What are the definitions used in the Terms and Conditions?

Key definitions include: Captured Data (data collected via Hardware and analyzed by Software), Hardware (equipment provided by Supplier), Software (software applications provided on SaaS basis), Service (provision of Hardware and Software for data collection and analysis), Subscription Term (period for which Service is purchased), and Warranty Period (applicable warranty period stated in Order Form).

What are the Supplier's roles and obligations?

The Supplier is obligated to provide the Service throughout the Subscription Term, ensure Service availability 24/7 with exceptions for planned maintenance, and deliver Hardware within six weeks from the Order Form date unless otherwise agreed in writing.

What support services are provided?

The Supplier provides support via telephone and email during Normal Business Hours for remedying Hardware Defects, providing bug fixes and patches, online troubleshooting, and advice on Service use. Charges may apply if defects are determined to be caused by Customer fault or negligence.

What are the Customer's obligations?

Customers must use the Service in accordance with the Contract and Documentation, prevent unauthorized access, inspect Hardware on delivery, install Hardware using a certified electrician, maintain Wi-Fi connection, not resell Hardware, and comply with acceptable use policies. Customers are prohibited from accessing, storing, or transmitting unlawful, harmful, or infringing material.

How are charges and payments handled?

Charges are set out in the Order Form. The Subscription Term starts on the earlier of the measurable.energy Socket Deployment Date or four weeks from Hardware delivery. Charges are invoiced when Hardware is shipped and due within 30 days. Late payments accrue interest at 4% per month or maximum legal rate. All amounts are non-cancellable and non-refundable, exclusive of VAT.

Who owns the intellectual property rights?

The Supplier and/or its licensors own all Intellectual Property Rights in the Service and Documentation. The Customer owns all rights to Reports. The Supplier owns all rights to Captured Data. The Customer receives a royalty-free, perpetual, irrevocable license to use Captured Data in Reports.

What warranties are provided?

The Supplier warrants that during the Warranty Period, the Service will perform materially in accordance with Documentation. Exclusive remedies for breach include repair, replacement of defective Hardware, or termination and refund. The Supplier does not warrant uninterrupted or error-free use and excludes all implied warranties to the maximum extent permitted by law.

What are the limitations of liability?

The Supplier is not liable for loss of profits, business, data corruption, or consequential losses. Total aggregate liability is limited to total fees paid in the twelve months preceding the first incident. Nothing excludes liability for death, personal injury caused by negligence, or fraud.

How can the Contract be terminated?

The Customer may terminate for convenience at any time but remains liable for outstanding sums. Either party may terminate upon 30 days written notice of uncured material breach or immediately if the other party becomes subject to insolvency proceedings. On termination, all licenses terminate, equipment must be returned, and the Customer may download Reports for up to 10 days.

What law governs the Terms and Conditions?

The Contract is governed by English law, and the courts of England have exclusive jurisdiction to settle any disputes arising out of or in connection with the Contract.

measurable.energy SaaS Terms and Conditions

Key terms and user obligations

Important notice to all users:

1. Definitions

Applicable Data Protection Laws:

To the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom which relates to the protection of personal data.
To the extent the EU GDPR applies, the law of the European Union or any member state of the European Union to which the Supplier is subject, which relates to the protection of personal data.

Business Day: a day other than a Saturday, Sunday or public holiday in England when banks in London are open for business.

Captured Data: data and information collected via the Hardware, any Customer and/or Nominated Customer(s) inputs, and analysed by the Software in the Service.

Captured Data Service: has the meaning set out in clause 4 of these Terms and Conditions.

Captured Datapool: the collective Captured Data from the Customer’s and Nominated Customer(s)’ use of the Services which is accessible to both Customer and Nominated Customer(s).

Confidential Information: all confidential information (however recorded or preserved) disclosed by a party or its Representatives to the other party and that party's Representatives in connection with this Contract, including but not limited to: (i) any information that would be regarded as confidential by a reasonable business person relating to the business, assets, affairs, customers, clients, suppliers, operations, processes, product information, know-how, designs, trade secrets or software of the disclosing party; and (ii) any information developed by the parties in the course of carrying out this Contract.

Contract: the applicable Order Form from time to time in force and these Terms and Conditions, including its Schedules, which together constitute the agreement between the Supplier and the Customer.

Customer: the customer stated as such in the applicable Order Form.

Data Processing Addendum: the data processing addendum attached at Schedule 1 to these Terms and Conditions.

Defect: an error in the Hardware that causes it to fail to operate substantially in accordance with the relevant Documentation and not caused due to any fault or negligence of the Customer, including where the Customer has used the Hardware other than in accordance with the Documentation or the written instructions of the Supplier.

Documentation: the operating manuals, user instructions, technical literature, and all other related materials in human-readable and/or machine-readable form supplied to the Customer by the Supplier for aiding the use and application of the Service.

Effective Date: the date of last signature of these Terms and Conditions.

EU GDPR: the General Data Protection Regulation ((EU) 2016/679).

Hardware: the equipment provided by the Supplier to the Customer as part of the Service and as set out in the applicable Order Form.

Install Date: the date stated as such in the applicable Order Form.

Intellectual Property Rights: all vested contingent and future intellectual property rights including but not limited to copyright, trade marks, service marks, design rights (whether registered or unregistered), patents, know-how, trade secrets, inventions, get-up, database rights and any applications for the protection or registration of these rights and all renewals and extensions thereof existing in any part of the world whether now known or in the future created.

Location: the location(s) at which the Hardware is to be installed as specified in the applicable Order Form.

Network Services: a service providing Wi-Fi Network for Hardware only.

Nominated Customer(s): any Customer subsidiary, affiliate, undertakings, regardless of legal personality, including ‘sites’ that access, use or process in any way Captured Data through the Supplier designated m.e Platform, including the Software, which acts as an access point for the Captured Datapool.

Normal Business Hours: the hours between 0900hrs and 1700hrs (London time, England) on a Business Day.

Order Form: the order form entered into between Customer and Supplier including any written addenda and supplements thereto agreed by the parties.

Order Form Effective Date: the date stated as such in the applicable Order Form.

Product Box: a shipping box that contains multiple Units.

Proposal: the proposal document, sent to, and accepted by, the Customer from the Supplier on the date stated in the Order Form in advance of the Contract.

Purpose: the purposes for which the Personal Data is processed, as set out in the Schedule 1 Data Processing Addendum.

Wi-Fi Network Information: the information to be provided by the Customer to the Supplier to allow the Supplier to configure the Hardware to connect to the Wi-Fi network.

Reports: reports on energy performance, energy cost, safety events, carbon emissions and other information produced through the Service using the Captured Data.

Representatives: in relation to a party, its employees, officers, directors, contractors, representatives and advisers, as well as Nominated Customer(s).

Service: the provision of the Hardware, and Software on a software as a service basis, for the collection and analysis of Captured Data and production of Reports.

Service Level Agreement or SLA: the service level agreement available on request.

