SAAS Agreement

Master Subscription Agreement

Total Control Pro Limited

This Master Subscription Agreement (“Agreement”) covers the supply, maintenance, and hosting of the licensed Total Control Pro Limited modules available within the Manufacturing platform. It is agreed between the Customer and Total Control Pro Limited, a company with registered office at Vulcan Works, 34-38 Guildhall Rd, Northampton, NN1 1EW, England, Company number 04185240.

The parties agree as follows:

  1. Effective Date and Agreement Renewal

The parties enter into Agreement from the Effective Date and for the Initial Contract Period specified in the Order Form (the “Initial Term“). This Agreement will automatically renew at the end of the Initial Term for an additional 12 months and yearly thereafter (each a “Renewal Term“) unless earlier terminated as provided herein. The Customer may terminate this Agreement without cause at any point after the initial term. To avoid entering into a new Renewal Term the Customer is required to provide at least sixty (60) days’ notice prior to the start of a Renewal Term.

  1. Definitions

2.1 Customer Data” means all data or information submitted by the Customer to the Service.

2.2 “Order Form” means the ordering documents for the Customer’s purchases from Total Control Pro Limited that are executed by the parties from time to time. Order Forms shall be deemed incorporated into this Agreement.

2.3 “Service” means the online, web-based Total Control Pro Limited applications and modules provided by Total Control Pro Limited.

2.4 “Professional Services” are an intangible product that Total Control Pro Limited sells to help the customer manage a specific part of their configuration or use of the software.

2.5 “User Error” means deliberate misuse of the system or removal of data from the system.

2.6 “Users” means individuals who are authorised by the Customer to use the service, for whom subscriptions to the service have been purchased, and who have been supplied user identifications and passwords by the Customer (or by Total Control Pro Limited at the Customer’s request). Users include but are not limited to employees, consultants, contractors and agents of the Customer or its affiliates and associated partnerships.

  1. Service

3.1 Provision of Service – Total Control Pro Limited shall make the Service available to the Customer and its Users pursuant to this Agreement and all Order Forms during the term of this Agreement. The Customer agrees that its purchase of subscriptions is neither contingent upon the delivery of any future functionality or features nor dependent upon any oral or written public comments made by Total Control Pro Limited with respect to such future functionality or features nor dependent upon any oral or written public comments made by Total Control Pro Limited with respect to such future functionality or features.

3.2 Additional Users – User subscriptions are for designated Users and cannot be shared or used by more than one User but may be reassigned to new Users replacing former Users who no longer require ongoing use of the Service. i) the term for the additional. User subscriptions shall fall in line with the Customers annual subscription, allowing all Users to expire at the end of the same subscription term; ii) subject to any agreements between the parties to the contrary, pricing for the additional Users subscriptions shall be based on the latest Total Control Pro Limited pricing policy for the remainder of the subscription term in effect at the time the additional Users subscriptions shall be based on the latest Total Control Pro Limited pricing policy for the remainder of the subscription term in effect at the time the additional Users are added.

  1. Service Level Agreements

4.1 Network Server Availability – Total Control Pro Limited will ensure a Service availability level at 99.5% (measured over a calendar year), except for those periods during scheduled or emergency network and/or application maintenance. If scheduled maintenance needs to occur during normal UK business hours (excluding emergency network maintenance), Total Control Pro Limited agrees to notify Customer 5 business days in advance.

4.2 Web Site Availability. Total Control Pro Limited’s website and web access servers will be fully available 99.5% of the time (measured over a calendar month).

