Schoolcomms Terms and Conditions for Schools v5.1
This Agreement applies to all Schoolcomms Customers contracted or renewed after 1st December 2017
Schedule 1: Schoolcomms Collection Service
Schedule 2: Data Processing Agreement
This Agreement describes the terms and conditions for using Schoolcomms Products and Services.
The terms: “you,” and “your” are referring to you, your employees, and your users; “we” and “our” refer to Schoolcomms, trading from Continental House, Kings Hill, Bude, Cornwall EX23 0LU; and, references to “party” and “parties”’ refer to either or both of us as a party or parties to this Agreement. You agree you have read, understood and agree to these terms and conditions by either: signing a document within which this Agreement is explicitly referenced; or, accepting this Agreement as part of an application form submitted to us, including those submitted electronically; or, installing, accessing, or using Schoolcomms Products and Services.
1. Definitions and Interpretation
|“Acquirer”||the organization licensed as a member of a Scheme, which processes Card Payments for us, where we are acting as a merchant on your behalf;|
|"Agreement"||this agreement between us and you for the provision of Schoolcomms Products and Services;|
|the Annual Access Fee and the Audit Fee charged at the Effective Date and annually thereafter, for a minimum period of the Initial Term;|
|an annual charge of £10 made to you in consideration of a licence to access and use any Schoolcomms
Products and Services for which you have contracted under this Agreement, representing a charge made for services supplied until the next Annual Licence Fee invoice is due;
|“Audit Fee”||the charge made to you for Audit Services, representing a charge made for services supplied at the point of invoicing, which shall usually be linked to the number of pupils on roll in your School;|
|“Audit Services”||services provided as part of this Agreement including ensuring the accuracy of pupil roll and standing
data held, reviewing security, data protection and other relevant industry, regulatory or legislative
requirements, completed at, or shortly after the Effective Date, and when subsequent Annual Licence Fees are charged;
|"Business Day"||a day (other than a Saturday or Sunday) on which banks are open for normal banking business in the
City of London;
|“Card Payment”||a Parent Payment made using a valid, accepted, credit or debit card;|
|“Charge Back”||return of a Parent Payment because of a perceived violation of Scheme rules or procedures, arising from
a disagreement over: whether or when the payment occurred; the provision of the goods or services to
which the payment relates; or, the amount involved;
|all information which prior to, or upon, its disclosure is communicated to the receiving party as being
confidential by the disclosing party, or which should reasonably be considered as information of a
confidential nature by the receiving party, provided that this definition shall not include information which:
is at the time of disclosure in the public domain; subsequently comes into the public domain other than by
the deliberate act of the receiving party; is in the possession of the receiving party at the time of the
disclosure; is subsequently disclosed to the receiving party by a third party without restrictions as to its
use or disclosure; is independently developed by employees of the receiving party who have not had
access to the information disclosed; or, is information disclosed pursuant to a requirement of law;
|“Content”||any data, information, text, or other material uploaded to, posted into, or sent via Schoolcomms Products
and Services, including SMS text messages and emails, whether sent by you, from your account login;
or, by us on your behalf;
|"Effective Date"||the date this Agreement becomes effective either by its incorporation by means of an explicit reference in
a document signed by you, or, in the case of a valid application form submitted electronically by you to
us, the date such application form is received by us;
|“Fees”||fees charged by us to you in relation to this Agreement, including: Annual Licence Fees; Payment
Service Fees; Setup and Training Fees; and, SMS Text Credit Fees;
|“Force Majeure”||any event which is outside the reasonable control of the relevant party, including without loss of
generality: the unavailability or faulty performance of communication networks or energy sources; any act
of God; any act or omission of governmental or other competent authority; fires; strikes and industrial
disputes; riots, war, civil unrest, revolution or acts of terrorism; inability to obtain materials; embargos;
refusal of licences; theft; destruction; denial of service (DoS) attacks; unauthorised access to computer
systems or records, programs, equipment, data, or services; breakdown of plant or machinery; and, flood
or other adverse weather conditions;
|"Holding Account"||a dedicated bank account managed by us, which holds funds including the aggregate total Transaction
Value not yet included in a Remittance;
|“IBT”||a Parent Payment made via Direct Debit, also referred to as an Instant Bank Transfer;|
|“Initial Term”||a period of thirty six (36) months from the Effective Date;|
|an amount of £50, or as advised by us from time to time by means of a Notice;|
|“Notices”||any Notice is deemed to be served by us if it is: sent to you via post or email; or, posted on our websites;
or, posted to your online account on Schoolcomms Products. Any Notice is deemed to be served by you
if it is sent in writing by one of the School’s duly authorised directors or office holders: by email to
email@example.com or other email address as we may advise from time to time; or, is sent by
recorded delivery to the office address at the top of this Agreement;
|“Parent”||a parent or guardian of a pupil enrolled in your School whose record is uploaded to the Schoolcomms
Products and Services by you and whose School Gateway Account login is activated by them;
|“Parent Payment”||the process by which a Parent makes a payment for Payment Items, using Schoolcomms Products and
Services and supported Scheme payment methods, including Card Payments, PayPoint Payments and
IBT, for a total of the Transaction Value;
|"PayPoint Payment"||a Parent Payment made in cash at PayPoint authorised agents or terminals, via the PayPoint Scheme;|
|“Payment Item”||a good or service offered to Parents by you, your suppliers or affiliates or us with your consent via the
Schoolcomms Products and Services;
|a fee charged by us to you, for the use of Schoolcomms Products and Services by you and your Parents,
which includes inter alia: hosting of the Schoolcomms Products and Services; support services provided
to you; management of a range of supported Scheme payment methods for Parent Payments;
compliance with Scheme regulations; certification and management of security requirements including
PCI DSS; processing of Parent Payments; processing of Refunds; settlement services for Remittances;
reporting services; the operation of the Schoolcomms Collection Service; and, access to released
enhancements, updates and new features for any Schoolcomms Products and Services licensed to you
under the Agreement;
|“Refund”||the process by which you cancel all or part of a Parent Payment for a Payment Item, resulting in an
amount being deducted from a Remittance made to you by us and returned to the Parent;
|the value of a full or partial Refund;|
|"Remittance"||the aggregate net total of the Transaction Value of all Parent Payments received by us on your behalf
and not yet included in an earlier Remittance, minus the Refund Transaction Value of all Refunds for
Parent Payments processed on your behalf during the last Settlement Period, after deduction of:
amounts due for any Charge Backs; any fines or additional fees due to the Acquirer related to your
Parent Payments; and, any other outstanding Fees or amounts due to us under the Agreement;
|“Renewal Term”||each subsequent period of thirty six (36) months after the end of the Initial Term;|
|“RPI”||the All Items Retail Price Index as published by the Office of National Statistics from time to time;|
|“Scheme”||an organisation which manages and controls the rules for clearing of payments through a network of
participating members or entities, or an organisation which operates or owns such a network, where
Schemes which are supported for Parent Payments may include Direct Debit (for IBT payments),
PayPoint (for PayPoint Payments) and MasterCard and Visa (for Card Payments), and where the
supported Schemes may change from time to time;
|“School”||you, the school or other establishment or organisation, that contracts with us under this Agreement;|
|“Schoolcomms”||us, the service provider, trading as Schoolcomms, an operating division of ParentPay Limited (a
company registered in England and Wales at 11 Kingsley Lodge, 13 New Cavendish Street, London
W1G 9UG, under registration number 4513692;
|our products and services which may include Schoolcomms®, Schoolcomms Messaging™,
Schoolcomms Messaging – Just Text™, Schoolcomms Messaging - Standard™, Schoolcomms
Messaging - Premium™, Schoolcomms Payments™, Schoolcomms Clubs™, Schoolcomms Online
Reporting™, Schoolcomms OLR™, Schoolcomms Dinners™, School Gateway™, Schoolcomms Web
Messenger™, Schoolcomms Mobile Messenger™, Schoolcomms Desktop™, and related support sites
for these products; and, services provided by us that may include the Schoolcomms Collection
Service™, Audit Services, and other services such as support, setup, training, project management and
|the online portal and mobile app that provides Parents with access to a range of services, including the
ability to view Content and the facility to make Parent Payments for your Payment Items. For the
avoidance of doubt, the School Gateway Account may include Content from the Parents’ other Schools
and/or Content from us;
|“Settlement Period”||the regular period as part of the Schoolcomms Collection Service for which the Remittance is calculated,
currently ending on a Tuesday, either weekly or bi-weekly, dependent upon the particulars of your
Agreement, as detailed in a Proposal to you, or as may be notified by us to you from time to time by
means of a Notice;
|“Setup Fee”||the charge made to you for the activation and initial remote basic setup of some Schoolcomms Products
and Services, representing a charge made for services supplied at the point of invoicing;
|“SMS Text Credit|
|the charge made for sending SMS messages and/or mobile app messages via Schoolcomms Product
and Services, whereby: for standard (non-premium) licensed products, one full credit is charged for each
standard SMS message or part thereof, and half of one credit is charged for each mobile app message;
and, for premium licensed products, one full credit is charged for each standard SMS message and no credit is charged for each mobile app message sent. An SMS message is defined under the GSM 03.38
standard. The fee represents a charge made for services supplied at the point of invoicing;
|“Term”||the Initial Term or a Renewal Term as the context so allows;|
|"Trademarks"||all of our trademarks and logo's that exist now or in the future, both registered and non-registered, as
may be specified by us from time to time;
|"Transaction Value"||the price payable by a Parent for a Payment Item or a set of Payment Items acquired in a single
