ParentPay Limited Terms and Conditions for Schools
ParentPay User Service Agreement
Schedule 1: ParentPay Collection Service
Schedule 2: Service Level Agreement
Schedule 3: Data Processing Agreement
ParentPay User Service Agreement
This Agreement describes the terms and conditions for using ParentPay Products and Services, as operated and offered by ParentPay Limited (Registered No. 04513692) trading from The Exchange, Express Park, Bristol Road, Bridgwater TA6 4RR.
The terms: “you,” and “your” are referring to you, your employees, and your users; “we” and “our” refer to ParentPay Limited; and, references to “party” and “parties”’ refer to either or both of us as a party or parties to this Agreement.
You agree you have read, understood and agree to these terms and conditions by either: signing a document within which this Agreement is explicitly referenced; or, accepting this Agreement as part of an application form submitted to us, including those submitted electronically; or, installing, accessing, or using ParentPay Products and Services.
1. Definitions and Interpretation
- 1.1 Definitions
|“Acquirer”||the organization licensed as a member of a Scheme, which processes Card Payments for us, where we are acting as a merchant on your behalf;|
|“Agreement”||this agreement between us and you for the provision of ParentPay Products and Services;|
|“Annual Licence Fee”||the Annual Access Fee and the Audit Fee charged at the Effective Date and in April of each year thereafter, for a minimum period of the Initial Term;|
|“Annual Access Fee”||an annual charge of £10 made to you in consideration of a licence to access and use any ParentPay Products and Services for which you have contracted under this Agreement, representing a charge made for services supplied until the next Annual Licence Fee invoice is due;|
|“Audit Fee”||the charge made to you for Audit Services, representing a charge made for services supplied at the point of invoicing, which shall usually be linked to the number of pupils on roll in your School;|
|“Audit Services”||services provided as part of this Agreement including ensuring the accuracy of pupil roll and standing data held, reviewing security, data protection and other relevant industry, regulatory or legislative requirements, completed at, or shortly after the Effective Date, and when subsequent Annual Licence Fees are charged;|
|“Business Day”||a day (other than a Saturday or Sunday) on which banks are open for normal banking business in the City of London;|
|“Card Payment”||a Load made using a valid, accepted, credit or debit card;|
|“Charge Back”||return of a Card Payment because of a perceived violation of Scheme rules or procedures, arising from a disagreement over: whether or when a Card Payment occurred; the provision of the goods or services to which the Card Payment relates; or, the amount involved;|
|“Confidential information”||all information which prior to, or upon, its disclosure is communicated to the receiving party as being confidential by the disclosing party, or which should reasonably be considered as information of a confidential nature by the receiving party, provided that this definition shall not include information which: is at the time of disclosure in the public domain; subsequently comes into the public domain other than by the deliberate act of the receiving party; is in the possession of the receiving party at the time of the disclosure; is subsequently disclosed to the receiving party by a third party without restrictions as to its use or disclosure; is independently developed by employees of the receiving party who have not had access to the information disclosed; or, is information disclosed pursuant to a requirement of law.|
|“Content”||any data, information, text, or other material uploaded to, posted into, or sent via ParentPay Products and Services, including SMS text messages and emails, whether sent by you, from your account login; or, by us on your behalf;|
|“Effective Date”||the date this Agreement becomes effective either by its incorporation by means of an explicit reference in a document signed by you, or, in the case of a valid application form submitted electronically by you to us, the date such application form is received by us;|
|“Fees”||fees charged by us to you in relation to this Agreement, including: Annual Licence Fees; Payment Service Fees; Setup and Training Fees; and, SMS Text Credit Fees;|
|“Force Majeure”||any event which is outside the reasonable control of the relevant party, including without loss of generality: the unavailability or faulty performance of communication networks or energy sources; any act of God; any act or omission of governmental or other competent authority; fires; strikes and industrial disputes; riots, war, civil unrest, revolution or acts of terrorism; inability to obtain materials; embargos; refusal of licences; theft; destruction; denial of service (DoS) attacks; unauthorised access to computer systems or records, programs, equipment, data, or services; breakdown of plant or machinery; and, flood or other adverse weather conditions;|
|“Holding Account”||a dedicated bank account managed by us, which holds funds including the aggregate total value of Parent Account Balances and Parent Payments not yet included in a Remittance;|
|“Initial Term”||a period of thirty six (36) months from the Effective Date;|
|“Load”||the process by which a Parent adds funds to their Parent Account Balance using the ParentPay Products and Services and supported Scheme payment methods;|
|“Notices”||any Notice is deemed to be served by us if it is: sent to you via post or email; or, posted on our websites; or, posted to your online account on ParentPay Products. Any Notice is deemed to be served by you if it is sent in writing by one of the School’s duly authorised directors or office holders: by email to firstname.lastname@example.org or other email address as we may advise from time to time; or, is sent by recorded delivery to the Bridgwater office address at the top of this Agreement.|
|“Parent”||a parent or guardian of a pupil enrolled in your School whose record is uploaded to the ParentPay Products and Services by you and whose Parent Account login is activated by them;|
|“Parent Account”||a virtual account operated by us into which Parents can Load funds and maintain a Parent Account Balance for use in making Parent Payments for Payment Items using ParentPay Products and Services;|
|“Parent Account Balance”||the individual balance of a Parent’s Parent Account;|
|“Parent Payment”||the process by which a Parent makes a payment for Payment Items, using ParentPay Products and Services, whereby the Transaction Value is deducted from the Parent Account Balance;|
|“ParentPay Products and Services”||our products and services which may include ParentPay®, ParentPay Dinner Money™, ParentPay Shop™, ParentPay Data Capture™, ParentPay DC™, ParentPay Communication Centre™, ParentPay Meal Booking™, ParentPay Classroom Selection™, ParentPay MIS:Sync™ and related support sites for these products; and, services provided by us that may include the ParentPay Collection Service™, Audit Services, and other services such as support, setup, training, project management and consultancy;|
|“PayPoint Payment”||a Load made in cash at PayPoint authorised agents or terminals, via the PayPoint Scheme;|
|“Payment Item”||a good or service offered to Parents by you, your suppliers or affiliates or us with your consent via the ParentPay Products and Services;|
|“Payment Service Fee”||a fee charged by us to you, for the use of ParentPay Products and Services by you and your Parents, which includes inter alia: hosting of the ParentPay Products and Services; support services provided to you and your Parents; management of a range of supported Scheme payment methods for Loads; compliance with Scheme regulations; certification and management of security requirements including PCI DSS; processing of Loads; processing of Parent Payments; processing of Refunds; settlement services for Remittances; reporting services; the operation of the ParentPay Collection Service; and, access to released enhancements, updates and new features for any ParentPay Products and Services licensed to you under the Agreement;|
|“Refund”||the process by which you cancel all or part of a Parent Payment for a Payment Item, resulting in an amount being deducted from a Remittance made to you by us and returned to the Parent Account Balance;|
|“Refund Transaction Value”||the value of a full or partial Refund;|
|“Remittance”||the aggregate net total of the Transaction Value of all Parent Payments, minus the Refund Transaction Value of all Refunds for Parent Payments processed on your behalf during the last Settlement Period, after deduction of: Fees; amounts due for any Charge Backs; any fines or additional fees due to the Acquirer related to your Parent’s Card Payments; and, any other outstanding amounts due to us under the Agreement;|
|“Renewal Term”||each subsequent period of thirty six (36) months after the end of the Initial Term;|
|“RPI”||the All Items Retail Price Index as published by the Office of National Statistics from time to time;|
|“Scheme”||an organisation which manages and controls the rules for clearing of payments through a network of participating members or entities, or an organisation which operates or owns such a network, where Schemes which are supported for Loads may include American Express, MasterCard, PayPoint and Visa, and where the supported Schemes may change from time to time;|
|“School”||you, the school or other establishment or organisation, that contracts with us under this Agreement;|
|“Settlement Period”||the regular period as part of the ParentPay Collection Service for which the Remittance is calculated, currently from 00:00 Wednesday to 23:59 and 59 seconds the following Tuesday, or as may be notified by us to you from time to time by means of a Notice;|
|“Setup and Training Fee”||the charge made to you for the activation and initial remote basic setup of your online account within the ParentPay Products and Services and for access to our web based training course, representing a charge made for services supplied at the point of invoicing;|
|“SMS Text Credit Fee”||the charge made for sending SMS messages via ParentPay Product and Services, whereby one full credit is charged for each standard SMS message or part thereof, where an SMS message is defined under the GSM 03.38 standard. The fee represents a charge made for services supplied at the point of invoicing if paid in arrears, or for services supplied at the time the SMS messages are sent, if pre-paid in bundles;|
|“Term”||the Initial Term or a Renewal Term as the context so allows;|
|“Trademarks”||all of our trademarks and logo’s that exist now or in the future, both registered and non-registered, as may be specified by us from time to time;|
|“Transaction Value”||the price payable by a Parent for a Payment Item or a set of Payment Items acquired in a single transaction;|
- 1.2 Clause and Schedule headings shall not affect the interpretation of this Agreement.