4.3 Elevated SLA. As a Silver Edition customer, you will benefit from an elevated SLA as specified in Schedule 2 below.

4.4 BETA site Users acknowledge that the above SLA promise is suspended.

  1. Use of the Service

5.1 Total Control Pro Limited’s Responsibilities. Total Control Pro Limited shall take reasonable steps to ensure: i) in addition to its confidentiality obligations hereunder, it shall not use, modify or disclose Customer Data to anyone other than Users; ii) to the extent the Customer Data comprises “personal data” within the meaning of applicable data protection laws and regulations, and in respect of which it is hereby acknowledged that Total Control Pro Limited is acting as data processor only: a) process Customer Data strictly in accordance with this Agreement, Customer’s instructions and applicable data protection laws and regulations, b) take appropriate technical, organisational and security measures against unauthorised access to or unauthorised alteration, disclosure, destruction or loss of Customer Data, and c) take reasonable steps to ensure that employees used by Total Control Pro Limited to provide the Service are aware and are suitably trained in such technical, organisational and security measures; iii) maintain the security and integrity of the Service and the Customer Data; iv) maintain the software in fully working order and in a timely manner fix any software errors, faults or bugs that are known to be affecting the running of the system or the software; v) use commercially reasonable efforts to maintain the correct functionality and delivery of the system and to make the Service available at all times, except for a) planned downtime agreed with Customer; or b) any unavailability caused by circumstances beyond Total Control Pro Limited’s reasonable control, including without limitation, acts of God, acts of Government, flood, fire, acts of terror, hosting facility failures or delays involving hardware, software or power systems not within Total Control Pro Limited’s possession or reasonable control; vi) where Total Control Pro Limited is compelled by law or regulations to disclose information, it shall notify the Customer in advance of such disclosure and such disclosure shall be in accordance with the Data Protection Act 2018.

5.2 Customer’s Responsibilities. The Customer is responsible for all activities that occur in User accounts and for Users’ compliance with this Agreement. The Customer shall: i) have sole responsibility for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Customer Data and shall ensure all instructions given by it to Total Control Pro Limited in respect of the Customer Data will be in compliance with applicable data protection legislation; ii) use commercially reasonable efforts to prevent unauthorised access to, or use of, the Service, and notify Total Control Pro Limited promptly of any unauthorized access or use of which it becomes aware; and iii) comply with all applicable laws in using the Service, including without limitation all applicable data protection laws and regulations.

5.3 User Guidelines. The Customer shall use the Service solely for its internal business purposes as contemplated by this Agreement and shall not:
(i) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, or otherwise commercially exploit or make the Service available to any third party, other than to Users or as otherwise contemplated by this Agreement; (ii) send spam or otherwise duplicative or unsolicited messages in violation of applicable laws;
(iii) send or store infringing, obscene, threatening, libelous, or otherwise unlawful material; (iv) send or store any virus or other malicious code; (v) interfere with or disrupt the integrity or performance of the Service or the data contained therein; or (vi) attempt to gain unauthorized access to the Service or its related systems or networks.

5.4 Support. As far as reasonably possible, Total Control Pro Limited will resolve support issues remotely, with communications handled via the Total Control Pro Limited “Support Desk” portal. The Customer is able to have issues resolved by supplying to Total Control Pro Limited evidence and supporting materials such as screen shots, as necessary to assist Total Control Pro Limited to reproduce any faults detected. Where a fault is due to User Error or incorrect use of the system, the cost to rectify shall be agreed by the parties (acting reasonably and in good faith). Any visits necessitated to the Customer as a result of a Customer requirement, the Customer shall cover the reasonable out of pocket expenses of such visit agreed in advance with Total Control Pro Limited. Any visits necessitated to the Customer as a result of system failure shall be covered by Total Control Pro Limited.

5.5 Publicity. Either party may include the name and logo of the other party in lists of customers or vendors. Without prior approval of the Customer, Total Control Pro Limited is entitled to distribute a press release in connection with the transaction. The Customer will be consulted by Total Control Pro Limited in connection with any such press release prior to its release, and it shall be provided with a copy to approve, such approval should not be unreasonably withheld.

5.6. Data Protection. Each Party shall comply with Schedule 1 (Data Protection).

5.7. Usage Limits. Customer Data and file storage are subject to a combined limit of 1GB. If Customer exceeds this contractual usage limit, Total Control Pro Limited may work with the Customer to seek to reduce Customer’s usage so that it conforms to that limit. If, notwithstanding Total Control Pro Limited’s’ efforts, the Customer is unable or unwilling to abide by a contractual usage limit, Customer will execute an Order Form for additional quantities of usage upon Total Control Pro Limited’s’ request and pay any invoice for excess usage.

  1. Fees & Payment

6.1 User Fees. The Customer shall pay all fees specified in all Order Forms. Except as otherwise provided, all fees are quoted and payable in the currency stated on the order form. Except as otherwise specified herein or in an Order Form, fees are based on services purchased and not actual usage, payment obligations are non- cancelable, fees paid are non-refundable, and the number of subscriptions purchased cannot be decreased during the relevant subscription term stated on the Order Form. Because fees are based on monthly units, fees for subscriptions purchased in the middle of a monthly period will be charged for that monthly period in full and going forward based on the number of monthly periods remaining in the subscription term. Total Control Pro Limited reserves the right to increase User Subscription fees by 5% for each annual renewal extending beyond the End Date of this Agreement.

