Tax, within 28 Working Days. Late payments will incur penalties at the rate permitted by The Late Payment of Commercial Debts (Interest) Act 1998.
  10. The results of any Assignment including, but not limited to, all surveys, forecasts, recommendations and/or reports are provided in good faith and in reliance on the information made available to Senior at the time of the Assignment. Successful implementation of the Assignment and its results depends, among other things, on Customers effective co-operation.
  11. Neither Customer nor Senior shall have any Liability for any matters outside the reasonable control of the party in default.
  12. During the Assignment and for a period of 12 months after the end of the Assignment, Customer will not, without Senior’s prior agreement, directly and/or indirectly entice or attempt to entice away from employment, employ, engage and/or otherwise use the services of any individual who was an employee or representative of Senior involved in the performance of the Assignment.
  13. Neither party shall use and/or disclose any confidential information which is acquired by it about the other party’s business and/or given by one party to the other party and/or generated by either party from the other party’s confidential information except in the proper performance of this Agreement. These obligations of confidentiality and non-use shall not apply to information which is or becomes public knowledge without default and/or omission by either party or is or becomes known from other sources without restriction on disclosure or is required to be disclosed by any legal or professional obligation or by any regulatory authority.
  14. Senior will retain ownership of all intellectual property rights in any reports, software, data and all other materials created, prepared and/or developed by Senior during the Assignment. Senior grants Customer a royalty-free licence to use these intellectual property rights for internal purposes within Customer organisation only. If Customer wish to use these intellectual property rights outside Customer organisation, Customer will require Senior’s written consent for that use.
  15. Senior’s total Liability to Customer shall not exceed 100% of the amount due from Customer to Senior under this Agreement.
  16. Nothing in this Agreement shall exclude or limit Senior’s Liability for death or personal injury due to Senior’s negligence or any Liability which is due to Senior’s fraud or any other liability which Senior is not permitted to exclude or limit as a matter of law.
  17. The duration of the assignment is outlined in the proposal and the invoicing schedule. Early cancellation of this assignment by the client will incur cancellation penalty of 50% of the contract value remaining, unless Senior has failed to carry out the actions specified in the assignment.
  18. In the event that any of the above terms are held to be invalid, the remainder of the terms shall remain in full force and effect.
  19. The terms of this Agreement shall be subject to and construed in accordance with English law and the English courts shall have non-exclusive jurisdiction to hear any disputes arising under them.

Data protection and GDPR: 

1.1     Where Senior, pursuant to the Agreement, processes Personal Data on behalf of the Client, Senior acknowledges that the Client is the Data Controller and the owner of such Personal Data, and that Senior is the Data Processor.

1.2     The Data Processor is operating within reasonable compliance, and shall continue to comply, with the requirements of the applicable Data Protection Laws and all other data protection legislation in and jurisdiction relevant to the exercise of its right of the performance of its obligations under this Agreement.

1.3     The Data Controller shall, for all categories of personal data (including special categories) processed under this Agreement, either;

1.3.1    Obtain the consent of the data subject to the processing; or

1.3.2   Confirm the ground upon which the Personal Data is being processed

1.4     The Data Controller shall indemnify the Data Processor against all liabilities, costs, expenses, damages and losses (including reasonable professional costs and expenses) suffered or incurred by the Data Processor as a result of the Data Controller’s breach of its obligations pursuant to paragraph 1.3.1 above.

1.5     In respect of any Personal Data to be processed by the Data Processor pursuant to this Agreement for which the Customer is Data Controller, the Data Processor shall;

1.5.1  Have in place and at all times maintain appropriate technical and organisational measures in such a manner as is designed to ensure the protection of the rights of the data subject and to ensure a level of security appropriate to the risk;

1.5.2  Not engage any sub-processor without the prior specific or general written authorisation of the Customer (and in the case of general written authorisation; the Data Processor shall inform the Customer of any intended changes concerning the addition or replacement of other processors and the Customer shall have the right to object to such changes.).

1.5.3  Ensure that each of the Data Processor’s employees, agents, consultants, subcontractors and sub-processors are made aware of the Data Processor’s obligations under this Schedule and enter into binding obligations with the Data Processor to maintain the levels of security and protection required under this Schedule. The Data Processor shall ensure that the terms of this Schedule are incorporated into each agreement with any sub processor, subcontractor, agent or consultant to the effect that the sub-processor, agent or consultant shall be obligate to act at all times in accordance with duties and obligations of the Data Processor under this Schedule. Subject to clause 1.5.4 The Data Processor shall at all times be and remain liable to the Client for any failure of any employee, agent, consultant, subcontractor or sub-processor to act in accordance with the duties and obligations of the Data Processor under this Schedule;

1.5.4   Senior are not liable to the Client for any failures of other Data Processors or Sub Processors obligations under this Schedule who are engaged with by the client and with whom Senior are instructed to integrate with; including but not restricted to; direct debit systems, online payment providers, email services, CRMs and analytics

1.5.5   Process that personal Data only on behalf of the Client in accordance with the Client’s instructions and to perform its obligation under this agreement or other documented instructions and for no other purpose save to the limited extent required by law;

1.5.6   Upon the request of the Client, within 30 days of the expiry or termination of this agreement, Senior shall make available to the Client for download a full and complete file of the Customer Data. After the expiry of the 30 day period, Senior shall, unless required otherwise by law, delete all of the Customer Data in its live and staging systems or otherwise in its possession or control, note; in the case of backups these will be deleted in a 60 day cycle (30 days following deletion of live database);

