Terms and Conditions

TERMS AND CONDITIONS (12th December 2020)

BACKGROUND: 

These Terms and Conditions, together with any and all other documents referred to herein, set out the terms of use under which you may use paiyroll® (“Our Service”).  Please read these Terms and Conditions carefully and ensure that you understand them.  You will be required to read and accept these Terms and Conditions each time you sign into your Account.  If you do not agree to comply with and be bound by these Terms and Conditions, you must stop using Our Service immediately.

1. Definitions and Interpretation 

1.1 In these Terms and Conditions, unless the context otherwise requires, the following expressions have the following meanings:

“Account”Means an account required to access and use Our Service, as detailed in Clause 4;
“Client”means the entity and Client Users who are entering into a Subscription on behalf of its companies and Employees for processing payroll;
“Content”means any and all text, images, audio, video, scripts, code, software, databases and any other form of information capable of being stored on a computer that appears on, or forms part of, Our Service;
“Contract”means the contract between Us and you the Client for the purchase and sale of a Subscription to Our Service, as explained in Clause 6;
“Employee”means an employee, worker or anyone paid with payroll invited by a Client and requiring an Account and being a User
“Order”means your order for a Subscription as a Client;
“Subscription Confirmation”means Our acceptance and confirmation of your Order as a Client;
“Subscription”means a Client subscription to access Our Service, purchased in accordance with these Terms and Conditions on behalf of its companies and Employees for processing payroll;
“Subscription Period”means the period starting on the first day of each month and ending on the last day of the month;
“User”means any Client or Employee user of Our Service;
“User Data”means payroll data created by Us and/or uploaded by Users in or to Our Service; and
“Our Service”The cloud payroll application and service, the API (Application Programming Interface) and any related services.
“We/Us/Our”means Innovatie Limited, a limited company registered in England under company number 10307850, whose registered address is 27 Old Gloucester Street, London, England, WC1N 3AX.

2. Information About Us

2.1 Our Service is owned and operated by Innovatie Limited  a limited company registered in England under company number 10307850, whose registered address is 27 Old Gloucester Street, London, England, WC1N 3AX.  Our VAT number is 247 5134 07.

3. Access and Changes to Our Service

3.1 Access to Our Service requires a Subscription.  Our Service will be available to you for the duration of that Subscription.

3.2 We may from time to time make changes to Our Service:

3.2.1 Changes may be required to make underlying technical alterations, for example, to fix an error or to address a security issue.  

3.2.2 Changes may be made to reflect changes in the law and/or other legislative requirements.  

3.2.3 We will continue to develop and improve Our Service over time, in some cases making significant changes to it.  We will inform Clients through release notes of any such changes (including, if applicable, anything that you need to do)

3.2.4 It is the Client’s responsibility to review the release notes for all such changes and inform Employees accordingly.

3.3 We will always aim to ensure that Our Service is available at all times.  In certain limited cases, however, We may need to temporarily suspend availability to make certain changes outlined under sub-Clause 3.2.

4. Accounts

4.1 An Account is required to use Our Service.

4.2 When creating an Account, the information you provide must be accurate and complete.  If any of your information changes at a later date, it is your responsibility to ensure that your Account is kept up-to-date.

4.3 We recommend that you choose a strong password for your Account, consisting of a combination of lowercase and uppercase letters, numbers, and symbols.  It is your responsibility to keep your password safe.  You must not share your Account with anyone else.  If you believe your Account is being used without your permission, please reset your password immediately. We will not be liable for any unauthorised use of your Account.

4.4 You must not use anyone else’s Account without the express permission of the User to whom the Account belongs.

4.5 Any personal information provided in your Account will be collected, used, and held in accordance with your rights and Our obligations under the Data Protection Act, as set out in the associated Data Protection Agreement.

4.6 As an Employee,  after you leave your employer you, your account will be deactivated. You should ensure you download and save your information and User Data including Payslip documents. 

5. Subscriptions, Pricing and Availability

5.1 We make all reasonable efforts to ensure that all general descriptions of the services available from Us (specifically, Our Service) correspond to the actual services that will be provided to you.  There may, however, be minor variations from descriptions from time to time.

5.2 Please note that sub-Clause 5.1 does not exclude Our responsibility for mistakes due to negligence on Our part and refers only to minor variations in Our services, not to different services altogether.