1.2. Clause and Schedule headings shall not affect the interpretation of this Agreement.
1.3. References to clauses and Schedules are to clauses of and Schedules to this Agreement and references to paragraphs and Parts are to paragraphs and Parts of the relevant Schedule.
1.4. The Schedules form part of this Agreement and shall have effect as if set out in full in the body of this Agreement. Any reference to this Agreement includes the Schedules.
1.5. A reference to this Agreement or to any other agreement or document referred to in this Agreement is a reference to this Agreement or such other agreement or document as varied, superseded or novated (in each case, other than in breach of the provisions of this Agreement or the provisions of the agreement or document in question, as appropriate) from time to time.
1.6. Unless the context otherwise requires: words in the singular shall include the plural and in the plural shall include the singular.
1.7. A person includes a natural person, corporate or unincorporated body (whether or not having a separate legal personality).
1.8. A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.
1.9. Any words following the terms including, include, in particular or for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.
1.10. Where the context permits, other and otherwise are illustrative and shall not limit the sense of the words preceding them.
1.11. A reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted from time to time.
1.12. A reference to a statute or statutory provision shall include all subordinate legislation made from time to time under that statute or statutory provision.
1.13. Any obligation on a party not to do something includes an obligation not to allow that thing to be done.
2. Licence Terms
2.1. In consideration of your payment of the Annual Access Fee, we agree to provide you with, and you hereby accept, a non-exclusive, non-transferable licence for you to access and use Schoolcomms Products and Services for the Term, subject to the conditions laid out below.
2.2. The licence will at all times be governed by this Agreement.
2.3. The licence extends only to those Schoolcomms Products and Services which you have ordered, where we have accepted the order and charged you the Annual Licence Fee.
2.4. The licence allows you and your Parents to use Schoolcomms Products and Services for your own internal use only, is personal to you, and may not be assigned, sub-licensed, sold, resold, transferred, distributed or otherwise disposed of or commercially exploited in any way, including by way of charge, lien or other encumbrance.
2.5. You are expressly forbidden and you hereby agree not to: modify, translate, adapt, disassemble, decompile, reverse engineer, or in any way copy the software used in the Schoolcomms Products and Services; or, to copy or emulate in any way the design, layout, or functionality of Schoolcomms Products and Services.
2.6. Schoolcomms Products and Services are provided under the absolute condition that they may not be used to undertake or support: unsolicited commercial emailing; bulk emailing (other than the legitimate emailing of Parents); copyright violation; defamatory speech; distribution of internet viruses, worms, trojan horses or other malware; flaming; distribution of pornography; or, abusive internet postings. Any such use, or what may be reasonably interpreted as such use would be a breach of this Agreement and not withstanding any payments made or received will cause us to take such action as is necessary to preserve our good name at our sole discretion, including immediate termination of service and this Agreement.
2.7. We may impose reasonable conditions regarding the ethical, moral and legal use of Schoolcomms Products and Services from time to time. You shall impose such conditions on your users and Parents to the extent necessary to ensure compliance.
2.8. You hereby grant us the right to: connect to your IT systems; and, host, download, view, analyse and retain your Content in so far as it is necessary for the provision of the Schoolcomms Products and Services to you as envisaged in this Agreement, which shall inter alia include the following purposes:
- 2.8.1. verification of your identity where required;
2.8.2. prevention and detection of crime, fraud and money laundering;
2.8.3. provision of the Schoolcomms Products and Services covered by this Agreement;
2.8.4. ongoing administration of Schoolcomms Products and Services;
2.8.5. improvement of Schoolcomms Products and Services including developing new Schoolcomms Products and Services;
2.8.6. research and statistical analysis including payment and usage patterns; and,
2.8.7. compliance with our legal and regulatory obligations.
2.9. We may retain your Content for as long as is necessary to fulfil the purpose(s) set out in Clause 2.8 and in accordance with the law.
2.10. Some Schoolcomms Products and Services are provided as software as a service. As such, the Annual Access Fee relates to the use of those Schoolcomms Products and Services as a service, but does not provide access to or copies of the software used to deliver those services. The Schoolcomms desktop client software (“Schoolcomms Desktop”) and any other pupil data upload clients which may be available in the future, will be installed locally subject to clause 2.11 below.
2.11. Solely for the purpose of facilitating the transfer of pupil and Parent data from your management information system (“MIS”) to us, and to support the operation of the Schoolcomms Products and Services, you may install and use the Schoolcomms Desktop and any other MIS upload clients provided by us, on each computer on your premises that you use to exchange data between your MIS system and us, where the number of instances is restricted to one copy, for standard (non-premium) licenced products. Additionally, you may make one backup copy of Schoolcomms Desktop or other MIS upload clients as necessary for the continuation of this service. After termination of this Agreement, all rights under this licence are terminated and you must securely delete any and all copies of Schoolcomms Desktop or other MIS upload clients held by you as a result of this Agreement.
3. Term and Termination
3.1. This Agreement shall commence on the Effective Date for the Initial Term and shall be renewed for each Renewal Term thereafter, unless terminated in accordance with the terms set out herein.
3.2. Notwithstanding clause 3.1, we shall have the right to terminate this Agreement immediately in the event that:
- 3.2.1. you breach any representation, warranty, covenant or other obligation under this Agreement;
3.2.2. you are delinquent in any payment hereunder thirty (30) days after the same has become due;
3.2.3. you assign this Agreement to any party without the required consent;
3.2.4. we are requested to do so by a Scheme or financial institution or any other party upon whose services we rely; or you have any distress, execution or other process levied upon your assets; or you make or offer to make any arrangement or composition with any one or more of your creditors or commit any act of bankruptcy; or if any petition or receiving order in bankruptcy is presented or made against you; or if any resolution or petition for your winding up is issued or passed or presented otherwise than for a reconstruction or amalgamation; or you become subject to an administration order; or you cease or threaten to cease to carry on your business; or your financial position deteriorates to such an extent that in our reasonable opinion your capability to adequately to fulfil your obligations under this Agreement has been placed in jeopardy.
3.3. Either party may terminate this Agreement without cause at the end of the Initial Term or at the end of the Renewal Term by giving Notice to the other party of their intention to terminate, provided that the Notice is given at least three (3) months prior to the end of the Term.