6.2 Invoicing & Payment. Fees for the Service will be invoiced in advance and otherwise in accordance with the relevant Order Form. Unless otherwise stated in the Order Form, charges are due immediately on receipt of a correct invoice. Payment will be collected via the subscription portal by direct debit mandate. Customer is responsible for maintaining complete and accurate billing and contact information on the Service. Professional Service fees for implementation, customisation and other one-time fees shall be invoiced at the beginning of implementation unless otherwise stated on the applicable Order Form or on any other formal payment schedule that has been agreed.

6.3 Overdue Payments. Any payment not received from the Customer by the due date may, at Total Control Pro Limited’ discretion, accrue interest at a rate of 5% above the Bank of England base rate.

6.4 Suspension of Service. If the Customer’s account is 30 days or more overdue (except with respect to charges that under reasonable and good faith are disputed), in addition to any of its other rights or remedies, Total Control Pro Limited reserves the right to suspend the Service provided to Customer, without liability to Total Control Pro Limited, until such amounts are paid in full. Total Control Pro Limited will provide a 24-hour notice prior to suspending the Service under this clause.

  1. Proprietary Rights

7.1 Reservation of Rights. Subject to the rights expressly granted hereunder, Total Control Pro Limited reserves all rights, title, and interest in and to the Service, including all related intellectual property rights. No rights are granted to the Customer hereunder other than as expressly set forth herein.

7.2 Restrictions. Save to the extent expressly permitted by applicable law notwithstanding this limitation, Customer shall not (i) modify, copy or create derivative works based on the Service; (ii) frame or mirror any content forming part of the Service, other than on Customer’s own intranets or otherwise for its own internal business purposes; (iii) reverse engineer the Service; or (iv) access the Service in order to(A) build a competitive product or service, or (B) copy any ideas, features, functions, or graphics of the Service.

7.3 Customer Data. As between Total Control Pro Limited and the Customer, the Customer exclusively owns all rights, title, and interest in and to all Customer Data. Customer Data is deemed the Confidential Information of Customer under this Agreement. Total Control Pro Limited shall not access Customer’s User accounts, including Customer Data, except to respond to service or technical problems or at Customer’s request.

7.4 Anonymised Data The Customer herby grant to Total Control Pro Limited a non-exclusive, fully paid, world-wide and irrevocable license to use Customer Data as required to copy, anonymise, aggregate, process and display Customer Data, to derive anonymous statistical and usage data related to the Service (“Anonymous Data”) to compile, combine or incorporate such Anonymous Data with or into similar data and information available, derived or obtained from other customers, licensees or users of Total Control Pro Limited, or otherwise (collectively, Anonymous Data and such compiled, combined or incorporated data and information shall be referred to as “Aggregate Data”), to permit Total Control Pro Limited to provide additional services to Total Control Pro Limited customers, including the copying, publication, distribution, display, licensing or sale of Aggregate Data and related or similar other statistics or data to third parties pursuant to a separate licensing or service arrangement or agreement. Total Control Pro Limited will be the owner of all right, title, and interest in and to Anonymous Data and Aggregate Data. The Customers grant of license to Total Control Pro Limited to copy, anonymise, aggregate, process, use and display Customer Data and Use Data shall survive the expiry or termination of this Agreement.

7.5 Suggestions. Total Control Pro Limited shall have a royalty-free, worldwide, transferable, sub-licensable, irrevocable, perpetual license to use or incorporate into the Service any suggestions, enhancement requests, recommendations or other feedback provided by Customer or its Users relating to the operation of the Service.

  1. Confidentiality

8.1 Definition of Confidential Information. As used herein, “Confidential Information” means all confidential information of a party (“Disclosing Party”) disclosed to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, including the terms and conditions of this Agreement (including pricing and other terms reflected in all Order Forms).

8.2 Confidentiality. The Receiving Party shall not disclose or use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, except with the Disclosing Party’s prior written permission.

8.3 Protection. Each party agrees to protect the confidentiality of the Confidential Information of the other party in the same manner that it protects the confidentiality of its own confidential information of like kind (but in no event using less than reasonable care).

8.4 Compelled Disclosure. If the Receiving Party is compelled by law to disclose Confidential Information of the Disclosing Party, it shall provide the Disclosing Party with prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure. Such disclosure shall not in itself negate the obligation to otherwise maintain the confidentiality of the Confidential Information under this clause 8.