5.3 Where appropriate, Clients may be required to select your required Subscription.  Different types of Subscription provide access to different features in Our Service.  Please ensure that you select the appropriate Subscription when prompted.

5.4 All pricing information is correct at the time of going online.  We reserve the right to change prices and to add, alter, or remove special offers from time to time and as necessary.  All pricing information is reviewed and updated every year and any changes will affect your Subscription.

5.5 All prices are subject to VAT.

6. Subscriptions – How Contracts Are Formed

6.1 Subscriptions and Contracts are formed only with Clients on behalf of themselves and their Employees. Therefore clauses 6, 7 and 8 are not applicable to Employees. 

6.2 If You are using Our Service under a White Label, Bureau or OEM arrangement, then you will not be required to form a contract as payment for subscription is made separately.

6.3 You will be guided through the Subscription process when you make a purchase.  Before confirming a purchase, you will be given the opportunity to review your chosen Subscription and amend any errors in your Order.  Please ensure that you check carefully before confirming your purchase.

6.4 No part of Our Service, website or any other material constitutes a contractual offer capable of acceptance.  By purchasing a Subscription, you are making Us a contractual offer that We may, at Our sole discretion, accept.  Our acceptance is indicated by Us sending you a Subscription Confirmation by email.  Only once We have sent you a Subscription Confirmation will there be a legally binding contract between Us and you (“the Contract”).

6.5 Subscription Confirmations contain the following information:

6.5.1 Confirmation of your chosen Subscription including full details of the main characteristics and features of Our Service available as part of that Subscription;

6.5.2 Fully itemised pricing, including, where appropriate, taxes and other additional charges;

6.5.3 Details of the duration of your Subscription including the start date and the end and/or renewal date;

6.5.4 Other important information.

6.6 If We do not accept or cannot process your Subscription purchase for any reason, no payment will be taken under normal circumstances.  If We have taken payment in such circumstances, the payment will be refunded to you as soon as possible and in any event within 30 days.

6.7 Subject to the cancellation provisions in Clause 8, once you have confirmed your Subscription purchase, your Subscription cannot be changed until the end or renewal date of that Subscription.

6.8 By purchasing a Subscription, you are expressly requesting that you wish access to Our Service to be made available to you immediately (and will be required to acknowledge this).  For more details of cancellation, please refer to Clause 8.

7. Payment

7.1 Subject to 6.1 or 6.2 payment for Subscriptions will be due monthly, and in the month following usage.  You will be able to view your monthly charges in your Account. Your chosen payment method will be billed within 7-days.

8. Cancellation

8.1 Subscriptions can be cancelled at any time in the Subscription Period. You will be obliged to pay for, and you will continue to have access to Our Service for the duration of the remainder of the Subscription period you are currently in.

8.2 You may cancel at any time in the following limited circumstances and you may be entitled to an immediate cancellation at our discretion:

8.2.1 We have informed you of an upcoming change to Our Service or to these Terms and Conditions that you do not agree to; or

8.2.2 We have informed you of an error in the price or description of your Subscription or Our Service and you do not wish to continue; or

8.2.3 There is a risk that the availability of Our Service may be significantly delayed due to events outside of Our control; or

8.2.4 We have informed you that We have suspended, or are planning to suspend, availability of Our Service for a period greater than 48 hours; or

8.2.5 We have breached these Terms and Conditions or have in any way failed to comply with Our legal obligations to you.

8.3 To cancel a Subscription for any reason, please inform us using one of the following methods:

8.3.1 Our cancellation form (within Our App); or

8.3.2 By email at admin@paiyroll.com.

8.4 We may ask you why you have chosen to cancel your Subscription and may use any answers you provide to improve Our Service in the future, however please note that you are under no obligation to provide any details if you do not wish to.

8.5 In certain limited circumstances e.g. unlawful use We may cancel your Subscription and/or suspend your Account.  If We take such action, you will be notified by email and We will provide an explanation for the cancellation and/or closure.

8.5.1 If your Account is suspended and your Subscription cancelled because you have breached these Terms and Conditions, you will not be entitled to a refund.  If you believe We have suspended your Account and cancelled your Subscription in error, please contact Us at admin@paiyroll.com.