3.4. Notwithstanding the provisions of Clause 3.3, you may terminate this Agreement at any time, with or without cause, upon giving us Notice of your intended termination date, which shall be deemed to be three (3) months after Notice is properly given, provided that you pay any and all fees due to us under this Agreement as set out in this Clause 3.4. The fees due shall be no less than the Fees due under this Agreement in the proceeding twelve (12) months, or if the Agreement commenced less than twelve (12) months prior to the termination date the Fees due up to the date of termination pro rated for a twelve (12) month period, multiplied by the number of years, including any part years, remaining from the date of termination to the end of the Term that has commenced three (3) months after the termination Notice is given, such fees to be paid by you in full before the termination date.
3.5. Upon any termination of this Agreement, you shall immediately discontinue the use of all Schoolcomms Products and Services and any license granted under this Agreement shall terminate.
3.6. Termination, repudiation or expiry of this Agreement will be without prejudice to any accrued rights of either party and will not affect obligations which are expressed not to be affected by repudiation, expiry or termination of this Agreement.
4. Fees – General
4.1. All Fees are in Pounds Sterling and are subject toapplicable taxes, including Value Added Tax at the rate prevailing at the tax point of sale.
4.2. We will charge you a Setup and Training Fee and an Annual Licence Fee, in line with the most recent, valid, commercial schedule or proposal provided to you. If your pupil numbers have increased since the provision of the last commercial schedule or proposal provided to you we will be entitled to increase the Audit Fee to reflect this increase.
4.3. The Setup and Training Fee and the initial Annual Licence Fee is due no later than the earlier of: the payment terms laid out in 5.1; or, prior to initial availability of Schoolcomms Products and Services to Parents.
4.4. We will charge you a subsequent years’ Annual Licence Fee annually, on the anniversary of the Effective Date. We specifically reserve the right to change the date of the subsequent years’ Annual Licence Fee, once during each Term of the Agreement, by means of a Notice.
4.5. We will charge you Payment Service Fees in line with the prevailing rate at the time of invoice, such fee to be invoiced periodically in arrears. We hereby reserve the right to change the frequency of the invoicing by issuing a Notice.
4.6. We will charge you an SMS Text Credit Fee for any SMS messages sent from your account, charged at the prevailing rate at the time of invoice, whether bought in blocks of credits in advance, or charged in arrears based on usage.
4.7. Regardless of whether Schoolcomms Products and Services are used at all, or whether Schoolcomms Products and Services are continually used throughout the Initial Term, or any subsequent Renewal Term, we do not offer and shall not be obliged to make refunds of any valid Fees charged under this Agreement.
4.8. We retain the right to revise our Fees to you at no less than thirty (30) days’ notice, provided that we serve a valid Notice of this change. You are entitled to terminate this Agreement per the effective date of the increase, by sending us a Notice within fourteen (14) days of our Notice of the change, where any price increase, other than an increase in the Audit Fee as a result of an increase in pupil roll numbers, is more than the greater of twice RPI or five (5) percent per annum, during the Initial Term, or the greater of twice RPI or ten (10) percent per annum thereafter. For the avoidance of doubt, after termination under this clause 4.8, no further Annual Licence Fee shall be charged to you, however, no Fees shall be refunded and such termination shall not diminish your responsibility to pay Fees already charged by us.
5. Payment, invoicing and debt
5.1. Payment shall be made in Pounds Sterling into the account designated by us, or as may otherwise be agreed in writing by the parties. Payments are due within 30 days of the date of the invoice. If due to bank charges, transfer fees, or the like, we receive less than the invoiced amount, other than as a result of charges by credit card companies, we will re-invoice you for the shortfall. Should payment in full of any invoice (aside from such shortfalls) not be received by us within forty five (45) days after invoice date, we may impose a debt service charge on the overdue balance for each 30-day period or fraction thereof that the overdue amount remains unpaid amounting to three and a half percent (3.5%) above the sterling base rate quoted from time to time by Barclays PLC. In the event that any amount remains unpaid forty five (45) days after date of invoice, you will be in breach of this Agreement and we may discontinue, withhold, or suspend services to you without any further notice. Our decision not to take action for sums overdue does not diminish your responsibility to pay any and all outstanding amounts due to us.
5.2. You hereby agree to pay reasonable and appropriate legal fees, court costs, and related expenses incurred by us in the collection of any overdue amounts from you.
6. Your Responsibilities
6.1. You will support your Parents in the use of the Schoolcomms Products and Services by providing first line support to them.
6.2. You will place a link on your website to our website home page, based on URL details provided by us, to help and encourage your Parents to use Schoolcomms Products and Services.
6.3. Where you use our logo, you will use a logo approved and provided by us, and will ensure that alt tags for the logo are accurate based on the copy provided by us.
6.4. Where you use text on your website to promote and describe us or Schoolcomms Products and Services, you will use text provided by, or approved by us prior to release, such approval not to be unreasonably withheld by us.
6.5. You hereby represent and warrant to us that:
- 6.5.1. you will not conduct your business in any manner that harms our value and reputation or of the value and reputation of our third party service providers;
6.5.2. you will conduct your business affairs in an ethical manner and in accordance with the terms and intent of this Agreement, and in compliance with all applicable laws and regulations;
6.5.3. you will not use Schoolcomms Products and Services in connection with any illegal or fraudulent activities as determined by the relevant applicable jurisdiction;
6.5.4. you shall not permit nor authorise any other person or business to use Schoolcomms Products unless specifically agreed with us in writing in advance;
6.5.5. you will keep your password and login details confidential and will report any suspected breach immediately to us;
6.5.6. you will not copy the Schoolcomms website or Schoolcomms Product or functionality or use your account access to aid in the development of a competitive product or service by yourselves or any other third party, nor will you allow any third party to access your account for these purposes;
6.5.7. you will not publish or copy any information on our website without our written permission, nor infringe intellectual property or content copyrights owned by us or any third party suppliers of ours.
6.5.8. you will accept responsibility for any and all Content provided under your account login, regardless of whether the user using your account login has been authorised by you to do so, and, regardless of any Audit Services we may perform, you accept that we owe no obligation to you or anyone else to monitor, check or review the legality, validity or accuracy of any Content.
6.6. You will take all reasonable measures to preclude us from being made a party to any lawsuit or claim regarding Schoolcomms Products and Services provided to any user, including School staff and Parents. You hereby agree to indemnify and hold us harmless from any and all claims of whatever nature brought by any of your users or Parents against us in excess of the remedy set forth in clause 8.1 below.
7. Our responsibilities
7.1. We will use reasonable technical and organisational measures and endeavours, and reasonable skill and care to:
- 7.1.1. provide Schoolcomms Products and Services in a professional accurate and timely manner and to maintain the availability of the service for you and your Parents;
7.1.2. prevent unauthorised, unlawful or accidental processing of or access, destruction or damage to your Content;
7.1.3. ensure Content and payment data is stored and processed in a secure manner using appropriate industry standard security;
7.1.4. remain accredited under the Payment Card Industry Data Security Standard;
7.1.5. comply with the EU General Data Protection Regulation (“GDPR”) when processing data submitted by you, or data held by you as a Data Controller, thus performing our duties as a Data Processor under the GDPR, in line with Schedule 2 to this Agreement, the Data Processing Agreement;
7.1.6. notify you as soon as possible of any loss of, damage, destruction or unauthorised access to your Content;
7.1.7. provide the support services as described in our Service Level Agreement, as may be provided by us from time to time;
8. Limitation of Liability
8.1. Subject to the other terms of this clause 8 our maximum aggregate liability arising in connection with this Agreement, whether arising in contract, tort, negligence or otherwise, and whether an act, omission or breach of statutory duty of us our employees, agents, subcontractors or suppliers, in respect of any single event or series of connected events, shall not in the aggregate exceed the total amount of Annual Licence Fees due and paid by you, for the calendar year in which the event resulting in liability arises.
8.2. Nothing in this Agreement, including the limits and exclusions in the remainder of this clause 8, shall limit or exclude our liability for death or personal injury resulting from our negligence, fraud or fraudulent misrepresentation, or any other liability which cannot be legally excluded or limited.
