Terms and Conditions

PPL Terms and Conditions for Customers v5.4 (April 2022)

These terms and conditions (“Agreement”) form the legal basis for using PPL Products and Services, as operated and offered by ParentPay Limited (“PPL”) (Registered No. 04513692) trading from The Exchange, Express Park, Bristol Road, Bridgwater TA6 4RR.

The terms: “you,” and “your” are referring to you, your employees, and your users; “we” and “our” refer to PPL; and, references to “party” and “parties”’ refer to either or both of us as a party or parties to this Agreement.

You agree you have read, understood and agree to these terms and conditions by either: signing a document within which this Agreement is referenced; or, accepting this Agreement as part of an application form submitted to us, including those submitted electronically; or, installing, accessing, or using PPL Products and Services.

PPL User Service Agreement

1. Definitions and Interpretation

1.1. Definitions

“Acquirer”	the organisation licensed as a member of a Scheme, which: processes Card Payments for us, where we are acting as a merchant on your behalf; or, sponsors our processing of Direct Debit payments via BACS, where we are acting as a Direct Debit service user on your behalf;
“Agreement”	this agreement between us and you for the provision of PPL Products and Services. Unless expressly agreed by us in writing, you shall be deemed to have only one Agreement with us for the provision of PPL Products and Services, regardless of the number of different PPL Products and Services used, or contracted for by you;
“Annual Licence Fee”	the Annual Access Fee and the Audit Fee charged at the Effective Date and either annually, or in April of each year thereafter, for a minimum period of the Initial Term;
“Annual Access Fee”	an annual charge of £10 made to you in consideration of a licence to access and use any PPL Products and Services for which you have contracted under this Agreement, representing a charge made for services supplied until the next Annual Licence Fee invoice is due;
“Audit Fee”	the charge made to you for Audit Services, representing a charge made for services suppled at the point of invoicing, which shall usually be linked to the number of pupils on roll in your School;
“Audit Services”	services provided as part of this Agreement including ensuring the accuracy of pupil roll and standing data held, reviewing security, data protection and other relevant industry, regulatory or legislative requirements, completed at, or shortly after the Effective Date, and when subsequent Annual Licence Fees are charged;
“Bank Payment”	a Load made from a valid bank account using the Direct Debit scheme or any similar supported bank transfer functionality offered by us to Parents;
“Business Day”	a day (other than a Saturday or Sunday) on which banks are open for normal banking business in the City of London;
“Card Payment”	a Load made using a valid, accepted, credit or debit card;
“Charge Back”	reversal of a Load used to make a Parent Payment for a Payment Item of yours because of a perceived violation of Scheme rules or procedures, arising from a disagreement over issues such as: whether or when a payment occurred; the provision of the goods or services to which the payment relates; the amount involved, or, whether consent for the payment was given by the account holder;
“Charge Back Fee”	the charge made to you for the processing of Charge Backs including: the investigation of the circumstances surrounding the Charge Back; collation and submission of evidence to the Acquirer; the processing of the reversal via adjustment to Remittance; and, the payment of fees to the Acquirer in respect of the Charge Back;
“Confidential information”	all information which prior to, or upon, its disclosure is communicated to the receiving party as being confidential by the disclosing party, or which should reasonably be considered as information of a confidential nature by the receiving party, provided that this definition shall not include information which: is at the time of disclosure in the public domain; subsequently comes into the public domain other than by the deliberate act of the receiving party; is in the possession of the receiving party at the time of the disclosure; is subsequently disclosed to the receiving party by a third party without restrictions as to its use or disclosure; is independently developed by employees of the receiving party who have not had access to the information disclosed; or, is information disclosed pursuant to a requirement of law.
“Content”	any data, information, text, or other material uploaded to, posted into, or sent via PPL Products and Services, including SMS text messages and emails, whether sent by you, from your account login; or, by us on your behalf;
“Data Fees”	the charge made to you for a Data Plan;
“Data Plan”	the mobile data plan associated with each Hardware device, which provides access to the internet via a mobile sim card, whereby the Data Plan has a maximum data transfer limit, and is intended for use solely in connection with the PPL Products and Services;
“Effective Date”	the date this Agreement becomes effective either: the date you sign a document, contract, commercial schedule or proposal incorporating or referencing this Agreement; the date a valid application form is submitted electronically by you; or, your first use of PPL Products and Services; whereby, in the case of you contracting for multiple PPL Products and Services, the most recent application form submitted or the most recently signed contract or commercial schedule;
“Fees”	fees charged by us to you in relation to this Agreement, including: Annual Licence Fees; Payment Service Fees; Setup and Training Fees; SMS Text Credit Fees; Rental Fees; and, Data Fees;
“Force Majeure”	any event which is outside the reasonable control of the relevant party, including without loss of generality: the unavailability or faulty performance of communication networks or energy sources; any act of God; any act or omission of governmental or other competent authority; fires; strikes and industrial disputes; riots, war, civil unrest, revolution or acts of terrorism; inability to obtain materials; embargos; refusal of licences; theft; destruction; denial of service (DoS) attacks; unauthorised access to computer systems or records, programs, equipment, data, or services; breakdown of plant or machinery; and, flood or other adverse weather conditions;
“Hardware”	the hardware device which may be rented by you from us;
“Holding Account”	a dedicated bank account managed by us, which holds funds including the aggregate total value of Parent Account Balances and Parent Payments not yet included in a Remittance;
“Initial Term”	a period of thirty-six (36) months from the Effective Date;
“Load”	the process by which a Parent adds funds to their Parent Account Balance using the PPL Products and Services and supported Scheme payment methods, including Card Payments and Bank Payments;
“Notices”	any Notice is deemed to be served by us if it is: sent to you via post or email; or, posted on our websites; or, posted to any online account or portal service available to you on PPL Products and Services. Any Notice is deemed to be served by you if it is sent in writing by one of the School’s duly authorised directors or office holders: by email to accounts@parentpay.com or other email address as we may advise from time to time; or, is sent by recorded delivery to the Bridgwater office address at the top of this Agreement.
“Parent”	a parent or guardian of a pupil enrolled in your School whose record is uploaded to the PPL Products and Services by you and whose Parent Portal login is activated by them;
“Parent Account”	a virtual account operated by us, accessed by parents via the Parent Portal, into which Parents can Load funds and, in some cases maintain a Parent Account Balance, for use in making Parent Payments for Payment Items via PPL Products and Services;
“Parent Account Balance”	the individual balance of a Parent’s Parent Account;
“Parent Payment”	the process by which a Parent makes a payment for Payment Items, using PPL Products and Services, whereby the Transaction Value is deducted from the Parent Account Balance;
“Parent Portal”	the online portal provided by us, in some cases also accessible as a mobile app, that provides Parents with access to a range of services, including the ability to view Content and the facility to make Parent Payments for your Payment Items. For the avoidance of doubt, the Parent Portal may include Content from Parents’ other Schools and/or Content from us;
“Payment Collection Service”	the service offered by us which facilitates the collection of funds by you, in respect of your Payment Items, which includes: the processing of Loads and Parent Payments; the processing of Refunds; the management of the Holding Account, settlement services for the Remittance; related reporting services; the handling of Charge Backs; and, operation of the Payment Collection Service in line with relevant regulatory requirements and Scheme rules;
“Payment Item”	a good or service offered to Parents by you, your suppliers or affiliates, or by us, via the PPL Products and Services;
“Payment Service Fee”	a fee charged by us to you, for the use of PPL Products and Services by you and your Parents, which includes inter alia: access to relevant enhancements and updates to PPL Products and Services; remote hosting of the PPL Products and Services; support services provided to you and/or to your Parents; certification and management of security requirements; and, the operation of the Payment Collection Service;
“PayPoint Payment”	a Load made in cash at PayPoint authorised agents or terminals, via the PayPoint Scheme;
“PPL Desktop Products”	specific products provided by us, which are designed to run locally in the School, on a compatible pc, to facilitate the operation of the PPL Products and Services, including the transfer of pupil and Parent data from you to us;
“PPL Products and Services”	our products and services which may include: ParentPay, Schoolcomms and Cypad branded products; PPL Desktop Products; related support sites for these products; and, services provided by us that may include the Payment Collection Service, Audit Services, and other services such as support, setup, training, project management and consultancy;
“Premises”	your premises at which the Rental is to be provided;
“Refund”	the process by which you cancel all or part of a Parent Payment for a Payment Item. or, in the case of a Reversal, where the system cancels the Parent Payment, resulting in an amount being deducted from a Remittance made to you by us and returned either directly to the Parent, or, to the Parent Account Balance,
“Refund Transaction Value”	the value of a full or partial Refund or a Reversal;
“Remittance”	the aggregate net total of the Transaction Value of all Parent Payments, minus the Refund Transaction Value of all Refunds for Parent Payments processed on your behalf during the last Settlement Period, after deduction of: Fees; amounts due for any Charge Backs; any fines or additional fees due to the Acquirer related to your Parent’s Card Payments; and, any other outstanding amounts due to us under the Agreement;
“Renewal Term”	each subsequent period of thirty six (36) months after the end of the Initial Term;
“Rental”	the rental of the Hardware(s) by you, subject to this Agreement;
“Rental Extension Fees”	the charges made to you for an unplanned extension to the Rental Term, which shall be equivalent to a pro rata amount of one hundred and fifty percent (150%) of the Rental Fees, whereby the minimum Rental Extension Fee shall be for a period of one (1) month, and, for unplanned extensions longer than twenty eight (28) days, shall be a minimum of twelve (12) months;
“Rental Fees”	the charges made to you, for the Rental;
“Rental Term”	the agreed period of the Rental, which, unless specifically agreed to the contrary, shall be equivalent to the Term of this Agreement;
“Reversal”	the reversing of a Load, either by the Scheme, or by us, due to: an inability to collect funds from the Parent; where the Load was processed in error; or, where failing to reverse the Load is likely to result in a Charge Back, cancellation, or breach of Scheme rules; whereby, when a Reversal takes place, any Parent Payment(s) processed as a result of the Load which is reversed, will also be reversed, having the same effect as a Refund;
“RPI”	the All Items Retail Price Index as published by the Office of National Statistics from time to time;
“Scheme”	an organisation which manages and controls the rules for clearing of payments through a network of participating members or entities, or an organisation which operates or owns such a network, where Schemes which are supported for Loads may include American Express, BACS/Direct Debit, MasterCard, PayPoint and Visa, and where the supported Schemes may change from time to time;
“School”	you, the school or other establishment or organisation, that contracts with us under this Agreement;
“Settlement Period”	the regular period as part of the Payment Collection Service for which the Remittance is calculated, currently from 00:00 on either a Tuesday or Wednesday to 23:59 and 59 seconds the following Monday or Tuesday respectively, either weekly or bi-weekly, depending upon the cycle relevant to you, or at a frequency or cycle that may be notified by us to you from time to time by means of a Notice;
“Setup and Training Fee”	the charge made to you for the activation and initial remote basic setup of your online account within the PPL Products and Services and for access to our web based training course, representing a charge made for services suppled at the point of invoicing;
“SMS Text Credit Fee”	the charge made for sending SMS messages via ParentPay Product and Services, whereby one full credit is charged for each standard SMS message or part thereof, where an SMS message is defined under the GSM 03.38 standard. The fee represents a charge made for services suppled at the point of invoicing if paid in arrears, or for services supplied at the time the SMS messages are sent, if pre-paid in bundles;
“Term”	the Initial Term or a Renewal Term as the context so allows;
“Trademarks”	all of our trademarks and logo’s that exist now or in the future, both registered and non-registered, as may be specified by us from time to time;
“Transaction Value”	the price payable by a Parent for a Payment Item or a set of Payment Items acquired in a single transaction;

1.2. Clause and Schedule headings shall not affect the interpretation of this Agreement.

1.3. References to clauses and Schedules are to clauses of and Schedules to this Agreement and references to paragraphs and Parts are to paragraphs and Parts of the relevant Schedule.

