Limited Terms and Conditions

You should read these terms and conditions carefully as they form the basis of the Agreement between you and us (each as defined below) for the provision of access to the Arken service provided by By registering to use the Arken service you confirm that you accept these terms and conditions and agree to be bound by them. Where you are registering to use the Arken service on behalf of a company, partnership, LLP, firm or other organisation, you confirm that you have the necessary authority to bind that organisation.


1.1. The following definitions apply to these terms and conditions:

we”, “us” or “our” refer to (UK) Limited (company number 11318541), trading as of General Wolfe House, 83 High Street, Westerham, Kent TN16 1PG.

you” or “your” means you, the individual (not being a consumer), firm, practice, partnership, company, or organisation who or which registers with us to use the Service.

Account Profile” means the details of your business completed and maintained by you as part of your use of and subscription to the Service including your company/business name and VAT number.

Administrators” means each individual User who you designate via the Service from time to time to have administrator access to the Service.

Agreement” means the agreement between you and us for the use of the Service which comprises these terms and conditions (as amended from time to time in accordance with clause 6.5.2), the Schedule and any other documents referred to in these terms and conditions.

Authorised User” means such of your authorised employees and consultants who are registered to use the Service including the Primary User and Administrators.

Business Hours” means hours of 09.00 to 17.00 Monday to Friday UK time (excluding Public or Bank Holidays in England & Wales).

Client” means your client in respect of whom you are accessing the Service to prepare Documents.

Content” means all information and material contained on the Site and within the Software and the Service including, without limitation, code, data, text, software, photographs, pictures, graphics, questionnaires, databases, reports and the Documents and TR Reports but excluding Your Data.

Data Protection Legislation” has the meaning given in the Schedule.

Documents” means the documents created by you via the Service including without limitation Wills and Powers of Attorney but excluding the TR Reports.

Document Fees” means the document fees payable by you for the creation of Documents as detailed on the fees page on the Site as updated from time to time or as otherwise agreed by you and us in writing and signed by our authorised representative.

Fees” means the Subscription Fees and the Document Fees.

“Free Trial” means the Free Trial offer as detailed on the Site whereby we will allow you access to the Service free of charge for a limited period for one Primary User for evaluation purposes.

Intellectual Property Rights” means all copyright, design right, registered designs, patents, trade and service marks, rights in relation to databases, know-how, rights in confidential information and all other intellectual property rights throughout the world, whether registered or unregistered and including all rights to applications, pending registrations, renewals and reversions.

Primary User” means the individual User who sets up your Account Profile or who you otherwise designate via the Service from time to time to have primary user access to the Service.

Schedule” is the schedule of data protection provisions set out in the Agreement.

Software” means the software applications made available to you by us via the Service.

Service” means the Arken subscription service provided by us via the Site which provides access to the Software. When you register via the Site to use Trust Referencer, the Service will include Trust Referencer.

Site” means our website or any other website notified to you by us from time to time.

Subscription Fees” means the subscription fees payable by you for each User Subscription as detailed on the fees page on the Site as updated from time to time or as otherwise agreed by you and us in writing and signed by our authorised representative.

Subscription Term” means the annual subscription term commencing on the date on which you purchase your first User Subscription or the anniversary or succeeding anniversaries thereof.

Trust Referencer” means the Trust Referencer Service which may be added to your subscription via the Site as part of the registration process.

TR Reports” means the reports and other documents made available to you via the Trust Referencer Service.

User Subscriptions” means the user subscriptions purchased by you which entitle Authorised Users to access and use the Service in accordance with the Agreement. One User Subscription is required for each Authorised User.

Your Data” means the information and data provided to us by you or inputted by you and your Authorised Users into the Service.


2.1. Subject to the terms of the Agreement and payment by you of the applicable Fees, we hereby grant to you a non-exclusive, non-transferable right to permit Authorised Users to use the Service during the Subscription Term for your internal business operations only.

2.2. Your Primary User or Administrators may, from time to time during any Subscription Term, purchase additional User Subscriptions via the Site. If such additional User Subscriptions are purchased part way through the Subscription Term, such fees will be pro-rated for the remainder of the Subscription Term.

2.3. In relation to the Authorised Users, you undertake that:

2.3.1. the maximum number of Authorised Users who access and use the Service will not exceed the number of User Subscriptions you have purchased;

2.3.2. you will not allow or suffer any User Subscription to be used by more than one individual Authorised User unless it has been reassigned in its entirety to another individual Authorised User, in which case the prior Authorised User will no longer have any right to access or use the Service;

2.3.3. you will ensure that each Authorised User keeps a secure and confidential password for their use of the Service; and

2.3.4. you will not, and will procure that your Authorised Users will not, attempt to obtain, or assist third parties in obtaining, access to the Service.