8.5 Remedies. If the Receiving Party discloses or uses (or threatens to disclose or use) any Confidential Information of the Disclosing Party in breach of confidentiality protections hereunder, the Disclosing Party shall have the right, in addition to any other remedies available to it, to seek injunctive relief to enjoin such acts, it being specifically acknowledged by the parties that any other available remedies are inadequate.

  1. Warranties & Disclaimers

9.1 Warranties. Each party represents and warrants that it has the legal power to enter into this Agreement. Total Control Pro Limited represents and warrants that i) it will provide the Service in a manner consistent with general industry standards reasonably applicable to the provision thereof; ii) the functionality of the Service will not be materially decreased during a subscription term; iii) the Service will not contain or transmit to Customer any virus or other malicious code; iv) it owns all rights in the Service and software required to grant to Customer the rights to use the Service and software granted herein; and v) the Service does not, and Customers use of it as provided hereunder will not, infringe any intellectual property rights of any third party. The Customer represents and warrants that the collection and processing of Customer Data by it and/or as contemplated by this Agreement complies in all respects with applicable data protection laws and regulations.

  1. Indemnification

10.1 Indemnification by Total Control Pro Limited. Subject to this Agreement, Total Control Pro Limited shall defend and indemnify the Customer against any loss, damage or costs (including reasonable attorneys’ fees) incurred in connection with claims, demands, suits, or proceedings, to the extent that Total Control Pro Limited has been negligent, (“Claims”) made or brought against the Customer by a third party alleging i) a breach by Total Control Pro Limited of its obligations under applicable data protection laws and regulations; or ii) that the use of the Service as contemplated hereunder infringes the intellectual property rights of a third party; provided, that the Customer a) promptly gives written notice of the Claim to Total Control Pro Limited; b) gives Total Control Pro Limited sole control of the defence and settlement of the Claim (provided that Total Control Pro Limited may not settle or defend any Claim unless it unconditionally releases the Customer of all liability); and c) provides to Total Control Pro Limited, at Total Control Pro Limited’s cost, all reasonable assistance.

10.2 Indemnification by the Customer. Subject to this Agreement, the Customer shall defend, indemnify and hold Total Control Pro Limited harmless against any loss, damage or costs (including reasonable attorneys’ fees) incurred in connection with Claims made or brought against Total Control Pro Limited by a third party alleging i) a breach by the Customer of its obligations under applicable data protection laws and regulations; or ii) that the Customer Data, or the Customer’s use of the Service in violation of this Agreement, infringes the intellectual property rights of, or has otherwise harmed, a third party; provided, that Total Control Pro Limited a) promptly gives written notice of the Claim to Customer; b) gives Customer sole control of the defence and settlement of the Claim (provided that Customer may not settle or defend any Claim unless it unconditionally releases Total Control Pro Limited of all liability); and c) provides to Customer, at Customer’s cost, all reasonable assistance.

  1. Limitation of Liability

11.1 Limitation of Liability. EXCLUDING ANY CLAIM UNDER THE INDEMNITY AT PARAGRAPH 4.2 OF SCHEDULE 1 (DATA PROTECTION), TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, SHALL EXCEED THE AMOUNTS ACTUALLY PAID BY AND DUE FROM THE CUSTOMER HEREUNDER IN THE TWELVE MONTHS PRECEDING THE INCIDENT GIVING RISE TO LIABILITY.

11.1 Exclusion of Consequential and Related Damages. TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY SHALL HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY LOST PROFITS OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

  1. Term & Termination

12.1 Term of Agreement. This Agreement commences on the Effective Date and, subject to Clause 1 and the remainder of this Clause 12, shall continue until all User subscriptions granted in accordance with this Agreement have expired or been terminated.

12.2 Term of User Subscriptions. User subscriptions commence on date the Order Form is signed. User subscriptions shall automatically renew for additional periods of one (1) year unless either party gives the other notice of non-renewal at least 60 days prior to the end of the relevant subscription term.

12.3 Termination for Cause. A party may terminate this Agreement for cause: i) upon thirty (30) days written notice of a material breach to the other party if such breach remains uncured at the expiration of such period; or ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors or any event analogous to the foregoing occurs in relation to that other party in any jurisdiction. Upon any termination for cause by the Customer, Total Control Pro Limited shall refund the Customer any prepaid fees covering the remainder of the subscription term after the date of termination.