Shipping Box: a shipping box that contains multiple Product Boxes.

Shipping Date: the date the Hardware is shipped from the Supplier’s factory or warehouse to the Site(s) as specified in the applicable Order Form.

Site(s): the location(s) at which the Hardware is to be installed as specified in the applicable Order Form and as designated on the Measurable platform.

Software: the software applications which are part of the Service and provided on a software as a service basis and all operating software which is loaded onto or accessed from the Hardware.

Subscription Term: the period of time for which the Service is purchased as indicated in the applicable Order Form, unless terminated earlier in accordance with the terms of the Contract.

Supplier or m.e: Measurable Ltd, a limited liability company (Company Number 11403660) having its registered office at 8th Floor Fountain House, 2 Queens Walk, Reading RG1 7QF.

Term: has the meaning set out in clause 16.1 of these Terms and Conditions.

UK GDPR: the EU GDPR as amended and adopted by English law by virtue of section 3 of the European Union (Withdrawal) Act 2018.

Unit: the Dual Gang (DG) Socket, Fused Connection Unit (FCU), Extension Lead (BB4 and TGX), Desktop Unit (TGU), and any other hardware product provided by the Supplier to the Customer as part of the Services.

Unit Subscription: each of the licences purchased by the Customer in relation to each Unit as set out in the applicable Order Form which entitle authorised users to access and use the Services and the Documentation in accordance with this Contract.

Warranty Period: the applicable warranty period stated in the applicable Order Form.

2. Supplier Obligations

The Supplier shall, during the Term, provide the Service to the Customer in accordance with the terms of the Contract.
Unless otherwise specified in an Order Form, the Supplier shall use commercially reasonable endeavours to make the Service available 24 hours a day, seven days a week. The Supplier shall not be responsible for any downtime, fault or failure in the Services caused or attributable to:
1. planned maintenance carried out during the hours of 2100hrs and 0500hrs (London time in England);
2. unscheduled maintenance performed outside of Normal Business Hours, provided that the Supplier has used reasonable endeavours to give the Customer at least twenty-four (24) hours’ notice in advance;
3. any circumstance which interrupts the Service caused directly or indirectly by the actions or the omissions of the Customer (including, but not limited to, failure to maintain an adequate Wi-Fi connection or failing to update the Customer’s browser settings to the latest version) contrary to the Documentation, the Contract or otherwise the written instructions from the Supplier;
4. any unavailability caused by a Force Majeure Event;
5. any installation of the Hardware has not been conducted by the Customer in accordance with the Documentation;
6. a fault or failure of the Customer, or the users, the Customer’s systems, software or networks;
7. delays caused by the Customer or its users;
8. any use of the Services in conjunction with another product or service not recommended by the Supplier;
9. any modifications or alterations of the Services by any party other than the Supplier;
10. any use of or access to the Services not in conformance with the Documentation or the Supplier’s reasonable instructions; or downtime caused by any breach by the Customer of the Contract.
The Supplier shall deliver the Hardware to the Customer within six weeks of the date of the Order Form, unless otherwise agreed in writing by the parties.
The Supplier shall not be responsible for any delays to deliver the Hardware to the Customer and to provide the Services caused by the Customer’s (its sub-contractors’ or suppliers’) actions or omissions or caused by reasons out of Supplier’s reasonable control.

3. Support Services

The Supplier will, as part of the Services and at no additional cost to the Customer, provide the Customer with Supplier’s standard support services during Normal Business Hours in accordance with the SLA, which may be amended from time to time.
The Supplier shall use reasonable endeavours to ensure that support is available by online Documentation, telephone and e-mail during Normal Business Hours to provide assistance to the Customer in respect of:
1. remedying Defects in the Hardware;
2. provision of bug fixes and patches and online troubleshooting for the Service; and
3. providing advice on the use of the Service.

Where the Supplier is required to attend Defects and, in the Supplier’s reasonable opinion, there is no Defect, or the Defect is due to fault or negligence of the Customer, including but not limited to breach by Customer of any of its obligations under the Contract and/or the Documentation, the Supplier shall charge Customer on a time and materials basis at its standard rates then applicable and Customer shall be liable for all associated costs and expenses such as travel, cost of replacement parts or spares, installation costs, which shall be invoiced to Customer by Supplier at cost.
Where the Customer suspects a Defect the Customer may engage a Warranty Return as set out in the Hardware Warranty in the applicable order form. Where the Customer has engaged a Warranty Return and, in the Supplier’s reasonable opinion, there is no Defect, or the Defect is due to fault or negligence of the Customer, including but not limited to breach by Customer of any of its obligations under the Contract and/or the Documentation, the Supplier shall charge Customer on a time and materials basis at its standard rates then applicable and Customer shall be liable for all associated costs and expenses such as travel, cost of replacement parts or spares, and installation costs, which shall be invoiced to Customer by Supplier at cost.

‍

4. Captured Data Service

The Supplier will, as part of the Services, if necessary, and at no additional cost to the Customer, provide the Customer and its authorised Nominated Customer(s) access to a Captured Datapool for the purposes of data analytics, as further described below.
For the purpose of this clause 4, the Supplier shall create Nominated Customer accounts in the Software on the Supplier designated m.e Platform accessible to the Nominated Customer(s), as part of or in addition to the Customer’s main account (“Nominated Customer Account(s)”).
The Customer shall be responsible for the Nominated Customer Account(s) and shall use commercially reasonable efforts to prevent unauthorised access to or use of the Nominated Customer Account(s) by any of the Nominated Customer(s) and ensure that any Nominated Customer(s) that has access to a Nominated Customer Account accesses and uses the account in a proper manner and in accordance with this Contract, the Documentation and/or the Supplier’s reasonable instructions.
The Nominated Customer Account(s) will allow the Customer and authorised Nominated Customer(s) to:
1. access the Captured Datapool;
2. use the Captured Datapool to generate data analytics Reports; and
3. use additional listed actions and capabilities as listed in Schedule 2.

Subject to clause 2, the Supplier shall use commercially reasonable endeavours to make the Nominated Customer Account Service and the access to the Captured Datapool as described in this clause 4 available to the Customer and the authorised Nominated Customer(s) in accordance with the terms of the Service in this Contract.
The Customer will comply, and shall take all reasonable steps to ensure that any Nominated Customer(s) will comply) with any Applicable Data Protection Laws, including but not limited to, those which relate to the access to and use of the Nominated Customer Account Service. To the extent that Customer and/or Nominated Customer(s) have access to or otherwise process the personal data as part of the Nominated Customer Account Service, Customer agrees to comply with (and shall take all reasonable steps to ensure that any Nominated Customer(s) comply with) clause 14 and the Data Processing Addendum attached hereto.
For the purposes of clause 4.6, the Customer is responsible for, and affirms to the Supplier that it has validly entered into either a:
1. intra-group personal data sharing and transfer agreement with its subsidiaries, affiliates and/or any undertakings affiliated to it, that governs the access to and use of the data in the Nominated Customer Account(s) by any Nominated Customer(s); or
2. a data sharing agreement (either as separate controllers, joint controllers, or controller to processor) that governs the access to and use of the data in the Nominated Customer Account(s) by any Nominated Customer(s).
The Customer acknowledges that the Supplier will only provide the Nominated Customer Account(s) Service to the Nominated Customer(s) under this clause 4, with access to the Captured Datapool, for the duration of this Contract, in accordance with clause 16, and up until six (6) months following the termination of the last agreement or arrangement between the Customer and any authorised Nominated Customer(s) that has access to and uses the Nominated Customer Account(s) Service. For the avoidance of doubt, the term of the Nominated Customer Account(s) Service might end before the end of the Subscription Term.