- 1.3 References to clauses and Schedules are to clauses of and Schedules to this Agreement and references to paragraphs and Parts are to paragraphs and Parts of the relevant Schedule.
- 1.4 The Schedules form part of this Agreement and shall have effect as if set out in full in the body of this Agreement. Any reference to this Agreement includes the Schedules.
- 1.5 A reference to this Agreement or to any other agreement or document referred to in this Agreement is a reference to this Agreement or such other agreement or document as varied, superseded or novated (in each case, other than in breach of the provisions of this Agreement or the provisions of the agreement or document in question, as appropriate) from time to time.
- 1.6 Unless the context otherwise requires: words in the singular shall include the plural and in the plural shall include the singular.
- 1.7 A person includes a natural person, corporate or unincorporated body (whether or not having a separate legal personality).
- 1.8 A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.
- 1.9 Any words following the terms including, include, in particular or for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.
- 1.10 Where the context permits, other and otherwise are illustrative and shall not limit the sense of the words preceding them.
- 1.11 A reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted from time to time.
- 1.12 A reference to a statute or statutory provision shall include all subordinate legislation made from time to time under that statute or statutory provision.
- 1.13 Any obligation on a party not to do something includes an obligation not to allow that thing to be done.
2. Licence Terms
- 2.1 In consideration of your payment of the Annual Access Fee, we agree to provide you with, and you hereby accept, a non-exclusive, non-transferable licence for you to access and use ParentPay Products and Services for the Term, subject to the conditions laid out below.
- 2.2 The licence will at all times be governed by this Agreement.
- 2.3 The licence extends only to those ParentPay Products and Services which you have ordered, where we have accepted the order and charged you the Annual Licence Fee.
- 2.4 The licence allows you and your Parents to use ParentPay Products and Services for your own internal use only, is personal to you, and may not be assigned, sub-licensed, sold, resold, transferred, distributed or otherwise disposed of or commercially exploited in any way, including by way of charge, lien or other encumbrance.
- 2.5 You are expressly forbidden and you hereby agree not to: modify, translate, adapt, disassemble, decompile, reverse engineer, or in any way copy the software used in the ParentPay Products and Services; or, to copy or emulate in any way the design, layout, or functionality of ParentPay Products and Services.
- 2.6 ParentPay Products and Services are provided under the absolute condition that they may not be used to undertake or support: unsolicited commercial emailing; bulk emailing (other than the legitimate emailing of Parents); copyright violation; defamatory speech; distribution of internet viruses, worms, trojan horses or other malware; flaming; distribution of pornography; or, abusive internet postings. Any such use, or what may be reasonably interpreted as such use would be a breach of this Agreement and not withstanding any payments made or received will cause us to take such action as is necessary to preserve our good name at our sole discretion, including immediate termination of service and this Agreement.
- 2.7 We may impose reasonable conditions regarding the ethical, moral and legal use of ParentPay Products and Services from time to time. You shall impose such conditions on your users and Parents to the extent necessary to ensure compliance.
- 2.8 You hereby grant us the right to: connect to your IT systems; and, host, download, view, analyse and retain your Content in so far as it is necessary for the provision of the ParentPay Products and Services to you as envisaged in this Agreement, which shall inter alia include the following purposes:
- 2.8.1 verification of your identity where required;
- 2.8.2 prevention and detection of crime, fraud and money laundering;
- 2.8.3 provision of the ParentPay Products and Services covered by this Agreement;
- 2.8.4 ongoing administration of ParentPay Products and Services;
- 2.8.5 improvement of ParentPay Products and Services including developing new ParentPay Products and Services;
- 2.8.6 research and statistical analysis including payment and usage patterns; and,
- 2.8.7 compliance with our legal and regulatory obligations.
- 2.9 We may retain your Content for as long as is necessary to fulfil the purpose(s) set out in Clause 2.8 and in accordance with the law.
- 2.10 ParentPay Products and Services are provided as software as a service. As such, the Annual Access Fee relates to the use of the ParentPay Products and Services as a service, but does not provide access to or copies of the software used to deliver this service, except in the case of ParentPay MIS:Sync or other pupil data upload clients, which may be installed locally subject to clause 2.11 below.
- 2.11 Solely for the purpose of facilitating the transfer of pupil and Parent data from your management information system (“MIS”) to us, you may install and use one copy of ParentPay MIS:Sync and other MIS upload clients, on each computer on your premises that you use to exchange data between your MIS system and us. Additionally you may make one backup copy of ParentPay MIS:Sync or other MIS upload clients as necessary for the continuation of this service. After termination of this Agreement, all rights under this licence are terminated and you must securely delete any and all copies of ParentPay MIS:Sync or other MIS upload clients held by you as a result of this Agreement.
3. Term and Termination
- 3.1 This Agreement shall commence on the Effective Date for the Initial Term and shall be renewed for each Renewal Term thereafter, unless terminated in accordance with the terms set out herein.
- 3.2 Notwithstanding clause 3.1, we shall have the right to terminate this Agreement immediately in the event that:
- 3.2.1 you breach any representation, warranty, covenant or other obligation under this Agreement;
- 3.2.2 you are delinquent in any payment hereunder thirty (30) days after the same has become due;
- 3.2.3 you assign this Agreement to any party without the required consent;
- 3.2.4 we are requested to do so by a Scheme or financial institution or any other party upon whose services we rely; or you have any distress, execution or other process levied upon your assets; or you make or offer to make any arrangement or composition with any one or more of your creditors or commit any act of bankruptcy; or if any petition or receiving order in bankruptcy is presented or made against you; or if any resolution or petition for your winding up is issued or passed or presented otherwise than for a reconstruction or amalgamation; or you become subject to an administration order; or you cease or threaten to cease to carry on your business; or your financial position deteriorates to such an extent that in our reasonable opinion your capability to adequately to fulfil your obligations under this Agreement has been placed in jeopardy.
- 3.3 Either party may terminate this Agreement without cause at the end of the Initial Term or at the end of the Renewal Term by giving Notice to the other party of their intention to terminate, provided that the Notice is given at least three (3) months prior to the end of the Term.
- 3.4 Notwithstanding the provisions of Clause 3.3, you may terminate this Agreement at any time, with or without cause, upon giving us Notice of your intended termination date, which shall be deemed to be three (3) months after Notice is properly given, provided that you pay any and all fees due to us under this Agreement as set out in this Clause 3.4. The fees due shall be no less than the Fees due under this Agreement in the proceeding twelve (12) months, or if the Agreement commenced less than twelve (12) months prior to the termination date the Fees due up to the date of termination pro rated for a twelve (12) month period, multiplied by the number of years, including any part years, remaining from the date of termination to the end of the Term that has commenced three (3) months after the termination Notice is given, such fees to be paid by you in full before the termination date.
- 3.5 Upon any termination of this Agreement, you shall immediately discontinue the use of all ParentPay Products and Services and any license granted under this Agreement shall terminate.
- 3.6 Termination, repudiation or expiry of this Agreement will be without prejudice to any accrued rights of either party and will not affect obligations which are expressed not to be affected by repudiation, expiry or termination of this Agreement.
4. Fees – General
- 4.1 All Fees are in Pounds Sterling and are subject to applicable taxes, including Value Added Tax at the rate prevailing at the tax point of sale.
- 4.2 We will charge you a Setup and Training Fee and an Annual Licence Fee, in line with the most recent, valid, commercial schedule or proposal provided to you. If your pupil numbers have increased since the provision of the last commercial schedule or proposal provided to you we will be entitled to increase the Audit Fee to reflect this increase.
- 4.3 The Setup and Training Fee and the initial Annual Licence Fee is due no later than the earlier of: the payment terms laid out in 5.1; or, prior to initial availability of ParentPay Products and Services to Parents.
- 4.4 We will charge you a subsequent years’ Annual Licence Fee in April of each year during the Term.
- 4.5 We will charge you Payment Service Fees in line with the prevailing rate at the time of invoice, such fee to be collected via a net settlement process as part of the ParentPay Collection Service.
- 4.6 We will charge you an SMS Text Credit Fee for any SMS messages sent from your account, charged at the prevailing rate at the time of invoice, whether bought in blocks of credits in advance, or charged in arrears based on usage.