12.4 Outstanding Fees. Termination shall not relieve the Customer of the obligation to pay any fees accrued or payable to Total Control Pro Limited prior to the effective date of termination.

12.5 Return of Customer Data. Upon request by the Customer made within 30 days after the effective date of termination, Total Control Pro Limited will make available to the Customer for download a file of the Customer Data. After such 30-day period, Total Control Pro Limited shall have no obligation to maintain or provide any Customer Data and shall thereafter, unless legally prohibited, delete all the Customer Data in its systems or otherwise in its possession or under its control.

12.6 Surviving Provisions. The following provisions shall survive any termination or expiration of this Agreement: Sections 4 through 12.

  1. General Provisions

13.1 Relationship of the Parties. The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties.

13.2 No Third-Party Beneficiaries. There are no third-party beneficiaries to this Agreement.

13.3 Notices. All notices under this Agreement shall be in writing and shall be deemed to have been given upon: (i) personal delivery; (ii) the second business day after mailing; (iii) the second business day after sending by confirmed email (accounts@totalcontrolpro.com). Notices to Total Control Pro Limited shall be addressed to the attention of its COO. Notices to Customer shall be addressed to Customer’s signatory of this Agreement unless otherwise designated below.

13.4 Waiver and Cumulative Remedies. No failure or delay by either party in exercising any right under this Agreement shall constitute a waiver of that right. Other than expressly stated herein, the remedies provided herein are in addition to, and not exclusive of, any other remedies of a party at law or in equity.

13.5 Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision to be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement shall remain in effect.

13.6 . Assignment. Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party (not to be unreasonably withheld). Notwithstanding the foregoing, either party may assign this Agreement in its entirety (including all order forms), without consent of the other party, in connection with a merger, acquisition, corporate reorganisation, or sale of all or substantially all of its assets not involving a direct competitor of the other party. Any attempt by a party to assign its rights or obligations under this Agreement in breach of this section shall be void and of no effect. Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective successors and permitted assigns.

13.7 Governing Law. This Agreement (including any non-contractual obligations or liabilities arising out of it or in connection with it) shall be governed exclusively by, and construed exclusively in accordance with, the laws of England and Wales.

13.8 Venue. The courts of England and Wales shall have exclusive jurisdiction to adjudicate and dispute arising out of or relating to this Agreement (including non-contractual disputes or claims). Each party hereby consents to the jurisdiction of such courts.

13.9 Entire Agreement. This Agreement and all Order Forms constitutes the entire agreement between the parties, and supersedes all prior and contemporaneous agreements, proposals, or representations, written or oral, concerning its subject matter. These terms may be modified or updated from time to time by Total Control Pro Limited. To the extent of any conflict or inconsistency between the provisions in the body of this Agreement and any exhibit or addendum hereto or any Order Form, the terms of such exhibit, addendum or Order Form shall prevail. Notwithstanding any language to the contrary therein, no terms or conditions stated in a Customer purchase order or in any other Customer order documentation (excluding Order Forms) shall be incorporated into or form any part of this Agreement, and all such items or conditions shall be null and void.

13.10 Counterparts. This Agreement may be executed by email or via the on-line subscription portal and in counterparts, which taken together shall form one legal document

Schedule 1 (Data Protection)

  1. Definitions

“Data Controller” Has the meaning given to ‘Data Controller’, or ‘Controller’ as appropriate, in the Data Protection Laws;

“Data Breach” Means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed;

“Data Processor” Has the meaning given to ‘Data Processor’, or ‘Processor’ as appropriate, in the Data Protection Laws;

“Data Protection Laws” Means any and all laws, statutes, enactments, orders or regulations or other similar instruments of general application and any other rules, instruments or provisions in force from time to time relating to the processing of personal data and privacy applicable to the performance of this Agreement, including where applicable the Data Protection Act 2018, the Data Protection Bill, the Regulation of Investigatory Powers Act 2000, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003) and the GDPR (Regulation (EU) 2016/679), as amended or superseded;

“GDPR” Means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC as updated, superseded or repealed from the time to time;

“Personal Data” Has the meaning given in the Data Protection Laws.

  1. Data Processing

Where Total Control Pro Limited, pursuant to this Agreement, processes Personal Data on behalf of the Customer, Total Control Pro Limited acknowledges that the Customer is the Data Controller and the owner of such Personal Data, and that Total Control Pro Limited is the Data Processor.