1.4. The Schedules form part of this Agreement and shall have effect as if set out in full in the body of this Agreement. Any reference to this Agreement includes the Schedules. Where there is a conflict between the Schedules and the clauses in the body of this Agreement, the terms of the Schedules shall take precedent over this Agreement.

1.5. A reference to this Agreement or to any other agreement or document referred to in this Agreement is a reference to this Agreement or such other agreement or document as varied, superseded or novated (in each case, other than in breach of the provisions of this Agreement or the provisions of the agreement or document in question, as appropriate) from time to time.

1.6. Unless the context otherwise requires words in the singular shall include the plural and, in the plural, shall include the singular.

1.7. A person includes a natural person, corporate or unincorporated body (whether or not having a separate legal personality).

1.8. A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.

1.9. Any words following the terms including, include, in particular or for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.

1.10. Where the context permits, other and otherwise are illustrative and shall not limit the sense of the words preceding them.

1.11. A reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted from time to time.

1.12. A reference to a statute or statutory provision shall include all subordinate legislation made from time to time under that statute or statutory provision.

1.13. Any obligation on a party not to do something includes an obligation not to allow that thing to be done.

2. Licence Terms

2.1. In consideration of your payment of the Annual Access Fee, we agree to provide you with, and you hereby accept, a non-exclusive, non-transferable licence for you to access and use PPL Products and Services for the Term, subject to the conditions laid out below.

2.2. The licence will at all times be governed by this Agreement.

2.3. The licence extends only to those specific PPL Products and Services which you have ordered, where we have accepted the order and charged you the relevant Annual Licence Fee.

2.4. The licence allows you and your Parents to use PPL Products and Services for your own internal use only, is personal to you, and may not be assigned, sub-licensed, sold, resold, transferred, distributed or otherwise disposed of or commercially exploited in any way, including by way of charge, lien or other encumbrance. This licence may extend to use by schools under your control, or receiving services under a contract operated by you, only where specifically detailed by you and accepted by us, and, in doing so, you accept responsibility for ensuring those schools abide by the licence terms set out in this Agreement

2.5. You are expressly forbidden and you hereby agree not to: modify, translate, adapt, disassemble, decompile, reverse engineer, or in any way copy the software used in the PPL Products and Services; or, to copy or emulate in any way the design, layout, or functionality of PPL Products and Services.

2.6. PPL Products and Services are provided under the absolute condition that:

2.6.1. they may not be used to undertake or support: unsolicited commercial emailing; bulk emailing (other than the legitimate emailing of Parents) or other bulk or unsolicited messaging, regardless of the message transport mechanism;
2.6.2. they may not be used to distribute defamatory speech, pornography, flaming or abusive content of any kind;
2.6.3. they may not be used for distribution of internet viruses, worms, trojan horses or other malware;
2.6.4. they may not allow the violation of the copyright of any third parties;

2.7. Any breach of clause 2.6, or what may be reasonably interpreted as a breach, would be a breach of this Agreement and not withstanding any payments made or received will cause us to take such action as is necessary to preserve our good name at our sole discretion, including immediate termination of service and this Agreement.

2.8. We may impose reasonable conditions regarding the ethical, moral and legal use of PPL Products and Services from time to time. You shall impose conditions on your users and Parents to the extent necessary to ensure compliance with the terms and intent of this Agreement.

2.9. You hereby grant us the right to: connect to your IT systems; and, host, download, view, analyse and retain your Content in so far as it is necessary for the provision of the PPL Products and Services to you and your users, as envisaged in this Agreement, which shall inter alia include the following purposes:

2.9.1. verification of your identity where required;
2.9.2. prevention and detection of crime, fraud and money laundering;
2.9.3. provision of the PPL Products and Services covered by this Agreement;
2.9.4. ongoing administration of PPL Products and Services;
2.9.5. improvement of PPL Products and Services including developing new PPL Products and Services;
2.9.6. research and statistical analysis including payment and usage patterns; and,
2.9.7. compliance with our legal and regulatory obligations.

2.10. We may retain your Content for as long as is necessary to fulfil the purpose(s) set out in Clause 2.8 and in accordance with the law.

2.11. PPL Products and Services are provided as software as a service. As such, the Annual Access Fee relates to the use of the PPL Products and Services as a service, but does not provide access to or copies of the software used to deliver this service, except in the case of PPL Desktop Products, which may be installed locally subject to Clause 2.11 below.

2.12. Solely to support the operation of the PPL Products and Services, including facilitating the transfer of pupil and Parent data from your management information system (“MIS”) to us, you may install and use one copy of PPL Desktop Products, on a computer on your premises that you use to exchange data between your MIS system and us. Additionally, you may make one backup copy of PPL Desktop Products, as necessary for the continuation of this service. Where the commercial terms of the specific licence allow, you may install and use more than one copy of PPL Desktop Products. After termination of this Agreement, all rights under this licence are terminated and you must securely delete any and all copies of PPL Desktop Products held by you as a result of this Agreement.

3. Term and Termination

3.1. This Agreement shall commence on the Effective Date for the Initial Term and shall be renewed for each Renewal Term thereafter, unless terminated in accordance with the terms set out herein.

3.2. Notwithstanding clause 3.1, we shall have the right to terminate this Agreement immediately in the event that:

3.2.1. you breach any representation, warranty, covenant or other obligation under this Agreement;
3.2.2. you are delinquent in any payment hereunder thirty (30) days after the same has become due;
3.2.3. you assign this Agreement to another party without the required consent;
3.2.4. we are requested to do so by a Scheme or financial institution or any other party upon whose services we rely; or you have any distress, execution or other process levied upon your assets; or you make or offer to make any arrangement or composition with any one or more of your creditors or commit any act of bankruptcy; or if any petition or receiving order in bankruptcy is presented or made against you; or if any resolution or petition for your winding up is issued or passed or presented otherwise than for a reconstruction or amalgamation; or you become subject to an administration order; or you cease or threaten to cease to carry on your business; or your financial position deteriorates to such an extent that in our reasonable opinion your capability to adequately to fulfil your obligations under this Agreement has been placed in jeopardy.

3.3. Either party may terminate this Agreement without cause at the end of the Initial Term or at the end of the Renewal Term by giving Notice to the other party of their intention to terminate, provided that the Notice is given at least three (3) months prior to the end of the Term.

3.4. Notwithstanding the provisions of Clause 3.3, you may terminate this Agreement at any time, with or without cause, upon giving us Notice of your intended termination date, which shall be deemed to be three (3) months after Notice is properly given, provided that you pay any and all fees due to us under this Agreement as set out in this Clause 3.4. The fees due shall be no less than the Fees due under this Agreement in the preceding twelve (12) months (“Annual Fees”), multiplied by the number of years, or part years, remaining from the date of termination to the end of the Term, or the proportion of the fees due that represents a fair reflection of our losses. Where Notice is given less than three (3) months before the end of the Term, a new Renewal Term will have deemed to have started. Where Notice is given less than twelve (12) months after the Effective Date, the Annual Fees shall be calculated based upon the Fees incurred since the Effective Date, pro-rated to a twelve (12) month period.

3.5. Upon any termination of this Agreement, you shall immediately discontinue the use of all PPL Products and Services and any license granted under this Agreement shall terminate.

3.6. Upon any termination of this Agreement by us, under Clause 3.2, you shall remain liable for any and all fees due to us in line with Clause 3.4 above and such fees will be due to us immediately on termination, where the date of termination shall be deemed to be the first date a breach condition took place.

3.7. Termination, repudiation or expiry of this Agreement will be without prejudice to any accrued rights of either party and will not affect obligations which are expressed not to be affected by repudiation, expiry or termination of this Agreement.

4. Fees – General

4.1. All Fees are in Pounds Sterling and are subject to applicable taxes, including Value Added Tax at the rate prevailing at the tax point of sale.

4.2. We will charge you a Setup and Training Fee and an Annual Licence Fee, in line with the most recent, valid, commercial schedule or proposal provided to you, however we will be entitled to increase or decrease the Audit Fee to reflect any changes in the pupil roll number.

4.3. The Setup and Training Fee and the initial Annual Licence Fee is due no later than the earlier of: the payment terms laid out in 5.1; or, prior to initial availability of PPL Products and Services to Parents.

4.4. We will charge you a subsequent years’ Annual Licence Fee in April of each year during the Term, or, if specifically detailed in your commercial schedule or proposal. on the anniversary of the Effective Date. We reserve the right to change the date of the subsequent years’ Annual Licence Fee, once during each Term of the Agreement, by means of a Notice.

4.5. We will charge you Payment Service Fees in line with the prevailing rate at the time of invoice, such fee to be collected via a net settlement process as part of the Payment Collection Service, or, if specifically detailed in your commercial schedule or proposal, invoiced periodically in arrears. We hereby reserve the right to change the frequency of the invoicing of the Payment Service Fees by issuing a Notice.

4.6. We will charge you an SMS Text Credit Fee for any SMS messages sent from your account, charged at the prevailing rate at the time of invoice, whether bought in blocks of credits in advance, or charged in arrears based on usage.

4.7. Regardless of whether PPL Products and Services are used at all, or whether PPL Products and Services are continually used throughout the Initial Term, or any Renewal Term, we do not offer and shall not be obliged to make, any refunds of any valid Fees charged under this Agreement.

4.8. We retain the right to revise our Fees to you at no less than thirty (30) days’ notice, provided that we serve a valid Notice of this change. You are entitled to terminate this Agreement per the effective date of the increase, by sending us a Notice within fourteen (14) days of our Notice of the change, where any price increase, other than an increase in the Audit Fee as a result of an increase in pupil roll numbers, is more than the greater of twice RPI or five (5) percent per annum, during the Initial Term, or the greater of twice RPI or ten (10) percent per annum thereafter. For the avoidance of doubt, after termination under this clause 4.8, no further Annual Licence Fee shall be charged to you, however, no Fees shall be refunded and such termination shall not diminish your responsibility to pay Fees already charged by us.