- 4.7 Regardless of whether ParentPay Products and Services are used at all, or whether ParentPay Products and Services are continually used throughout the Initial Term, or any subsequent Renewal Term, we do not offer and shall not be obliged to make refunds of any valid Fees charged under this Agreement.
- 4.8 We retain the right to revise our Fees to you at no less than thirty (30) days’ notice, provided that we serve a valid Notice of this change. You are entitled to terminate this Agreement per the effective date of the increase, by sending us a Notice within fourteen (14) days of our Notice of the change, where any price increase, other than an increase in the Audit Fee as a result of an increase in pupil roll numbers, is more than the greater of twice RPI or five (5) percent per annum, during the Initial Term, or the greater of twice RPI or ten (10) percent per annum thereafter. For the avoidance of doubt, after termination under this clause 4.8, no further Annual Licence Fee shall be charged to you, however, no Fees shall be refunded and such termination shall not diminish your responsibility to pay Fees already charged by us.
5. Payment, invoicing and debt
- 5.1 Payment shall be made in Pounds Sterling into the account designated by us, or as may otherwise be agreed in writing by the Payments are due within 30 days of the date of the invoice. If due to bank charges, transfer fees, or the like, we receive less than the invoiced amount, other than as a result of charges by credit card companies, we will re-invoice you for the shortfall. Should payment in full of any invoice (aside from such shortfalls) not be received by us within forty five (45) days after invoice date, we may impose a debt service charge on the overdue balance for each 30-day period or fraction thereof that the overdue amount remains unpaid amounting to three and a half percent (3.5%) above the sterling base rate quoted from time to time by Barclays PLC. In the event that any amount remains unpaid forty five (45) days after date of invoice, you will be in breach of this Agreement and we may discontinue, withhold, or suspend services to you without any further notice. Our decision not to take action for sums overdue does not diminish your responsibility to pay any and all outstanding amounts due to us.
- 5.2 You hereby agree to pay reasonable and appropriate legal fees, court costs, and related expenses incurred by us in the collection of any overdue amounts from you.
6. Your Responsibilities
- 6.1 You will support your Parents in the use of the ParentPay Products and Services by providing first line support to them.
- 6.2 You will place a link on your website to our website home page, based on URL details provided by us, to help and encourage your Parents to use ParentPay Products and Services.
- 6.3 Where you use our logo, you will use a logo approved and provided by us, and will ensure that alt tags for the logo are accurate based on the copy provided by us.
- 6.4 Where you use text on your website to promote and describe us or ParentPay Products and Services, you will use text provided by, or approved by us prior to release, such approval not to be unreasonably withheld by us.
- 6.5 You hereby represent and warrant to us that:
- 6.5.1 you will not conduct your business in any manner that harms our value and reputation or of the value and reputation of our third party service providers;
- 6.5.2 you will conduct your business affairs in an ethical manner and in accordance with the terms and intent of this Agreement, and in compliance with all applicable laws and regulations;
- 6.5.3 you will not use ParentPay Products and Services in connection with any illegal or fraudulent activities as determined by the relevant applicable jurisdiction;
- 6.5.4 you shall not permit nor authorise any other person or business to use ParentPay Products unless specifically agreed with us in writing in advance;
- 6.5.5 you will keep your password and login details confidential and will report any suspected breach immediately to us;
- 6.5.6 you will not copy the ParentPay website or ParentPay Product or functionality or use your account access to aid in the development of a competitive product or service by yourselves or any other third party, nor will you allow any third party to access your account for these purposes;
- 6.5.7 you will not publish or copy any information on our website without our written permission, nor infringe intellectual property or content copyrights owned by us or any third party suppliers of ours.
- 6.5.8 you will accept responsibility for any and all Content provided under your account login, regardless of whether the user using your account login has been authorised by you to do so, and, regardless of any Audit Services we may perform, you accept that we owe no obligation to you or anyone else to monitor, check or review the legality, validity or accuracy of any Content.
- 6.6 You will take all reasonable measures to preclude us from being made a party to any lawsuit or claim regarding ParentPay Products and Services provided to any user, including School staff and Parents. You hereby agree to indemnify and hold us harmless from any and all claims of whatever nature brought by any of your users or Parents against us in excess of the remedy set forth in clause 8.1 below.
7. Our responsibilities
- 7.1 We will use reasonable technical and organisational measures and endeavours, and reasonable skill and care to:
- 7.1.1 provide ParentPay Products and Services in a professional accurate and timely manner and to maintain the availability of the service for you and your Parents;
- 7.1.2 prevent unauthorised, unlawful or accidental processing of or access, destruction or damage to your Content;
- 7.1.3 ensure Content and payment data is stored and processed in a secure manner using appropriate industry standard security;
- 7.1.4 remain accredited under the Payment Card Industry Data Security Standard;
- 7.1.5 comply with the EU General Data Protection Regulation (“GDPR”) when processing data submitted by you, or data held by you as a Data Controller, thus performing our duties as a Data Processor under the GDPR, in line with Schedule 3 to this Agreement, the Data Processing Agreement;
- 7.1.6 notify you as soon as possible of any loss of, damage, destruction or unauthorised access to your Content;
- 7.1.7 provide the support services as described in our Service Level Agreement, as may be provided by us from time to time;
8. Limitation of Liability
- 8.1 Subject to the other terms of this clause 8 our maximum aggregate liability arising in connection with this Agreement, whether arising in contract, tort, negligence or otherwise, and whether an act, omission or breach of statutory duty of us our employees, agents, subcontractors or suppliers, in respect of any single event or series of connected events, shall not in the aggregate exceed the total amount of Annual Licence Fees due and paid by you, for the calendar year in which the event resulting in liability arises.
- 8.2 Nothing in this Agreement, including the limits and exclusions in the remainder of this clause 8, shall limit or exclude our liability for death or personal injury resulting from our negligence, fraud or fraudulent misrepresentation, or any other liability which cannot be legally excluded or limited.
- 8.3 Subject to 8.2 above, we assume no responsibility for, and you shall indemnify and keep us and our employees, agents, subcontractors or suppliers indemnified for, any loss, damage, or injury to any person or property of whatever nature and whether direct or indirect, occasioned by, arising from, or due to:
- 8.3.1 the breach by you or your systems of any applicable laws;
- 8.3.2 representations made by you to Parents including without limitation any representations relating to your creditworthiness;
- 8.3.3 the suitability, availability, appropriateness, lawfulness or quality of any of your Payment Items;
- 8.3.4 the inaccuracy or unlawfulness of any of your Content
- 8.3.5 any payments made to unintended recipients due to the input of incorrect information by you or your Parents;
- 8.3.6 your reliance on any information issued by our Acquirer(s) including any fraud or card verification checks carried out by them;
- 8.3.7 any Charge Backs or any refunds payable to or from any Parents or other persons;
- 8.3.8 any cause over which we do not have direct control, including: problems attributable to computer hardware or software, including computer viruses and malware; telephone or other communications failures; internet service provider failures;, or delays, non-deliveries, mis-deliveries, or service interruptions arising from Force Majeure;
- 8.3.9 unauthorised interception or use of your data or Content;
- 8.3.10 any actions or transactions by any individual or entity that uses your username, password or other login credentials or data used to identify you to us;
- 8.3.11 any breach by you of your obligations under the GDPR or Schedule 3 to this Agreement, the Data Processing Agreement; and
- 8.3.12 any breach by you of clause 6 above; except and to the extent such losses result directly from our knowing or wilful misconduct.
- 8.4 ParentPay Products and Services are provided “as is” and we disclaim, and you waive, any warranties, express or implied, as to merchantability, fitness for a particular purpose, title, non-infringement or any other warranty, guarantee or representation relating to ParentPay Products and Services and those arising by statute or otherwise in law. We do not guarantee continuous availability of the service, service at a particular time, or service without error and cannot be held responsible for any downtime or difficulties in accessing the service or for delays in or inability to send messages.
- 8.5 We shall not be liable to you or any of your users or Parents, for any direct, indirect or consequential losses including, but not limited to, loss of business, profit, reputation, interest, goodwill, or anticipated savings, including any type of special, punitive, consequential or indirect loss whatsoever.
- 8.6 If you wish to make a claim against us, you should notify us in writing including details of the claim, at the earliest possible time after becoming aware, or you should reasonably have become aware, of the event or error leading to such a loss, but in any case, not later than three (3) months after the loss.