8.3. Subject to 8.2 above, we assume no responsibility for, and you shall indemnify and keep us and our employees, agents, subcontractors or suppliers indemnified for, any loss, damage, or injury to any person or property of whatever nature and whetherdirect or indirect, occasioned by, arising from, or due to:
- 8.3.1. the breach by you or your systems of any applicable laws;
8.3.2. representations made by you to Parents including without limitation any representations relating to your creditworthiness;
8.3.3. the suitability, availability, appropriateness, lawfulness or quality of any of your Payment Items;
8.3.4. the inaccuracy or unlawfulness of any of your Content
8.3.5. any payments made to unintended recipients due to the input of incorrect information by you or your Parents;
8.3.6. your reliance on any information issued by our Acquirer(s) including any fraud or card verification checks carried out by them;
8.3.7. any Charge Backs or any refunds payable to or from any Parents or other persons;
8.3.8. any cause over which we do not have direct control, including: problems attributable to computer hardware or software, including computer viruses and malware; telephone or other communications failures; internet service provider failures;, or delays, non-deliveries, mis-deliveries, or service interruptions arising from Force Majeure;
8.3.9. unauthorised interception or use of your data or Content;
8.3.10. any actions or transactions by any individual or entity that uses your username, password or other login credentials or data used to identify you to us;
8.3.11. any breach by you of your obligations under the GDPR or Schedule 2 to this Agreement, the Data Processing Agreement; and
8.3.12. any breach by you of clause 6 above; except and to the extent such losses result directly from our knowing or willful misconduct.
8.4. Schoolcomms Products and Services are provided “as is” and we disclaim, and you waive, any warranties, express or implied, as to merchantability, fitness for a particular purpose, title, non-infringement or any other warranty, guarantee or representation relating to Schoolcomms Products and Services and those arising by statute or otherwise in law. We do not guarantee continuous availability of the service, service at a particular time, or service without error and cannot be held responsible for any downtime or difficulties in accessing the service or for delays in or inability to send messages.
8.5. We shall not be liable to you or any of your users or Parents, for any direct, indirect or consequential losses including, but not limited to, loss of business, profit, reputation, interest, goodwill, or anticipated savings, including any type of special, punitive, consequential or indirect loss whatsoever.
8.6. If you wish to make a claim against us, you should notify us in writing including details of the claim, at the earliest possible time after becoming aware, or you should reasonably have become aware, of the event or error leading to such a loss, but in any case, not later than three (3) months after the loss.
9.1. You acknowledge that by reason of your relationship with us hereunder, you may have access to certain information and materials relating to our business, plans, customers, software technology, and marketing strategies that is confidential and of substantial value to us, which value would be impaired if such information were disclosed to third parties. You agree that you will not use in any way for your own account, nor for the account of any third party, nor disclose to any third party, any such information revealed to you by us. You further agree that you will take every reasonable precaution to protect the confidentiality of such information. In the event of termination of this Agreement, there shall be no use or disclosure by you of any such confidential information in your possession, and all confidential materials shall be returned to us or destroyed. The provisions of this section shall survive the termination of this Agreement for any reason. Upon any breach or threatened breach of this provision, we shall be entitled to seek the remedies of injunction, specific performance and other equitable relief, and such relief shall not be contested by you.
10. Intellectual Property Rights
10.1. We hereby grant you a royalty-free and non-exclusive right for the term of this Agreement to use the Trademarks on your website(s) and in any of your offline promotional materials solely in order to indicate that you make use of Schoolcomms Products and Services. You shall use such Trademarks in accordance with our directions and you do not have a right of sub-license.
10.2. You hereby grant us a royalty free and non-exclusive right for the term of this Agreement to use your trademark and logo’s on our websites and in off-line publications for promotional purposes, only to indicate that you are a user of Schoolcomms Products and Services.
10.3. When using the Trademarks the parties shall ensure that no composite marks are created with its own trademarks and/or logo’s. The parties acknowledge that their use of the Trademarks does not create for themselves any rights in the Trademarks other than those explicitly granted in this Agreement.
10.4. All proprietary rights in the equipment, software (such as interfaces) and other materials used by us in the performance of this agreement, whether or not supplied to you, shall remain with us or our licensors. You shall only acquire such right of use as is explicitly granted hereunder or otherwise and no other right is granted.
10.5. For the avoidance of doubt, clause 10.4 above shall include, and not be limited to, any software, bespoke development, or other enhancements, features, interfaces or otherwise, developed by us under this Agreement, or used by you under this Agreement, regardless of whether these developments were specified, requested or paid for by you. No terms under this Agreement will prevent such enhancements being provided by us to other clients, either during the term of the Agreement or afterwards.
10.6. Upon termination of this Agreement you will immediately withdraw any reference to us from your website(s) and will cease the use of the Trademarks.
11.1. You may not assign any rights hereunder, directly or by operation of law, without our prior written consent, which consent may not be unreasonably withheld. For the purposes of this Agreement, assignment shall include, but not be limited to, transfer of control, any ownership change which results in a new majority owner and any change in the jurisdiction of incorporation.
11.2. We may at any time transfer all or any part of our rights and/or obligations under this Agreement and upon completion of any such transfer (including the assumption by the transferee of all our remaining rights, benefits and obligations) we will be released from and have no further obligation under this Agreement. You will promptly execute all documents reasonably requested by us to affect, perfect record or implement such transfer and will promptly comply with any of our or our successors’ other reasonable requests in respect of such transfer.
12.1. We may only modify this Agreement by serving a valid Notice. Where any amendments: materially diminish our responsibility to deliver the Schoolcomms Products and Services to you; significantly reduce our liability to you; breach or threaten to breach your intellectual property or confidentiality rights; or, attempt to materially increase the Term or the Fees beyond the limits for such increases detailed in clause 4.8; then you are entitled to terminate this Agreement, effective on the date the amendment is to take effect, by sending us a Notice within fourteen (14) days of the Notice being served by us. For the avoidance of doubt, after termination under this clause 12.1, no further Annual Licence Fee shall be charged to you, however, no Fees shall be refunded and such termination shall not diminish your responsibility to pay Fees already charged by us.
13. Partial Invalidity
13.1. If any provision of this agreement shall be held illegal, invalid or unenforceable, in whole or in part, such provision shall be modified to the minimum extent necessary to make it legal, valid and enforceable, and the legality, validity and enforceability of all other provisions of this Agreement shall not be affected thereby.
14. Entire Agreement
14.1. This Agreement (together with any documents referred to in it) sets out the entire agreement between the parties and supersedes any previous agreement or arrangement between the parties relating to the subject matter of it (and any document referred to in it).
14.2. Each party agrees and acknowledges that it has not relied on, or been induced to enter into this Agreement by any warranty, statement, representation or undertaking which is not expressly included in this Agreement.
14.3. Subject to clause 8.2 no party has any claim or remedy in respect of a warranty, statement, misrepresentation (whether negligent or innocent) or undertaking made to it by or on behalf of the other party in connection with or relating to the subject matter of this Agreement and which is not expressly included this Agreement.
15. Applicable Law
15.1. This Agreement shall be governed by and construed in accordance with the laws of England and Wales whose courts will have sole jurisdiction.
Schedule 1: Schoolcomms Collection Service
These terms and conditions (“the Schedule”) relate to any partycollecting funds via the Schoolcomms Collection Service, regardless of whether the party has contracted for Schoolcomms Products and Services separately.
Definitions used in the Schoolcomms Terms and Conditions for Schools shall apply to this Schedule. Where you provide services to a School using Schoolcomms Products and Services, the terms “you”, “your” and “your Parents” shall apply equally to you or the School as appropriate.
These terms are deemed accepted by you upon: your providing to us bank account details for receipt of funds collected by us for you; or, on your first use of the Schoolcomms Collection Service.
1. By entering into this Agreement, you hereby agree to accept Parent Account as the method of payment for Parent Payments for Payment Items by your Parents.
2. Consumers can make Parent Payments using a range of supported Scheme payment methods offered by us. We will hold the Transaction Value in a dedicated Holding Account.
3. You will offer Payment Items to your Parents via the Schoolcomms Products and Services, which are relevant to the goods and services you can provide to them. Parents can choose to make a Parent Payment for Payment Items.