8.6 Cancellation will result in the closing of all Client and Employee Accounts and the removal of all User Data from Our system. If you have an active Subscription, your Account will remain active for the duration of the remainder of the Subscription period you are currently in.  To avoid losing anything that you have created or uploaded using Our Service, please ensure that you download and save your User Data to your computer or device before closing your Account. 

8.7 You agree that We have no liability to store Data for any period required by law after cancellation.

9. Our Intellectual Property Rights and Using Our Service

9.1 We grant Users the right to use Our Service to process payroll for business purposes, subject to these Terms and Conditions.

9.2 Subject to the licence granted to Us under sub-Clause 12.4, Users retain the ownership of copyright and other intellectual property rights in their User Data (subject to any third party rights in that User Data and the terms of any licence under which you use such data).

9.3 All other Content included in Our Service (including all user-facing material, and all underlying material such as code, software and databases) and the copyright and other intellectual property rights in that Content, unless specifically labelled otherwise, belongs to or has been licensed by Us.  All Content is protected by applicable United Kingdom and international intellectual property laws and treaties.

9.4 By accepting these Terms and Conditions, you hereby undertake:

9.4.1 Not to copy, download or otherwise attempt to acquire any part of Our Service;

9.4.2 Not to disassemble, decompile or otherwise reverse engineer Our Service;

9.4.3 Not to allow or facilitate any use of Our Service that would constitute a breach of these Terms and Conditions; and

9.4.4 Not to embed or otherwise distribute Our Service on any website, ftp server or similar.

10. Links to Our Service

10.1 You may not link to any page of Our Service without Our express written permission.

11. Links to Other Content

We may provide links to other content such as websites, web apps and downloadable apps.  We neither assume or accept responsibility or liability for such third party content.  The provision of a link by Us is for reference only and does not imply any endorsement of the linked content or of those in control of it.

12. User Data

12.1 You agree for the purposes of the Data Protection Legislation You are the “Data Controller” and We “the Service Provider” the “Data Processor”. Our processing of information is governed by the Data Processing Agreement.

12.2 You agree that you will be solely responsible for any and all User Data that you create or upload using Our Service.  Specifically, you agree, represent and warrant that you have the right to create or upload the User Data and the right to use all materials of which it is comprised and that it will not contravene any aspect of Our Acceptable Usage Policy, detailed in Clause 14.

12.3 You agree that you will be liable to Us and will, to the fullest extent permissible by law, indemnify Us for any breach of the warranties given by you under sub-Clause 12.2.  You will be responsible for any loss or damage suffered by Us as a result of such breach.

12.4 You (or your licensors, as appropriate) retain ownership of your User Data and all intellectual property rights subsisting therein.  By creating or uploading User Data, you grant Us an unconditional, non-exclusive, fully transferable, royalty-free, perpetual, worldwide licence to use, store, archive, transmit, adapt, edit, reproduce, display, perform and sub-licence your User Data for the purposes of operating Our Service.

12.5 If you wish to remove User Data, you may do so by deletion within Our Service.  Removing User Data also revokes the licence granted to Us to use that User Data under sub-Clause 12.4.  

13. Intellectual Property Rights and User Data

13.1 All User Data and the intellectual property rights subsisting therein, unless specifically labelled otherwise, belongs to or has been licenced by the relevant User.  All User Data is protected by applicable United Kingdom and international intellectual property laws and treaties.

14. Acceptable Usage Policy

14.1 You may only use Our Service in a manner that is lawful and that complies with the provisions of this Clause 14.  Specifically:

14.1.1 You must ensure that you comply fully with any and all applicable local, national and international laws and/or regulations;

14.1.2 You must not use Our Service in any way, or for any purpose, that is unlawful or fraudulent;

14.1.3 You must not use Our Service to knowingly send, upload, or in any other way transmit data that contains any form of virus or other malware, or any other code designed to adversely affect computer hardware, software or any data of any kind; and

14.1.4 You must not use Our Service in any way, or for any purpose, that is intended to harm any person or persons in any way.

14.2 If you are using our API, then you must not exceed the following:

14.2.1 5,000 API calls per day which resets at 00:00 UTC.

14.2.2 1 calls per 10 seconds.