2.4. You acknowledge that we are permitted to audit your use of the Service in order to verify your compliance with the Agreement. If an audit reveals that the Service has been accessed by an individual who is not an Authorised User, then without prejudice to our other rights, you will pay us an amount equal to the underpaid Subscription Fees as if that individual was an Authorised User.

2.5. Where you have subscribed to a Free Trial:

2.5.1 you may use the Service in accordance with the Agreement;

2.5.2 at the end of the Free Trial, unless you subscribe to the Service you will cease to have access to the Service and we will destroy or otherwise dispose of your Documents and Your Data without further notice to you;

2.5.3 you may subscribe to the Service at any time during the Free Trial period by paying the Fees.


3.1. We will, during the Subscription Term, provide the Service to you in accordance with the Agreement.

3.2. We will provide technical maintenance of the Software and will provide or procure maintenance of the Service.

3.3. We will use commercially reasonable endeavours to ensure that the Service is available 24 hours a day, seven days a week, except for:

3.3.1. any planned maintenance carried out during the maintenance window of 21.00 to 07.00 UK time; and

3.3.2. any unscheduled maintenance deemed by us to be necessary to perform outside of the maintenance window referred to above. In any such circumstances we will use commercially reasonable endeavours to give you at least 4 hours’ notice in advance where any such unscheduled maintenance occurs during Business Hours.


4.1. As between you and us, you will own all Intellectual Property Rights and other rights, title and interest in and to Your Data and you will have sole responsibility for the legality, reliability, integrity, accuracy, quality and security of Your Data.

4.2. You warrant that you have all necessary rights, consents and licences to provide Your Data to us in accordance with the Agreement and that use of Your Data will not infringe the Intellectual Property Rights or other rights of any third party.

4.3. We will follow archiving procedures for Your Data as set out in our back-up policy (as may be amended by us at our sole discretion from time to time) a copy of which is available upon request (“Back-Up Policy”). In the event of any loss or damage to Your Data caused by us, your sole and exclusive remedy will be for us to use reasonable commercial endeavours to restore the lost or damaged data from the latest back-up of Your Data maintained by us in accordance with our Back-Up Policy. We will not be responsible for any loss, destruction, alteration or disclosure of Your Data caused by any third party (except those third parties sub-contracted by us to perform maintenance and back-up services of Your Data).

4.4. It is your responsibility to maintain your own record and copies of Your Data and of any Documents and TR Reports created via the Service as required by any applicable laws and your own internal data retention policies.

4.5. In providing the Service, we will comply with the Data Protection Legislation as defined in the Schedule.

4.6. You acknowledge that in the processing of any personal data contained in Your Data, the intention is that you will be the data controller and we will be the data processor of such personal data (as these terms are defined in Data Protection Legislation) and in any such case:

4.6.1. you will ensure that you are entitled to transfer the relevant personal data to us so that we may lawfully use, process and transfer the personal data in accordance with the Agreement;

4.6.2. you will ensure that the relevant Clients and other third parties have been informed of such use, processing and transfer as required by Data Protection Legislation;

4.6.3. we will process the personal data only in accordance with the Agreement; and

4.6.4. both parties will take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.


5.1. You undertake and agree that you will at all times during the Subscription Term and, where applicable, following termination, comply with the terms of the Agreement.

5.2. You undertake and agree that you will and where applicable you will procure that your Authorised Users will:

5.2.1. keep your Account Profile up to date at all times;

5.2.2. keep your password and log on details secure;

5.2.3. comply with all applicable laws and regulations with respect to your activities under the Agreement and in the use of the Service;

5.2.4. use the Service, the Documents and the TR Reports in accordance with the Agreement;

5.2.5. be solely responsible for procuring and maintaining hardware and telecommunication links to enable Authorised Users to access and use the Service;

5.2.6. not do anything that would incur any liability on our behalf or that could bring our name or reputation or that of the Software or the Service into disrepute;

5.2.7. notify us immediately should you become aware of any error which renders document output of the Service defective; and

5.2.8. use all reasonable endeavours to prevent any unauthorised, unlawful or improper access to or use of the Service, the Documents and / or the TR Reports and, in the event of any such access or use you will notify us promptly.