4. We will process Parent Payments and credit the Transaction Value against the relevant Payment Item.
5. If you process a Refund, we will deduct the Refund Transaction Value from the balance of the relevant Payment Item and return the Refund Transaction Value to the Parent.
6. After the end of each Settlement Period, we shall calculate the Remittance due to you. We shall normally transfer the Remittance to your nominated bank account five (5) Business Days after the end of the Settlement Period, and not later than seven (7) Business Days after the end of the Settlement Period, unless otherwise notified by us in writing. Failure to notify us of the correct bank account details, or to provide us with the required evidence of bank account ownership, no later than two (2) Business Days before the end of the Settlement Period, will result in the Remittance being delayed until the next Settlement Period.
7. We reserve the right to defer payment to you if the Remittance due to you is less than the Minimum Disbursement.
8. In calculating the Remittance we are fully entitled to offset any indebtedness of you towards us pursuant to clause 9 below, which for the avoidance of doubt, may include any indebtedness of you towards us whether for fees related to the Schoolcomms Collection Service or any other Schoolcomms Products and Services provided by us to you under this Agreement or under any related Agreement between us and you.
9. You hereby authorise us to offset amounts due against the Remittance as defined above. In case we intend to offset an debt that is due or overdue (30 days or greater from the date of invoice) we may do so without informing you in advance of our intentions and without seeking any further authorisation from you other than that already provided by this Agreement.
10. In the event that any outstanding debt or amount due to us remains unsettled by you beyond 45 days of the date of invoice, or in the event that the Remittances are insufficient to pay the amounts owing by you to us, this will constitute a breach of contract and we may at any time serve a notice of breach and/or terminate any services provided by us to you.
11. We have the right to withdraw from the Holding Account any and all amounts owed to us as defined above without notice or demand. Our rights to sums owed to us by you shall in no way be limited by the balance or existence of the Holding Account. Our rights with respect to the Holding Account shall survive the termination of this Agreement.
12. In performing the Schoolcomms Collection Service for you we are contracted to the Acquirer as a merchant, but acting in respect of Parent Payments made for your Payment Items and processed by us on your behalf, (sometimes known as a merchant aggregator, merchant agent or payment facilitator). We will act reasonably and responsibly at all times and will always attempt to operate the service fully within the rules and regulations set out by the Acquirer and the Schemes. However, under this Agreement, you are and will be held responsible and liable, as far as Acquirer and Scheme rules and regulations affect the merchant, including the payment of any fees, fines or levies from the Acquirer or the Scheme related to: your use of Schoolcomms Products and Services; Parent Payments processed on behalf of your Parents; and, your Payment Items.
13. Any interest which may accrue in respect of the Holding Account shall be for our sole account.
14. You have no right to offset, or to withhold payments to us, in connection with any amounts due to you by us.
15. You shall ensure that you abide by the rules and regulations as laid down by the Schemes. You will be required to abide by any future changes to those rules and regulations as far as they may affect you and your use of Schoolcomms Products and Services. Failure to abide by any Scheme rules will constitute a breach of contract and may result in us terminating any services provided by us to you, pursuant to clause 3 of the Agreement.
16. You shall respond promptly to inquiries from Parents and shall resolve any disputes amicably where reasonably possible. Where necessary you shall provide Refunds as appropriate for unwanted goods, or for services not taken or delivered by you, to the extent necessary under any terms of sale clearly set out by you to the Parents at the time of purchase.
17. Should a Charge Back be received by us from the Acquirer, in respect of a Parent Payment for a Payment Item of yours, we will provide the relevant information required by the Acquirer to defend the Charge Back on your behalf. We may also contact you and/or the Parent directly to resolve the matter. You shall provide all and any information requested by us, in a timely manner, where such information is required to defend the Charge Back, or to detect, identify or prevent possible fraud.
18. Should the Charge Back not be defendable or in anycircumstances where the Charge Back is successful, you will be fully liable for any refund due to the Parent and any costs levied by the Acquirer or the Scheme for processing the Charge Back. The funds will be debited from your next Remittance as defined. A lack of funds in the Remittance does not diminish your responsibility to settle any Charge Back amounts to Schoolcomms within 7 days of any notice requiring you to do so. Our rights to reclaim the Charge Back amount and any related costs from you survive the termination of this Agreement.
Schedule 2: Data Processing Agreement (“DP Agreement”)
This DP Agreement is by and between us, Schoolcomms, a trading division of ParentPay Limited, a private limited company registered in England and Wales, with Company Number 04513692, having its registered office at 11 Kingsley Lodge, 13 New Cavendish Street, London, W1G 9UG (“Company”), and its Group Companies, (“Data Processor”) and you, the Customer (“Data Controller”)
1. Definitions and Scope
The following terms used in this Agreement shall have the meanings given to them below:
“Agreement” means the agreement between the Data Controller and the Data Processor for the provision of the Schoolcomms Products and Services;
“Company” means ParentPay Limited and its Group Companies;
“Customer” means the School or other establishment or organisation that contracts with the Company;
“Data” means the Personal Data disclosed to the Data Processor by or on behalf of the Data Controller in connection with the Purpose as more particularly described in Section 2, and Personal Data which may be disclosed by Data Subjects or by Data Controller by instructing the Data Processor to collect Personal Data directly from the Data Subject (or anyone authorised by the Data Subject to provide it);
“Data Protection Law” means law, legislation or regulation relating to data protection, the processing of Personal Data and privacy from time to time, including, but not limited to:
• the Data Protection Act 1998;
• (with effect from 25 May 2018) the General Data Protection Regulation (EU) 2016/679;
• the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as may be amended by the proposed Regulation on Privacy and Electronic Communications);
• any legislation that, in respect of the United Kingdom, replaces, or enacts into United Kingdom domestic law, the General Data Protection Regulation (EU) 2016/679, the proposed Regulation on Privacy and Electronic Communications or any other law relating to data protection, the processing of personal data and privacy as a consequence of the United Kingdom leaving the European Union; and
• more generally, references to statutory provisions include those statutory provisions as amended, replaced, re-enacted for the time being in force and shall include any bye-laws, statutory instruments, rules, regulations, orders, notices, codes of practice, directions, consents or permissions and guidelines (together with any conditions attached to the foregoing) made thereunder;
“Data Subject” means an individual who is the subject of any of the Data. The categories of Data Subject within the scope of this Agreement are listed in Schedule 1;
“Data Subject Request” means a written request of the Data Controller by or on behalf of a Data Subject to exercise any rights conferred by Data Protection Law;
“DP Agreement” means this Data Processor Agreement, including all Appendices and Schedules;
“Effective Date” means the effective date of this DP Agreement, which shall be the later of 25 May 2018 or the Effective Date of the Agreement;
“Good Industry Practice” means, in relation to any undertaking and any circumstances, the exercise of skill, diligence, prudence, foresight and judgement that would reasonably be expected from a skilled person engaged in the same type of undertaking under the same or similar circumstances;
“Group Company” means the Company, any subsidiary or any holding company from time to time of the Company, and any subsidiary from time to time of a holding company of the Company and each company in the Group is a Group Company. Group Companies shall include, but not be limited to:
• ParentPay (Holdings) Limited, a company registered in England and Wales with Company Number 08212986, having its registered office at 11 Kingsley Lodge, 13 New Cavendish Street, London, W1G 9UG, including its division trading as Schoolcomms (formerly Isuz Ltd);
• Cypad Limited, a company registered in England and Wales with Company Number 04335803, having its registered office at 11 Kingsley Lodge, 13 New Cavendish Street, London, W1G 9UG;
• WIS Services BV, a company registered in the Netherlands with Company Number 24353928, having its registered office at Stavorenweg 4, Gouda, 2803PT, Netherlands;
• WIS Software BV, a company registered in the Netherlands with Company Number 24353936, having its registered office at Stavorenweg 4, Gouda, 2803PT, Netherlands;
• Nimbl Limited, a company registered in England and Wales with Company Number 09276538, having its registered office at 11 Kingsley Lodge, 13 New Cavendish Street, London, W1G 9UG;
• Just Education Limited, a company registered in England and Wales with Company Number 10509472 and having its registered office at 11 Kingsley Lodge, 13 New Cavendish Street, London, W1G 9UG; and,
• Just Education Recruitment Limited, a company registered in England and Wales with Company Number 10509490 and having its registered office at 11 Kingsley Lodge, 13 New Cavendish Street, London, W1G 9UG;
“Party” means any of Data Controller or Data Processor, and “Parties” means Data Controller and Data Processor; “Personal Data” means any information relating to an identified or identifiable natural person, where an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Purpose” means the purpose or purposes set out in Clause 2 of this DP Agreement;
“Service” means the Schoolcomms Products and Services or any other applicable services provided by the Company to the Customer;
“Security Breach” means any breach or suspected breach of any of the Data Processor’s obligations in terms of Clauses 5 and/or 6 or any other unauthorised or unlawful processing, accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or damage or access to the Data;
“Security Incident” means a Security Breach or a Security Risk;
“Security Measures” has the meaning defined in Schedule 3 of this DP Agreement, and as updated from time to time by the Data Processor;
“Security Risk” means any risks or vulnerabilities that are likely to affect the integrity or effectiveness of the Security Measures (including vulnerabilities relating to any software or third party system or network) that are known or ought reasonably to be known to the Data Processor;
“Sub-processor” means any third party data processor engaged by Data Processor who receives Personal Data from Data Processor for processing on behalf of Data Controller and in accordance with Data Controller’s instructions (as communicated by Data Processor) and the terms of its written subcontract;
“Supervisor” or “Supervisory Authority means the Information Commissioner’s Office, which is the UK’s data protection authority;
“Third Party Functions” means optional product integrations between the Service and third parties, which may be enabled by the Customer (examples include cashless and catering solutions, finance systems or social media).