5. Customer Obligations

The Customer shall:
1. Use, and ensure that any persons it authorises to use the Service (as permitted by the Contract) including use of the Hardware and Software, uses the Service only in accordance with the Contract and the Documentation and applicable laws and government regulations with respect to its activities under the Contract;
2. comply with this Contract and with the Supplier Acceptable Use Policy available on the Supplier website (as such may be updated by the Supplier from time to time);
3. use commercially reasonable efforts to prevent unauthorised access to or use of the Service, and shall notify the Supplier promptly of any such unauthorised access or use;
4. inspect the Hardware on delivery and notify the Supplier immediately in writing of any Defects;
5. be responsible for installing the Hardware at the Location using a certified electrician unless otherwise agreed with the Supplier;
6. use the Hardware in a proper manner and in accordance with the Documentation and shall ensure that its staff, or such other persons authorised by Customer and by the Supplier to use the Hardware, are properly trained to supervise the use of the Hardware;
7. not, without Supplier’s prior written approval, allow any person other than a representative of the Supplier to modify, repair or maintain any part of the Hardware;
8. not resell all or any part of the Hardware to any third-party;
9. where the Hardware is on loan:
  - not transfer, sell, assign, sub-licence, pledge or otherwise dispose of, encumber or suffer a lien or encumbrance upon or against any interest in the Hardware;
  - insure the Hardware for its full replacement value for the duration of the loan period;
  - notify the Supplier in writing immediately of any loss of or damage to the Hardware; and
  - indemnify the Supplier against any loss or damage to the Hardware while in the possession of the Customer, ordinary wear and tear excepted;
10. ensure that its Wi-Fi connection is maintained in such manner as required in the Documentation to allow any Updates;
11. be solely responsible for procuring and maintaining its Wi-Fi network connections and telecommunications links from Customer systems to the Service and the Supplier’s data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Customer's network connections or telecommunications links or caused by the internet.
12. Not exceed reasonable use of the Supplier provided API and Webhooks defined, and updated from time to time, in online Documentation found at: https://support.measurable.energy/knowledge/apis-webhooks
The Customer may, from time to time during any Subscription Term, purchase additional Unit Subscriptions in excess of the number set out in the applicable Order Form. If the Customer wishes to purchase additional Unit Subscriptions, the Customer shall notify the Supplier in writing. If the Supplier approves the Customer's request to purchase additional Unit Subscriptions, the Customer shall, within thirty (30) days of the date of the Supplier's invoice, pay to the Supplier the relevant fees for such additional Unit Subscriptions and, if such additional Unit Subscriptions are purchased by the Customer part way through the Subscription Term or any Renewal Period (as applicable), such fees shall be pro-rated from the date of activation by the Supplier for the remainder of the Subscription Term or then current Renewal Period (as applicable).
The Customer shall not access, store, distribute or transmit any viruses, or any material during the course of its use of the Service that:
- is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;
- facilitates illegal activity;
- depicts sexually explicit images;
- promotes unlawful violence;
- is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability, or any other illegal activity; or
- activity; or
  causes damage or injury to any person or property.
The Customer shall not, except as may be allowed by any Applicable Laws which is incapable of exclusion by agreement between the parties:
1. attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Hardware, Software and/or Documentation (as applicable) in any form or media or by any means;
2. attempt to reverse compile, disassemble, reverse engineer, or otherwise reduce to human-perceivable form all or any part of the Hardware or Software;
3. access all or any part of the Service and Documentation in order to build a product or service which competes with the Service and/or the Documentation;
4. use the Service and/or Documentation to provide services to third parties;
5. license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Service and/or Documentation available to any third party; or
6. attempt to obtain, or assist third parties in obtaining, access to the Service and/or Documentation, other than as provided under the Contract.
In the event of the Customer’s use of any Service in breach of this clause 5 or any other provision of the Contract, the Documentation or applicable Order Form, without prejudice to any other rights and remedies including the right to terminate the Contract, Supplier may suspend the Service without liability until Customer remedies the breach and, if such breach is not capable of remedy (in the reasonable opinion of the Supplier) or such breach continues for more than 10 Business Days, immediately terminate the Contract without liability.
Subject to the Supplier complying with reasonable applicable policies of the Customer, as notified to the Supplier from time to time, the Customer shall allow the Supplier's personnel such access to the Location during Normal Business Hours as is reasonably necessary for the Supplier to carry out its obligations to the Customer pursuant to the Contract. The Customer shall provide to the Supplier all permissions necessary to obtain such access.

6. Updates

The Customer acknowledges that:
1. the Supplier may update the Hardware and/or the Software from time to time by providing (bug) fixes or modifications, introduce new features or functionality, change or discontinue (temporarily or permanently) any feature or functionality, component or content, impose limits on certain features or restrict access to parts or all of the Service (together the “Updates”);
2. the Updates may cause older Hardware, Software configurations or setups to no longer work, and the Customer may be required to upgrade or change the Hardware, Software configurations or setups in order to continue using the Service; and
3. the Updates will occur automatically without additional notice or receiving any additional consent from the Customer.
The Customer hereby consents to the Supplier installing the Updates. The Customer’s failure to allow installation of any Updates may expose the Customer to security risks and may affect the Supplier’s ability to properly provide the Service and, in such event, the Supplier shall not be liable to the Customer for any liability or loss that the Customer may incur as a result.

7. Title and Risk

Risk in the Hardware shall pass to the Customer on delivery.
Notwithstanding the delivery and passing of risk in the Hardware or any other provision of the Contract, the legal and beneficial property and title in the Hardware shall remain with the Supplier and shall not pass to the Customer until all sums due from the Customer to the Supplier for the Service have been paid in full to the Supplier in cleared funds.
The Customer may not use the Hardware in any manner until the Supplier receives payment for the Service (and all other outstanding sums under the Contract) in full in cleared funds.
Until such time as the legal ownership in the Hardware passes to the Customer, the Supplier may at any time during Normal Business Hours enter the Location (or any other location where the Hardware is located) and remove the Hardware therefrom and the Customer irrevocably permits the Supplier access to such Location to do so. The Customer shall indemnify the Supplier on a full indemnity basis against all loss, damage, costs or expenses so arising including loss, damage, costs or expenses in respect of third party claims.
No provision of the Contract shall prejudice the Supplier's right to exercise any alternative remedies whatsoever in default of payment by the Customer or any other breach.