5. Payment, invoicing and debt

5.1. Payment shall be made in Pounds Sterling into the account designated by us, or as may otherwise be agreed in writing by the parties. Payments are due within 30 days of the date of the invoice. If due to bank charges, transfer fees, or the like, we receive less than the invoiced amount, other than as a result of charges by credit card companies, we will re-invoice you for the shortfall. Should payment in full of any invoice (aside from such shortfalls) not be received by us within forty five (45) days after invoice date, we may impose a debt service charge on the overdue balance for each 30-day period or fraction thereof that the overdue amount remains unpaid amounting to three and a half percent (3.5%) above the sterling base rate quoted from time to time by Barclays PLC. In the event that any amount remains unpaid forty five (45) days after date of invoice, you will be in breach of this Agreement and we may discontinue, withhold, or suspend services to you without any further notice. Our decision not to take action for sums overdue does not diminish your responsibility to pay any and all outstanding amounts due to us.

5.2. You hereby agree to pay reasonable and appropriate legal fees, court costs, and related expenses incurred by us in the collection of any overdue amounts from you.

6. Your Responsibilities

6.1. You will support your Parents in the use of the PPL Products and Services by providing first line support to them.

6.2. Where you use our logo, you will use a logo approved and provided by us, and will ensure that alt tags for the logo are accurate based on the copy provided by us.

6.3. Where you use text on your website to promote and describe us or PPL Products and Services, you will use text provided by, or approved by us prior to release, such approval not to be unreasonably withheld by us.

6.4. You hereby represent and warrant to us that:

6.4.1. you will not conduct your business in any manner that harms our value and reputation or of the value and reputation of our third party service providers;
6.4.2. you will conduct your business affairs in an ethical manner and in accordance with the terms and intent of this Agreement, and in compliance with all applicable laws and regulations;
6.4.3. you will not use PPL Products and Services in connection with any illegal or fraudulent activities as determined by the relevant applicable jurisdiction;
6.4.4. you shall not permit nor authorise any other person or business to use PPL Products and Services unless specifically agreed with us in writing in advance;
6.4.5. you will keep your password and login details confidential and will report any suspected breach immediately to us;
6.4.6. you will not copy our websites, PPL Products and Services or its functionality, or use your account access to aid in the development of a competitive product or service by yourselves or any other third party, nor will you allow any third party to access your account for these purposes;
6.4.7. you will not publish or copy any information on our website without our written permission, nor infringe intellectual property or content copyrights owned by us or any third party suppliers of ours.
6.4.8. you will accept responsibility for any and all Content provided under your account login, regardless of whether the user using your account login has been authorised by you to do so, and, regardless of any Audit Services we may perform, you accept that we owe no obligation to you or anyone else to monitor, check or review the legality, validity or accuracy of any Content.

6.5. You will take all reasonable measures to preclude us from being made a party to any lawsuit or claim regarding PPL Products and Services provided to any user, including School staff and Parents. You hereby agree to indemnify and hold us harmless from any and all claims of whatever nature brought by any of your users or Parents against us in excess of the remedy set forth in clause 8.1 below.

7. Our responsibilities

7.1. We will use reasonable technical and organisational measures and endeavours, and reasonable skill and care to:

7.1.1. provide PPL Products and Services in a professional accurate and timely manner and to maintain the availability of the service for you and your Parents;
7.1.2. prevent unauthorised, unlawful or accidental processing of or access, destruction or damage to your Content;
7.1.3. ensure Content and payment data is stored and processed in a secure manner using appropriate industry standard security;
7.1.4. remain accredited under the Payment Card Industry Data Security Standard;
7.1.5. comply with the EU General Data Protection Regulation (“GDPR”) when processing data submitted by you, or data held by you as a Data Controller, thus performing our duties as a Data Processor under the GDPR, in line with Schedule 3 to this Agreement, the Data Processing Agreement;
7.1.6. notify you as soon as possible of any loss of, damage, destruction or unauthorised access to your Content;
7.1.7. provide the support services as described in our Service Level Agreement, as may be provided by us from time to time;

8. Limitation of Liability

8.1. Nothing in this Agreement, including the limits and exclusions in the remainder of this clause 8, shall limit or exclude our liability for death or personal injury resulting from our negligence, fraud or fraudulent misrepresentation, or any other liability which cannot be legally excluded or limited.

8.2. Subject to the other terms of this clause 8 our maximum aggregate liability arising in connection with this Agreement, whether arising in contract, tort, negligence or otherwise, and whether an act, omission or breach of statutory duty of us our employees, agents, subcontractors or suppliers, in respect of any single event or series of connected events, shall not in the aggregate exceed the total amount of Annual Licence Fees due and paid by you, for the calendar year in which the event resulting in liability arises.

8.3. Subject to 8.1 above, we assume no responsibility for, and you shall indemnify and keep us and our employees, agents, subcontractors or suppliers indemnified for, any loss, damage, or injury to any person or property of whatever nature and whether direct or indirect, occasioned by, arising from, or due to:

8.3.1. the breach by you or your systems of any applicable laws;
8.3.2. representations made by you to Parents including without limitation any representations relating to your creditworthiness;
8.3.3 the suitability, availability, appropriateness, lawfulness or quality of any of your Payment Items;
8.3.4. the inaccuracy or unlawfulness of any of your Content;
8.3.5. any payments made to unintended recipients due to the input of incorrect information by you or your Parents;
8.3.6. your reliance on any information issued by our Acquirer(s) including any fraud or card verification checks carried out by them;
8.3.7. any Charge Backs or any refunds payable to or from any Parents or other persons;
8.3.8. any cause over which we do not have direct control, including: problems attributable to computer hardware or software, including computer viruses and malware; telephone or other communications failures; internet service provider failures; or delays, non-deliveries, mis-deliveries, or service interruptions arising from Force Majeure;
8.3.9. unauthorised interception or use of your data or Content;
8.3.10. any actions or transactions by any individual or entity that uses your username, password or other login credentials or data used to identify you to us;
8.3.11. any breach by you of your obligations under the GDPR or Schedule 3 to this Agreement, the Data Processing Agreement; and
8.3.12. any breach by you of clause 6 above;
except and to the extent such losses result directly from our knowing or wilful misconduct.

8.4. PPL Products and Services are provided “as is” and we disclaim, and you waive, any warranties, express or implied, as to merchantability, fitness for a particular purpose, title, non-infringement or any other warranty, guarantee or representation relating to PPL Products and Services and those arising by statute or otherwise in law. We do not guarantee continuous availability of the service, service at a particular time, or service without error and cannot be held responsible for any downtime or difficulties in accessing the service or for delays in or inability to send messages.

8.5. We shall not be liable to you or any of your users or Parents, for any direct, indirect or consequential losses including, but not limited to, loss of business, profit, reputation, interest, goodwill, or anticipated savings, including any type of special, punitive, consequential or indirect loss whatsoever.

8.6. If you wish to make a claim against us, you should notify us in writing including details of the claim, at the earliest possible time after becoming aware, or you should reasonably have become aware, of the event or error leading to such a loss, but in any case, not later than three (3) months after the loss.

9. Confidentiality

9.1. You acknowledge that by reason of your relationship with us hereunder, you may have access to certain information and materials relating to our business, plans, customers, software technology, and marketing strategies that is confidential and of substantial value to us, which value would be impaired if such information were disclosed to third parties. You agree that you will not use in any way for your own account, nor for the account of any third party, nor disclose to any third party, any such information revealed to you by us. You further agree that you will take every reasonable precaution to protect the confidentiality of such information. In the event of termination of this Agreement, there shall be no use or disclosure by you of any such confidential information in your possession, and all confidential materials shall be returned to us or destroyed. The provisions of this section shall survive the termination of this Agreement for any reason. Upon any breach or threatened breach of this provision, we shall be entitled to seek the remedies of injunction, specific performance and other equitable relief, and such relief shall not be contested by you.

10. Intellectual Property Rights

10.1. We hereby grant you a royalty-free and non-exclusive right for the term of this Agreement to use the Trademarks on your website(s) and in any of your off-line promotional materials solely in order to indicate that you make use of PPL Products and Services. You shall use such Trademarks in accordance with our directions and you do not have a right of sub-license.

10.2. You hereby grant us a royalty free and non-exclusive right for the term of this Agreement to use your trademark and logo’s on our websites and in off-line publications for promotional purposes, only to indicate that you are a user of PPL Products and Services.

10.3. When using the Trademarks the parties shall ensure that no composite marks are created with its own trademarks and/or logo’s. The parties acknowledge that their use of the Trademarks does not create for themselves any rights in the Trademarks other than those explicitly granted in this Agreement.

10.4. All proprietary rights in the equipment, software (such as interfaces) and other materials used by us in the performance of this agreement, whether or not supplied to you, shall remain with us or our licensors. You shall only acquire such right of use as is explicitly granted hereunder or otherwise and no other right is granted.

10.5. For the avoidance of doubt, clause 10.4 above shall include, and not be limited to, any software, bespoke development, or other enhancements, features, interfaces or otherwise, developed by us under this Agreement, or used by you under this Agreement, regardless of whether these developments were specified, requested or paid for by you. No terms under this Agreement will prevent such enhancements being provided by us to other clients, either during the term of the Agreement or afterwards.

10.6. Upon termination of this Agreement you will immediately withdraw any reference to us from your website(s) and will cease the use of the Trademarks.

11. Non-assignability

11.1. You may not assign any rights hereunder, directly or by operation of law, without our prior written consent, which consent may not be unreasonably withheld. For the purposes of this Agreement, assignment shall include, but not be limited to, transfer of control, any ownership change which results in a new majority owner and any change in the jurisdiction of incorporation.

11.2. We may at any time transfer all or any part of our rights and/or obligations under this Agreement and upon completion of any such transfer (including the assumption by the transferee of all our remaining rights, benefits and obligations) we will be released from and have no further obligation under this Agreement. You will promptly execute all documents reasonably requested by us to affect, perfect record or implement such transfer and will promptly comply with any of our or our successors’ other reasonable requests in respect of such transfer.

12. Amendments

12.1. We may only modify this Agreement by serving a valid Notice. Where any amendments: materially diminish our responsibility to deliver the PPL Products and Services to you; significantly reduce our liability to you; breach or threaten to breach your intellectual property or confidentiality rights; or, attempt to materially increase the Term or the Fees beyond the limits for such increases detailed in clause 4.8; then you are entitled to terminate this Agreement, effective on the date the amendment is to take effect, by sending us a Notice within fourteen (14) days of the Notice being served by us. For the avoidance of doubt, after termination under this clause 12.1, no further Annual Licence Fee shall be charged to you, however, no Fees shall be refunded and such termination shall not diminish your responsibility to pay Fees already charged by us.

13. Partial Invalidity

13.1. If any provision of this agreement shall be held illegal, invalid or unenforceable, in whole or in part, such provision shall be modified to the minimum extent necessary to make it legal, valid and enforceable, and the legality, validity and enforceability of all other provisions of this Agreement shall not be affected thereby.

14. Entire Agreement

14.1. This Agreement (together with any documents referred to in it) sets out the entire agreement between the parties and supersedes any previous agreement or arrangement between the parties relating to the subject matter of it (and any document referred to in it).

14.2. Each party agrees and acknowledges that it has not relied on, or been induced to enter into this Agreement by any warranty, statement, representation or undertaking which is not expressly included in this Agreement.