5.3. You must ensure that your Authorised Users accessing the Service to process Documents or to produce TR Reports are competent and suitably qualified in all respects. It is your responsibility to ensure the Documents and TR Reports generated are correct. We do not accept responsibility for the correctness or appropriateness of any such Documents and TR Reports or any actions taken by you in reliance on the same.

5.4. You are responsible for ensuring your Authorised Users comply with the terms of the Agreement.

5.5. You will not access, store, distribute or transmit any viruses, Trojan horses or worms, or any material during the course of your use of the Service that:

5.5.1. is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;

5.5.2. facilitates illegal activity;

5.5.3. depicts sexually explicit images;

5.5.4. promotes unlawful violence;

5.5.5. is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability, or any other illegal activity; or

5.5.6. causes damage or injury to any person or property.

5.6. Except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties, you will not:

5.6.1. attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display transmit, or distribute all or any portion of the Service or the Software in any form or media or by any means;

5.6.2. attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Service or the Software; or

5.6.3. access all or any part of the Service, the Software, the Documents or the TR Reports in order to build a competing product or service.


6.1 We undertake that in providing the Service we will comply with the Agreement and, in so doing, will apply all reasonable skill and care.

6.2. We will use commercially reasonable efforts to rectify any material errors in the Software or the Service as soon as reasonably practicable after becoming aware of or being notified (by you or a third party) of the same. We reserve the right to suspend the Service whilst any such errors are rectified.

6.3. Notwithstanding the foregoing, we:

6.3.1. do not warrant that your use of the Service will be uninterrupted or error-free, nor that the Service, Documents, TR Reports and/or information obtained by you through the Service will meet your requirements;

6.3.2. do not accept responsibility for any delays, delivery failures or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and you acknowledge that the Service, Documents and TR Reports may be subject to limitations, delays and other problems inherent in the use of such communications facilities; and

6.3.3. do not warrant the functionality or compatibility of the Service or the Software with any particular browser or operating environment including but not limited to Mobile devices or software.

6.4. Nothing in the Agreement will prevent us from entering into similar agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under the Agreement.

6.5. We reserve the right to:

6.5.1. suspend your access to the Service for any reason, at our sole discretion, at any time; and

6.5.2. to change these terms and conditions at any time. Any changes to these terms and conditions will be available via the Site.


7.1 You must pay the Fees to us in advance in accordance with this clause 7.

7.2. The Subscription Fees are payable in advance and may either be paid annually or by 12 equal monthly instalments. You must ensure that you hold a valid User Subscription for each Authorised User.

7.3. The Document Fees are payable in advance. You must ensure that you have paid sufficient Document Fees to enable you to prepare the required Documents. In the event that you exhaust your Document Fees you will need to pay additional Document Fees before you create any further Documents. The Document Fees will remain valid for the term of the User Subscription but no refund of unused Document Fees will be given.

7.4. The applicable Document Fee for a Document will be deemed to have been used when the Document is first selected and confirmed by the Authorised User. The Document will remain ‘live’ for editing for a set period of time (as detailed via the Service from time to time). At the end of this period the Document will be ‘locked’ and no further changes will be permitted.

7.5. Payment of all Fees:

7.5.1. will be by Debit or Credit Card or (at our discretion) by Direct Debit;

7.5.2. is, unless otherwise expressly stated in the Agreement, non-cancellable and non-refundable; and

7.5.3. is exclusive of value added tax, which will be added to the Fees at the appropriate rate from time to time.

7.6. We will be entitled to increase the Subscription Fees and Document Fees at any time provided that we will not increase the Subscription Fees more than once in any year. Details of the new Subscription Fees and Document Fees will be available via the fees page on the Site.

7.7. We may, without liability to you and without prejudice to our other rights and remedies, revoke your account and/or disable Authorised Users’ passwords and access to all or part of the Service and we will be under no obligation to provide any or all of the Service whilst payment of any Fees remains outstanding.

7.8. If we have not received payment of the Fees by the due date for payment, without prejudice to our other rights and remedies, we may charge interest on a daily basis at the rate of 2% per month commencing on the due date and continuing until fully paid, whether before or after judgment.


8.1. You acknowledge and agree that we (or our licensors) own all Intellectual Property Rights in the Content. Except as expressly stated herein, the Agreement does not grant you or your Authorised Users any rights to the Intellectual Property Rights or any other rights or licences in respect of the Content.

8.2. In respect of the Documents and TR Reports, you may:

8.2.1. view, copy and print out Documents and TR Reports for your own internal business purposes;

8.2.2. subject to clause 8.3, use each Document and TR Report created for a particular Client, solely for the purposes of the matter on which you are advising such Client; and

8.2.2. not copy into a format other than PDF, revise or alter the Documents and TR Reports.