8. Returns

Customer may return Units within thirty (30) days of receipt.
If Customer chooses to return Units, it shall ship the Units back to the Supplier at the Customer’s own cost.
Units shall be shipped back to Supplier in their undamaged and unopened original Product Box. Supplier may accept returns of opened Shipping Boxes if the Product Boxes are undamaged and unopened.
Subject to clause 8.1, 8.2 and 8.3, Supplier shall refund to Customer the price of the Units that have been returned and of the associated software. Refunds will be processed within thirty (30) days from receipt of the Units in their undamaged and unopened original packaging.
Supplier’s up to date Returns Process policy may be updated from time to time, and can be found at: https://support.measurable.energy/knowledge/returns-process

9. Installation

The Customer hereby agrees that they will, on reasonable notice of at least two (2) Business Days, allow the Supplier employees, agents and/or subcontractors reasonable access to all necessary and relevant areas of the Location during Normal Business Hours to perform:
1. any part of the Service, including installation of the Hardware;
2. any other additional or follow-up works related to the Services or as set out under the Contract that the Supplier may be required to undertake from time-to-time at the Location in order to fulfil its obligations under the Contract, and charge such fees as set out in the applicable Order Form, or as otherwise agreed in writing between the parties, in respect of such matters.
The Customer further agrees that it will allow the Supplier’s employees, agents and/or subcontractors access to the Location during Normal Business Hours in the event of an emergency, to complete any necessary works, to remove any Hardware, or where there is danger to any of the Customer’s personnel at the Location, and others property, or where any statutory rights are being enforced.
If the Supplier’s employees, agents and/or subcontractors are unable to access the Location pursuant to clauses 9.1 or 9.2, then the Supplier shall incur no liability to you for any losses, costs and/or other expenses the Customer may incur as a result.
The Customer shall ensure that the Location is a clean and safe environment and that the Supplier’s employees, agents and/or subcontractors can provide any Service safely.
The Customer agrees that the Supplier shall have no liability to the Customer for any damage caused to the Location other than in the event of the wilful misconduct of the Supplier’s employees, agents and/or subcontractors, as applicable.
The Customer shall ensure the wiring of circuits where the installation occurs is in line with the most recent version and amendment of BS 7671. If an installation is unable to be completed, or delayed, due to wiring not in line the requirements of BS 7671 and amendments relevant at the time of installation, the Supplier shall charge Customer on a time and materials basis at its standard rates then applicable and the Customer shall be liable for all associated costs and expenses, such as travel, time, accommodation, and cost of additional parts or spares, which shall be invoiced to Customer by Supplier at cost.
The Customer agrees that it will inform all parties impacted by the installation, with any queries or concerns answered, prior to the installation. If an installation is unable to be completed, or delayed, due to the Customer not informing affected parties, the Supplier shall charge Customer on a time and materials basis at its standard rates then applicable and the Customer shall be liable for all associated costs and expenses, such as travel, time, accommodation, and cost of additional parts or spares, which shall be invoiced to Customer by Supplier at cost.
Where Network Services are purchased and installation of the service requires time and materials further than those included within the purchase, the Supplier shall charge Customer on a time and materials basis at its standard rates then applicable agreed in writing between the parties, in respect to such matters.

10. Charges and Payment

The charges for the Service ordered are set out the applicable Order Form and the Customer is responsible for paying all charges as set out in the applicable Order Form.
The Subscription Term shall start twenty-eight (28) days from the Shipping Date or such other date that the parties may agree in writing.
Charges will be invoiced at the time that the Hardware is shipped to the Customer and are due thirty (30) days from the date of the invoice, unless otherwise specified in the applicable Order Form.
The Customer is responsible for providing complete and accurate billing and contact information to the Supplier and for notifying the Supplier of any changes to such information.
If the Supplier has not received payment within thirty (30) days after the due date, unless the Customer is disputing the applicable charges reasonably and in good faith and is cooperating diligently to resolve the dispute, without prejudice to any other rights and remedies it may have, the Supplier:
1. may, without liability to the Customer, suspend access to the Service while any sum remains unpaid; and
2. interest shall accrue on such due amounts at an annual rate equal to 4% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower.

All amounts and fees stated or referred to in the Contract:
1. shall be payable in the currency stated in the applicable Order Form;
2. are, subject to clause 16.2, non-cancellable and non-refundable;
3. are exclusive of value added tax, which shall be added to the Order Form(s) at the appropriate rate.

Except for pricing that is designated as promotional or one time in the applicable Order Form, on renewal of a Subscription Term in accordance with clause 16.1, the Supplier shall be entitled to increase the charges for the Service by such sums as the Supplier shall notify the Customer in writing thirty (30) days before the increase takes effect. Charges that were designated as promotional or one time in the applicable Order Form shall be subject to an increase on renewal of the Subscription Term.
For new product features in relation to the Service, the Supplier shall be entitled to increase the charges for the Service by such sums as the Supplier shall notify the Customer in writing thirty (30) days before the increase takes effect.
The Supplier shall be entitled to increase the charges for the Service at the start of each calendar year in line with the UK Consumer Price Index fluctuations upon ninety (90) days’ prior notice to the Customer and any Order Form that is in force shall be deemed to have been amended accordingly.

11. Proprietary rights and Licence

The Customer acknowledges and agrees that the Supplier and/or its licensors have legal and beneficial ownership of all Intellectual Property Rights in the Service and the Documentation. Except as expressly stated herein, the Contract does not grant the Customer any rights to, or in, patents, copyrights, database rights, trade secrets, trade names, trade marks (whether registered or unregistered), or any other rights or licences in respect of the Service or the Documentation.
Subject to the Customer purchasing the Services by entering into an Order Form with the Supplier and to the terms and conditions of the Contract, the Supplier hereby grants to the Customer a non-exclusive, non-transferable right and licence, without the right to grant sublicences, to permit the authorised users to access and use the Services and the Documentation during the Subscription Term solely for the Customer's internal business operations.
The Customer shall own all rights, title and interest in the Reports. The Supplier grants to Customer a royalty free, perpetual, irrevocable licence to use the Captured Data in the Reports for the purpose of making full use of the Reports.
The Supplier shall own all rights, title and interest in and to all of the Captured Data.
In the event of any loss or damage to Captured Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Captured Data from the latest back-up of such Captured Data maintained by the Supplier in accordance with its archiving procedure. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Captured Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Captured Data maintenance and back-up).