14.2.3 Maximum of 1 concurrent API call.

14.3 The following types of User Data are not permitted on Our Service and you must not create, submit, communicate or otherwise do anything that:

14.3.1 is obscene, deliberately offensive, hateful, or otherwise inflammatory;

14.3.2 promotes violence;

14.3.3 promotes or assists in any form of unlawful activity;

14.3.4 discriminates against, or is in any way defamatory of, any person, group or class of persons, race, sex, religion, nationality, disability, sexual orientation, or age;

14.3.5 is intended or otherwise likely to threaten, harass, annoy, alarm, inconvenience, upset, or embarrass another person;

14.3.6 is calculated or otherwise likely to deceive;

14.3.7 is intended or otherwise likely to infringe (or threaten to infringe) another person’s right to privacy;

14.3.8 misleadingly impersonates any person or otherwise misrepresents your identity or affiliation in a way that is calculated to deceive (obvious parodies are not included within this definition provided that they do not fall within any of the other provisions of this sub-Clause 14.2);

14.3.9 implies any form of affiliation with Us where none exists;

14.3.10 infringes, or assists in the infringement of, the intellectual property rights (including, but not limited to, copyright, patents, trade marks and database rights) of any other party; or

14.3.11 is in breach of any legal duty owed to a third party including, but not limited to, contractual duties and duties of confidence.

14.4 We reserve the right to suspend or terminate your Account and/or your access to Our Service if you materially breach the provisions of this Clause 14 or any of the other provisions of these terms and conditions.  Specifically, We may take one or more of the following actions:

14.4.1 Suspend, whether temporarily or permanently, your Account and/or your right to access Our Service (for more details regarding such cancellation, please refer to sub-Clause 8.5);

14.4.2 Remove any of your User Data which violates this Acceptable Usage Policy;

14.4.3 Issue you with a written warning;

14.4.4 Take legal proceedings against you for reimbursement of any and all relevant costs on an indemnity basis resulting from your breach;

14.4.5 Take further legal action against you as appropriate;

14.4.6 Disclose such information to law enforcement authorities as required or as we deem reasonably necessary; and/or

14.4.7 Any other actions which We deem reasonably appropriate (and lawful).

14.5 We hereby exclude any and all liability arising out of any actions (including, but not limited to, those set out above) that We may take in response to breaches of these Terms and Conditions.

15. Disclaimers

15.1 No part of Our Service or any accompanying documentation (whether provided in electronic form or otherwise) constitutes advice on which you should rely and is provided for general information purposes only.  Professional or specialist advice should always be sought before taking any action relating to payroll processing.

15.2 We make no representation, warranty, or guarantee that Our Service will meet your requirements, that it will be fit for a particular purpose, that it will not infringe the rights of third parties, that it will be compatible with all software and hardware, or that it will be secure.

15.3 We make reasonable efforts to ensure that the operation and content contained within Our Service is complete, accurate and up-to-date.  We do not, however, make representations, warranties or guarantees (whether express or implied) that Our Service (and the content therein) is complete, accurate or up-to-date.

15.4 We are not responsible for the content or accuracy or values in any User Data created or uploaded using Our Service.

16. Our Liability

16.1 To the fullest extent permissible by law, We accept no liability for any foreseeable loss in contract, tort (including negligence), for breach of statutory duty, or otherwise arising out of or in connection with the use of (or inability to use) Our Service or the use of or reliance upon any Content or User Data in Our Service.

16.2 To the fullest extent permissible by law, We accept no liability for loss or damage that is not foreseeable.

16.3 To the fullest extent permissible by law, We exclude all representations, warranties, and guarantees (whether express or implied) that may apply to Our Service or any Content or User Data included in Our Service.

16.4 We accept no liability for loss of profits, sales, business or revenue; loss of business opportunity, goodwill or reputation; loss of anticipated savings; business interruption; or for any indirect or consequential loss or damage.

16.5 We exercise all reasonable skill and care to ensure that Our Service is free from viruses and other malware.  Subject to sub-Clause 16.2, We accept no liability for any loss or damage resulting from a virus or other malware, a distributed denial of service attack, or other harmful material that may adversely affect your hardware, software, data or other material that occurs as a result of your use of Our Service (including the downloading of any Content (including User Data) from it) or any other website or service that We may provide a link to.