- 9.1 You acknowledge that by reason of your relationship with us hereunder, you may have access to certain information and materials relating to our business, plans, customers, software technology, and marketing strategies that is confidential and of substantial value to us, which value would be impaired if such information were disclosed to third parties. You agree that you will not use in any way for your own account, nor for the account of any third party, nor disclose to any third party, any such information revealed to you by You further agree that you will take every reasonable precaution to protect the confidentiality of such information. In the event of termination of this Agreement, there shall be no use or disclosure by you of any such confidential information in your possession, and all confidential materials shall be returned to us or destroyed. The provisions of this section shall survive the termination of this Agreement for any reason. Upon any breach or threatened breach of this provision, we shall be entitled to seek the remedies of injunction, specific performance and other equitable relief, and such relief shall not be contested by you.
10. Intellectual Property Rights
- 10.1 We hereby grant you a royalty-free and non-exclusive right for the term of this Agreement to use the Trademarks on your website(s) and in any of your off-line promotional materials solely in order to indicate that you make use of ParentPay Products and Services. You shall use such Trademarks in accordance with our directions and you do not have a right of sub-license.
- 10.2 You hereby grant us a royalty free and non-exclusive right for the term of this Agreement to use your trademark and logo’s on our websites and in off-line publications for promotional purposes, only to indicate that you are a user of ParentPay Products and Services.
- 10.3 When using the Trademarks the parties shall ensure that no composite marks are created with its own trademarks and/or logo’s. The parties acknowledge that their use of the Trademarks does not create for themselves any rights in the Trademarks other than those explicitly granted in this Agreement.
- 10.4 All proprietary rights in the equipment, software (such as interfaces) and other materials used by us in the performance of this agreement, whether or not supplied to you, shall remain with us or our licensors. You shall only acquire such right of use as is explicitly granted hereunder or otherwise and no other right is granted.
- 10.5 For the avoidance of doubt, clause 10.4 above shall include, and not be limited to, any software, bespoke development, or other enhancements, features, interfaces or otherwise, developed by us under this Agreement, or used by you under this Agreement, regardless of whether these developments were specified, requested or paid for by you. No terms under this Agreement will prevent such enhancements being provided by us to other clients, either during the term of the Agreement or afterwards.
- 10.6 Upon termination of this Agreement you will immediately withdraw any reference to us from your website(s) and will cease the use of the Trademarks.
- 11.1 You may not assign any rights hereunder, directly or by operation of law, without our prior written consent, which consent may not be unreasonably withheld. For the purposes of this Agreement, assignment shall include, but not be limited to, transfer of control, any ownership change which results in a new majority owner and any change in the jurisdiction of incorporation.
- 11.2 We may at any time transfer all or any part of our rights and/or obligations under this Agreement and upon completion of any such transfer (including the assumption by the transferee of all our remaining rights, benefits and obligations) we will be released from and have no further obligation under this Agreement. You will promptly execute all documents reasonably requested by us to affect, perfect record or implement such transfer and will promptly comply with any of our or our successors’ other reasonable requests in respect of such transfer.
- 12.1 We may only modify this Agreement by serving a valid Notice. Where any amendments: materially diminish our responsibility to deliver the ParentPay Products and Services to you; significantly reduce our liability to you; breach or threaten to breach your intellectual property or confidentiality rights; or, attempt to materially increase the Term or the Fees beyond the limits for such increases detailed in clause 4.8; then you are entitled to terminate this Agreement, effective on the date the amendment is to take effect, by sending us a Notice within fourteen (14) days of the Notice being served by us. For the avoidance of doubt, after termination under this clause 12.1, no further Annual Licence Fee shall be charged to you, however, no Fees shall be refunded and such termination shall not diminish your responsibility to pay Fees already charged by us.
13. Partial Invalidity
- 13.1 If any provision of this agreement shall be held illegal, invalid or unenforceable, in whole or in part, such provision shall be modified to the minimum extent necessary to make it legal, valid and enforceable, and the legality, validity and enforceability of all other provisions of this Agreement shall not be affected thereby.
14. Entire Agreement
- 14.1 This Agreement (together with any documents referred to in it) sets out the entire agreement between the parties and supersedes any previous agreement or arrangement between the parties relating to the subject matter of it (and any document referred to in it).
- 14.2 Each party agrees and acknowledges that it has not relied on, or been induced to enter into this Agreement by any warranty, statement, representation or undertaking which is not expressly included in this Agreement.
- 14.3 Subject to clause 8.2 no party has any claim or remedy in respect of a warranty, statement, misrepresentation (whether negligent or innocent) or undertaking made to it by or on behalf of the other party in connection with or relating to the subject matter of this Agreement and which is not expressly included this Agreement.
15. Applicable Law
- 15.1 This Agreement shall be governed by and construed in accordance with the laws of England and Wales whose courts will have sole jurisdiction.
Schedule 1: ParentPay Collection Service Schedule
These terms and conditions (“the Schedule”) relate to any party collecting funds via the ParentPay Collection Service, regardless of whether the party has contracted for ParentPay Products and Services separately. Definitions used in the ParentPay Terms and Conditions for Schools shall apply to this Schedule. Where you provide services to a School using ParentPay Products and Services, the terms “you”, “your” and “your Parents” shall apply equally to you or the School as appropriate.
These terms are deemed accepted by you upon: your providing to us bank account details for receipt of funds collected by us for you; or, on your first use of the ParentPay Collection Service.
- By entering into this Agreement, you hereby agree to accept Parent Account as the method of payment for Parent Payments for Payment Items by your Parents.
- Consumers can Load funds to Parent Account using a range of supported Scheme payment methods offered by us. We will hold the Parent Account Balance in a dedicated Holding Account.
- You will offer Payment Items to your Parents via the ParentPay Products and Services, which are relevant to the goods and services you can provide to them. Parents can choose to make a Parent Payment for Payment Items using their Parent Account Balance.
- We will deduct the Transaction Value from the Parent Account Balance for each Parent Payment and credit the balance against the relevant Payment Item.
- If you process a Refund, we will deduct the Refund Transaction Value from the balance of the relevant Payment Item and credit the balance to the Parent Account Balance.
- After the end of each Settlement Period, we shall calculate the Remittance due to you. We shall normally transfer the Remittance to your nominated bank account five (5) Business Days after the end of the Settlement Period, and not later than seven (7) Business Days after the end of the Settlement Period, unless otherwise notified by us in writing. Failure to notify us of the correct bank account details, or to provide us with the required evidence of bank account ownership, no later than two (2) Business Days before the end of the Settlement Period, will result in the Remittance being delayed until the next Settlement Period.
- You hereby authorise us to collect the Payment Service Fee from the Remittance, by way of deduction via net settlement.
- In calculating the Remittance we are fully entitled to offset any indebtedness of you towards us pursuant to clause 9 below, which for the avoidance of doubt, may include any indebtedness of you towards us whether for fees related to the ParentPay Collection Service or any other ParentPay Products and Services provided by us to you under this Agreement or under any related Agreement between us and you.
- You hereby authorise us to offset amounts due against the Remittance as defined above. In case we intend to offset any debt that is due or overdue (30 days or greater from the date of invoice) we may do so without informing you in advance of our intentions and without seeking any further authorisation from you other than that already provided by this Agreement.
- In the event that any outstanding debt or amount due to us remains unsettled by you beyond 45 days of the date of invoice, or in the event that the Remittances are insufficient to pay the amounts owing by you to us, this will constitute a breach of contract and we may at any time serve a notice of breach and/or terminate any services provided by us to you.
- We have the right to withdraw from the Holding Account any and all amounts owed to us as defined above without notice or demand. Our rights to sums owed to us by you shall in no way be limited by the balance or existence of the Holding Account. Our rights with respect to the Holding Account shall survive the termination of this Agreement.
- In performing the ParentPay Collection Service for you we are contracted to the Acquirer as a merchant, but acting on your behalf in respect of your Parents’ Loads, your Payment Items, and your Parent Payments (sometimes known as a merchant aggregator or merchant agent). We will act reasonably and responsibly at all times and will always attempt to operate the service fully within the rules and regulations set out by the Acquirer and the Schemes. However, under this Agreement, you are and will be held responsible and liable, as far as Acquirer and Scheme rules and regulations affect the merchant, including the payment of any fees, fines or levies from the Acquirer or the Scheme related to: your use of ParentPay Products and Services; your Parents’ Card Payments, and, your Payment Items.
- Any interest which may accrue in respect of the Holding Account shall be for our sole account.
- You have no right to offset, or to withhold payments to us, in connection with any amounts due to you by us.
- You shall ensure that you abide by the rules and regulations as laid down by the Schemes. You will be required to abide by any future changes to those rules and regulations as far as they may affect you and your use of ParentPay Products and Services. Failure to abide by any Scheme rules will constitute a breach of contract and may result in us terminating any services provided by us to you, pursuant to clause 3 of the Agreement.