12. Technical Assistance

Once the Order Form has been signed by the Parties the Customer shall deliver the Wi-Fi Network Information to the Supplier. If the Customer:
1. provides the Wi-Fi Network Information, to the reasonable satisfaction of the Supplier and within such period as communicated by the Supplier to the Customer, the Hardware will be delivered by the Supplier to the Customer configured to the Wi-Fi conditions of the Customer provided by the Customer to the Supplier in accordance with Supplier reasonable requests;
2. fails to complete the Wi-Fi Network Information, to the reasonable satisfaction of the Supplier or within such period as communicated by the Supplier to the Customer, the Hardware will be securely delivered by the Supplier to the Customer with a preset Wi-Fi SSID and password; or
3. agrees a bespoke agreement with the Supplier regarding the Wi-Fi Network Information, prior to the signing of the Order Form, the Hardware will be delivered by the Supplier to the Customer configured to the Wi-Fi conditions agreed in the bespoke agreement.
If the Customer requests technical assistance to:
1. map out Units at the Location and set up the Hardware and Software, the Supplier shall charge the daily fee set out in the Order Form for such services;
2. assist with issues relating to Wi-Fi connection of the Hardware the Supplier shall:
  1. not charge the Customer for visits of the Supplier’s technical staff that last less than one hour;
  2. charge the Customer for visits of the Supplier’s technical staff that last more than one hour at the hourly rate set out in the Order Form, as such rate may be varied pursuant to clause 10.8 unless:
    1. otherwise agreed in writing by the parties; or
    2. the issue is due to fault of the Supplier and, in such event, the Customer shall not be liable to pay any charges to the Supplier and any charges already paid by the Customer in respect of such fault shall be refunded to the Customer.

13. Warranties

Subject to clause 14.3, the Supplier warrants that during the Warranty Period the Service will perform materially in accordance with the applicable Documentation. For any breach of this warranty above, Customer’s exclusive remedies are repair of Defects or replacement of defective Hardware, or termination in accordance with clause 16 and refund in accordance with clause 16.3(c).
The warranty in clause 13.1 shall not apply to the extent of any non-conformance which is caused by a Force Majeure Event, use of the Service contrary to the Documentation, the Contract or the Supplier's instructions, or modification or alteration of the Service by any party other than the Supplier or the Supplier's duly authorised contractors or agents, including but not limited to failure by Customer to comply with the obligations set out in clause 5.
The Supplier:
1. does not warrant that the Customer's use of the Service will be uninterrupted or error-free; nor that the Service, Documentation and/or the information obtained by the Customer through the Service including in Reports will meet the Customer's requirements;
2. is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the Service and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities;
3. shall in no event be liable for unavailability, inaccuracies, incompleteness or errors in the Captured Data or results provided through the Service; and
4. shall not be liable for any failure to meet its obligations under this Contract to the extent that such failure arises from a failure of the Customer to meet any of its obligations arising under this Contract or otherwise.
Except as expressly provided herein, each party expressly excludes all warranties, representations, terms, conditions or other commitments of any kind, whether express or implied, statutory or otherwise, and each party specifically disclaims all implied warranties, including (without limitation) any warranties, representations, terms, conditions or other commitments of merchantability or fitness for a particular purpose or of satisfactory quality or of reasonable skill and care, in each case, to the maximum extent permitted by applicable law.
Except as expressly provided in this Contract, the Services and the Documentation are provided to the Customer on an “as is” basis.
Each party disclaims all liability and indemnification obligations for any harm, damages or other liability caused by any third-party hosting providers.
Except for normal wear and tear, the Customer will be responsible for any damage to any Hardware while in its possession irrespective of how such damage occurs.

14. Limitation of Liability

This clause 14 sets out the entire financial liability of the Supplier (including any liability for the acts or omissions of its employees, agents and sub-contractors) to the Customer in respect of:
1. any breach of the Contract;
2. any use made by the Customer of the Service and Documentation or any part of them; and
3. any representation, statement or tortious act or omission (including negligence) arising under or in connection with the Contract.
Nothing in the Contract excludes the liability of the Supplier:
1. for death or personal injury caused by the Supplier's negligence; or
2. for fraud or fraudulent misrepresentation.
Subject to clause 14.2:
1. the Supplier shall not be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for any loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, or for any special, indirect, or consequential loss, costs, damages, charges or expenses however arising under the Contract;
2. the Supplier shall have no liability to the Customer in the event of any Defect or any delay to the Service caused by the Customer exceeding a rating of 13 amps in respect of any Hardware;
3. the Supplier shall have no liability to the Customer in the event of any delay to the Service caused by the Customer failing to grant the Supplier access to the Customer’s Wi-Fi in the manner reasonably proposed by the Supplier;
4. the Supplier's total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of the Contract shall be limited to the total fees paid hereunder for the Service giving rise to the liability in the twelve months preceding the first incident out of which the liability arose.
The Customer shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on any statement in the Contract or any document expressly referred to in it.
In the event of any Defect, the Supplier’s liability (if any) shall be limited, at its sole discretion, to:
1. replacing the Hardware;
2. rectifying such defects at its own expense; or
3. granting the Customer a full or partial refund for the appropriate part of the charges paid by the Customer,
completion of which shall mean the Supplier shall have no further liability to the Customer in respect of such Hardware.

15. Confidentiality and Data Processing

Each party may be given access to Confidential Information from the other party in order to perform its obligations under the Contract. A party's Confidential Information shall not be deemed to include information that:
1. is or becomes publicly known other than through any act or omission of the receiving party;
2. was in the other party's lawful possession before the disclosure;
3. is lawfully disclosed to the receiving party by a third party without restriction on disclosure; or
4. is independently developed by the receiving party, which independent development can be shown by written evidence.
Each party will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but not less than reasonable care) to (i) not use any Confidential Information of the other party for any purpose outside the scope of the Contract and (ii) except as otherwise authorized by the other party in writing, limit access to Confidential Information of the other party to those of its employees and contractors who need that access for purposes consistent with the Contract and who have signed confidentiality agreements containing protections not materially less protective of the Confidential Information than those herein.
A party may disclose Confidential Information of the other party to the extent compelled by law to do so, provided the party called on to make the compelled disclosure gives the other party prior notice of the compelled disclosure (to the extent legally permitted) and reasonable assistance, at the other party’s cost, if the other party wishes to contest the disclosure.
Once the Services have been completed, each party shall return to the other any Confidential Information in its possession or those of its employees, or destroy it at the other party’s express request and in the manner established by the latter, irrespective of the means in which this information is registered.