16.6 We neither assume nor accept responsibility or liability arising out of any disruption or non-availability of Our Service resulting from external causes including, but not limited to, ISP equipment failure, host equipment failure, communications network failure, natural events, acts of war, or legal restrictions and censorship.

16.7 Nothing in these Terms and Conditions excludes or restricts Our liability in any situation where it would be unlawful for us to do so including fraud or fraudulent misrepresentation, for death or personal injury resulting from negligence, or for any other forms of liability which cannot be excluded or restricted by law. 

17. Viruses, Malware and Security

17.1 We exercise all reasonable skill and care to ensure that Our Service is secure and free from viruses and other malware.  We do not, however, guarantee that Our Service is secure or free from viruses or other malware and accept no liability in respect of the same, as detailed in sub-Clause 16.5.

17.2 You are responsible for protecting your hardware, software, data and other material from viruses, malware and other internet security risks.

17.3 You must not deliberately introduce viruses or other malware, or any other material which is malicious or technologically harmful either to or via Our Service.

17.4 You must not attempt to gain unauthorised access to any part of Our Service, the server on which Our Service is stored, or any other server, computer, or database connected to Our Service.

17.5 You must not attach Our Service by means of a denial of service attack, a distributed denial of service attack, or by any other means.

17.6 By breaching the provisions of sub-Clauses 17.3 to 17.5 you may be committing a criminal offence under the Computer Misuse Act 1990.  Any and all such breaches will be reported to the relevant law enforcement authorities and We will cooperate fully with those authorities by disclosing your identity to them.  Your right to use Our Service will cease immediately in the event of such a breach and, where applicable, your Account will be suspended and/or deleted.

18. Privacy and Cookies

The Use of Our Service is also governed by Our Privacy and Cookie Policies, available at https://paiyroll.com/about/terms-and-conditions/.  These policies areincorporated into these Terms and Conditions by this reference.

19. Data Protection

19.1 All personal information that We may collect (including, but not limited to, your name and contact details) will be collected, used, and held in accordance with the provisions of the Data Protection Act 1998 and your rights and Our obligations under that Act.

19.2 We may use your personal information to:

19.2.1 Reply to any communications that you send to Us;

19.2.2 Send you notices, as detailed in Clause 20;

19.3 We will not pass your personal information on to any third parties without first obtaining your express permission to do so.

20. Communications from Us

20.1 If you have an Account, We may from time to time send you notices by email.  Such notices may relate to matters including, but not limited to, action you need to take, service changes, changes to these Terms and Conditions, changes to Our Service, and changes to your Account.

20.2 We will never send you marketing emails of any kind without your express consent.  If you do give such consent, you may opt out at any time.  Any and all marketing emails sent by Us include an unsubscribe link.  If you opt out of receiving emails from Us at any time, it may take up to 10 business days for Us to comply with your request.  During that time, you may continue to receive emails from Us.

20.3 For questions or complaints about email communications from Us (including, but not limited to, marketing emails), please contact Us at admin@paiyroll.com or via https://paiyroll.com/about/contact/.

21. Other Important Terms

21.1 We may transfer (assign) Our obligations and rights under these Terms and Conditions (and under the Contract, as applicable) to a third party (this may happen, for example, if We sell Our business).  If this occurs, you will be informed by Us in writing.  Your rights under these Terms and Conditions will not be affected and Our obligations under these Terms and Conditions will be transferred to the third party who will remain bound by them.

21.2 You may not transfer (assign) your obligations and rights under these Terms and Conditions (and under the Contract, as applicable) without Our express written permission.

21.3 The Contract is between you and Us. Apart from Clients and their Employees, It is not intended to benefit any other person or third party in any way and no such person or party will be entitled to enforce any provision of these Terms and Conditions.

21.4 If any of the provisions of these Terms and Conditions are found to be unlawful, invalid or otherwise unenforceable by any court or other authority, that / those provision(s) shall be deemed severed from the remainder of these Terms and Conditions.  The remainder of these Terms and Conditions shall be valid and enforceable.

21.5 No failure or delay by Us in exercising any of Our rights under these Terms and Conditions means that We have waived that right, and no waiver by Us of a breach of any provision of these Terms and Conditions means that We will waive any subsequent breach of the same or any other provision.