1.1. This DP Agreement is an amendment pursuant to clause 12 of the Schoolcomms Terms and Conditions for Schools v5.0 or other contract or agreement between the parties for the provision, operation or use by the Customer of Schoolcomms Products and Services (“the Agreement”). The terms of this DP Agreement shall be applicable to all Customers using Schoolcomms Products and Services, however the Customer contracted to do so.
1.2. This DP Agreement is designed to bring the Company’s Customer contracts in line with the obligations and requirements relating to data protection as set out in the European Union General Data Protection Regulations (the “GDPR”). The GDPR will replace Data Protection Directive 95/46/EC. The GDPR will come into force on 25 May 2018.
1.3. Unless otherwise stated, words and expressions defined in the Agreement shall have the same meaning in this DP Agreement.
1.4. For the avoidance of doubt, in the event of any conflict between the terms of this DP Agreement and the Agreement (including all associated Schedules, Annexes and Appendices to the Agreement), the terms of this DP Agreement will take precedence.
1.5. This DP Agreement will take effect on 25 May 2018.
1.6. The governing law and jurisdiction applicable to the Agreement shall govern this DP Agreement.
2.1. Data Controller and Data Processor have entered the Agreement pursuant to which Data Controller is granted certain rights to access and use the Service. In providing the Service, Data Processor will engage, on behalf of Data Controller, in the Processing of Personal Data submitted to and stored within the Service by Data Controller or third parties with whom Data Controller transacts using the Service.
2.2. The Parties are entering into this DP Agreement to ensure that the Processing by Data Processor of Personal Data, within the Service by Data Controller and/or on its behalf, is done in a manner compliant with Data Protection Law and its requirements regarding the collection, use and retention of Personal Data of Data Subjects.
2.3. In providing the Service, Data Processor may in some circumstances become a data controller under Data Protection Law. In such circumstances, both parties shall continue to operate in full compliance with applicable Data Protection Law whilst acknowledging and accepting that the specific obligations and restrictions set forth in this DP Agreement may not apply.
2.4. Schedule 1 of this DP Agreement describes data elements the Data Controller will be uploading as part of the Service.
2.5. Schedule 2 of this DP Agreement describes the specific purpose and nature of the processing.
3.1. This Agreement will remain in force as long as Data Processor Processes Personal Data on behalf of Data Controller under
4. Obligations of the Data Processor
4.1. The Parties agree that the subject-matter of Processing performed by Data Processor under this DP Agreement, including the nature and purpose of Processing, the type of Personal Data, and categories of Data Subjects, shall be as described in Schedule 1 and Schedule 2 of this DP Agreement.
4.2. As part of Data Processor providing the Service to Data Controller under the Agreement, Data Processor agrees and declares as follows:
- 4.2.1. to process Personal Data in accordance with Data Controller’s documented instructions as set out in the Agreement and this DP Agreement or as otherwise necessary to provide the Service, except where required otherwise by applicable laws (and provided such laws do not conflict with Data Protection Law); in such case, Data Processor shall inform Data Controller of that legal requirement upon becoming aware of the same (except where prohibited by applicable laws);
4.2.2. to ensure that all staff and management are fully aware of their responsibilities to protect Personal Data in accordance with this DP Agreement and have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
4.2.3. to implement and maintain appropriate technical and organisational measures to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access (a “Data Security Breach”), provided that such measures shall take into account the costs of implementation and the nature, scope, context and purposes of Processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, so as to ensure a level of security appropriate to the risks represented by the Processing and the nature of the Data to be protected;
4.2.4. to notify Data Controller, without undue delay, in the event of a confirmed Data Security Breach affecting Data Controller’s Data and to cooperate with Data Controller as necessary to mitigate or remediate the Data Security Breach;
4.2.5. to comply with the requirements of Clause 5 (Use of Sub-processors) when engaging a Sub-processor;
4.2.6. taking into account the nature of the Processing, to assist Data Controller (including by appropriate technical and organisational measures), insofar as it is commercially reasonable, to fulfil Data Controller’s obligation to respond to requests from Data Subjects to exercise their rights under Data Protection Law (a “Data Subject Request”). In the event Data Processor receives a Data Subject Request directly from a Data Subject, it shall (unless prohibited by law) direct the Data Subject to the Data Controller in the first instance. However, in the event Data Controller is unable to address the Data Subject Request, taking into account the nature of the Processing, the complexity and frequency of the request(s), and the information available to Data Processor, Data Processor, shall, on Data Controller’s request and at Data Controller’s reasonable expense, address the Data Subject Request, as required under the Data Protection Law;
4.2.7. upon request, to provide Data Controller with commercially reasonable information and assistance, taking into account the nature of the Processing and the information available to Data Processor, to help Data Controller to conduct any data protection impact assessment or Supervisor consultation it is required to conduct under Data Protection Law;
4.2.8. upon termination of Data Controller’s access to and use of the Service, to comply with the requirements of Clause 9 of this DP Agreement (Return and Destruction of Personal Data);
4.2.9. to comply with the requirements of Clause 6 of this DP Agreement (Audit) in order to make available to Data Controller information that demonstrates Data Processor’s compliance with this DP Agreement; and
4.2.10. to appoint a security officer who will act as a point of contact for Data Controller, and coordinate and control compliance with this DP Agreement, including the Security Measures.
4.3. Data Processor shall immediately inform Data Controller if, in its opinion, Data Controller’s Processing instructions infringe any law or regulation. In such event, Data Processor is entitled to refuse Processing of Personal Data that it believes to be in violation of any law or regulation.
5. Use of Sub-Processors
5.1. Data Controller agrees that Data Processor may appoint Sub-Processors to assist it in providing the Service and Processing Personal Data provided that such Sub-Processors:
- 5.1.1. agree to act only on Data Processor’s written instructions when Processing the Personal Data (which instructions shall be consistent with Data Controller’s Processing instructions to Data Processor); and
5.1.2. agree to protect the Personal Data to a standard consistent with the requirements of this DP Agreement, including by implementing and maintaining appropriate technical and organisational measures to protect the Personal Data they Process consistent with the Security Measures described in Schedule 3 of this DP Agreement.