Data Protection

For the purposes of this clause 15.5, the terms controller, processor, data subject, personal data, personal data breach and processing shall have the meaning given to them in the EU GDPR and/or the UK GPDR, as applicable.
To the extent that there is personal data in the Captured Data and/or Captured Datapool, or Personal Data is otherwise collected and processed as part of the Service or in the context of the Contract and any Order Forms, the parties agree to comply with the terms of the Data Processing Addendum attached hereto as Schedule 1.
Both parties will comply with all applicable requirements of the Applicable Data Protection Laws and Customer shall take all reasonable steps to ensure that any Nominated Customer that has access to Personal Data is subject to a written undertaking as to compliance with Applicable Data Protection Laws as may be further specified by the Supplier. This clause 15.5-15.14 is in addition to, and does not relieve, remove or replace a party’s obligations or rights under the Applicable Data Protection Laws.
Should the determination as to the personal data controllership or processing obligations change over the term of the Contract, then each party shall work together in good faith to make any changes which are necessary to these clauses 15.5-15.14 or the related schedules.
By entering into this Contract, the Customer consents to (and shall procure all required consents, from its personnel, representatives and agents, and Nominated Customer(s) and its personnel, representatives and agents, in respect of) all actions taken by the Supplier in connection with the processing of personal data, provided these are in compliance with the then-current version of the Supplier's DPA available in Schedule 1. In the event of any inconsistency or conflict between the terms of the DPA and this Contract, the DPA will take precedence.
Without prejudice to the generality of clause 15.10, the Customer will ensure that it has all necessary appropriate consents and notices in place (and shall take all reasonable steps to ensure that any Nominated Customer(s) has such consents and notices in place, including by means of a written undertaking as may be further specified by the Supplier) to enable lawful transfer of Personal Data to the Supplier and lawful collection of the same by the Supplier for the duration and purposes of this Contract.
The Customer hereby provides its prior, general authorisation for the Supplier to:
1. appoint subprocessors to process the personal data for which the Supplier is a processor for, provided that the Supplier:
  1. shall ensure that the terms on which it appoints such subprocessors comply with Applicable Data Protection Laws, and are consistent with the obligations imposed on the Supplier in this clause 15.5-15.14 and the Data Processing Addendum;
  2. shall remain responsible for the acts and omission of any such subprocessor as if they were the acts and omissions of the Supplier; and
2. transfer personal data outside of the UK as required for the Purpose, provided that the Supplier shall ensure that all such transfers are effected in accordance with Applicable Data Protection Laws.
This clause 15 shall survive termination of the Contract, however arising.
Subject to clause 14.2, and in addition to the provisions set out in clauses 14.1, 14.3, 14.4 and 14.5 and notwithstanding any other terms of this Contract, the Supplier's total aggregate liability in contract, tort (including negligence and breach of statutory duty howsoever arising), misrepresentation (whether innocent or negligent), restitution or otherwise, arising in connection with the performance or contemplated performance of this Contract or any collateral contract insofar as it relates to the obligations set out in these clauses 15.5-15.14, or Applicable Data Protection Laws shall be limited to two million GBP (£2,000,000).
For the avoidance of doubt, the Supplier shall not be liable for any breach of the Applicable Data Protection Laws or any failure to meet its obligations under the Applicable Data Protection Laws, to the extent that such breach or failure arises from intentional or negligent infringement by the Customer and/or any of its Nominated Customer(s) of the Applicable Data Protection Laws or otherwise, and the Supplier is not in any way responsible for the event.

16. Term and Termination

The Contract shall, unless otherwise terminated as provided in this Clause 16, commence on the Effective Date and shall continue for the Subscription Term and, thereafter, the Contract shall be automatically renewed for successive periods of the same length of the Subscription Term months (each a “Renewal Period”), unless:
1. either party notifies the other party of termination, in writing, at least sixty (60) days before the end of the Subscription Term or any Renewal Period, in which case the Contract shall terminate upon the expiry of the applicable Subscription Term or Renewal Period; or
2. otherwise terminated in accordance with the provisions of this Contract.
Subscription Term together with any subsequent Renewal Periods shall constitute the “Term”.
The Customer may terminate the Contract for convenience at any time provided that in such event, the Customer remains liable to pay the Supplier for any outstanding sums in respect of the Service. In such event the Supplier shall have the sole discretion to refund none, all or any part of the charges paid by the Customer on return of the Hardware in reasonable condition to the Supplier (at the Customer’s sole cost and responsibility).
Without prejudice to any other rights or remedies to which the parties may be entitled, either party may terminate the Contract without liability to the other:
1. upon thirty (30) days written notice to the other party of a material breach if such breach remains uncured at the expiration of such period; or
2. immediately on written notice if the other party becomes the subject of a petition in bankruptcy or any other proceeding (whether voluntary or involuntary), relating to insolvency, administration, receivership, administrative receivership, liquidation or assignment for the benefit of creditors or takes or suffers any similar or analogous procedure, action or event in consequence of debt in any jurisdiction.
On termination of the Contract for any reason:
1. all licences granted under the Contract and the right to use the Service shall immediately terminate and the Customer shall immediately cease all use of the Services and/or the Documentation;
2. each party shall return and make no further use of any equipment (including Hardware), property, Documentation and other items (and all copies of them) belonging to the other party;
3. the Supplier will refund Customer any prepaid fees covering the remainder of the Subscription Term of all Order Forms after the effective date of termination where Customer has terminated pursuant to clause 16.3;
4. the Customer may download the Reports for a period up to ten (10) days after the effective date of the termination of the Contract, provided that the Customer has, at that time, paid all fees and charges outstanding at and resulting from termination (whether or not due at the date of termination). Captured Data will be available for twenty four (24) months following the date of termination and Customer may request Supplier to generate Reports during this period subject to additional charges. Supplier reserves the right to charge a fee for generating additional Reports in this period following termination. Twenty four (24) months after termination the Captured Data will be anonymised, and further full Reports will not be able to be generated; and
5. the accrued rights of the parties as at termination, or the continuation after termination of any provision expressly stated to survive or implicitly surviving termination, shall not be affected or prejudiced. In no event will termination relieve Customer of its obligation to pay any fees payable to Supplier for the period prior to the effective date of termination.