14.3. Subject to clause 8.1 no party has any claim or remedy in respect of a warranty, statement, misrepresentation (whether negligent or innocent) or undertaking made to it by or on behalf of the other party in connection with or relating to the subject matter of this Agreement and which is not expressly included this Agreement.

15. Applicable Law

15.1. This Agreement shall be governed by and construed in accordance with:

15.1.1. Where the Customer is located in England, the law of England and Wales and each party irrevocably submits to the exclusive jurisdiction of the Courts of England;
15.1.2. Where the Customer is located in Wales, the law of England and Wales as it applies in Wales and each party irrevocably submits to the exclusive jurisdiction of the Courts of England and Wales sitting at Cardiff subject only to the ability of the Cardiff courts to deal with any matter; and,
15.1.3. Where the Customer is located in Scotland the law of Scotland and each party irrevocably submits to the jurisdiction of the Courts of Scotland or where the Courts of Scotland are unable to deal with the matter the Courts of England.

Schedule 1: Payment Collection Service Agreement

These terms and conditions (“the Schedule”) relate to any party collecting funds via the Payment Collection Service, regardless of whether the party has contracted for other PPL Products and Services separately. Definitions used in the latest version of the PPL Terms and Conditions for Schools shall apply to this Schedule. Where you provide services to a School using PPL Products and Services, the terms “you”, “your” and “your Parents” shall apply equally to you or the School as appropriate.

These terms are deemed accepted by you upon: your providing to us bank account details for receipt of funds collected by us for you; on your first use of the Payment Collection Service; or, in the case of changes to this Agreement, your first use after fourteen (14) days of the serving by us of a Notice.

By entering into this Agreement, you hereby agree to accept Parent Account as the method of payment for Parent Payments for Payment Items by your Parents.
Consumers can Load funds to Parent Account using a range of supported Scheme payment methods offered by us. We will hold the Parent Account Balance in a dedicated Holding Account.
You will offer Payment Items to your Parents via the PPL Products and Services, which are relevant to the goods and services you can provide to them. Parents can choose to make a Parent Payment for Payment Items using their Parent Account Balance.
We will deduct the Transaction Value from the Parent Account Balance for each Parent Payment and credit the balance against the relevant Payment Item.
If you process a Refund, we will deduct the Refund Transaction Value from the balance of the relevant Payment Item and credit the balance to the Parent Account Balance.
After the end of each Settlement Period, we shall calculate the Remittance due to you. We shall normally transfer the Remittance to your nominated bank account five (5) Business Days after the end of the Settlement Period, and not later than seven (7) Business Days after the end of the Settlement Period, unless otherwise notified by us in writing. Failure to notify us of the correct bank account details, or to provide us with the required evidence of bank account ownership, no later than two (2) Business Days before the end of the Settlement Period, will result in the Remittance being delayed until the next Settlement Period.
You hereby authorise us, where relevant, to collect the Payment Service Fee from the Remittance, by way of deduction via net settlement.
In calculating the Remittance we are fully entitled to offset any indebtedness of you towards us pursuant to clause 9 below, which for the avoidance of doubt, may include any indebtedness of you towards us whether for fees related to the Payment Collection Service or any other PPL Products and Services provided by us to you under this Agreement or under any related Agreement between us and you.
You hereby authorise us to offset amounts due against the Remittance as defined above. In case we intend to offset any debt that is due or overdue (30 days or greater from the date of invoice) we may do so without informing you in advance of our intentions and without seeking any further authorisation from you other than that already provided by this Agreement.
In the event that any outstanding debt or amount due to us remains unsettled by you beyond 45 days of the date of invoice, or in the event that the Remittances are insufficient to pay the amounts owing by you to us, this will constitute a breach of contract and we may at any time serve a notice of breach and/or terminate any services provided by us to you.
We have the right to withdraw from the Holding Account any and all amounts owed to us as defined above without notice or demand. Our rights to sums owed to us by you shall in no way be limited by the balance or existence of the Holding Account. Our rights with respect to the Holding Account shall survive the termination of this Agreement.
In performing the Payment Collection Service for you we are contracted to the Acquirer as a merchant but acting on your behalf in respect of your Parents’ Loads, your Payment Items, and your Parent Payments (sometimes known as a merchant aggregator or merchant agent). You hereby acknowledge that we shall be the sole and exclusive provider of payment collection services to you, for the processing of payments for the collection of funds from Parents, except where an alternative processor was, and has remained, contracted by you and has been actively processing since the start of this agreement, in which case the proportion of payments processed by that provider will be exempt from this provision.
We will act reasonably and responsibly at all times and will always attempt to operate the service fully within the rules and regulations set out by the Acquirer and the Schemes. However, under this Agreement, you are and will be held responsible and liable, as far as Acquirer and Scheme rules and regulations affect the merchant, including the payment of any fees, fines or levies from the Acquirer or the Scheme related to: your use of PPL Products and Services; your Parents’ Bank Payments and Card Payments, and, your Payment Items.
Any interest which may accrue in respect of the Holding Account shall be for our sole account.
You have no right to offset, or to withhold payments to us, in connection with any amounts due to you by us.
You shall ensure that you abide by the rules and regulations as laid down by the Schemes, or in any operating manuals, instructions or guidance provided by us (“Operating Guidelines”). You will be required to abide by any future changes to the Operating Guidelines as far as they may affect you and your use of PPL Products and Services. Failure to abide by the Operating Guidelines may constitute a breach of contract and may result in us terminating any services provided by us to you, pursuant to clause 3 of the Agreement.
You shall respond promptly to inquiries from Parents and shall resolve any disputes amicably where reasonably possible. Where necessary you shall provide Refunds as appropriate for unwanted goods, or for services not taken or delivered by you, to the extent necessary under any terms of sale clearly set out by you to the Parents at the time of purchase.
Should a Charge Back be received by us, we will provide the relevant information required by the Acquirer to defend the Charge Back on your behalf. We may also contact you and/or the Parent directly to resolve the matter. You shall provide all information requested by us, in a timely manner, where such information is required to defend the Charge Back, or to detect, identify or prevent possible fraud.
Should the Charge Back not be defendable, or in any circumstances where the Charge Back is successful, you will be fully liable for: the refund due to the Consumer; the Charge Back Fee; and, any other costs levied by the Acquirer or the Scheme in respect of the Charge Back. The funds will be debited from your next Remittance. A lack of funds in the Remittance does not diminish your responsibility to settle any Charge Back amounts and Charge Back Fees to us within 7 days of any notice requiring you to do so. Our rights to reclaim the Charge Back amount, Charge Back Fee and any related costs from you survive the termination of this Agreement.

Schedule 2: Hardware Rental Agreement

These terms and conditions (“the Rental Agreement”) relate to the rental of Hardware by you for use at your Premises, in connection with PPL Products and Services. This Rental Agreement forms part of the Agreement, and the terms and the definitions used in the latest version of the PPL Terms and Conditions for Schools shall apply to this Rental Agreement.

Where you provide services to a School using PPL Products and Services, the terms “you”, “your” and “your Parents” shall apply equally to you or the School as appropriate.

By entering into this Rental Agreement, you hereby agree to be bound by these terms and conditions, and we agree to make available the Hardware to you, for the Rental Term subject to this Rental Agreement.
You shall pay the Rental Fees and associated Data Fees annually in advance.
Following payment of the Rental Fees we shall deliver the Hardware to the Premises on a date agreed between the parties. We shall use our reasonable endeavours to ensure that delivery is made on time but shall not be liable for any failure to do so.
You must ensure that a suitable authorised representative is available at the Premises at the time of delivery in order to sign for the Hardware. In the event that you fail to comply with this provision you shall be deemed to have accepted delivery of the Hardware, assumed responsibility thereof, and shall not have the right to subsequently dispute the facts of the delivery.
In the event that we are unable to deliver the Hardware due to your absence from the Premises (along with that of any authorised representatives) you will be liable for any additional delivery charges incurred for any necessary re-delivery.
We shall at all times retain title to the Hardware and title shall not pass to you irrespective of the payment of the Rental Fees.
Risk in the Hardware shall pass to you on delivery of the Hardware to your Premises. It is your responsibility to fully and comprehensively insure the Hardware against loss, damage and theft, for a minimum of one and a half (1.5) times the annual Rental Fee (“Insurance Value”). You shall supply proof of such insurance to us on demand.
You may only use the Hardware and the associated Data Plan for legal and legitimate purposes, and for the normal purpose for which they are intended and in accordance with this Agreement and/or our instructions.
You hereby accept that you may be liable for additional Data Fees, if you exceed the data transfer limit of the Data Plan, of if the Data Plan is used for any purpose other than as intended with PPL Products and Services.
All Hardware must be used in accordance with any and all operation and safety instructions or similar documentation provided.
You may not affix the Hardware to anything unless using fixings approved by us. You shall at all times treat the Hardware with a reasonable level of care and shall ensure that they are kept clean, subject to reasonable levels of wear and tear.
All Hardware which use consumables of whatever nature must only be used with official consumables (that is, those produced or recommended by the manufacturer of the Hardware) or such other products as authorised by us.
You are not free to install any additional software on the Hardware, without our prior written consent.
You shall not attempt to make any repairs to the Hardware without our prior written consent. We retain the option of repairing the Hardware or granting you permission to make the necessary repairs. The cost of such repairs shall be borne by either us or you, the responsibility being determined by the reasons for those repairs. We have the right to insist that only official parts (that is, those produced or recommended by the manufacturer of the Hardware) shall be used for maintenance and repair of the Hardware.
In the event of any failure of the Hardware, you shall inform us of such failure by email. If the failure is due to any act or omission of us, we will provide an equivalent replacement typically within 2 Business Days.
In the event of accidental damage to Hardware during the Rental Term, we shall be under no obligation to replace the damaged Hardware. All parts that cannot be described as consumables which may require replacement during the Rental Term shall be replaced free of charge by us provided that such replacement is necessitated by nothing more than normal wear and tear. Additional damage may result in you being charged for the cost of replacement parts and associated labour.
We reserve the right to recall the Hardware immediately at any time. In the event that we exercise this right you will be issued immediately with replacement Hardware of a similar type or of the closest type thereto at no additional cost. If the Hardware are not returned to us on request, you shall be liable for any costs associated with such recovery.
In the event that we provide you with any replacement Hardware in accordance with the Terms of this Rental Agreement, you must immediately return any old Hardware that the replacement Hardware are to replace, to us at your own cost.
At the end of the Rental Term, prior to return of the Hardware, you must remove all Customer Data or Personal Data from the Hardware. We accept no responsibility for any Customer Data which remains on the Hardware following the end of the Rental Term.
At the end of the Rental Term, on the agreed date, you shall immediately return the Hardware to us by courier or similar means, as agreed by us.
In the event that any Hardware are not returned to us on the agreed date, you shall be required to pay the relevant Rental Extension Fees for the missing items up to and including the day that they are returned to us, such return to be at your expense.
Failure to return the Hardware at the end of Rental Term, or if the Hardware are not available for return due to loss or destruction, you shall be required to pay the Insurance Value in full, within seven (7) days of the end of the Rental Term. An inability of you to properly insure the Hardware, or, a failure of you to successfully claim against your insurance, for any loss or destruction of the Hardware, shall in no way diminish your responsibility to pay the Insurance Value to us in full and on time. Our rights to reclaim the Insurance Value and any Rental Extension Fees from you, and any related costs in the collection of said fees from you, survive the termination of this Agreement.