- You shall respond promptly to inquiries from Parents and shall resolve any disputes amicably where reasonably possible. Where necessary you shall provide Refunds as appropriate for unwanted goods, or for services not taken or delivered by you, to the extent necessary under any terms of sale clearly set out by you to the Parents at the time of purchase.
- Should a Charge Back be received by us from the Acquirer, in respect of a Load used to make a Parent Payment for a Payment Item of yours, we will provide the relevant information required by the Acquirer to defend the Charge Back on your behalf. We may also contact you and/or the Parent directly to resolve the matter. You shall provide all and any information requested by us, in a timely manner, where such information is required to defend the Charge Back, or to detect, identify or prevent possible fraud.
- Should the Charge Back not be defendable or in any circumstances where the Charge Back is successful, you will be fully liable for any refund due to the Consumer and any costs levied by the Acquirer or the Scheme for processing the Charge Back. The funds will be debited from your next Remittance as defined. A lack of funds in the Remittance does not diminish your responsibility to settle any Charge Back amounts to ParentPay within 7 days of any notice requiring you to do so. Our rights to reclaim the Charge Back amount and any related costs from you survive the termination of this Agreement.
Schedule 2: ParentPay Service Level Agreement v5 – 2017
Support for ParentPay Products and Services as defined in this Service Level Agreement (SLA) is offered to you as a ParentPay Limited customer only (i.e. to schools, local authorities and caterers) and not to your individual Parents.
Customer Support Services
We will provide the following Customer Support Services to all customers who are under contract for ParentPay Products and Services:
- Business Hours Customer Support Help Desk
- Web based User Guides, Quick Guides and Manuals
- Timely availability of all ad hoc service upgrades, enhancements and new features
We will use reasonable endeavours to maintain system availability for the provision of the services.
Customer Support Help Desk
We will provide Help Desk services to respond to customer service and technical questions and enquiries related to ParentPay Products and Services. The Help Desk will be available on normal business days during the following hours:
Monday to Thursday 8.30am to 5.00pm. Friday 8.30am to 4.30pm
The Help Desk telephone line will be available on normal business days during the following hours: Monday to Friday 8.30am to 4.30pm
Apart from: Thursday 1.30pm to 2.00pm which is reserved for essential staff training and when no telephone help desk service will be available.
The appropriate contact details for all Help Desk communication are as follows:
Telephone: 02476 994820
Support Case Logging Process
The following information will be required when reporting an incident to Customer Support:
- Contact name
- School name
- School DfE number
- Email address and contact telephone number
- Detailed description of the nature of the problem.
Where the case is not resolved immediately (for phone calls), we will provide the customer with a unique support case ID. The following information will be needed when a status update is required on any previously reported incident:
- School name and DfE number
- Relevant support case ID where appropriate
Upon the successful resolution of the incident, we will notify the customer and the case will be closed.
Support Issue Categories
We categorise support issues into two distinct areas:
- Fault Management and Resolution – This includes partial or full systems failures, feature failures, system bugs and general system errors
- Support Enquiries – This includes user assistance, system or feature enquiries, and other general help and assistance
In some instances it may not be possible to categorise a support issue at the initial enquiry, and therefore the case will be dealt with on the higher of two priority levels, where a difference may exist.
Fault Management and Resolution Priorities and Responses
For the purpose of prioritising and escalating Fault Management issues, they will be categorised as Serious, Degraded or Minimal.
Incident Severity Level Table – Fault Management Issues
|Level 1 (Critical)||The Services are at a standstill or key business processes, such as transaction authorisations cannot be conducted.|
|Level 2 (Degraded)||Processes such as reporting cannot be carried out without significant delay, but live transactional services are working and systems are operational.|
|Level 3 (Minimal)||Integration issues, data import and exchange issues, minor incidents and enquiries.|
Target Response Time Table – Fault Management Issues
The target time for us to respond to all Fault Management issues is outlined below, the target time being from notification. Target response and resolution times will vary depending upon the severity level. All times are measured in normal business hours.
|Classification||Step 1 (Identify source)||Step 2 (Temporary Fix)||Step 3 (Fix)|
|Level 1 (Critical)||2 hours||4 hours||Within 4 calendar days|
|Level 2 (Degraded)||6 hours||12 hours||Within 10 calendar days*|
|Level 3 (Minimal)||12 hours||Within 4 calendar days*||Within 30 calendar days*|
If a full software release is required the SLA for temporary fix for P3 cases or permanent fix for P2 and P3 cases may not be achievable within the timeframe indicated as a full release management cycle can take longer. P3 cases and P2 permanent fixes would normally only be dealt with under scheduled software releases.
The following shall define the actions to be taken for Fault Management Enquiries:
- Step 1 represents the acknowledgment of the problem and the beginning of the information gathering process.
- Step 2 represents the target time frame during which the problem is being actively addressed and a temporary patch, correction, or workaround is provided. The goal is to provide a fix or a work-around for a problem as soon as possible. Serious problems will be worked on continually until a satisfactory problem resolution can be reached.
- Step 3 represents the target time within which a permanent solution will be available which meets our quality standards (albeit for software releases this may be QA’d on an ‘Emergency Release’ basis)
Support Enquiries Priorities and Responses
For the purpose of prioritising and escalating Support Enquiries, they will be categorised as Serious and non-Serious.
Incident Severity Level Table – Support Enquiries
|Level 1 (Serious)||The User is unable to perform a key business function preventing further use of the service|
|Level 2 (Non-Serious)||The User has difficulty in completing a task, or is unable to use the service to a high efficiency level|
Target Response Time Table – Support Enquiries
The target time for us to respond to all Support Enquiries is outlined below, the target time being from notification, whether by phone call, email, web enquiry or voicemail left. All response times are measured in normal business hours. Target response and resolution times will vary depending upon the severity level.
|Classification||Initial Response||Solution or Advice Offered||Case Closed|
|Level 1 (Serious)||4 hours||6 hours||12 hours|
|Level 2 (Non-Serious)||12 hours||16 hours||Within 5 business days|
The following shall define the actions to be taken for Support Enquiries:
We aim to contact the customer within the timeframe indicated and acknowledge their enquiry and if necessary issue a Support Case ID. It may not always be possible to speak immediately to a person that can address the support enquiry.
Solution or Advice Offered
We aim to offer the advice or solution to the customer within the target time above. Where additional information is required from the customer, or a remedy needs to be tried by the customer, the first response providing advice is measured. When awaiting a response back from the customer, the time window is not measured against the target time.
We aim to have all cases closed within the target time indicated. On occasions, the customer may not be contactable immediately, may have to try the advice or solution offered, another process may have to be run first, or the customer may not be able to see the resolution immediately. During this period the time window is not measured against the target time.
Incidents reported to us will be escalated in line with the details below. Elapsed time represents the number of business hours that have passed since the issue was first classified by us. Resolution is deemed to have been achieved if a temporary fix is created.
- Customer Support Manager – if Level 1 or 2 cases are not resolved within 135% of target resolution time
- Senior Manager – If Level 1 or 2 cases are not resolved within 175% of target resolution time
- Director – If Level 1 or 2 cases are not resolved within 250% of target resolution time
We make every attempt to meet, and indeed to exceed, the defined SLA targets on a continual basis for all of our customers. We cannot and do not explicitly promise or guarantee to always meet this SLA or to provide any form of refund, rebate or reduction in current or future charges in connection with any failure by us to meet this SLA. Failure by us to meet this SLA cannot be deemed to be a breach of contract by us.
The overall performance is measured against directly supported customers only and individual support cases of centrally contracted customers. Where individual schools part of a central support arrangement contact us (usually a doubled SLA) the cases will not be measured within the overall performance target.
Supported Products and Exceptions
Only ParentPay owned, licensed and sold products are covered by this SLA.
We do not take responsibility for supporting the use of other school or office software packages, including but not limited to:
- School MIS systems
- MS Office packages, Adobe Acrobat or similar products
ParentPay users are expected to have a basic understanding of these packages in so far as they are required to use them in working with ParentPay. We will aim to offer advice and assistance to help resolve support cases, as it deems appropriate and depending upon the time and resources available to it.
In the event that a large numbers of schools, from the same local authority, launch the product at the same time, or where ParentPay users are not trained or experienced at an appropriate level to use the service effectively, we reserve the right to adjust the Support Enquiries target times of this SLA, until such time as each school is using ParentPay effectively, after which the SLA continues to apply in full.
This SLA is not applicable and support services may be withdrawn under the following circumstances:
- The customer is not covered by a valid contract.
- The Annual Licence Fees or other Fees due are unpaid.
- The customer (or members of their staff using the system) have failed to follow the correct procedures for reporting faults or support issues or for requesting support – including when additional information has been requested to help resolve a case.