17. General

Assignment. The Customer shall not assign, transfer, declare a trust in respect of or otherwise dispose of any of its rights under the Contract without the prior consent in writing of the Supplier. The Supplier shall be entitled to assign or subcontract any or all of its rights and obligations under the Contract to such person or corporate entity that it chooses.
Force Majeure. The Supplier shall have no liability to the Customer under the Contract if it is prevented from or delayed in performing its obligations under the Contract, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes (whether involving the workforce of the Supplier or any other party), failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm default of suppliers or sub-contractors, internet service provider failure or delay or any denial of service attack, or any third-party application (each a “Force Majeure Event”), provided that the Customer is notified of such an event.
Notices. Any notice required to be given under the Contract shall be in writing and shall be delivered by hand or sent by pre-paid first-class post or recorded delivery post to the other party at its address set out in the Contract, or such other address as may have been notified by that party for such purposes or sent by email save that formal legal notices will also be sent by post. Order Forms and billing notices shall be sent by email to the address given for such purposes by the Customer in the Order Form.
A notice delivered by hand shall be deemed to have been received when delivered (or if delivery is not in business hours, at 9 am on the first Business Day following delivery). A correctly addressed notice sent by pre-paid first-class post or recorded delivery post shall be deemed to have been received at the time at which it would have been delivered in the normal course of post. A notice sent by email shall be deemed to have been received at the time of transmission (as shown by the copy of the sent email obtained by the sender).
Waiver. A waiver of any right under the Contract is only effective if it is in writing and signed by the waiving party, and it applies only to the person to whom the waiver is addressed and the circumstances for which it is given. Unless specifically provided otherwise, rights arising under the Contract are cumulative and do not exclude rights provided by law.
Severance. If any provision of the Contract (or part of a provision) is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable, or illegal, the other provisions shall remain in force. If any invalid, unenforceable or illegal provision would be valid, enforceable, or legal if some part of it were deleted, the provision shall apply with whatever modification is necessary to give effect to the commercial intention of the parties.
Publicity. The Customer agrees that Supplier may publicise that the Customer is a customer of Supplier, and the Customer agrees to provide Supplier, on Supplier’s reasonable request, with testimonials, statements for press releases and to participate in case studies.
No Partnership or Agency. Nothing in this Contract is intended to, or shall be deemed to, establish any partnership or joint venture between any of the Parties, constitute any Party the agent of another Party, nor authorise any Party to make or enter into any commitments for or on behalf of any other Party.
Third Party Rights. This Contract, and the documents referred to in it, are made for the benefit of the parties to them and their successors and permitted assigns and are not intended to benefit, or be enforceable by, anyone else, and accordingly the Contracts (Rights of Third Parties) Act 1999 shall not apply to this Contract.
Entire Agreement. The parties agree that:
1. the Contract constitutes the complete and exclusive statement of the agreement between them with respect to the subject matter of the Contract, which supersedes all proposals, oral or written, and all other communications between them relating to it, including the Proposal;
2. in the event of any conflict between these Terms and Conditions and an Order Form, the Order Form shall prevail; and
3. neither the Proposal, its contents nor its acceptance shall give rise to any legally binding or enforceable obligation or right.
Variation. The Supplier may, in its absolute discretion, amend the terms of the Contract:
1. on any renewal of the Subscription Term, provided that the Supplier has given written notice of any such amendments to the Customer prior to such renewal;
2. at any time by written notice to the Customer provided that, if the Customer does not accept any such variation, the Supplier shall be entitled to terminate the Contract and reimburse the Customer for any remaining part of the Subscription Term for which the Customer has paid the relevant fees and charges,
and continued use of the Service following the deemed receipt and service of the notice shall constitute the Customer’s acceptance to the terms of the Contract, as varied. If the Customer does not wish to accept the terms of the Contract (as varied) it must immediately stop using and accessing the Service on the deemed receipt and service of the notice.
Jurisdiction. The parties irrevocably agree that the courts of England have exclusive jurisdiction to settle any disputes which may arise out of or in connection with this Contract (including as to formation, enforceability, validity or interpretation).
Governing law. This Contract and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with English law.

Schedule 1 – Data Processing Addendum

The purpose of this Data Processing Addendum (“DPA”) is to set out the additional terms, requirements and conditions on which the Customer (and its Nominated Customer(s)) and Supplier will process Personal Data in connection with the terms of the Contract, including any Order Form(s), as entered into between them, and to which this DPA is attached and duly incorporated.

For the purposes of this DPA the terms controller, processor, data subject, personal data, personal data breach and processing shall have the meaning given to them in the EU GDPR and/or the UK GPDR, as applicable.

This DPA contains the mandatory clauses required by Article 28(3) of the retained EU law version of the General Data Protection Regulation ((EU) 2016/679)) for contracts between controllers and processors and the General Data Protection Regulation ((EU) 2016/679))

1. Definitions and Interpretation

Purposes: the services to be provided by the Supplier to the Customer as described in the Contract and any other purpose specifically identified in Part 2 of Exhibit 1.
Captured Data: has the meaning given in the Contract.
Captured Datapool: has the meaning given in the Contract.
Commissioner: the Information Commissioner (see Article 4(A3), UK GDPR and section 114, DPA 2018).
EEA: the European Economic Area.
Records: has the meaning given in paragraph 10.1.

This DPA is subject to the terms of the Contract and is incorporated into the Contract. Interpretations and defined terms set forth in the Contract apply to the interpretation of this DPA.
The Exhibits form part of this DPA and will have effect as if set out in full in the body of this DPA. Any reference to this DPA includes the Annexes.
A reference to writing or written includes email.
In the case of conflict or ambiguity between:
1. any provision contained in the body of this DPA and any provision contained in the Exhibit, the provision in the body of this DPA will prevail; and
2. any of the provisions of this DPA and the provisions of the Contract, the provisions of this DPA will prevail.

2. Roles of the Parties, Personal Data types and processing purposes

The parties have determined that, for the purposes of Applicable Data Protection Laws:
1. the Supplier is an independent Controller in respect of the Personal Data and processing activities set out in Part 1 of Exhibit 1;
2. the Supplier shall process the Personal Data set out in Part 2 of Exhibit 1 as a Processor, on behalf of the Customer, in respect of the processing activities set out in Part 2 of Exhibit 1; and
3. the Customer and its authorised Nominated Customer(s) are either independent or joint Controllers in respect of the Personal Data and processing activities relating to the Captured Datapool.
The Customer and the Supplier agree and acknowledge that for the purpose of the Applicable Data Protection Laws and for the purpose of carrying out the Contract and the processing activities set out in Part 2 of Exhibit 1:
1. the Customer is the Controller and the Supplier is the Processor.
2. the Customer retains control of the Personal Data and remains responsible for its compliance obligations under the Applicable Data Protection Laws, including but not limited to, providing any required notices and obtaining any required consents, and any obligations set out in the Contract, and for the written processing instructions it gives to the Supplier.
Part 2 of Exhibit 1 describes the subject matter, duration, nature and purpose of the processing and the Personal Data categories and Data Subject types in respect of which the Supplier may process the Personal Data to fulfil the Purposes, in accordance with clauses 3 to 10 of this DPA. The Customer warrants and represents that the Supplier's expected use of the Personal Data for the Purposes and as specifically instructed by the Customer will comply with the Applicable Data Protection Laws.
The parties acknowledge and represent that with respect to Personal Data set out in Part 1 of Exhibit 1 herein, for which each party acts as Controller but which is not under the joint controllership of the parties, each party undertakes to comply with the Applicable Data Protection Laws in respect of their processing of such Personal Data as a Controller. For the purposes of this clause 2.4, each party shall:
1. process the Personal Data in compliance with its obligations under the Applicable Data Protection Laws and not do anything to cause the other party to be in breach of such laws;
2. only provide Personal Data to each other to the extent necessary to perform their respective obligations under the Contract; and
3. be responsible for their own compliance with Articles 13 and 14 of the EU and the UK GDPR in respect of the processing of Personal Data for the purposes set out in Exhibit 1 of this DPA.
Customer shall take all reasonable measures to ensure that any authorised Nominated Customer(s) that has access to Personal Data pursuant to clause 4 of the Contract is subject to a written undertaking as to compliance with clause 2.4 of this DPA.
Notwithstanding clauses 2.4 and 2.5, in the event that Customer and/or any of its authorised Nominated Customer(s) process(es) Personal Data in connection with the Services described in clause 4 of the Contract, the Customer is responsible for and represents to the Supplier that it has validly entered into either an:
1. intra-group personal data sharing and transfer agreement with its subsidiaries, affiliates and/or any undertakings affiliated to it, that governs the access to and use of the data in the Nominated Customer Account(s) by any Nominated Customer(s); or
2. a data sharing agreement (either as separate controllers, joint controllers, or even controller to processor) that governs the access to and use of the data in the Nominated Customer Account(s) by any Nominated Customer(s).