5.2. Data Processor agrees and warrants to remain liable to Data Controller for the subcontracted Processing services of any of its direct or indirect Sub-Processors under this DP Agreement. Data Processor shall maintain an up-to-date list of the names and location of all Sub-Processors used for the Processing of Personal Data under this DP Agreement available upon request to the Data Protection Officer. Data Processor shall, where reasonably possible, inform the Data Controller at least 30 days prior to the date on which any newly appointed Sub-Processor shall commence processing Personal Data.
5.3. In the event that Data Controller objects to the Processing of its Personal Data by any newly appointed Sub-Processor as described in Clause 5.2, it shall inform Data Processor immediately, and in any case, no later than within the 30-day notification period. The Data Controller should present a reasonable justification for the objection as it relates to Data Protection Law – for example, if the processing is expected to present unnecessary risk to the interests, rights and freedoms of the data subject.
5.4. In the case that a Data Controller objects to the use of a Sub-Processor, its only remedy is to cease use of the Service and to terminate the Agreement subject to clause 3.4 of the Agreement. For the avoidance of doubt, such decision by the Data Controller will not diminish Data Controller’s obligations to pay the fees due under clause 3.4 of the Agreement.
5.5. In addition, the Service may provide links to integrations with Third Party Functions, including, without limitation, certain Third Party Functions which may be integrated directly into Data Controller’s account or instance in the Service. If Data Controller elects to enable, access or use such Third Party Functions, its access and use of such Third Party Functions is governed solely by the terms and conditions and privacy policies of such Third Party Functions, and Data Processor does not endorse, is not responsible or liable for, and makes no representations as to any aspect of such Third Party Functions, including, without limitation, their content or the manner in which they handle Data (including Personal Data) or any interaction between Data Controller and the provider of such Third Party Functions.
5.6. Data Processor is not liable for any damage or loss caused or alleged to be caused by or in connection with Data Controller’s enablement, access or use of any such Third Party Functions, or Data Controller’s reliance on the privacy practices, data security processes or other policies of such Third Party Functions. The providers of Third Party Functions shall not be deemed Sub Processors for any purpose under this DP Agreement.
6.1. The Parties acknowledge that Data Processor uses security auditors to verify the adequacy of its security measures, including the security of the physical data centres from which Data Processor provides its data processing services. This audit:
- 6.1.1. will be performed at least annually;
6.1.2. will be performed according to ISO 27001 or PCI DSS standards or such other alternative standards that are substantially equivalent to ISO 27001 or PCI DSS;
6.1.3. will be performed by independent third party security professionals or suitably skilled in house staff at Data Processor’s selection and expense; and
6.1.4. will result in the generation of an audit report affirming that Data Processor’s data security controls achieve industry standards.
6.2. Data Processor shall provide appropriately detailed responses to Data Controller’s requests for information which may include responses to relevant information security and audit questionnaires.
6.3. At Data Controller’s written request, Data Processor will provide Data Controller with a confidential summary of the Report (“Summary Report”) so that Data Controller can reasonably verify Data Processor’s compliance with the security and audit obligations under this Agreement. The Summary Report will constitute Data Processor’s Confidential Information under the confidentiality provisions of Data Processor’s Agreement.
7. International Data Exports
7.1. Data Controller acknowledges that Data Processor and its Sub-Processors may maintain data processing operations in countries that are outside of the EEA. As such, both Data Processor and its Sub-Processors may Process Personal Data in non-EEA countries. This will apply even where Data Controller has agreed with Data Processor to host Personal Data in the EEA if such non-EEA Processing is necessary to provide support-related or other services requested by Data Controller.
7.2. Data Processor will make best endeavors to limit data exports to non-EEA countries to what is strictly necessary.
7.3. In all cases where transfers to non-EEA countries may take place, these transfers will be subject to necessary safeguards as defined within applicable Data Protection Law.
8. Obligations of the Data Controller
8.1. As part of Data Controller receiving the Service under the Agreement, Data Controller agrees and warrants that:
- 8.1.1. it is solely responsible for the accuracy of Personal Data and the means by which such Personal Data is acquired and the Processing of Personal Data by Data Controller, including instructing Processing by Data Processor in accordance with this DP Agreement, is and shall continue to be in accordance with all the relevant provisions of Data Protection Law, particularly with respect to the security, protection and disclosure of Personal Data;
8.1.2. that if Processing by Data Processor involves any “special” or “sensitive” categories of Personal Data (as defined under Data Protection Law), Data Controller has collected such Personal Data in accordance with Data Protection Law;
8.1.3. that Data Controller will ensure that Data Subjects receive a Privacy Notice compliant with Data Protection Law, the contents of which shall include but not be limited to:
8.1.4. the use of data processors to Process their Personal Data, including Data Processor; and
8.1.5. that their Personal Data may be Processed outside of the European Economic Area;
8.1.6. that it shall respond in a reasonable time and to the extent reasonably practicable to enquiries by Data Subjects regarding the Processing of their Personal Data by Data Controller, and to give appropriate instructions to Data Processor in a timely manner; and,
8.1.7. that it shall respond in a reasonable time to enquiries from a Supervisor regarding the processing of relevant Personal Data by Data Controller.
9. Return and Destruction of Personal Data
9.1. Upon the termination of Data Controller’s right to access and use the Service under the Agreement, Data Processor will for up to thirty (30) days following such termination permit Data Controller to export its Data, at its expense, in accordance with the capabilities of the Service. Following such period, Data Processor shall have the right to delete all Data stored or Processed by Data Processor on behalf of Data Controller in accordance with Data Processor’s deletion policies and procedures. Data Controller expressly consents to such deletion.
10. NO CONSEQUENTIAL DAMAGES; LIMITATION ON LIABILITY
10.1. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY (WHETHER IN CONTRACT, TORT, NEGLIGENCE OR OTHERWISE) WILL EITHER PARTY TO THIS DP AGREEMENT, OR THEIR AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SERVICE PROVIDERS, SUPPLIERS OR LICENSORS BE LIABLE TO THE OTHER PARTY OR ANY THIRD PARTY FOR ANY LOST PROFITS, LOST SALES OR BUSINESS, LOST DATA (BEING DATA LOST IN THE COURSE OF TRANSMISSION VIA DATA CONTROLLER’S SYSTEMS OR OVER THE INTERNET THROUGH NO FAULT OF DATA PROCESSOR), BUSINESS INTERRUPTION, LOSS OF GOODWILL, OR FOR ANY TYPE OF INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, CONSEQUENTIAL OR PUNITIVE LOSS OR DAMAGES, OR ANY OTHER LOSS OR DAMAGES INCURRED BY THE OTHER PARTY OR ANY THIRD PARTY IN CONNECTION WITH THIS DP AGREEMENT, OR THE SERVICES, REGARDLESS OF WHETHER SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF OR COULD HAVE FORESEEN SUCH DAMAGES.
10.2. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS DP AGREEMENT OR THE AGREEMENT, DATA PROCESSOR’S AGGREGATE LIABILITY TO DATA CONTROLLER OR ANY THIRD PARTY ARISING OUT OF THIS AGREEMENT AND ANY LICENSE, USE OR EMPLOYMENT OF THE SERVICE, SHALL IN NO EVENT EXCEED THE LIMITATIONS SET FORTH IN THE AGREEMENT.