8.3. You acknowledge that the TR Reports are for your own internal business purposes only and that whilst you can make information from the TR Reports available to your Clients for the purposes of any matter on which you are advising, you may not provide a copy of the TR Reports to your Clients or any third parties.


9.1. The Agreement will come into force upon the commencement of any agreed Free Trial or the first Subscription Term and subject to earlier termination in accordance with the Agreement will automatically renew for further Subscription Terms (each lasting for 12 months) unless terminated by either party giving the other not less than 3 months’ notice in writing to end on the last day of the then current Subscription Term.

9.2. An Agreement for a Free Trial shall automatically terminate at the end of the Free Trial period unless you subscribe to the Service during the Free Trial period by paying the Fees.

9.3. We may withdraw the Service from you and our other customers at any time at our sole discretion by giving you not less than 3 months’ notice. In the event that we withdraw the Service in these circumstances, we will refund to you any Subscription Fees and Document Fees paid by you which relate to the period after such withdrawal.

9.4. Without affecting any other right or remedy available to it, either party may terminate the Agreement with immediate effect by giving written notice to the other party if:

9.4.1. the other party fails to pay any amount due under the Agreement on the due date for payment and remains in default not less than 5 days after being notified in writing to make such payment;

9.4.2. the other party commits a material breach of any other term of the Agreement which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 5 days after being notified in writing to do so;

9.4.3. the other party suspends, or threatens to suspend, payment of its debts or is unable to pay its debts as they fall due or admits inability to pay its debts or is deemed unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986;

9.4.4. the other party commences negotiations with all or any class of its creditors with a view to rescheduling any of its debts, or makes a proposal for or enters into any compromise or arrangement with its creditors other than for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party;

9.4.5. a petition is filed, a notice is given, a resolution is passed, or an order is made, for or in connection with the winding up of that other party other than for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party;

9.4.6. an application is made to court, or an order is made, for the appointment of an administrator, or if a notice of intention to appoint an administrator is given or if an administrator is appointed, over the other party;

9.4.7. the holder of a qualifying floating charge over the assets of that other party has become entitled to appoint or has appointed an administrative receiver;

9.4.8. a person becomes entitled to appoint a receiver over the assets of the other party or a receiver is appointed over the assets of the other party;

9.4.9. a creditor or encumbrancer of the other party attaches or takes possession of, or a distress, execution, sequestration or other such process is levied or enforced on or sued against, the whole or any part of the other party's assets and such attachment or process is not discharged within 14 days; or

9.4.10. the other party suspends or ceases, or threatens to suspend or cease, carrying on all or a substantial part of its business.

9.5. Save as set out in this clause 9, you are not permitted to terminate the Agreement part way through a Subscription Term and must pay the Subscription Fees for the whole Subscription Term.

9.6. Without prejudice to our other rights and remedies, if we terminate the Agreement in accordance with clause 9.4 prior to the end of a Subscription Term, we may invoice you for the Subscription Fees which would have been payable had the Agreement continued until the end of the Subscription Term. Such invoice will be payable immediately upon receipt.

9.7. On termination of the Agreement for any reason:

9.7.1. your right to use and access the Service, and all User Subscriptions you have purchased, will immediately terminate;

9.7.2 subject to us having received full payment of all Fees due to us (together with any interest) and save where we terminate the Agreement as a result of your material breach, we will enable you to access the Service for a period of 5 working days following termination to enable you to download a copy of all of your Documents which are then held via the Service. Following such period, we will return all Your Data and copies to you (should you request us to do so in writing within 10 working days of the 5 working day period) or failing such request we will be entitled to securely destroy or otherwise dispose of your Documents and Your Data; and

9.7.3. any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the agreement which existed at or before the date of termination will not be affected or prejudiced.

9.8. Where you register via the Site to access Trust Referencer in relation to the Arken service, your access to Trust Referencer will terminate upon termination of the Agreement. Where you have registered for Trust Referencer separately (for example via your use of Trust Referencer will be separate from the Agreement and termination of the Agreement will not affect continuation of access to Trust Referencer (or vice versa).