Schedule 3: Service Level Agreement v5 – 2018

Support for PPL Products and Services as defined in this Service Level Agreement (SLA) is offered to only you as our customer (i.e. to schools, local authorities and caterers) and not to your individual Parents.

Customer Support Services

We will provide the following Customer Support Services to all customers who are under contract for PPL Products and Services:

Business Hours Customer Support Help Desk
Web based User Guides, Quick Guides and Manuals
Timely availability of all ad hoc service upgrades, enhancements and new features

We will use reasonable endeavours to maintain system availability for the provision of the services.

Customer Support Help Desk

We will provide Help Desk services to respond to customer service and technical questions and enquiries related to PPL Products and Services.

The Help Desk will be available on normal business days during the following hours:
Monday to Thursday: 8.30am to 5.00pm

Friday: 8.30am to 4.30pm

The Help Desk telephone line will be available on normal business days during the following hours:
Monday to Friday: 8.30am to 4.30pm

Apart from:

Thursday: 1.30pm to 2.00pm

which is reserved for essential staff training and when no telephone help desk service will be available.

Support Case Logging Process

The following information will be required when reporting an incident to Customer Support:

Contact name
School name
School DfE number
LEA
Email address and contact telephone number
Detailed description of the nature of the problem.

Where the case is not resolved immediately (for phone calls), we will provide the customer with a unique support case ID.

The following information will be needed when a status update is required on any previously reported incident:

School name and DfE number
Relevant support case ID where appropriate

Upon the successful resolution of the incident, we will notify the customer and the case will be closed.

Support Issue Categories

We categorise support issues into two distinct areas:

Fault Management and Resolution – This includes partial or full systems failures, feature failures, system bugs and general system errors
Support Enquiries – This includes user assistance, system or feature enquiries, and other general help and assistance

In some instances it may not be possible to categorise a support issue at the initial enquiry, and therefore the case will be dealt with on the higher of two priority levels, where a difference may exist.

Fault Management and Resolution Priorities and Responses

For the purpose of prioritising and escalating Fault Management issues, they will be categorised as Serious, Degraded or Minimal.

Incident Severity Level Table – Fault Management Issues

Classification	Criteria
Level 1 (Critical)	The Services are at a standstill or key business processes, such as transaction authorisations cannot be conducted.
Level 2 (Degraded)	Processes such as reporting cannot be carried out without significant delay, but live transactional services are working and systems are operational.
Level 3 (Minimal)	Integration issues, data import and exchange issues, minor incidents and enquiries.

Target Response Time Table – Fault Management Issues

The target time for us to respond to all Fault Management issues is outlined below, the target time being from notification. Target response and resolution times will vary depending upon the severity level. All times are measured in normal business hours.

Classification	Step 1 (Identify source)	Step 2 (Temporary Fix)	Step 3 (Fix)
Level 1 (Critical)	2 hours	4 hours	Within 4 calendar days
Level 2 (Degraded)	6 hours	12 hours	Within 10 calendar days*
Level 3 (Minimal)	12 hours	Within 4 calendar days*	Within 30 calendar days*

* If a full software release is required the SLA for temporary fix for P3 cases or permanent fix for P2 and P3 cases may not be achievable within the timeframe indicated as a full release management cycle can take longer. P3 cases and P2 permanent fixes would normally only be dealt with under scheduled software releases.

The following shall define the actions to be taken for Fault Management Enquiries:

Step 1 represents the acknowledgment of the problem and the beginning of the information gathering process.
Step 2 represents the target time frame during which the problem is being actively addressed and a temporary patch, correction, or workaround is provided. The goal is to provide a fix or a work-around for a problem as soon as possible. Serious problems will be worked on continually until a satisfactory problem resolution can be reached.
Step 3 represents the target time within which a permanent solution will be available which meets our quality standards (albeit for software releases this may be QA’d on an ‘Emergency Release’ basis)

Support Enquiries Priorities and Responses

For the purpose of prioritising and escalating Support Enquiries, they will be categorised as Serious and non-Serious.

Incident Severity Level Table – Support Enquiries

Classification	Criteria
Level 1 (Serious)	The User is unable to perform a key business function preventing further use of the service
Level 2 (Non-Serious)	The User has difficulty in completing a task, or is unable to use the service to a high efficiency level

Target Response Time Table – Support Enquiries

The target time for us to respond to all Support Enquiries is outlined below, the target time being from notification, whether by phone call, email, web enquiry or voicemail left. All response times are measured in normal business hours. Target response and resolution times will vary depending upon the severity level.

Classification	Initial Response	Solution or Advice Offered	Case Closed
Level 1 (Serious)	4 hours	6 hours	12 hours
Level 2 (Non-Serious)	12 hours	16 hours	Within 5 business days

The following shall define the actions to be taken for Support Enquiries:

Initial Response

We aim to contact the customer within the timeframe indicated and acknowledge their enquiry and if necessary, issue a Support Case ID. It may not always be possible to speak immediately to a person that can address the support enquiry.

Solution or Advice Offered

We aim to offer the advice or solution to the customer within the target time above. Where additional information is required from the customer, or a remedy needs to be tried by the customer, the first response providing advice is measured. When awaiting a response back form the customer, the time window is not measured against the target time.

Case Closed

We aim to have all cases closed within the target time indicated. On occasions, the customer may not be contactable immediately, may have to try the advice or solution offered, another process may have to be run first, or the customer may not be able to see the resolution immediately. During this period the time window is not measured against the target time.

Incident Escalation

Incidents reported to us will be escalated in line with the details below. Elapsed time represents the number of business hours that have passed since the issue was first classified by us. Resolution is deemed to have been achieved if a temporary fix is created.

Customer Support Manager – if Level 1 or 2 cases are not resolved within 135% of target resolution time
Senior Manager – If Level 1 or 2 cases are not resolved within 175% of target resolution time
Director – If Level 1 or 2 cases are not resolved within 250% of target resolution time

Overall Performance

We make every attempt to meet, and indeed to exceed, the defined SLA targets on a continual basis for all of our customers. We cannot and do not explicitly promise or guarantee to always meet this SLA or to provide any form of refund, rebate or reduction in current or future charges in connection with any failure by us to meet this SLA. Failure by us to meet this SLA cannot be deemed to be a breach of contract by us.

The overall performance is measured against directly supported customers only and individual support cases of centrally contracted customers. Where individual schools part of a central support arrangement contact us (usually a doubled SLA) the cases will not be measured within the overall performance target.

Supported Products and Exceptions

Only PPL owned, licensed and sold products are covered by this SLA.

We do not take responsibility for supporting the use of other school or office software packages, including but not limited to:

School MIS systems
MS Office packages, Adobe Acrobat or similar products

Users of PPL Products and Services are expected to have a basic understanding of these packages in so far as they are required to use them in working with PPL Products and Services. We will aim to offer advice and assistance to help resolve support cases, as it deems appropriate and depending upon the time and resources available to it.

In the event that a large numbers of schools, from the same local authority, launch the product at the same time, or where PPL Products and Services users are not trained or experienced at an appropriate level to use the service effectively, we reserve the right to adjust the Support Enquiries target times of this SLA, until such time as each school is using PPL Products and Services effectively, after which the SLA continues to apply in full.

This SLA is not applicable and support services may be withdrawn under the following circumstances:

The customer is not covered by a valid contract
The Annual Licence Fees or other Fees due are unpaid
The customer (or members of their staff using the system) have failed to follow the correct procedures for reporting faults or support issues or for requesting support – including when additional information has been requested to help resolve a case.
The customer (or members of their staff using the system) have not completed the required training courses for using the system, or parts of the system where support is required
The customer (or members of their staff using the system) have failed to follow documented procedures, manuals, instructions or processes previously communicated to them for the appropriate and correct use of the system – including resources offered online on the school support site and any additional processes and procedures for events such as year-end, academic year change, pupil upload, managing pre-admissions, interfacing with cashless systems, business continuity and other similar events
The customer (or members of their staff using the system) have corrupted data, entered wrong data, imported or attempted to import data which is corrupted, incorrect, inconsistent or otherwise flawed

We do not offer on-site support as a part of this SLA.

Schedule 4: Data Processing Agreement (“DP Agreement”)

This DP Agreement is by and between us, ParentPay Limited, a private limited company registered in England and Wales, with Company Number 04513692, having its registered office at 11 Kingsley Lodge, 13 New Cavendish Street, London, W1G 9UG (“Company”), and its Group Companies, (“Data Processor”) and you, the Customer (“Data Controller”)

1. Definitions and Scope

The following terms used in this Agreement shall have the meanings given to them below:

“Agreement” means the agreement between the Data Controller and the Data Processor for the provision of the PPL Products and Services;

“Company” means ParentPay Limited and its Group Companies;

“Customer” means the School or other establishment or organisation that contracts with the Company;

“Data” means the Personal Data disclosed to the Data Processor by or on behalf of the Data Controller in connection with the Purpose as more particularly described in Section 2, and Personal Data which may be disclosed by Data Subjects or by Data Controller by instructing the Data Processor to collect Personal Data directly from the Data Subject (or anyone authorised by the Data Subject to provide it);

“Data Protection Law” means law, legislation or regulation relating to data protection, the processing of Personal Data and privacy from time to time, including, but not limited to:

the Data Protection Act 2018;
the General Data Protection Regulation (EU) 2016/679;
the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as may be amended by the proposed Regulation on Privacy and Electronic Communications);
any legislation that, in respect of the United Kingdom, replaces, or enacts into United Kingdom domestic law, the General Data Protection Regulation (EU) 2016/679, the proposed Regulation on Privacy and Electronic Communications or any other law relating to data protection, the processing of personal data and privacy as a consequence of the United Kingdom leaving the European Union; and
more generally, references to statutory provisions include those statutory provisions as amended, replaced, re-enacted for the time being in force and shall include any bye-laws, statutory instruments, rules, regulations, orders, notices, codes of practice, directions, consents or permissions and guidelines (together with any conditions attached to the foregoing) made thereunder;

“Data Subject” means an individual who is the subject of any of the Data. The categories of Data Subject within the scope of this Agreement are listed in Schedule 1;

“Data Subject Request” means a written request of the Data Controller by or on behalf of a Data Subject to exercise any rights conferred by Data Protection Law;

“DP Agreement” means this Data Processor Agreement, including all Appendices and Schedules;

“Effective Date” means the effective date of this DP Agreement, which shall be the Effective Date of the Agreement;

“Good Industry Practice” means, in relation to any undertaking and any circumstances, the exercise of skill, diligence, prudence, foresight and judgement that would reasonably be expected from a skilled person engaged in the same type of undertaking under the same or similar circumstances;

“Group Company” means the Company, any subsidiary or any holding company from time to time of the Company, and any subsidiary from time to time of a holding company of the Company and each company in the Group is a Group Company. Group Companies shall include, but not be limited to:

ParentPay (Holdings) Limited, a company registered in England and Wales with Company Number 08212986, having its registered office at 11 Kingsley Lodge, 13 New Cavendish Street, London, W1G 9UG, including its division trading as Schoolcomms (formerly Isuz Ltd);
Cypad Limited, a company registered in England and Wales with Company Number 04335803, having its registered office at 11 Kingsley Lodge, 13 New Cavendish Street, London, W1G 9UG;
WIS Services BV, a company registered in the Netherlands with Company Number 24353928, having its registered office at Stavorenweg 4, Gouda, 2803PT, Netherlands;
WIS Software BV, a company registered in the Netherlands with Company Number 24353936, having its registered office at Stavorenweg 4, Gouda, 2803PT, Netherlands;
Nimbl Limited, a company registered in England and Wales with Company Number 09276538, having its registered office at 11 Kingsley Lodge, 13 New Cavendish Street, London, W1G 9UG;
Just Education Limited, a company registered in England and Wales with Company Number 10509472 and having its registered office at 11 Kingsley Lodge, 13 New Cavendish Street, London, W1G 9UG; and,
Just Education Recruitment Limited, a company registered in England and Wales with Company Number 10509490 and having its registered office at 11 Kingsley Lodge, 13 New Cavendish Street, London, W1G 9UG;
Education Software Solutions Limited, a company registered in England and Wales with Company Number 12595779 and having its registered office at 11 Kingsley Lodge, 13 New Cavendish Street, London, W1G 9UG;
Bluerunner Solutions Limited, a company registered in England and Wales with Company number 05965827, having its registered office at 11 Kingsley Lodge, 13 New Cavendish Street, London, W1G 9UG;

“Party” means any of Data Controller or Data Processor, and “Parties” means Data Controller and Data Processor;

“Personal Data” means any information relating to an identified or identifiable natural person, where an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“Purpose” means the purpose or purposes set out in Clause 2 of this DP Agreement;

“Service” means the PPL Products and Services or any other applicable services provided by the Company to the Customer;

“Security Breach” means any breach or suspected breach of any of the Data Processor’s obligations in terms of Clauses 5 and/or 6 or any other unauthorised or unlawful processing, accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or damage or access to the Data;

“Security Measures” has the meaning defined in Schedule 3 of this DP Agreement, and as updated from time to time by the Data Processor;

“Sub-processor” means any third party data processor engaged by Data Processor who receives Personal Data from Data Processor for processing on behalf of Data Controller and in accordance with Data Controller’s instructions (as communicated by Data Processor) and the terms of its written subcontract;

“Supervisor” or “Supervisory Authority means the Information Commissioner’s Office, which is the UK’s data protection authority;

“Third Party Functions” means optional product integrations between the Service and third parties, which may be enabled by the Customer (examples include cashless and catering solutions, finance systems or social media).

1.1. The terms of this DP Agreement shall be applicable to all Customers using PPL Products and Services, however the Customer contracted to do so.

1.2. Unless otherwise stated, words and expressions defined in the Agreement shall have the same meaning in this DP Agreement.

1.3. For the avoidance of doubt, in the event of any conflict between the terms of this DP Agreement and the Agreement (including all associated Schedules, Annexes and Appendices to the Agreement), the terms of this DP Agreement will take precedence.

1.4. The governing law and jurisdiction applicable to the Agreement shall govern this DP Agreement.

2. Purpose

2.1. Data Controller and Data Processor have entered the Agreement pursuant to which Data Controller is granted certain rights to access and use the Service. In providing the Service, Data Processor will engage, on behalf of Data Controller, in the Processing of Personal Data submitted to and stored within the Service by Data Controller or third parties with whom Data Controller transacts using the Service.

2.2. The Parties are entering into this DP Agreement to ensure that the Processing by Data Processor of Personal Data, within the Service by Data Controller and/or on its behalf, is done in a manner compliant with Data Protection Law and its requirements regarding the collection, use and retention of Personal Data of Data Subjects.

2.3. In providing the Service, Data Processor may in some circumstances become a data controller under Data Protection Law. In such circumstances, both parties shall continue to operate in full compliance with applicable Data Protection Law whilst acknowledging and accepting that the specific obligations and restrictions set forth in this DP Agreement may not apply.

2.4. Schedule 1 of this DP Agreement describes data elements the Data Controller will be uploading as part of the Service.

2.5. Schedule 2 of this DP Agreement describes the specific purpose and nature of the processing.

3. Term

3.1. This Agreement will remain in force as long as Data Processor Processes Personal Data on behalf of Data Controller under the Agreement.

4. Obligations of the Data Processor

4.1. The Parties agree that the subject-matter of Processing performed by Data Processor under this DP Agreement, including the nature and purpose of Processing, the type of Personal Data, and categories of Data Subjects, shall be as described in Schedule 1 and Schedule 2 of this DP Agreement.

4.2. As part of Data Processor providing the Service to Data Controller under the Agreement, Data Processor agrees and declares as follows:

4.2.1. to process Personal Data in accordance with Data Controller’s documented instructions as set out in the Agreement and this DP Agreement or as otherwise necessary to provide the Service, except where required otherwise by applicable laws (and provided such laws do not conflict with Data Protection Law); in such case, Data Processor shall inform Data Controller of that legal requirement upon becoming aware of the same (except where prohibited by applicable laws);
4.2.2. to ensure that all staff and management are fully aware of their responsibilities to protect Personal Data in accordance with this DP Agreement and have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
4.2.3. to implement and maintain appropriate technical and organisational measures to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access (a “Data Security Breach”), provided that such measures shall take into account the costs of implementation and the nature, scope, context and purposes of Processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, so as to ensure a level of security appropriate to the risks represented by the Processing and the nature of the Data to be protected;
4.2.4. to notify Data Controller, without undue delay, in the event of a confirmed Data Security Breach affecting Data Controller’s Data and to cooperate with Data Controller as necessary to mitigate or remediate the Data Security Breach;
4.2.5. to comply with the requirements of Clause 5 (Use of Sub-processors) when engaging a Sub-processor;
4.2.6. taking into account the nature of the Processing, to assist Data Controller (including by appropriate technical and organisational measures), insofar as it is commercially reasonable, to fulfil Data Controller’s obligation to respond to requests from Data Subjects to exercise their rights under Data Protection Law (a “Data Subject Request”). In the event Data Processor receives a Data Subject Request directly from a Data Subject, it shall (unless prohibited by law) direct the Data Subject to the Data Controller in the first instance. However, in the event Data Controller is unable to address the Data Subject Request, taking into account the nature of the Processing, the complexity and frequency of the request(s), and the information available to Data Processor, Data Processor, shall, on Data Controller’s request and at Data Controller’s reasonable expense, address the Data Subject Request, as required under the Data Protection Law;
4.2.7.upon request, to provide Data Controller with commercially reasonable information and assistance, taking into account the nature of the Processing and the information available to Data Processor, to help Data Controller to conduct any data protection impact assessment or Supervisor consultation it is required to conduct under Data Protection Law;
4.2.8. upon termination of Data Controller’s access to and use of the Service, to comply with the requirements of Clause 9 of this DP Agreement (Return and Destruction of Personal Data);
4.2.9. to comply with the requirements of Clause 6 of this DP Agreement (Audit) in order to make available to Data Controller information that demonstrates Data Processor’s compliance with this DP Agreement; and
4.2.10. to appoint a security officer who will act as a point of contact for Data Controller, and coordinate and control compliance with this DP Agreement, including the Security Measures.

4.3. Data Processor shall immediately inform Data Controller if, in its opinion, Data Controller’s Processing instructions infringe any law or regulation. In such event, Data Processor is entitled to refuse Processing of Personal Data that it believes to be in violation of any law or regulation.

5. Use of Sub-Processors

5.1. Data Controller agrees that Data Processor may appoint Sub-Processors to assist it in providing the Service and Processing Personal Data provided that such Sub-Processors:

5.1.1. agree to act only on Data Processor’s written instructions when Processing the Personal Data (which instructions shall be consistent with Data Controller’s Processing instructions to Data Processor); and
5.1.2. agree to protect the Personal Data to a standard consistent with the requirements of this DP Agreement, including by implementing and maintaining appropriate technical and organisational measures to protect the Personal Data they Process consistent with the Security Measures described in Schedule 3 of this DP Agreement.

5.2. Data Processor agrees and warrants to remain liable to Data Controller for the subcontracted Processing services of any of its direct or indirect Sub-Processors under this DP Agreement. Data Processor shall maintain an up-to-date list of the names and location of all Sub-Processors used for the Processing of Personal Data under this DP Agreement available upon request to the Data Protection Officer. Data Processor shall, where reasonably possible, inform the Data Controller at least 30 days prior to the date on which any newly appointed Sub-Processor shall commence processing Personal Data.

5.3. In the event that Data Controller objects to the Processing of its Personal Data by any newly appointed Sub-Processor as described in Clause 5.2, it shall inform Data Processor immediately, and in any case, no later than within the 30-day notification period. The Data Controller should present a reasonable justification for the objection as it relates to Data Protection Law – for example, if the processing is expected to present unnecessary risk to the interests, rights and freedoms of the data subject.

5.4. In the case that a Data Controller objects to the use of a Sub-Processor, it’s only remedy is to cease use of the Service and to terminate the Agreement subject to clause 3.4 of the Agreement. For the avoidance of doubt, such decision by the Data Controller will not diminish Data Controller’s obligations to pay the fees due under clause 3.4 of the Agreement.

5.5. In addition, the Service may provide links to integrations with Third Party Functions, including, without limitation, certain Third Party Functions which may be integrated directly into Data Controller’s account or instance in the Service. If Data Controller elects to enable, access or use such Third Party Functions, its access and use of such Third Party Functions is governed solely by the terms and conditions and privacy policies of such Third Party Functions, and Data Processor does not endorse, is not responsible or liable for, and makes no representations as to any aspect of such Third Party Functions, including, without limitation, their content or the manner in which they handle Data (including Personal Data) or any interaction between Data Controller and the provider of such Third Party Functions.

5.6. Data Processor is not liable for any damage or loss caused or alleged to be caused by or in connection with Data Controller’s enablement, access or use of any such Third Party Functions, or Data Controller’s reliance on the privacy practices, data security processes or other policies of such Third Party Functions. The providers of Third Party Functions shall not be deemed Sub-Processors for any purpose under this DP Agreement.

6. Audit

6.1. The Parties acknowledge that Data Processor uses security auditors to verify the adequacy of its security measures, including the security of the physical data centres from which Data Processor provides its data processing services. This audit:

6.1.1. will be performed at least annually;
6.1.2. will be performed according to ISO 27001 or PCI DSS standards or such other alternative standards that are substantially equivalent to ISO 27001 or PCI DSS;
6.1.3. will be performed by independent third party security professionals or suitably skilled in house staff at Data Processor’s selection and expense; and
6.1.4. will result in the generation of an audit report affirming that Data Processor’s data security controls achieve industry standards.

6.2. Data Processor shall provide appropriately detailed responses to Data Controller’s requests for information which may include responses to relevant information security and audit questionnaires.