- The customer (or members of their staff using the system) have not completed the required training courses for using the system, or parts of the system where support is required.
- The customer (or members of their staff using the system) have failed to follow documented procedures, manuals, instructions or processes previously communicated to them for the appropriate and correct use of the system – including resources offered online on the school support site and any additional processes and procedures for events such as year-end, academic year change, pupil upload, managing pre-admissions, interfacing with cashless systems, business continuity and other similar events.
- The customer (or members of their staff using the system) have corrupted data, entered wrong data, imported or attempted to import data which is corrupted, incorrect, inconsistent or otherwise flawed.
We do not offer on-site support as a part of this SLA.
Schedule 3: Data Processing Agreement (“DP Agreement”)
This DP Agreement is by and between us, ParentPay Limited, a private limited company registered in England and Wales, with Company Number 04513692, having its registered office at 11 Kingsley Lodge, 13 New Cavendish Street, London, W1G 9UG (“Company”), and its Group Companies, (“Data Processor”) and you, the Customer (“Data Controller”)
1. Definitions and Scope
The following terms used in this Agreement shall have the meanings given to them below:
“Agreement” means the agreement between the Data Controller and the Data Processor for the provision of the ParentPay Products and Services;
“Company” means ParentPay Limited and its Group Companies;
“Customer” means the School or other establishment or organisation that contracts with the Company;
“Data” means the Personal Data disclosed to the Data Processor by or on behalf of the Data Controller in connection with the Purpose as more particularly described in Section 2, and Personal Data which may be disclosed by Data Subjects or by Data Controller by instructing the Data Processor to collect Personal Data directly from the Data Subject (or anyone authorised by the Data Subject to provide it);
“Data Protection Law” means law, legislation or regulation relating to data protection, the processing of Personal Data and privacy from time to time, including, but not limited to:
- the Data Protection Act 2018;
- (with effect from 25 May 2018) the General Data Protection Regulation (EU) 2016/679;
- the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as may be amended by the proposed Regulation on Privacy and Electronic Communications);
- any legislation that, in respect of the United Kingdom, replaces, or enacts into United Kingdom domestic law, the General Data Protection Regulation (EU) 2016/679, the proposed Regulation on Privacy and Electronic Communications or any other law relating to data protection, the processing of personal data and privacy as a consequence of the United Kingdom leaving the European Union; and
- more generally, references to statutory provisions include those statutory provisions as amended, replaced, re-enacted for the time being in force and shall include any bye-laws, statutory instruments, rules, regulations, orders, notices, codes of practice, directions, consents or permissions and guidelines (together with any conditions attached to the foregoing) made thereunder;
“Data Subject” means an individual who is the subject of any of the Data. The categories of Data Subject within the scope of this Agreement are listed in Schedule 1;
“Data Subject Request” means a written request of the Data Controller by or on behalf of a Data Subject to exercise any rights conferred by Data Protection Law;
“DP Agreement” means this Data Processor Agreement, including all Appendices and Schedules;
“Effective Date” means the effective date of this DP Agreement, which shall be the later of 25 May 2018 or the Effective Date of the Agreement;
“Good Industry Practice” means, in relation to any undertaking and any circumstances, the exercise of skill, diligence, prudence, foresight and judgement that would reasonably be expected from a skilled person engaged in the same type of undertaking under the same or similar circumstances;
“Group Company” means the Company, any subsidiary or any holding company from time to time of the Company, and any subsidiary from time to time of a holding company of the Company and each company in the Group is a Group Company. Group Companies shall include, but not be limited to:
- ParentPay (Holdings) Limited, a company registered in England and Wales with Company Number 08212986, having its registered office at 11 Kingsley Lodge, 13 New Cavendish Street, London, W1G 9UG, including its division trading as Schoolcomms (formerly Isuz Ltd);
- Cypad Limited, a company registered in England and Wales with Company Number 04335803, having its registered office at 11 Kingsley Lodge, 13 New Cavendish Street, London, W1G 9UG;
- WIS Services BV, a company registered in the Netherlands with Company Number 24353928, having its registered office at Stavorenweg 4, Gouda, 2803PT, Netherlands;
- WIS Software BV, a company registered in the Netherlands with Company Number 24353936, having its registered office at Stavorenweg 4, Gouda, 2803PT, Netherlands;
- Nimbl Limited, a company registered in England and Wales with Company Number 09276538, having its registered office at 11 Kingsley Lodge, 13 New Cavendish Street, London, W1G 9UG;
- Just Education Limited, a company registered in England and Wales with Company Number 10509472 and having its registered office at 11 Kingsley Lodge, 13 New Cavendish Street, London, W1G 9UG; and,
- Just Education Recruitment Limited, a company registered in England and Wales with Company Number 10509490 and having its registered office at 11 Kingsley Lodge, 13 New Cavendish Street, London, W1G 9UG;
“Party” means any of Data Controller or Data Processor, and “Parties” means Data Controller and Data Processor;
“Personal Data” means any information relating to an identified or identifiable natural person, where an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Purpose” means the purpose or purposes set out in Clause 2 of this DP Agreement;
“Service” means the ParentPay Products and Services or any other applicable services provided by the Company to the Customer;
“Security Breach” means any breach or suspected breach of any of the Data Processor’s obligations in terms of Clauses 5 and/or 6 or any other unauthorised or unlawful processing, accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or damage or access to the Data;
“Security Incident” means a Security Breach or a Security Risk;
“Security Measures” has the meaning defined in Schedule 3 of this DP Agreement, and as updated from time to time by the Data Processor;
“Security Risk” means any risks or vulnerabilities that are likely to affect the integrity or effectiveness of the Security Measures (including vulnerabilities relating to any software or third party system or network) that are known or ought reasonably to be known to the Data Processor;
“Sub-processor” means any third party data processor engaged by Data Processor who receives Personal Data from Data Processor for processing on behalf of Data Controller and in accordance with Data Controller’s instructions (as communicated by Data Processor) and the terms of its written subcontract;
“Supervisor” or “Supervisory Authority means the Information Commissioner’s Office, which is the UK’s data protection authority;
“Third Party Functions” means optional product integrations between the Service and third parties, which may be enabled by the Customer (examples include cashless and catering solutions, finance systems or social media).
- 1.1 This DP Agreement is an amendment pursuant to clause 12 of the ParentPay Terms and Conditions for Schools v5.0 or other contract or agreement between the parties for the provision, operation or use by the Customer of ParentPay Products and Services (“the Agreement”). The terms of this DP Agreement shall be applicable to all Customers using ParentPay Products and Services, however the Customer contracted to do so.
- 1.2 This DP Agreement is designed to bring the Company’s Customer contracts in line with the obligations and requirements relating to data protection as set out in the European Union General Data Protection Regulations (the “GDPR”). The GDPR will replace Data Protection Directive 95/46/EC. The GDPR will come into force on 25 May 2018.
- 1.3 Unless otherwise stated, words and expressions defined in the Agreement shall have the same meaning in this DP Agreement.
- 1.4 For the avoidance of doubt, in the event of any conflict between the terms of this DP Agreement and the Agreement (including all associated Schedules, Annexes and Appendices to the Agreement), the terms of this DP Agreement will take precedence.
- 1.5 This DP Agreement will take effect on 25 May 2018.
- 1.6 The governing law and jurisdiction applicable to the Agreement shall govern this DP Agreement.
- 2.1 Data Controller and Data Processor have entered the Agreement pursuant to which Data Controller is granted certain rights to access and use the Service. In providing the Service, Data Processor will engage, on behalf of Data Controller, in the Processing of Personal Data submitted to and stored within the Service by Data Controller or third parties with whom Data Controller transacts using the Service.
- 2.2 The Parties are entering into this DP Agreement to ensure that the Processing by Data Processor of Personal Data, within the Service by Data Controller and/or on its behalf, is done in a manner compliant with Data Protection Law and its requirements regarding the collection, use and retention of Personal Data of Data Subjects.
- 2.3 In providing the Service, Data Processor may in some circumstances become a data controller under Data Protection Law. In such circumstances, both parties shall continue to operate in full compliance with applicable Data Protection Law whilst acknowledging and accepting that the specific obligations and restrictions set forth in this DP Agreement may not apply.
- 2.4 Schedule 1 of this DP Agreement describes data elements the Data Controller will be uploading as part of the Service.
- 2.5 Schedule 2 of this DP Agreement describes the specific purpose and nature of the processing.
- 3.1 This Agreement will remain in force as long as Data Processor Processes Personal Data on behalf of Data Controller under the Agreement.