10.1. Each party may be given access to business and financial information, technology, trade secrets and any other information of a confidential nature of the other party (“Confidential Information”) in order to perform its obligations under the Agreement. A party’s Confidential Information will not be deemed to include information that:

10.1.1. is or becomes publicly known other than through any act or omission of the receiving party;

10.1.2. was in the other party’s lawful possession before the disclosure;

10.1.3. is lawfully disclosed to the receiving party by a third party without restriction on disclosure;

10.1.4. is independently developed by the receiving party, which independent development can be shown by written evidence; or

10.1.5. is required to be disclosed by law, by any court of competent jurisdiction or by any regulatory or administrative body.

10.2. Each party will hold the other party’s Confidential Information in confidence and, unless required by law, not make the other party’s Confidential Information available to any third party, or use the other party’s Confidential Information for any purpose other than the performance of the Agreement. Nothing in this clause 10 will prevent us from using third party service providers (including hosting providers and contractors) in the provision of the Service subject to compliance with the Schedule.

10.3. Each party will take reasonable steps to ensure that the other party’s Confidential Information to which it has access is not disclosed or distributed by its employees or agents (including, in your case and for the avoidance of doubt, Authorised Users), in violation of the Agreement. We will be responsible for any loss, destruction, alteration or disclosure of Confidential Information caused by any third party.

10.4. You acknowledge that details of the Service and the results of any performance tests of the Service constitute our Confidential Information. You further acknowledge that we will be entitled to retain and use both during and after the term of the Agreement any information and data received or generated from the use of the Service on an anonymised, de-identified basis which does not identify you or your Clients for such proposes as we may require including for producing reports, forecasting, monitoring, analysis and operational purposes.

10.5. We acknowledge that Your Data is your Confidential Information.

10.6. This clause 10 will survive termination of the Agreement, however arising.


11.1. Nothing in the Agreement excludes our liability:

11.1.1. for death or personal injury caused by our negligence; or

11.1.2. for fraud or fraudulent misrepresentation.

11.2. You will have no claim against us arising from any actions brought against you by your Clients or associated third parties arising from the use of the Service or the use or content of any Documents or TR Reports.

11.3. You assume sole responsibility and entire risk as to the suitability of the Service, the Documents, the TR Reports and results obtained therefrom and for any decisions made or actions taken based on information or data contained in the Service or any Documents or TR Reports. You acknowledge that:

11.3.1. we cannot under any circumstances be regarded as supplying tax, legal accounting or any other advice, and in this regard any such advice which ought to be provided by you to your Client, you yourself will provide or procure;

11.3.2. you are not relieved of any responsibility, including to any third party, for the preparation, content, accuracy and review of Documents and TR Reports created; and

11.3.3. the Service, Documents and TR Reports are not intended nor can they be relied upon as a substitute for your exercise of proper professional judgment as may be required.

11.4. Whilst we will take such measures as are consistent with good industry practice to reasonably ensure that the System is fit for purpose and free from viruses, Trojan horses and worms we do not accept liability for:

11.4.1. the transmission of any virus, Trojan horse, worm or other routine or device;

11.4.2. any inaccuracy of information provided as part of the Service, the Documents or the TR Reports;

11.4.3. the content of any Documents or TR Reports created by the Service;

11.4.4. failure in the sending or delivery of e-mails or other data; or

11.4.5. lapses or defects in the security of the Software or the Service.

11.5. Subject to clause 11.1:

11.5.1. we will not be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for any loss of profits, loss of opportunity, loss of business, depletion of goodwill and/or similar losses or loss or corruption of systems, data or information, or pure economic loss, or for any special, indirect or consequential loss, costs, damages, charges or expenses however arising under the Agreement; and

11.5.2. our total liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of the Agreement will be limited to an amount equal to the Subscription Fees paid by you during the Subscription Term during which the claim arose.

11.6. Except as expressly and specifically provided in these terms and conditions all warranties, representations conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from the Agreement including, without limitation, warranties of satisfactory quality or fitness for a particular purpose and the Service, the Documents and TR Reports are provided to you on an “as is” basis.


12.1. These terms and conditions are the only terms and conditions applying to our provision of the Service and apply to the exclusion of any other express or implied conditions including any terms and conditions to which any order of yours may purport to be subject.

12.2. No variation to the Agreement will be binding unless agreed in writing between duly authorised representatives of the parties.

12.3. In these terms and conditions, the introduction and the schedules, any reference:

12.3.1. to any statute or statutory provision includes a reference to that statute or statutory provision as amended, extended or re-enacted and to any regulation, order, instrument or subordinate legislation under the relevant statute or statutory provision;

12.3.2. to the singular includes a reference to the plural and vice versa;

12.3.3. to any gender includes a reference to all other genders; and

12.3.4. headings used in these terms and conditions are for ease of reference only and will not affect its interpretation.