6.3. At Data Controller’s written request, Data Processor will provide Data Controller with a confidential summary of the Report (“Summary Report”) so that Data Controller can reasonably verify Data Processor’s compliance with the security and audit obligations under this Agreement. The Summary Report will constitute Data Processor’s Confidential Information under the confidentiality provisions of Data Processor’s Agreement.

6.4. At Data Controller’s written request and expense, and subject to reasonable notice period, Data Processor shall allow and contribute to minimally disruptive audits, including inspections, conducted by Data Controller or another auditor mandated by Data Controller.

7. International Data Exports

7.1. Data Controller acknowledges that Data Processor and its Sub-Processors may maintain data processing operations in countries that are outside of the EEA. As such, both Data Processor and its Sub-Processors may Process Personal Data in non-EEA countries..

7.2. Data Processor will make best endeavors to limit data exports to non-EEA countries to what is strictly necessary.

7.3. In all cases where transfers to non-EEA countries may take place, these transfers will be subject to necessary safeguards as defined within applicable Data Protection Law.

8. Obligations of the Data Controller

8.1. As part of Data Controller receiving the Service under the Agreement, Data Controller agrees and warrants that:

8.1.1. it is solely responsible for the accuracy of Personal Data and the means by which such Personal Data is acquired and the Processing of Personal Data by Data Controller, including instructing Processing by Data Processor in accordance with this DP Agreement, is and shall continue to be in accordance with all the relevant provisions of Data Protection Law, particularly with respect to the security, protection and disclosure of Personal Data;
8.1.2. that if Processing by Data Processor involves any “special” or “sensitive” categories of Personal Data (as defined under Data Protection Law), Data Controller has collected such Personal Data in accordance with Data Protection Law;
8.1.3. that Data Controller will ensure that Data Subjects receive a Privacy Notice compliant with Data Protection Law, the contents of which shall include but not be limited to:
8.1.4. the use of data processors to Process their Personal Data, including Data Processor; and
8.1.5. that their Personal Data may be Processed outside of the European Economic Area;
8.1.6. that it shall respond in a reasonable time and to the extent reasonably practicable to enquiries by Data Subjects regarding the Processing of their Personal Data by Data Controller, and to give appropriate instructions to Data Processor in a timely manner; and,
8.1.7. that it shall respond in a reasonable time to enquiries from a Supervisor regarding the processing of relevant Personal Data by Data Controller.

9. Return and Destruction of Personal Data

9.1. Upon the termination of Data Controller’s right to access and use the Service under the Agreement, Data Processor will for up to thirty (30) days following such termination permit Data Controller to export its Data, at its expense, in accordance with the capabilities of the Service. Following such period, Data Processor shall have the right to delete all Data stored or Processed by Data Processor on behalf of Data Controller in accordance with Data Processor’s deletion policies and procedures. Data Controller expressly consents to such deletion.

10. NO CONSEQUENTIAL DAMAGES; LIMITATION ON LIABILITY

10.1. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY (WHETHER IN CONTRACT, TORT, NEGLIGENCE OR OTHERWISE) WILL EITHER PARTY TO THIS DP AGREEMENT, OR THEIR AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SERVICE PROVIDERS, SUPPLIERS OR LICENSORS BE LIABLE TO THE OTHER PARTY OR ANY THIRD PARTY FOR ANY LOST PROFITS, LOST SALES OR BUSINESS, LOST DATA (BEING DATA LOST IN THE COURSE OF TRANSMISSION VIA DATA CONTROLLER’S SYSTEMS OR OVER THE INTERNET THROUGH NO FAULT OF DATA PROCESSOR), BUSINESS INTERRUPTION, LOSS OF GOODWILL, OR FOR ANY TYPE OF INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, CONSEQUENTIAL OR PUNITIVE LOSS OR DAMAGES INCURRED BY THE OTHER PARTY OR ANY THIRD PARTY IN CONNECTION WITH THIS DP AGREEMENT, OR THE SERVICES, REGARDLESS OF WHETHER SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF OR COULD HAVE FORESEEN SUCH DAMAGES.

10.2. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS DP AGREEMENT OR THE AGREEMENT, DATA PROCESSOR’S AGGREGATE LIABILITY TO DATA CONTROLLER OR ANY THIRD PARTY ARISING OUT OF THIS AGREEMENT AND ANY LICENSE, USE OR EMPLOYMENT OF THE SERVICE, SHALL IN NO EVENT EXCEED THE LIMITATIONS SET FORTH IN THE AGREEMENT.

10.3. FOR THE AVOIDANCE OF DOUBT, THIS SECTION SHALL NOT BE CONSTRUED AS LIMITING THE LIABILITY OF EITHER PARTY WITH RESPECT TO CLAIMS BROUGHT BY DATA-SUBJECTS.

Schedule 1: Data Elements, categories of Data Subjects – for ParentPay, Schoolcomms and Cypad branded products