4. Obligations of the Data Processor
- 4.1 The Parties agree that the subject-matter of Processing performed by Data Processor under this DP Agreement, including the nature and purpose of Processing, the type of Personal Data, and categories of Data Subjects, shall be as described in Schedule 1 and Schedule 2 of this DP Agreement.
- 4.2 As part of Data Processor providing the Service to Data Controller under the Agreement, Data Processor agrees and declares as follows:
- 4.2.1 to process Personal Data in accordance with Data Controller’s documented instructions as set out in the Agreement and this DP Agreement or as otherwise necessary to provide the Service, except where required otherwise by applicable laws (and provided such laws do not conflict with Data Protection Law); in such case, Data Processor shall inform Data Controller of that legal requirement upon becoming aware of the same (except where prohibited by applicable laws);
- 4.2.2 to ensure that all staff and management are fully aware of their responsibilities to protect Personal Data in accordance with this DP Agreement and have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
- 4.2.3 to implement and maintain appropriate technical and organisational measures to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access (a “Data Security Breach”), provided that such measures shall take into account the costs of implementation and the nature, scope, context and purposes of Processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, so as to ensure a level of security appropriate to the risks represented by the Processing and the nature of the Data to be protected;
- 4.2.4 to notify Data Controller, without undue delay, in the event of a confirmed Data Security Breach affecting Data Controller’s Data and to cooperate with Data Controller as necessary to mitigate or remediate the Data Security Breach;
- 4.2.5 to comply with the requirements of Clause 5 (Use of Sub-processors) when engaging a Sub-processor;
- 4.2.6 taking into account the nature of the Processing, to assist Data Controller (including by appropriate technical and organisational measures), insofar as it is commercially reasonable, to fulfil Data Controller’s obligation to respond to requests from Data Subjects to exercise their rights under Data Protection Law (a “Data Subject Request”). In the event Data Processor receives a Data Subject Request directly from a Data Subject, it shall (unless prohibited by law) direct the Data Subject to the Data Controller in the first instance. However, in the event Data Controller is unable to address the Data Subject Request, taking into account the nature of the Processing, the complexity and frequency of the request(s), and the information available to Data Processor, Data Processor, shall, on Data Controller’s request and at Data Controller’s reasonable expense, address the Data Subject Request, as required under the Data Protection Law;
- 4.2.7 upon request, to provide Data Controller with commercially reasonable information and assistance, taking into account the nature of the Processing and the information available to Data Processor, to help Data Controller to conduct any data protection impact assessment or Supervisor consultation it is required to conduct under Data Protection Law;
- 4.2.8 upon termination of Data Controller’s access to and use of the Service, to comply with the requirements of Clause 9 of this DP Agreement (Return and Destruction of Personal Data);
- 4.2.9 to comply with the requirements of Clause 6 of this DP Agreement (Audit) in order to make available to Data Controller information that demonstrates Data Processor’s compliance with this DP Agreement; and
- 4.2.10 to appoint a security officer who will act as a point of contact for Data Controller, and coordinate and control compliance with this DP Agreement, including the Security Measures.
- 4.3 Data Processor shall immediately inform Data Controller if, in its opinion, Data Controller’s Processing instructions infringe any law or regulation. In such event, Data Processor is entitled to refuse Processing of Personal Data that it believes to be in violation of any law or regulation.
5. Use of Sub-Processors
- 5.1 Data Controller agrees that Data Processor may appoint Sub-Processors to assist it in providing the Service and Processing Personal Data provided that such Sub-Processors:
- 5.1.1 agree to act only on Data Processor’s written instructions when Processing the Personal Data (which instructions shall be consistent with Data Controller’s Processing instructions to Data Processor); and
- 5.1.2 agree to protect the Personal Data to a standard consistent with the requirements of this DP Agreement, including by implementing and maintaining appropriate technical and organisational measures to protect the Personal Data they Process consistent with the Security Measures described in Schedule 3 of this DP Agreement.
- 5.2 Data Processor agrees and warrants to remain liable to Data Controller for the subcontracted Processing services of any of its direct or indirect Sub-Processors under this DP Data Processor shall maintain an up-to-date list of the names and location of all Sub-Processors used for the Processing of Personal Data under this DP Agreement available upon request to the Data Protection Officer. Data Processor shall, where reasonably possible, inform the Data Controller at least 30 days prior to the date on which any newly appointed Sub-Processor shall commence processing Personal Data.
- 5.3 In the event that Data Controller objects to the Processing of its Personal Data by any newly appointed Sub-Processor as described in Clause 2, it shall inform Data Processor immediately, and in any case, no later than within the 30-day notification period. The Data Controller should present a reasonable justification for the objection as it relates to Data Protection Law – for example, if the processing is expected to present unnecessary risk to the interests, rights and freedoms of the data subject.
- 5.4 In the case that a Data Controller objects to the use of a Sub-Processor, its only remedy is to cease use of the Service and to terminate the Agreement subject to clause 3.4 of the Agreement. For the avoidance of doubt, such decision by the Data Controller will not diminish Data Controller’s obligations to pay the fees due under clause 3.4 of the Agreement.
- 5.5 In addition, the Service may provide links to integrations with Third Party Functions, including, without limitation, certain Third Party Functions which may be integrated directly into Data Controller’s account or instance in the Service. If Data Controller elects to enable, access or use such Third Party Functions, its access and use of such Third Party Functions is governed solely by the terms and conditions and privacy policies of such Third Party Functions, and Data Processor does not endorse, is not responsible or liable for, and makes no representations as to any aspect of such Third Party Functions, including, without limitation, their content or the manner in which they handle Data (including Personal Data) or any interaction between Data Controller and the provider of such Third Party Functions.
- 5.6 Data Processor is not liable for any damage or loss caused or alleged to be caused by or in connection with Data Controller’s enablement, access or use of any such Third Party Functions, or Data Controller’s reliance on the privacy practices, data security processes or other policies of such Third Party Functions. The providers of Third Party Functions shall not be deemed Sub-Processors for any purpose under this DP Agreement.
- 6.1 The Parties acknowledge that Data Processor uses security auditors to verify the adequacy of its security measures, including the security of the physical data centres from which Data Processor provides its data processing services. This audit:
- 6.1.1 will be performed at least annually;
- 6.1.2 will be performed according to ISO 27001 or PCI DSS standards or such other alternative standards that are substantially equivalent to ISO 27001 or PCI DSS;
- 6.1.3 will be performed by independent third party security professionals or suitably skilled in house staff at Data Processor’s selection and expense; and
- 6.1.4 will result in the generation of an audit report affirming that Data Processor’s data security controls achieve industry standards.
- 6.2 Data Processor shall provide appropriately detailed responses to Data Controller’s requests for information which may include responses to relevant information security and audit questionnaires.
- 6.3 At Data Controller’s written request, Data Processor will provide Data Controller with a confidential summary of the Report (“Summary Report”) so that Data Controller can reasonably verify Data Processor’s compliance with the security and audit obligations under this Agreement. The Summary Report will constitute Data Processor’s Confidential Information under the confidentiality provisions of Data Processor’s Agreement.
7. International Data Exports
- 7.1 Data Controller acknowledges that Data Processor and its Sub-Processors may maintain data processing operations in countries that are outside of the EEA. As such, both Data Processor and its Sub-Processors may Process Personal Data in non-EEA countries. This will apply even where Data Controller has agreed with Data Processor to host Personal Data in the EEA if such non-EEA Processing is necessary to provide support-related or other services requested by Data Controller.
- 7.2 Data Processor will make best endeavors to limit data exports to non-EEA countries to what is strictly necessary.
- 7.3 In all cases where transfers to non-EEA countries may take place, these transfers will be subject to necessary safeguards as defined within applicable Data Protection Law.
8. Obligations of the Data Controller
- 8.1 As part of Data Controller receiving the Service under the Agreement, Data Controller agrees and warrants that:
- 8.1.1 it is solely responsible for the accuracy of Personal Data and the means by which such Personal Data is acquired and the Processing of Personal Data by Data Controller, including instructing Processing by Data Processor in accordance with this DP Agreement, is and shall continue to be in accordance with all the relevant provisions of Data Protection Law, particularly with respect to the security, protection and disclosure of Personal Data;
- 8.1.2 that if Processing by Data Processor involves any “special” or “sensitive” categories of Personal Data (as defined under Data Protection Law), Data Controller has collected such Personal Data in accordance with Data Protection Law;
- 8.1.3 that Data Controller will ensure that Data Subjects receive a Privacy Notice compliant with Data Protection Law, the contents of which shall include but not be limited to:
- 8.1.4 the use of data processors to Process their Personal Data, including Data Processor; and
- 8.1.5 that their Personal Data may be Processed outside of the European Economic Area;
- 8.1.6 that it shall respond in a reasonable time and to the extent reasonably practicable to enquiries by Data Subjects regarding the Processing of their Personal Data by Data Controller, and to give appropriate instructions to Data Processor in a timely manner; and,
- 8.1.7 that it shall respond in a reasonable time to enquiries from a Supervisor regarding the processing of relevant Personal Data by Data Controller.