22. Changes to these Terms and Conditions

22.1 We may alter these Terms and Conditions at any time. Any such changes will become binding on you upon your first use of Our Service after the changes have been implemented.  You are therefore advised to check this page from time to time.

22.2 In the event of any conflict between the current version of these Terms and Conditions and any previous version(s), the provisions current and in effect shall prevail unless it is expressly stated otherwise.

23. Contacting Us

To contact Us, please email Us at admin@paiyroll.com or by using any of the methods provided on Our contact page at https://paiyroll.com/about/contact/.

24. Law and Jurisdiction

26.1 These Terms and Conditions, the Contract, and the relationship between you and Us (whether contractual or otherwise) shall be governed by, and construed in accordance with the law of England & Wales.

26.2 Any disputes concerning these Terms and Conditions, the relationship between you and Us, or any matters arising therefrom or associated therewith (whether contractual or otherwise) shall be subject to the exclusive jurisdiction of the courts of England and Wales.

Data Processing Agreement

Data Protection Legislation”

means 1) unless and until EU Regulation 2016/679 General Data Protection Regulation (“GDPR”) is no longer directly applicable in the UK, the GDPR and any national implementing laws, regulations, and secondary legislation (as amended from time to time), in the UK and subsequently 2) any legislation which succeeds the GDPR.

1.             Data Processing

1.1          In this Agreement and in the Terms and Conditions, “personal data”, “data subject”, “data controller”, “data processor”, and “personal data breach” shall have the meaning defined in Article 4, EU Regulation 2016/679 General Data Protection Regulation (“GDPR”).

1.2          All personal data to be processed by Innovatie Limited, paiyroll® “the Service Provider” on behalf of Customer, it’s Employees or Workers “the Client”, subject to the Terms and Conditionsshall be processed in accordance with all applicable data protection requirements set out in the Data Protection Legislation. This Agreement and the Terms and Conditions shall not relieve either Party of any obligations set out in the Data Protection Legislation and does not remove or replace any of those obligations.

1.3          For the purposes of the Data Protection Legislation and for this Agreement and the Terms and Conditions, Customer “the Client” is the “Data Controller” and Innovatie Limited “the Service Provider” is the “Data Processor”.

1.4          The type(s) of personal data, the scope, nature and purpose of the processing, and the duration of the processing shall be set out Schedule 1.

1.5          The Data Controller shall ensure that it has in place all necessary consents and notices required to enable the lawful transfer of personal data to the Data Processor for the purposes described in Schedule 1.

1.6          The Data Processor shall, with respect to any personal data processed by it in relation to its performance of any of its obligations under these Terms and Conditions:

1.6.1      Process the personal data only on the written or electronic instructions of the Data Controller unless the Data Processor is otherwise required to process such personal data by law. The Data Processor shall promptly notify the Data Controller of such processing unless prohibited from doing so by law.

1.6.2      Ensure that it has in place suitable technical and organisational measures (as approved by the Data Controller) to protect the personal data from unauthorised or unlawful processing, accidental loss, damage or destruction. Such measures shall be proportionate to the potential harm resulting from such events, taking into account the current state of the art in technology and the cost of implementing those measures. Measures to be taken between the Data Controller and the Data Processor and set out in Schedule 1.

1.6.3      Ensure that any and all staff with access to the personal data (whether for processing purposes or otherwise) are contractually obliged to keep that personal data confidential; and

1.6.4      Not transfer any personal data outside of the European Economic Area without the prior written consent of the Data Controller and only if the following conditions are satisfied:

1.6.4.1 The Data Controller and/or the Data Processor has/have provided suitable safeguards for the transfer of personal data;

1.6.4.2 Affected data subjects have enforceable rights and effective legal remedies;

1.6.4.3 The Data Processor complies with its obligations under the Data Protection Legislation, providing an adequate level of protection to any and all personal data so transferred; and

1.6.4.4 The Data Processor complies with all reasonable instructions given in advance by the Data Controller with respect to the processing of the personal data.