  1. Compliance with Data Protection Laws

The Data Processor warrants that it has complied, and shall continue to comply, with the requirements of the applicable Data Protection Laws and all other data protection legislation in any jurisdiction relevant to the exercise of its rights or the performance of its obligations under this Agreement.

  1. Grounds for Processing

4.1. The Data Controller shall, for all categories of personal data (including special categories) processed under this Agreement, either:

4.1.1. obtain the consent of the data subject to the processing; or

4.1.2. confirm the ground upon which the Personal Data is being processed.

4.2. The Data Controller shall indemnify the Data Processor against all liabilities, costs, expenses, damages and losses (including reasonable professional costs and expenses) suffered or incurred by the Data Processor as a result of the Data Controller’s breach of its obligations pursuant to paragraph 4.1 above.

  1. Data Processing Obligations

5.1. In respect of any Personal Data to be processed by the Data Processor pursuant to this Agreement for which the Customer is Data Controller, the Data Processor shall:

5.1.1. have in place and at all times maintain appropriate technical and organisational measures in such a manner as is designed to ensure the protection of the rights of the data subject and to ensure a level of security appropriate to the risk;

5.1.2. not engage any new sub-processor without giving notice of at least 30 days in advance of providing that new sub-processor with access to Customer Data. Customer may object in writing to the appointment of an additional Sub-processor within five (5) calendar days after receipt of e- days’ notice. In the event that Customer objects on reasonable grounds relating to the protection of the Personal Data, then the parties shall discuss commercially reasonable alternative solutions in good faith. If no resolution can be reached, Total Control Pro Limited will, at its sole discretion, either not appoint Sub- processor, or permit Customer to suspend or terminate the affected Total Control Pro Limited service in accordance with the termination provisions of the Agreement.

5.1.3. ensure that each of the Data Processor’s employees, agents, consultants, subcontractors and sub- processors are made aware of the Data Processor’s obligations under this Schedule and enter into binding obligations with the Data Processor to maintain the levels of security and protection required under this Schedule. The Data Processor shall ensure that the terms of this Schedule are incorporated into each agreement with any sub-processor, subcontractor, agent or consultant to the effect that the sub-processor, subcontractor, agent or consultant shall be obligated to act at all times in accordance with duties and obligations of the Data Processor under this Schedule. The Data Processor shall at all times be and remain liable to the Customer for any failure of any employee, agent, consultant, subcontractor, or sub- processor to act in accordance with the duties and obligations of the Data Processor under this Schedule;

5.1.4. process that Personal Data only on behalf of the Customer in accordance with the Customer’s instructions and to perform its obligations under this Agreement or other documented instructions and for no other purpose save to the limited extent required by law; Upon the request of the Customer, within 30 days of expiry or termination of this agreement, Total Control Pro Limited shall make available to the Customer for download a full and complete file of the Customer Data. After the expiry of the 30-day period, Total Control Pro Limited shall, unless required otherwise by law, delete all of the Customer Data in its systems or otherwise in its possession or control;

5.1.5. Upon the request of the Customer, within 30 days of expiry or termination of this agreement, Total Control Pro Limited shall make available to the Customer for download a full and complete file of the Customer Data. After the expiry of the 30-day period, Total Control Pro Limited shall, unless required otherwise by law, delete all of the Customer Data in its systems or otherwise in its possession or control

5.1.6. ensure that all persons authorised to access the Personal Data are subject to obligations of confidentiality and receive training to ensure compliance with this Agreement and the Data Protection Laws;

5.1.7. make available to the Customer all information necessary to demonstrate compliance with the obligations laid out in Article 28 of GDPR and this Schedule and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer; provided that, in respect of this provision the Data Processor shall immediately inform the Customer if, in its opinion, an instruction infringes Data Protection Laws;

5.1.8. taking into account the nature of the processing, provide assistance to the Customer, within such timescales as the Customer may require from time to time, in connection with the fulfilment of the Customer’s obligation as Data Controller to respond to requests for the exercise of data subjects’ rights pursuant to Chapter III of the GDPR to the extent applicable;

5.1.9. provide the Customer with assistance in ensuring compliance with articles 32 to 36 (inclusive) of the GDPR (concerning security of processing, data breach notification, communication of a personal data breach to the data subject, data protection impact assessments, and prior consultation with supervisory authorities) to the extent applicable to the Customer, considering the nature of the processing and the information available to the Data Processor;

5.1.10. notify the Customer in writing within 72 hours about:

  1. a) any Data Breach or any accidental loss, disclosure or unauthorised access of which the Data Processor becomes aware in respect of Personal Data that it processes on behalf of the Customer;
  2. b) any request for disclosure of the Personal Data by a law enforcement authority (unless otherwise prohibited);
  3. c) any access request or complaint received directly from a data subject (without responding other than to acknowledge receipt).