12.4. No delay or forbearance by us in enforcing any provisions of these terms and conditions will be construed as a waiver of such provision or any agreement thereafter not to enforce the said provision on that or any other occasion or another provision on another occasion.

12.5. We will have no liability to you under the Agreement if we are prevented from or delayed in performing our obligations under the Agreement, or from carrying on our business, by acts, events, omissions or accidents beyond our reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes, failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, malicious damage, denial-of-service/distributed denial-of-service attacks, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or sub-contractors.

12.6. The Service, the Documents and the TR Reports do not provide legal advice nor represent a legal advisory service.

12.7. If any provision of these terms and conditions is found void and unenforceable, it will not affect the validity of the remainder of the provisions which will remain valid and enforceable.

12.8. We may at any time assign, subcontract, mortgage, charge, declare a trust over or deal in any other manner with any or all of our rights under the Agreement. You shall not assign, transfer, mortgage, charge, subcontract, declare a trust over or deal in any other manner with any of your rights and obligations under the Agreement without our prior written consent.

12.9. Where two or more legal entities constitute you, their liability will be joint and several.

12.10. The Agreement will be governed by the laws of England and Wales and the parties irrevocably agree that the courts of England and Wales will have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with the Agreement or its subject matter or formation (including non-contractual disputes or claims).

Schedule 1 - Data Protection Schedule


1.1 In this Schedule the following words and expressions shall have the following meanings:

Data Controller” means You and/or Authorised Users.

Data Processor” means Us.

Data Processor Personnel” means the Data Processor and/or each of its Sub-Processors and the officers, employees, agents, consultants, representatives and other personnel of each of the Data Processor and each Sub-Processor.

Data Protection Legislation” means the European Directives 95/46 and 2002/58/EC (as amended by Directive 2009/139/EC) and any legislation and/or regulation implementing or made pursuant to them including but not limited to the Data Protection Act 1998, or which amends, replaces, re-enacts or consolidates any of them (including the General Data Protection Regulation, EU 2016/67), and including, where applicable, the guidance and codes of practice issued by the supervisory authorities (including the Information Commissioner).

Good Industry Practice” means (in relation to any activity and under any circumstances) exercising the same  skill, expertise and judgment and using facilities and resources of a similar or superior quality as would be expected from a person who: (a) is skilled and experienced in providing the services in question, seeking in good faith to comply with his or her contractual obligations and seeking to avoid liability arising under any duty of care that might reasonably apply; (b) takes all proper and reasonable care and is diligent in performing his or her obligations; and (c) complies with all applicable law.

Request” means a subject access request or request to erase or correct Personal Data.

Security Breach” means any actual loss, unauthorised or unlawful destruction, alteration, or unauthorised disclosure of, or access to the Personal Data (accidental or otherwise) and/or any other irregularity in processing the Personal Data.

Sensitive Personal Data” has the meaning given to it in the Data Protection Legislation.

Sub-Processor” means any sub-contractor to which the Data Processor has sub-contracted, or in the future may sub-contract, any of its obligations under the Agreement and in performing such obligations the sub-contractor will receive and process Personal Data including UKFast, Amazon Web Services, Microsoft Azure, Active Campaign, Google Analytics, Zendesk, Cloudflare, Mailgun, Auth0, Segment or as otherwise notified by the Data Processor in writing from time to time.

Working Days” means Monday to Friday, excluding Public and Bank Holidays, in England & Wales.

1.2 Where there is any inconsistency between the terms of this Schedule and any other term of the Agreement, the terms of this Schedule shall take precedence only in respect of the processing of Your Data. References to “include", "includes” and "including" shall be read as being followed by "without limitation" so as to provide a non- exhaustive list of examples.

1.3 For the purposes of this Schedule Data Subject, Personal Data, Processing, transfer (in the context of Personal Data transfers) and appropriate technical and organisational measures shall be interpreted in accordance with the implementation of Directive 95/46/EC, or other applicable Data Protection Legislation, in the relevant jurisdiction.


2.1 In providing the Services, the Data Processor shall process Personal Data on behalf of the Data Controller. The type of Personal Data to be Processed, and the categories of Data Subjects are set out in Annex 2 (Details of Personal Data Processed).

2.2 Both parties will comply with all applicable requirements of Data Protection Legislation. This Schedule is in addition to, and does not relieve, remove or replace, a party’s obligations under Data Protection Legislation.