1.6.5      Assist the Data Controller at the Data Controller’s cost, in responding to any and all requests from data subjects in ensuring its compliance with the Data Protection Legislation with respect to security, breach notifications, impact assessments, and consultations with supervisory authorities or regulators (including, but not limited to, the Information Commissioner’s Office);

1.6.6      Notify the Data Controller without undue delay of a personal data breach;

1.6.7      On the Data Controller’s written instruction, delete (or otherwise dispose of) or return all personal data and any and all copies thereof to the Data Controller on termination of the Subscription unless it is required to retain any of the personal data by law; and

1.6.8      Maintain complete and accurate records of all processing activities and technical and organisational measures implemented necessary to demonstrate compliance with this Agreement and the Terms and Conditions and to allow for audits by the Data Controller and/or any party designated by the Data Controller.

1.7          Apart from Sub-Processors listed below, the Data Processor shall not sub-contract any of its obligations to a sub-processor with respect to the processing of personal data under this Agreement and/or the Terms and Conditions without the prior written consent of the Data Controller (such consent not to be unreasonably withheld). In the event that the Data Processor appoints a sub-processor, the Data Processor shall:

1.7.1      Enter into a written agreement with the sub-processor, which shall impose upon the sub-processor the same obligations as are imposed upon the Data Processor by this Agreement and/or the Terms and Conditions and which shall permit both the Data Processor and the Data Controller to enforce those obligations; and

1.7.2      Ensure that the sub-processor complies fully with its obligations under that agreement and the Data Protection Legislation.

1.7.3      In order to deliver its obligations, the Data Processor makes use of cloud, e-mail and SMS services provided by the following Sub-Processors:

1.7.3.1 Amazon Web Services (AWS) Inc.; Google Inc. and Twilio Inc.

1.8          From time to time, these data protection provisions, may be revised by replacing them with any applicable data processing clauses or similar terms that form part of an applicable certification scheme. Such terms shall apply and replace these provisions by attachment to the Terms and Conditions.

SCHEDULE 1

1. Data Processing

Scope

Provide robotic payroll automation (RPA) software as a service (SaaS).

Nature

Payroll and tax calculations; Associated transactions to HMRC and/or Pension providers and publishing of payslips and other legislative documents to workers and employees.

Purpose

Provide contracted payroll SaaS Services to enable the Client to perform payroll processing for its employees and/or workers; Mandatory data submission to HMRC; Mandatory data submission to Pension providers and publishing of payslips and other worker/ employee legislative documents e.g. P45, P60 etc.

Duration

Duration of any active subscription.

2. Types of Personal Data

Worker/Employee personal data as required by HMRC/Pension providers for payroll and Client contact information.

3. Categories of Data Subject

Workers and/or Employees.

4. Organisational and Technical Data Protection Measures

1.             The Data Processor shall ensure that, in respect of all Personal Data it receives from or processes on behalf of the Data Controller, it maintains security measures to a standard appropriate to:

1.1          the harm that might result from unlawful or unauthorised processing or accidental loss of the Personal Data; and

1.2          the nature of the Personal Data.

2.             In particular, the Data Processor shall:

2.1          have in place, and comply with, a security policy which:

2.1.1      defines security needs based on a risk assessment;

2.1.2      allocates responsibility for implementing the policy to a specific individual (such as the Data Processor’s Data Protection Officer) or personnel;

2.1.3      is disseminated to all relevant staff; and

2.1.4      provides a mechanism for feedback and review.

2.2          ensure that appropriate security safeguards are in place to protect the hardware and software which is used in processing the Personal Data in accordance with industry practice;

2.3          prevent unauthorised access to the Personal Data;

2.4          ensure that its storage of Personal Data conforms with industry practice such that the media on which Personal Data is recorded (including paper records and records stored electronically) are stored in secure locations and access by personnel to Personal Data is strictly controlled;

2.5          have secure methods in place for the transfer of Personal Data whether in physical form (for example, by using couriers rather than post) or electronic form (for example, by using named individual access to specified drives where data is password protected);

2.6          password protect all computers and other devices on which Personal Data is stored;

2.7          take reasonable steps to ensure the reliability of personnel who have access to the Personal Data;

2.8          have in place methods for dealing with breaches of security (including loss of Personal Data) including notifying the Data Controller as soon as any such security breach occurs.

2.9          have a procedure for backing up all electronic Personal Data and storing back-ups separately from originals;

2.10       adopt such organisational, operational, and technological processes and procedures as are required to comply with the requirements of the Data Controller.