9. Return and Destruction of Personal Data
- 9.1 Upon the termination of Data Controller’s right to access and use the Service under the Agreement, Data Processor will for up to thirty (30) days following such termination permit Data Controller to export its Data, at its expense, in accordance with the capabilities of the Service. Following such period, Data Processor shall have the right to delete all Data stored or Processed by Data Processor on behalf of Data Controller in accordance with Data Processor’s deletion policies and procedures. Data Controller expressly consents to such deletion.
10. NO CONSEQUENTIAL DAMAGES; LIMITATION ON LIABILITY
- 10.1 UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY (WHETHER IN CONTRACT, TORT, NEGLIGENCE OR OTHERWISE) WILL EITHER PARTY TO THIS DP AGREEMENT, OR THEIR AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SERVICE PROVIDERS, SUPPLIERS OR LICENSORS BE LIABLE TO THE OTHER PARTY OR ANY THIRD PARTY FOR ANY LOST PROFITS, LOST SALES OR BUSINESS, LOST DATA (BEING DATA LOST IN THE COURSE OF TRANSMISSION VIA DATA CONTROLLER’S SYSTEMS OR OVER THE INTERNET THROUGH NO FAULT OF DATA PROCESSOR), BUSINESS INTERRUPTION, LOSS OF GOODWILL, OR FOR ANY TYPE OF INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, CONSEQUENTIAL OR PUNITIVE LOSS OR DAMAGES, OR ANY OTHER LOSS OR DAMAGES INCURRED BY THE OTHER PARTY OR ANY THIRD PARTY IN CONNECTION WITH THIS DP AGREEMENT, OR THE SERVICES, REGARDLESS OF WHETHER SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF OR COULD HAVE FORESEEN SUCH DAMAGES.
- 10.2 NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS DP AGREEMENT OR THE AGREEMENT, DATA PROCESSOR’S AGGREGATE LIABILITY TO DATA CONTROLLER OR ANY THIRD PARTY ARISING OUT OF THIS AGREEMENT AND ANY LICENSE, USE OR EMPLOYMENT OF THE SERVICE, SHALL IN NO EVENT EXCEED THE LIMITATIONS SET FORTH IN THE AGREEMENT.
- 10.3 FOR THE AVOIDANCE OF DOUBT, THIS SECTION SHALL NOT BE CONSTRUED AS LIMITING THE LIABILITY OF EITHER PARTY WITH RESPECT TO CLAIMS BROUGHT BY DATA-SUBJECTS.
Schedule 1: Data Elements, categories of Data Subjects
|Data Subject (Who)||Data Category (What)||Description|
|Pupil \ Student||Forename||This is the forename of the pupil.|
|Pupil \ Student||Surname||This is the surname of the pupil.|
|Pupil \ Student||Known as||This is the name that the pupil is known as.|
|Pupil \ Student||DOB||This is the date of birth of the pupil.|
|Pupil \ Student||Gender||This is the pupil’s gender|
|Pupil \ Student||Year Group||The year the pupil is in|
|Pupil \ Student||Registration Class||The name of the pupil’s registration class (if any)|
|Pupil \ Student||Salutation||This is the pupil’s salutation.|
|Pupil \ Student||Dietary Requirements||This is the pupils special dietary requirements|
|Pupil \ Student||Postal Address||The student’s postal address|
|Pupil \ Student||Meal Selections and spend histo||This is a history of a pupil’s meal selections and spends for school meals or meal-related items.|
|Parents \ Contacts||Title||This is the contact’s title (Mr, Mrs, Ms, etc).|
|Parents \ Contacts||Forename||This is the contact’s forename.|
|Parents \ Contacts||Surname||This is the contact’s surname.|
|Parents \ Contacts||Authentication data||Username and password or other authentication tokens|
|Parents \ Contacts||Gender||The contact’s gender|
|Parents \ Contacts||House Name||The text entered as the contact’s house name.|
|Parents \ Contacts||Street||The text entered as the contact’s street.|
|Parents \ Contacts||Locality||The text entered as the contact’s locality.|
|Parents \ Contacts||Town||The text entered as the contact’s town.|
|Parents \ Contacts||Postcode||The text entered as the contact’s post code.|
|Parents \ Contacts||Day Telephone||The contact’s daytime telephone number.|
|Parents \ Contacts||Home Telephone||The contact’s home telephone number.|
|Parents \ Contacts||Mobile Telephone||This is the contact’s mobile telephone number.|
|Parents \ Contacts||This is the contact’s E-mail address.|
|Parents \ Contacts||Payment card details||Payment details are forwarded to a 3rd party payment processor|
|Parents \ Contacts||Other||This is the contact’s alternative communication method.|
|Parents \ Contacts||In-app messages||Messages sent from parents to school within the application|
|Parents \ Contacts||Trouble ticket data||When users submit trouble ticket information, this gets stored.|
|Parents \ Contacts||Payment History and balances||This is the contact’s history of payment transactions, including reversals, ref and withdrawals of funds.|
|Parents \ Contacts||Shop information||ParentPay can be used as a payment page from externally or internally host shop systems. This the information captured as part of the (“shopping basket”).|
|School Staff||Title||This is the staff member’s title (Mr, Mrs, Ms, etc.).|
|School Staff||Forename||This is the staff member’s forename.|
|School Staff||Surname||This is the staff member’s surname.|
|School Staff||Gender||The staff member’s gender|
|Website Access||IP Address||The network address of your device or internet connection|
|Website Access||Browser Type and Version||The type of Web Browser your device is using|
|Website Access||Cookies||Special records in your browser to help the website operate|
|Website Access||Web Analytics||Generalised information about browsing behaviour and page statistics|
Schedule 2: Purpose for Processing
To provide payment collection, payment processing, parent communication and management information systems and services for the education market in the form of the ParentPay Products and Services.
Schedule 3: Security Measures
As of the Effective Date of this DP Agreement, when Processing Personal Data on behalf of Data Controller in connection with the Service, Data Processor shall implement and maintain the following technical and organizational security measures for the Processing of such Personal Data (“Security Measures”):
- Physical Access Controls: Data Processor shall take reasonable measures to prevent physical access, such as security personnel and secured buildings and factory premises, to prevent unauthorised persons from gaining access to Personal Data, or ensure Third Parties operating data centres on its behalf are adhering to such controls.
- System Access Controls: Data Processor shall take reasonable measures to prevent Personal Data from being used without authorisation. These controls shall vary based on the nature of the Processing undertaken and may include, among other controls: authentication via passwords; two-factor authentication; documented authorisation processes; documented change management processes; and/or, logging of access on several levels.
- Data Access Controls: Data Processor shall take reasonable measures to provide that: Personal Data is accessible and manageable only by properly authorised staff; direct database query access is restricted; application access rights are established and enforced to ensure that persons entitled to use a data processing system only have access to the Personal Data to which they have privilege of access; and, that Personal Data cannot be read, copied, modified or removed without authorisation in the course of Processing.
- Transmission Controls: Data Processor shall take reasonable measures to ensure that it is possible to check and establish to which entities the transfer of Personal Data by means of data transmission facilities is envisaged so Data cannot be read, copied, modified or removed without authorisation during electronic transmission or transport.
- Input Controls: Data Processor shall take reasonable measures to provide that it is possible to check and establish whether and by whom Data has been entered into, modified or removed from data processing Data Processor shall take reasonable measures to ensure that (i) the Personal Data source is under the control of Data Controller; and (ii) Personal Data integrated into the Service is managed by secured transmission from Data Controller.
- Data Backup: Back-ups of the databases in the Service are taken on a regular basis, are secured, and encrypted to ensure that Personal Data is protected against accidental destruction or loss when hosted by Data Processor.
- Data Security: Where appropriate and reasonable, Data Processor should make use of accepted Data Security controls including but not limited to encryption, pseudonymisation and anonymisation.
- Logical Separation: Data from different Data Processor’s Customers is logically segregated on Data Processor’s systems to ensure that Personal Data that is collected for different purposes may be Processed separately.
- Network Security Controls: Data Processor shall implement appropriate network security controls based on risk assessment as it relates to Data Protection; commonly including Firewalls, Anti-Malware and system logging.
- Security Testing and Assurance: Data processor shall establish mechanisms for testing and assessing the effectiveness of technical or organisational measures used for establishing Information Security.