3.1 In processing Personal Data on behalf of the Data Controller, the Data Processor shall:

3.1.1 process the Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or the proper performance of its obligations under the Agreement or as is required by law or any regulatory body. The Data Processor may only correct, delete or block the Personal Data processed on behalf of the Data Controller as and when instructed to do so by the Data Controller or, if applicable, a Data Subject;

3.1.2 process the Personal Data only in accordance with the written instructions from the Data Controller or as otherwise lawfully and reasonably notified in writing (including via email) by the Data Controller to the Data Processor during the term of the Agreement (and the Data Controller hereby instructs the Data Processor to process that Personal Data as required to perform its obligations under the Agreement). If the Supplier is required to process the Personal Data for any other purpose by European Union or Member State law, the Data Processor will inform the Data Controller of this legal requirement to the extent permitted to  do so by European Union or Member State law; and

3.1.3 ensure that Personal Data is only processed by Data Processor Personnel who are reasonably required to do so in order to enable the Data Processor to comply with its obligations under the Agreement.

3.2 The Data Processor shall ensure that any Data Processor Personnel to whom Personal Data is disclosed are obliged to keep the Personal Data confidential.

3.3 The Data Controller specifically authorises the appointment of any Sub-Processor identified in this Schedule, Annex 1 or Annex 2 and generally authorises the Data Processor to appoint further or alternative Sub-Processors. Where the Data Processor appoints or replaces a Sub-Processor it shall:

3.3.1 notify the Data Controller not less than 30 days in advance of any intended changes concerning the addition or replacement of such Sub-Processors. If the Data Controller wishes to object to such changes, it must do so within 30 days of receiving such notice, by notifying the Data Processor in writing accompanied by its reasons for such objection. Following any such objection, the Data Processor may engage with the Data Controller to provide alternatives or assurances in relation to such change. If the Data Controller (acting reasonably in relation to its legal or regulatory compliance obligations) continues to object to such changes the Data Controller may, within 30 days of receipt of the original notice, terminate on written notice without penalty the relevant services directly affected by that change. Where the Data Controller does not provide such written notice of such termination, or continues to use such services following the change, it shall be deemed to have accepted such change;

3.3.2 remain fully liable for all acts or omissions of any Sub-Processor engaged by it (and such engagements shall be on such Sub-Processors’ terms of business which incorporate data protection obligations which are the same or not less onerous in their effect as those set out in this Schedule.

3.4 The Data Processor shall not acquire any right, title or interest in and to any of the Personal Data disclosed to it by the Data Controller.


4.1 In processing Personal Data on behalf of the Data Controller, the Data Processor shall implement and shall ensure that it has in place at all times appropriate  technical  and  organisational  measures  to  prevent unlawful or unauthorised processing, accidental or unlawful destruction, damage, accidental loss, alteration, unauthorised disclosure of or access to the Personal Data in accordance with the compliance principles contained in Annex 1 and the Data Protection Legislation.

4.2 As soon as reasonably practicable following a request from the Data Controller, the Data Processor shall provide to the Data Controller all information reasonably necessary to demonstrate and ensure compliance with Clause 4.1 save that the Data Processor shall not be obliged to disclose specific security information which would jeopardise the security of the Software, Service or the Personal Data.

4.3 The Data Processor shall back up the Personal Data in accordance with its Back-Up Policy.


5.1 The Data Processor shall not transfer Personal Data outside the EEA without the express prior written consent of the Data Controller (and the Data Controller hereby instructs and authorises the Data Processor to transfer Personal Data outside the EEA where required for the provision of the Services, including but not limited to where Personal Data is accessed by or on behalf of the Data Controller from outside the EEA, and where the Data Controller has been notified that an authorised Sub-Processor is located or stores or accesses Personal Data outside the EEA).

5.2 Where the Data Controller gives consent to a transfer outside the EEA, the Data Processor shall take such steps as may reasonably be required by the Data Controller on an ongoing basis to ensure there is adequate protection for such Personal Data in accordance with applicable Data Protection Legislation, which may include the Data Processor (or, where applicable, the Data Processor's affiliate, Sub-Processor or other relevant third party) entering into the standard contractual clauses set out in the European Commission's Decision 2010/87/EU of 5 February 2010 for the transfer of Personal Data to processors established in third countries ("Standard Contractual Clauses" with the Data Controller (as determined by the Data Controller) in the form prescribed by the European Commission (as may be amended by agreement of the Parties for compliance with applicable Data Protection Legislation requirements).