Data Subject (Who)	Data Category (What)	Description	ParentPay
Student	Forename	This is the forename of the pupil.	ParentPay
Student	Surname	This is the surname of the pupil.	ParentPay
Student	Known as	This is the name that the pupil is known as.	ParentPay
Student	DOB	This is the date of birth of the pupil.	ParentPay
Student	Gender	This is the pupil’s gender	ParentPay
Student	Year Group	The year the pupil is in	ParentPay
Student	Registration Class	The name of the pupil’s registration class (if any)	ParentPay
Student	Salutation	This is the pupil’s salutation.	ParentPay
Student	Dietary Requirements	This is the pupil’s special dietary requirements	ParentPay
Student	Postal Address	The student’s postal address	ParentPay
Student	Meal Selections and spend history	This is a history of a pupil’s meal selections and spends for school meals or non-meal-related items.	ParentPay
Parent / Contact	Title	This is the contact’s title (Mr, Mrs, Ms, etc).	ParentPay
Parent / Contact	Forename	This is the contact’s forename.	ParentPay
Parent / Contact	Surname	This is the contact’s surname.	ParentPay
Parent / Contact	Authentication data	Username and password or other authentication tokens	ParentPay
Parent / Contact	Gender	The contact’s gender	ParentPay
Parent / Contact	House Name	The text entered as the contact’s house name.	ParentPay
Parent / Contact	Street	The text entered as the contact’s street.	ParentPay
Parent / Contact	Locality	The text entered as the contact’s locality.	ParentPay
Parent / Contact	Town	The text entered as the contact’s town.	ParentPay
Parent / Contact	Postcode	The text entered as the contact’s post code.	ParentPay
Parent / Contact	Day Telephone	The contact’s daytime telephone number.	ParentPay
Parent / Contact	Home Telephone	The contact’s home telephone number.	ParentPay
Parent / Contact	Mobile Telephone	This is the contact’s mobile telephone number.	ParentPay
Parent / Contact	Email	This is the contact’s E-mail address.	ParentPay
Parent / Contact	Payment card details	Payment details are forwarded to a 3^rd party payment processor	ParentPay
Parent / Contact	Other	This is the contact’s alternative communication method.	ParentPay
Parent / Contact	In-app messages	Messages sent from parents to school within the application	ParentPay
Parent / Contact	Trouble ticket data	When users submit trouble ticket information, this gets stored.	ParentPay
Parent / Contact	Payment History and balances	This is the contact’s history of payment transactions, including reversals, refunds and withdrawals of funds.	ParentPay
Parent / Contact	Shop information	ParentPay can be used as a payment page from externally or internally hosted shop systems. This the information captured as part of that (“shopping basket”).	ParentPay
School Staff	Title	This is the staff member’s title (Mr, Mrs, Ms, etc.).	ParentPay
School Staff	Forename	This is the staff member’s forename.	ParentPay
School Staff	Surname	This is the staff member’s surname.	ParentPay
School Staff	Gender	The staff member’s gender	ParentPay
Website Access	IP Address	The network address of your device or internet connection	ParentPay
Website Access	Browser Type and Version	The type of Web Browser your device is using	ParentPay
Website Access	Cookies	Special records in your browser to help the website operate	ParentPay
Website Access	Web Analytics	Generalised information about browsing behaviour and page statistics	ParentPay
Data Subject (Who)	Data Category (What)	Description	Schoolcomms Module
Student	Achievement records	Achievement records entered into the Schools MIS.	Reporting
Student	App status	Is the pupil using the School Gateway app	Core
Student	Assessment reports	Annual assessment reports generated by the school using their MIS.	Reporting
Student	Authentication data	Students School Gateway PIN	Core
Student	Bank account details	Bank account details are captured and passed to a 3rd party for authorisation	Payments
Student	Behaviour incident records	Behaviour incidents recorded on the Schools MIS.	Reporting
Student	Club Attendance Records	Club attendance which is recorded by school within Schoolcomms	Clubs
Student	Club balances	Separate balances for each club the student attends	Clubs
Student	Club Session Bookings	Club sessions booked by parents or school	Clubs
Student	Curriculum Timetable	This is the pupil’s timetable.	Reporting
Student	Dinner Bookings	Dinner bookings made by parents or school.	Dinners
Student	Dinner plan balance	Dinner plan balance if School uses Schoolcomms Dinners Module	Dinners
Student	Exam timetables	The student’s exam timetables	Reporting
Student	Forename	This is the forename of the pupil.	Core
Student	Free School Meals	Whether the pupil is eligible for Free School Meals.	Dinners
Student	Gender	This is the pupil’s gender	Core
Student	Groups	Active groups set up by the school containing the pupil.	Messaging
Student	Identifiers	MIS ID, Roll Number and UPN	Core
Student	In-app messages	Messages sent from parents to school within the School Gateway application	Messaging
Student	Known as	This is the name that the pupil is known as.	Core
Student	Linked People	Contact’s linked to the child that meet import criteria specified by school	Core
Student	Meal Selections & spend history	Record of student’s meal spend, imported from the cashless retailer, SIMS Dinner money or recorded within Schoolcomms	Reporting
Student	Medical Information	Student Medical Conditions	Reporting
Student	Message History	Email or SMS messages sent to the user by the school or vice versa	Messaging
Student	MIS Groups	Active groups set up in the schools MIS system containing the pupil	Messaging
Student	Mobile OS	This is the operating system (iOS or Android) of the mobile phone used to access School Gateway.	Core
Student	Mobile Telephone	Pupil’s mobile phone number used to receive alerts from the school and to verify the pupil’s School Gateway account.	Core
Student	Payment card details	Payment card details are captured and passed to a 3rd party for authorisation.	Payments
Student	Payment History	Student payment and transaction history	Payments
Student	Paypoint Data	Data used to issue a PayPoint voucher linking a student and payment item	Payments
Student	Postal Address	The student’s postal address	Reporting
Student	Pre-admission Status	Students Pre-admission status	Core
Student	Primary email address	Pupil’s email address used to receive communications from the school and to verify the pupil’s School Gateway account.	Core
Student	Pupil Premium Questionnaire Results	Results of the School Gateway Pupil Premium Questionnaire	Core
Student	Registration Group	The registration group of the pupil.	Core
Student	School Gateway activation date	This is the date the user activated and first logged into the School Gateway portal.	Core
Student	Dinner Money Balance	The balance from the school’s cashless retailer or SIMS Dinner Money	Payments
Student	SIMS profile report	This is a SIMS profile report for the student	Reporting
Student	Surname	This is the surname of the pupil.	Core
Student	Unexplained absence records	Any unexplained absences recorded by the school for AM or PM registration.	Messaging
Student	Year Group	The year group of the Pupil.	Core
Parent / Contact	Authentication data	The contact’s School Gateway PIN	Core
Parent / Contact	Bank account details	Bank account details are captured and passed to a 3rd party for authorisation	Payments
Parent / Contact	Forename	This is the contact’s forename.	Core
Parent / Contact	House Name	The text entered as the contact’s house name.	Core
Parent / Contact	In-app messages	Messages sent from parents to school within the School Gateway application	Messaging
Parent / Contact	Locality	The text entered as the contact’s locality.	Core
Parent / Contact	Message History	Email or SMS messages sent to the user by the school or vice versa	Messaging
Parent / Contact	Mobile OS	This is the operating system (iOS or Android) of the mobile phone used to access School Gateway.	Core
Parent / Contact	Mobile Telephone	This is the contact’s mobile phone number used to receive alerts from the school and to verify the School Gateway account.	Core
Parent / Contact	Parental responsibility status	This marker is used by schools to identify if a contact has parental responsibility over a student (allowed to give consent etc ).	Core
Parent / Contact	Payment card details	Payment card details are captured and passed to a 3rd party for authorisation.	Payments
Parent / Contact	Payment History and balances	This is the contact’s payment and transaction history	Payments
Parent / Contact	Postcode	The text entered as the contact’s post code.	Core
Parent / Contact	Primary Email address	Contact’s email address used to receive communications from the school and to verify the contacts School Gateway account.	Core
Parent / Contact	Prime Parent Status	Indicates whether a contact is a prime parent or secondary parent	Core
Parent / Contact	School Gateway activation date	This is the date the user activated and first logged into the School Gateway portal.	Core
Parent / Contact	School Gateway app status	Identifies whether a user is logged into the School Gateway mobile application.	Core
Parent / Contact	Street	The text entered as the contact’s street.	Core
Parent / Contact	Surname	This is the contact’s surname.	Core
Parent / Contact	Town	The text entered as the contact’s town.	Core
Parent / Contact	MIS Contact priority	The priority of contacts connected to a student. (i.e. 1 & 2 may be immediate family whereas 3 & 4 may be distant relatives for emergency contact purposes).	Core
School Staff	Authentication data	The staff member’s School Gateway PIN	Core
School Staff	Bank Account Details	Bank account details are captured and passed to a 3rd party for authorisation	Payments
School Staff	Card Details	Payment card details are captured and passed to a 3rd party for authorisation.	Payments
School Staff	Club Attendance Records	Club attendance which is recorded by school within Schoolcomms	Clubs
School Staff	Club Balances	Separate balances for each club the staff member attends	Clubs
School Staff	Club Bookings	Club bookings made by staff member or school.	Clubs
School Staff	Curriculum timetable	This is the staff members timetable.	Reporting
School Staff	Dinner Bookings	Dinner bookings made by staff member or school.	Dinners
School Staff	Dinner Money / Caterer Balance	The balance from the school’s cashless retailer or SIMS Dinner Money	Payments
School Staff	Dinner Plan Balance	Dinner plan balance if School uses Schoolcomms Dinners Module	Dinners
School Staff	Forename	This is the staff member’s forename.	Core
School Staff	Groups	Active groups set up by the school containing the pupil.	Messaging
School Staff	In-app messages	Messages sent from parents to school within the School Gateway application	Messaging
School Staff	Linked People	MIS contacts linked to the staff member who meet the Schoolcomms import criteria set by the school.	Core
School Staff	Meal Spend History	Record of the meal spend, imported from the schools cashless retailer, SIMS Dinner money or recorded within Schoolcomms	Payments
School Staff	Medical Conditions	Staff Member Medical Conditions	Reporting
School Staff	Message History	Email or SMS messages sent to the user by the school or vice versa	Messaging
School Staff	MIS ID	Staff members MIS ID	Core
School Staff	Mobile OS version	This is the operating system (iOS or Android) of the mobile phone used to access School Gateway.	Core
School Staff	Mobile telephone	The staff member’s mobile telephone number	Core
School Staff	Payment History	The staff members payment history	Payments
School Staff	PayPoint Data	Data used to issue a PayPoint voucher linking a staff member and payment item	Payments
School Staff	Postal Address	The staff member’s postal address	Core
School Staff	Postcode	The staff member’s postal code	Core
School Staff	Primary email	The staff member’s primary email address	Core
School Staff	Role	The staff member’s role at the school	Core
School Staff	School Gateway activation date	This is the date the staff member activated and first logged into the School Gateway portal.	Core
School Staff	School Gateway app status	Identifies whether a staff member is logged into the School Gateway mobile application.	Core
School Staff	Surname	This is the staff member’s surname.	Core
School Staff	Title	This is the staff member’s title (Mr, Mrs, Ms, etc.).	Core
Website Access	Browser Type and Version	The type of Web Browser your device is using	Core
Website Access	Cookies	Special records in your browser to help the website operate	Core
Website Access	IP Address	The network address of your device or internet connection	Core
Website Access	Web Analytics	Generalised information about browsing behaviour and page statistics	Core
Data Subject (Who)	Data Category (What)	Description	Cypad
Student	Forename	This is the forename of the pupil.	Cypad
Student	Surname	This is the surname of the pupil.	Cypad
Student	DOB	This is the date of birth of the pupil.	Cypad
Student	Year	The year the pupil is in	Cypad
Student	Class	The name of the pupil’s registration class	Cypad
Student	Site	The site that the pupil attends	Cypad
Student	Meal Selections and spend history	This is a history of a pupil’s meal selections and spends for school meals or non-meal-related items.	Cypad
Student	Diet Types	This is the pupil’s special dietary requirements	Cypad
Student	Allergens	This is what the pupil is allergic to	Cypad
Student	Meals consumed	For parents to view meals taken	Cypad
Parent / Contact	Parent Name	This is the parents’ full name.	Cypad
Parent / Contact	Username	Username for authentication	Cypad
Parent / Contact	Email	This is the parents’ email address.	Cypad
Parent / Contact	Address1	The first line of the address	Cypad
Parent / Contact	Address2	The second line of the address	Cypad
Parent / Contact	City	The city / town entered as the parents’ city.	Cypad
Parent / Contact	Postcode	The text entered as the parents’ post code.	Cypad
Parent / Contact	Home Telephone	The parents’ home telephone number.	Cypad
Parent / Contact	Mobile Telephone	This is the parents’ mobile telephone number.	Cypad
Parent / Contact	Pupils associated with the adult	The pupil(s) who relate(s) to the parent	Cypad
Parent / Contact	Meal Selections and transaction history	This is the parents’ history of payment transactions, including reversals, refunds and withdrawals of funds.	Cypad
Catering Staff	Name	This is the staff member’s full name.	Cypad
Catering Staff	Address	The staff member’s address	Cypad
Catering Staff	Phone Number	The staff member’s contact number	Cypad
Catering Staff	Email	The staff member’s contact email	Cypad
Catering Staff	Payroll Number	The staff member’s payroll number	Cypad
Catering Staff	Employee Number	The staff member’s employee number	Cypad
Catering Staff	Timesheet Number	The staff member’s timesheet number	Cypad
Catering Staff	Workbook Number	The staff member’s workbook number	Cypad
Catering Staff	Position	The staff member’s level of authority	Cypad
Catering Staff	Qualifications	The staff member’s qualifications	Cypad
Catering Staff	DOB	The staff member’s date of birth	Cypad
Catering Staff	NI Number	The staff member’s National Insurance number	Cypad
Catering Staff	DBS Number & Expiry Date	The staff member’s DBS clearance information	Cypad
Catering Staff	Rate of Pay	How much the staff member is earning	Cypad
Catering Staff	Contract hours	The staff member’s contract hours	Cypad
Catering Staff	Employment start & end date	When the staff member’s employment started and finished	Cypad
Catering Staff	Emergency contact name	The staff member’s emergency contact	Cypad
Catering Staff	Emergency contact relationship	How the emergency contact relates to the staff member	Cypad
Catering Staff	Emergency contact phone number	The contact number of the emergency contact	Cypad
Website Access	IP Address	The network address of your device or internet connection	Cypad
Website Access	Browser Type and Version	The type of Web Browser your device is using	Cypad
Website Access	Cookies	Special records in your browser to help the website operate	Cypad
Website Access	Web Analytics	Generalised information about browsing behaviour and page statistics	Cypad

Schedule 2: Purpose for Processing

To provide payment collection, payment processing, parent communication and management information systems and services for the education market in the form of the PPL Products and Services.

Schedule 3: Security Measures

As of the Effective Date of this DP Agreement, when Processing Personal Data on behalf of Data Controller in connection with the Service, Data Processor shall implement and maintain the following technical and organizational security measures for the Processing of such Personal Data (“Security Measures”):

Physical Access Controls: Data Processor shall take reasonable measures to prevent physical access, such as security personnel and secured buildings and factory premises, to prevent unauthorised persons from gaining access to Personal Data, or ensure Third Parties operating data centres on its behalf are adhering to such controls.
System Access Controls: Data Processor shall take reasonable measures to prevent Personal Data from being used without authorisation. These controls shall vary based on the nature of the Processing undertaken and may include, among other controls: authentication via passwords; two-factor authentication; documented authorisation processes; documented change management processes; and/or, logging of access on several levels.
Data Access Controls: Data Processor shall take reasonable measures to provide that: Personal Data is accessible and manageable only by properly authorised staff; direct database query access is restricted; application access rights are established and enforced to ensure that persons entitled to use a data processing system only have access to the Personal Data to which they have privilege of access; and, that Personal Data cannot be read, copied, modified or removed without authorisation in the course of
Transmission Controls: Data Processor shall take reasonable measures to ensure that it is possible to check and establish to which entities the transfer of Personal Data by means of data transmission facilities is envisaged so Data cannot be read, copied, modified or removed without authorisation during electronic transmission or transport.
Input Controls: Data Processor shall take reasonable measures to provide that it is possible to check and establish whether and by whom Data has been entered into, modified or removed from data processing systems. Data Processor shall take reasonable measures to ensure that (i) the Personal Data source is under the control of Data Controller; and (ii) Personal Data integrated into the Service is managed by secured transmission from Data Controller.
Data Backup: Back-ups of the databases in the Service are taken on a regular basis, are secured, and encrypted to ensure that Personal Data is protected against accidental destruction or loss when hosted by Data Processor.
Data Security: Where appropriate and reasonable, Data Processor should make use of accepted Data Security controls including but not limited to encryption, pseudonymisation and anonymisation.
Logical Separation: Data from different Data Processor’s Customers is logically segregated on Data Processor’s systems to ensure that Personal Data that is collected for different purposes may be Processed separately.
Network Security Controls: Data Processor shall implement appropriate network security controls based on risk assessment as it relates to Data Protection; commonly including Firewalls, Anti-Malware and system logging.
Security Testing and Assurance: Data processor shall establish mechanisms for testing and assessing the effectiveness of technical or organisational measures used for establishing Information Security.

Made with by HeadRed.net