1.5.7    Ensure that all persons authorised to access the Personal Data are subject to oblations of confidentiality and receive training to ensure compliance with the Agreement and the Data Protection Laws;

1.5.8    Make available to the Client all information necessary to demonstrate compliance with the obligations laid out in Article 28 of GDPR and this Schedule and allow for and contribute to audits, including inspections, conducted by the Client or another auditor mandated by the Client, provided that, in respect of this provision the Data Processor shall immediately inform the Client if, in its opinion, an instruction infringes Data Protection Laws, subject to clause 1.5.14

1.5.9    Taking into account the nature of the processing, provide assistance to the Client, within such timescales as the Client may be required from time to time, in connection with the fulfilment of the Client’s obligation as Data Controller to respond to requests for the exercise of data subjects’ right pursuant to Chapter III of the GDPR to the extent applicable, subject to clause 1.5.14;

1.5.10   Provide the Client with assistance in ensuring compliance with articles 32 to 36 (inclusive) of the GDPR (concerning security of processing, data breach notification, communication of a personal data breach to the data subject, data protection impact assessments, and prior consultation with supervisory authorities) to the extent applicable to the Client, subject to clause 1.5.14 and taking into account the nature of the processing and the information available to the Data Processor;

1.5.11   Immediately notify the Client in writing about;

a.          Any data breach of any accidental loss, disclosure or unauthorised access of which the Data Processor becomes aware in respect of Personal Data that it processes on behalf of the Client;

b.          Any request for disclosure of the Personal Data by a law enforcement authority (unless otherwise prohibited);

c.          Any access request or complaint received directly from a data subject (without responding other than to acknowledge receipt);

1.5.12   Maintain a record of its processing activities in accordance with article 30 of the GDPR

1.5.13   Indemnify the Client against liabilities, claims, costs, expenses, damages and losses (including any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal and other professional costs and expenses) suffered or incurred by the Client or for which it may become liable as a result of any failure of the Data Processor, its employees, to comply with this Schedule. Up to a combined maximum value of £100,000

1.5.14   The Data Processor shall, at the Client’s expense to be calculated based upon the Data Processor’s standard hourly charge out rates:

a.          Deal promptly and properly with all enquiries or requests from the Client relating to the Personal Data and the data processing actives, promptly provide to the Client in such form as the Client may request, as copy of any Personal data requested by the Customer; and

b.          Assist the Client (where requested by the Client) in connection with any regulatory or law enforcement authority or law enforcement or enforcement action in respect of the Personal Data.

1.6        In respect of any Personal Data to be processed by a party acting as Data Processor pursuant to this Agreement for which the other party is Data Controller, the Data Processor shall not transfer the Personal Data outside the UK/EEA or to an internal organisation without:

1.6.1     Obtaining the written permission of the Data Controller

1.6.2     Ensuring appropriate levels of protection, including any appropriate safeguards if required, are in place for the Personal Data in accordance with the Data Protection Laws

1.6.3    Notifying the Data Controller of the protections and appropriate safeguard in paragraph 1.6.2 above; and

1.6.4    Documenting and evidencing the protections and appropriate safeguards in paragraph 1.6.2 above and allowing the Data Controller access to any relevant documents and evidence.

1.7       The following table sets out the details of processing as required by Article 28 of GDPR;

Details of processing activities:
 

Purposes of which the Personal Data shall be processed
Senior provides various web-based systems where forms are used to collect and store an amount of personal data that is core to enabling our Clients to deliver their core services

Description of the categories of the data subjects
Employers, Employees, Members, potential members, referees names and contact details, or individuals that sign up to receive information from our Clients

Description of transfers of Personal Data to a country outside of the UK/EEA
Senior’s systems, servers and data storage are based in secure environments in the EEU. CRM clients only: RiverCRM is based on Microsoft Dynamics, who store data in the UK/EEU however reserve the right to store data in US. The US is covered by ‘Safe Harbour’ agreement

The envisaged time limits for erasure of the different categories of Personal Data
Following termination or expiry of a Client’s contract, personal Data held processed on behalf of the Customer’s may be returned to the Data Controller at its own option and cost. 30 days after termination or expiry of the agreement, all personal Data processed on behalf of the Customer shall be permanently deleted. Historical data stored on backup systems will be deleted within a 60 day cycle

General description of technical and organisational security measures
Data is transferred from Web system to database via SSL. Senior is working towards encrypting all data in databases at rest. Availability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and Process for regularly testing, assessing and evaluating the effectiveness or technical and organisational measures for ensuring the security of the processing 

Authorised Sub-processors
Upon instruction from Client Senior passes personal name, email address data to other data processors (or sub-processors); including but not restricted to; Microsoft Dynamics (River CRM), Om.net, other CRM providers (as instructed by client), Mailchimp; Campaign monitor; Pardot, Payment gateways (Sage Pay, WorldPay, PayPal),  Go Cardless and Audis

Senior is committed to providing high-quality services that represent excellent value. If you are dissatisfied in any way with the service that you receive, please call Tricia Durrant on 0115 838 9555, or e-mail tricia.durrant@senior.co.uk. Please be assured that Senior will make every effort to deal with any Customer concerns and restore Customer satisfaction with our service and company.