6.1 The Data Processor shall comply (and undertakes to ensure that the Data Processor Personnel do likewise) at all times with the requirements of the Data Protection Legislation and shall perform its obligations under the Agreement in such a way as to assist the Data Controller in complying with its obligations under the Data Protection Legislation taking into account the nature of the Processing and the information available to the Data Processor.

6.2 The Data Processor will at the cost of the Data Controller permit and arrange all reasonable access and assistance required for audits (including but not limited to inspection) by the Data Controller (and/or its auditors, representatives and/or any supervisory or government body, including the Information Commissioner (excluding where any representative is a competitor of the Data Processor)) in relation to compliance with this Schedule subject to reasonable and appropriate confidentiality undertakings being given by the Data Controller’s auditors or representatives to inspect and audit the Data Processor’s Processing activities.

6.3 The Data Processor will assist the Data Controller, at the Data Controller’s cost, if it receives a Request from a Data Subject in relation to his or her Personal Data (insofar as this is possible).

6.4 The Data Processor will assist the Data Controller in respect of any complaint received by it from a Data Subject about the processing of his or her Personal Data and providing (at the same time) the Data Controller with details and a copy of the complaint.

6.5 The Data Processor shall where lawfully permitted, promptly notify the Data Controller of any communication from a regulatory authority in respect of a matter which concerns the Data Controller.

6.6 The Data Processor will promptly and properly deal with and respond to any and all reasonable requests and enquiries made by the Data Controller relating to its processing of the Personal Data.

6.7 The Data Processor will maintain records of processing activities carried out on behalf of the Data Controller containing the information prescribed in applicable Data Protection Legislation (including but not limited to the type of Personal Data processed and the purposes for which they are processed). The Data Processor shall make these records available to the Data Controller and supervisory authorities if and when required by such parties.

6.8 The Data Processor shall notify the Data Controller as soon as reasonably practicable upon it becoming aware that it is or is likely to become unable to comply with either its obligations under the Agreement or Data Protection Legislation, and/or the Data Controller’s requirements or instructions (whether specific or general) regarding the processing of the Personal Data.

6.9 If the Data Processor suspects or becomes aware of a Security Breach, it shall:

6.9.1 without undue delay on becoming aware of a Security Breach notify the Data Controller;

6.9.2 provide the Data Controller (as soon as is possible, and in no circumstance more than 24 hours after receiving a limited request) with such information that the Data Controller may reasonably request and that is available for collection relating to the Security Breach:

6.9.3 unless otherwise agreed with the Data Controller in writing, take action to stop the Security Breach, investigate the Security Breach and to identify, prevent and mitigate the effects of the Security Breach and to carry out any recovery or other action reasonably necessary to remedy the Security Breach; and

6.9.4 not release or publish any filing, communication, notice, press release, or report concerning the Security Breach without the Data Controller’s prior written approval (except where it is required to do so by applicable law).

Annex 1

1 Access control to premises and facilities

We will ensure or require of our Sub-Processors that controls are maintained to prevent unauthorised physical access to our Sub-Processors premises, datacentres or facilities holding personal data but have no obligation to provide security or back-ups of data other than as stated in the Agreement. 

2 Access control to systems

Appropriate technical and organisational measures for user identification and authentication will be maintained in accordance with Good Industry Practice to prevent unauthorised access to IT systems.

3 Access control to data

Appropriate measures will be maintained in accordance with Good Industry Practice to prevent authorised users from accessing data beyond their authorised access rights and prevent the unauthorised modification or disclosure of data. Authorised users shall be subject to a strict duty of confidentiality (whether a contractual duty or a statutory duty).

4 Disclosure control

Appropriate measures will be maintained, including encryption, to prevent the unauthorised access, alteration or removal of data during transfer, and to ensure that all transfers are secure and are logged.

5 Data Processing

Data is processed automatically by the Service.

Annex 2


Categories of Personal Data

Personal data which identify the data subject and their personal characteristics including names, addresses, contact details, age, sex, date of birth, marital status, details of dependants as may be included by you and/or Authorised Users in the use of the Service. The examples given are not exhaustive.

Special categories of data

Sensitive Personal Data including physical or mental health or condition, racial or ethnic origin, political opinions, religious or other beliefs of a similar nature, trade union membership, sexual life. The examples given are not exhaustive.

Categories of data subjects

Individuals relating to whom Personal Data is held or used. The data subjects are your clients.

Description of Processing Activities

Processing of any Personal Data is incidental to the Services provided by us. No access to changes to, or other processing of any Personal Data is carried out as part of the Service other than as may be required on your specific written instructions.