5.1.11. maintain a record of its processing activities in accordance with Article 30 of the GDPR; and

5.1.12. indemnify the Customer against all liabilities, claims, costs, expenses, damages and losses (including any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal and other professional costs and expenses) suffered or incurred by the Customer or for which it may become liable as a result of or in connection with any failure of the Data Processor, its employees, agents, consultants, subcontractors or sub-processors to comply with this Schedule.

5.2 The Data Processor shall, at the Customer’s expense to be calculated based upon the Data Processor’s standard hourly charge out rates:

5.2.1 deal promptly and properly with all enquiries or requests from the Customer relating to the Personal Data and the data processing activities, promptly provide to the Customer in such form as the Customer may request, a copy of any Personal Data requested by the Customer; and

5.2.2 assist the Customer (where requested by the Customer) in connection with any regulatory or law enforcement authority audit, investigation, or enforcement action in respect of the Personal Data.

  1. International Data Transfers

6.1. In respect of any Personal Data to be processed by a party acting as Data Processor pursuant to this Agreement for which the other party is Data Controller, the Data Processor shall not transfer the Personal Data outside the EEA or to an international organisation without:

6.1.1. obtaining the written permission of the Data Controller;

6.1.2. ensuring appropriate levels of protection, including any appropriate safeguards if required, are in place for the Personal Data in accordance with the Data Protection Laws;

6.1.3. notifying the Data Controller of the protections and appropriate safeguards in paragraph 5.1.2 above; and

6.1.4. documenting and evidencing the protections and appropriate safeguards in paragraph 5.1.2 above and allowing the Data Controller access to any relevant documents and evidence.

  1. Details of Processing Activities

7.1. The table at 7.2 sets out the details of processing as required by GDPR Article 28.

7.2

Schedule 2 (Service Level Agreement)

Elevated Support SLA is applicable to Silver Edition Customers only and relates purely to the Total Control Pro Limited platform.

DEFECTS

A “Defect” is a technical defect with the Total Control Pro Limited application and/or those portions of software integrations within Our control. Defects fall into three general categories: Critical (Severity 1) Serious (Severity 2) and Minor (Severity 3). The “Severity” of a Defect is determined by Total Control Pro Limited, subject to the following definitions and parameters.

Major Defects

  • Severity 1 (S1): A Defect that results in at least one of the following: (i) the Customer’s Total Control Pro Limited URL produces no results, or (ii) Customers’ Licensed users cannot log in to Customer’s Total Control Pro Limited application after  repeated  “Severity 1” does not include downtime for scheduled maintenance or issues relating to Single-Sign-On outside Total Control Pro Limited’ control.
  • Severity 2 (S2): A Defect that results in an integral function of the Customer’s Total Control Pro Limited application not being usable example. parts tracking cannot be logged or processed

(all hours quoted are UK business hours 08:30-17:00)

Minor Defects

  • Severity 3 (S3): A Defect in one or more non-integral Total Control Pro Limited application feature(s) for which there is a temporary workaround

NETWORK SERVER AND WEB APPLICATION AVAILABILITY

Total Control Pro Limited will provide at least 99.5% availability per calendar month to the Total Control Pro Limited network server and web application (excluding reasonable and scheduled maintenance periods, which usually occur at or after 5:00pm UK GMT). In the event that Total Control Pro Limited has not complied with this availability obligation, then, for each 0.5% of availability below 99.5%, Customer will be entitled, as its sole and exclusive remedy therefor, to a credit against Customer’s next invoice equal to 1/365th of the annual fees for User licenses set forth in the Agreement. To claim a service credit hereunder, Customer must submit a credit request within thirty (30) days of the event giving rise to a credit. Upon receiving the request, Customer shall have five (5) business days to respond.

TotalControlPro Limited
Vulcan Works
34-38 Guildhall Rd
Northampton, NN1 1EW
England

Agreement V1.20, Oct 2020 Update Reg Office Oct 2023