10.3. FOR THE AVOIDANCE OF DOUBT, THIS SECTION SHALL NOT BE CONSTRUED AS LIMITING THE LIABILITY OF EITHER PARTY WITH RESPECT TO CLAIMS BROUGHT BY DATA-SUBJECTS.
|Data Subject (Who)||Data Category (What)||Description|
|Pupil \ Student||Forename||This is the forename of the pupil.|
|Pupil \ Student||Surname||This is the surname of the pupil.|
|Pupil \ Student||Known as||This is the name that the pupil is known as.|
|Pupil \ Student||DOB||This is the date of birth of the pupil.|
|Pupil \ Student||Gender||This is the pupil's gender|
|Pupil \ Student||Registration Group||The registration group of the pupil.|
|Pupil \ Student||Year Group||The year group of the Pupil.|
|Pupil \ Student||Groups||Active groups set up by the school containing the pupil.|
|Pupil \ Student||Salutation||This is the pupil’s salutation.|
|Pupil \ Student||Dietary Requirements||This is the pupils special dietary requirements|
|Pupil \ Student||Free School Meals||Whether the pupil is eligible for Free School Meals.|
|Pupil \ Student||Universal Free School Meals||Whether the pupil is eligible for Universal Free School Meals.|
|Pupil \ Student||Pupil Premium||Whether the pupil is eligible for Pupil Premium.|
|Pupil \ Student||Postal Address||The student's postal address|
|Pupil \ Student||Primary email address||This is the pupil’s primary email address used to receive communications from the school and to verify the pupil’s School Gateway account.|
|Pupil \ Student||Mobile Telephone||This is the pupil’s mobile telephone number used to receive alerts from the school and to verify the pupil’s School Gateway account.|
|Pupil \ Student||Identifiers||Roll/Admission number, UPN, management system identifier|
|Pupil \ Student||Meal Selections and spend history||This is a history of a pupil's meal selections and spends for school meals or non-meal-related items, including free school meals|
|Pupil \ Student||Trip information||Trip details collected from parents, e.g. emergency contacts, medical details, dietary requirements, doctor’s contact, EHIC and Passport|
|Pupil \ Student||Unexplained absence records||Any unexplained absences recorded by the school for AM or PM registration.|
|Pupil \ Student||Achievement records||Achievement records entered into the Schools MIS.|
|Pupil \ Student||Behaviour incident records||Behaviour incidents recorded on the Schools MIS.|
|Pupil \ Student||Assessment reports||Annual assessment reports generated by the school using their MIS.|
|Parents \ Contacts||Title||This is the contact’s title (Mr, Mrs, Ms, etc).|
|Parents \ Contacts||Forename||This is the contact’s forename.|
|Parents \ Contacts||Surname||This is the contact’s surname.|
|Parents \ Contacts||Authentication data||The contact’s School Gateway PIN|
|Parents \ Contacts||Gender||The contact’s gender (Salutation)|
|Parents \ Contacts||House Name||The text entered as the contact’s house name.|
|Parents \ Contacts||Street||The text entered as the contact’s street.|
|Parents \ Contacts||Locality||The text entered as the contact’s locality.|
|Parents \ Contacts||Town||The text entered as the contact’s town.|
|Parents \ Contacts||Postcode||The text entered as the contact’s post code.|
|Parents \ Contacts||Mobile Telephone||This is the contact’s mobile telephone number used to receive alerts from the school and to verify the contacts School Gateway account.|
|Parents \ Contacts||Primary Email address||This is the contact’s primary email address used to receive communications from the school and to verify the contacts School Gateway account.|
|Parents \ Contacts||Payment History and balances||This is the contact’s history of payment transactions, including reversals, refunds and withdrawals of funds.|
|Parents \ Contacts||Payment card details||Payment card details are captured and passed to a 3rd party for authorisation.|
|Parents \ Contacts||Bank account details||Bank account details are captured and passed to a 3rd party for authorisation|
|Parents \ Contacts||In-app messages||Messages sent from parents to school within the School Gateway application|
|Parents \ Contacts||Browser Details||IP address, cookies, browser information|
|Parents \ Contacts||Mobile OS||This is the operating system (iOS or Android) of the mobile phone used to access School Gateway.|
|Parents \ Contacts||Parental responsibility status||This is a marker used by schools to identify if a contact has parental responsibility over a student (allowed to give consent etc. ).|
|Parents \ Contacts||MIS Contact priority||The priority of contacts connected to a student. (i.e. 1 & 2 may be immediate family whereas 3 & 4 may be distant relatives for emergency contact purposes).|
|Parents \ Contacts||School Gateway app status||Identifies whether a user is logged into the School Gateway mobile application.|
|Parents \ Contacts||School Gateway activation date||This is the date the user activated and first logged into the School Gateway portal.|
|School Staff||Title||This is the staff member’s title (Mr, Mrs, Ms, etc.).|
|School Staff||Forename||This is the staff member’s forename.|
|School Staff||Surname||This is the staff member’s surname.|
|School Staff||Gender||The staff member’s gender|
|School Staff||Role||The staff member’s role at the school|
|School Staff||Primary email||The staff member’s primary email address|
|School Staff||Mobile telephone||The staff member’s mobile telephone number|
|School Staff||Authentication data||The staff member’s School Gateway PIN|
|School Staff||School Gateway app status||Identifies whether a staff member is logged into the School Gateway mobile application.|
|School Staff||School Gateway activation date||This is the date the staff member activated and first logged into the School Gateway portal.|
|School||School Gateway Banner||A banner logo to be displayed on the School Gateway|
|School||External links||Links to external websites to be presented to users on the School Gateway, including the school’s own website.|
|School||Address||The schools postal address|
|School||Telephone number||The schools main telephone number|
|School||Email address||The schools main email address|
|School||DfE number||A unique identification number given to every school by the department for education (DfE).|
|School||Bank account details||School bank account details for payments made via the School Gateway to be processed into.|
|School||Inbound SMS||A telephone number given to the school by Schoolcomms, this is the number parents must send SMS messages to in order to communicate with the school.|
|Website Access||IP Address||The network address of your device or internet connection|
|Website Access||Browser Type and Version||The type of Web Browser your device is using|
|Website Access||Cookies||Special records in your browser to help the website operate|
|Website Access||Web Analytics||Generalised information about browsing behaviour and page statistics|
Schedule 2: Purpose for Processing
To provide payment collection, payment processing, parent communication and management information systems and services for the education market in the form of the Schoolcomms Products and Services.
Schedule 3: Security Measures
As of the Effective Date of this DP Agreement, when Processing Personal Data on behalf of Data Controller in connection with the Service, Data Processor shall implement and maintain the following technical and organizational security measures for the Processing of such Personal Data (“Security Measures”):
• Physical Access Controls: Data Processor shall take reasonable measures to prevent physical access, such as security personnel and secured buildings and factory premises, to prevent unauthorised persons from gaining access to Personal Data, or ensure Third Parties operating data centres on its behalf are adhering to such controls.
• System Access Controls: Data Processor shall take reasonable measures to prevent Personal Data from being used without authorisation. These controls shall vary based on the nature of the Processing undertaken and may include, among other controls: authentication via passwords; two-factor authentication; documented authorisation processes; documented change management processes; and/or, logging of access on several levels.
• Data Access Controls: Data Processor shall take reasonable measures to provide that: Personal Data is accessible and manageable only by properly authorised staff; direct database query access is restricted; application access rights are established and enforced to ensure that persons entitled to use a data processing system only have access to the Personal Data to which they have privilege of access; and, that Personal Data cannot be read, copied, modified or removed without authorisation in the course of Processing.
• Transmission Controls: Data Processor shall take reasonable measures to ensure that it is possible to check and establish to which entities the transfer of Personal Data by means of data transmission facilities is envisaged so Data cannot be read, copied, modified or removed without authorisation during electronic transmission or transport.
• Input Controls: Data Processor shall take reasonable measures to provide that it is possible to check and establish whether and by whom Data has been entered into, modified or removed from data processing systems. Data Processor shall take reasonable measures to ensure that (i) the Personal Data source is under the control of Data Controller; and (ii) Personal Data integrated into the Service is managed by secured transmission from Data Controller.
• Data Backup: Back-ups of the databases in the Service are taken on a regular basis, are secured, and encrypted to ensure that Personal Data is protected against accidental destruction or loss when hosted by Data Processor.
• Data Security: Where appropriate and reasonable, Data Processor should make use of accepted Data Security controls including but not limited to encryption, pseudonymisation and anonymisation.
• Logical Separation: Data from different Data Processor’s Customers is logically segregated on Data Processor’s systems to ensure that Personal Data that is collected for different purposes may be Processed separately.
• Network Security Controls: Data Processor shall implement appropriate network security controls based on risk assessment as it relates to Data Protection; commonly including Firewalls, Anti-Malware and system logging.
• Security Testing and Assurance: Data processor shall establish mechanisms for testing and assessing the effectiveness of technical or organisational measures used for establishing Information Security.