3. Supplier’s Obligations

The Supplier will only process the Personal Data to the extent, and in such a manner, as is necessary for the Purpose, or in accordance with the Customer's written instructions. The Supplier will not process the Personal Data for any other purpose or in a way that does not comply with this DPA or the Applicable Data Protection Laws. The Supplier must promptly notify the Customer if, in its opinion, the Customer's instructions do not comply with the Applicable Data Protection Laws.
The Supplier must comply promptly with any Customer written instructions concerning the processing of Personal Data requiring the Supplier to amend, transfer, delete or otherwise process the Personal Data, or to stop, mitigate or remedy any unauthorised processing.
The Supplier will maintain the confidentiality of the Personal Data and will not disclose the Personal Data to third-parties unless the Customer or this DPA specifically authorises the disclosure, or as required by domestic or EU law, court or regulator (including the Commissioner). If a domestic or EU law, court or regulator (including the Commissioner) requires the Supplier to process or disclose the Personal Data to a third-party, the Supplier must first inform the Customer of such legal or regulatory requirement and give the Customer an opportunity to object or challenge the requirement, unless the domestic or EU law prohibits the giving of such notice.
The Supplier will reasonably assist the Customer, with costs to be reasonably agreed between the parties, with meeting the Customer's compliance obligations under the Applicable Data Protection Laws, taking into account the nature of the Supplier's processing and the information available to the Supplier under the Applicable Data Protection Laws.

4. Supplier’s Employees

The Supplier will ensure that all of its employees:

are informed of the confidential nature of the Personal Data and are bound by written confidentiality obligations and use restrictions in respect of the Personal Data;
have undertaken training on the Applicable Data Protection Laws and how it relates to their handling of the Personal Data and how it applies to their particular duties; and
are aware both of the Supplier's duties and their personal duties and obligations under the Applicable Data Protection Laws and this DPA.

5. Security

The Supplier must at all times implement appropriate technical and organisational measures against accidental, unauthorised or unlawful processing, access, copying, modification, reproduction, display or distribution of the Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage of Personal Data.
Without prejudice to the generality of paragraph 5.1 the Supplier shall, in relation to the Personal Data implement the technical and organisational measures set out in Part 1 of Exhibit 2.
In entering into this DPA the Customer acknowledges their controllership of the Personal Data set out in Part 2 of Exhibit 1 and shall also implement and maintain, at its cost and expense, the technical and organisational measures prescribed by Applicable Data Protection Laws, as well as those recommended by the Supplier as set out in Part 2 of Exhibit 2 to this DPA.

6. Personal Data Breach

The Supplier upon awareness of a Personal Data Breach as defined in Applicable Data Protection Laws, and in any event without undue delay shall notify the Customer in writing concerning any Personal Data Breach.
Where the Supplier becomes aware of a Personal Data Breach it will, without undue delay, also provide the Customer with the following written information:
1. reasonable description of the breach, as known at the time of notification, including, if possible, the approximate number of both Data Subjects and the Personal Data records concerned; and
2. a description of the measures taken or proposed to be taken to address the breach including measures to mitigate its possible adverse effects.
Immediately following any accidental, unauthorised or unlawful Personal Data processing or Personal Data Breach, the parties will co-ordinate with each other to investigate the matter. Further, the Supplier will reasonably co-operate with the Customer at no additional cost to the Customer, in the Customer's handling of the matter.
The Supplier will not inform any third-party of any accidental, unauthorised or unlawful processing of all or part of the Personal Data and/or a Personal Data Breach without first obtaining the Customer's written consent, except when required to do so by domestic or EU law.
The Supplier will assist, at their own expense, the performance of the obligations under paragraph 6.1 to paragraph 6.3 unless the matter arose from the Customer's specific written instructions, negligence, wilful default or breach of this DPA, in which case the Customer will cover all reasonable expenses.

7. Transfers of personal data

The Supplier (and any subcontractor) must not transfer or otherwise process the Personal Data outside the UK or the EEA, without prior written authorisation of the Customer. In the event Supplier seeks to transfer Personal Data outside of the UK or the EEA, it shall ensure that all such transfers are effected in accordance with Applicable Data Protection Laws.

8. Complaints, data subject requests and third-party rights

The Supplier must, at no additional cost to the Customer, take such technical and organisational measures as may be appropriate, and promptly provide such information to the Customer as the Customer may reasonably require, to enable the Customer to comply with:
1. the rights of Data Subjects under the Applicable Data Protection Laws, including, but not limited to, subject access rights, the rights to rectify, port and erase personal data, object to the processing and automated processing of personal data, and restrict the processing of personal data; and
2. information or assessment notices served on the Customer by the Commissioner or other relevant regulators under the Applicable Data Protection Laws.
The Supplier must notify the Customer immediately in writing if it receives any complaint, notice or communication that relates directly or indirectly to the processing of the Personal Data or to either party's compliance with the Applicable Data Protection Laws.
The Supplier must notify the Customer within five (5) working days if it receives a request from a Data Subject for access to their Personal Data or to exercise any of their other rights under the Applicable Data Protection Laws.
The Supplier will give the Customer, at no additional cost to the Customer, its full co-operation and assistance in responding to any complaint, notice, communication or Data Subject request.
The Supplier must not disclose the Personal Data to any Data Subject or to a third-party other than in accordance with the Customer's written instructions, or as required by domestic or EU law.

9. Data return and destruction

Subject to clause 4.8 of the Contract, at the Customer's request, the Supplier will give the Customer, or a third-party nominated in writing by the Customer, a copy of or access to all or part of the Personal Data in its possession or control in the format and on the media reasonably specified by the Customer.
The Supplier will securely delete or destroy or, if directed in writing by the Customer, return and not retain, all or any of the Personal Data related to this DPA in its possession or control, except for one copy that it may retain and use six (6) years for record keeping and system improvement purposes only.
If any law, regulation, or government or regulatory body requires the Supplier to retain any documents, materials or Personal Data that the Supplier would otherwise be required to return or destroy, it will notify the Customer in writing of that retention requirement, giving details of the documents, materials or Personal Data that it must retain, the legal basis for such retention, and establishing a specific timeline for deletion or destruction once the retention requirement ends.

10. Records

The Supplier will keep up-to-date records regarding any processing of the Personal Data, including but not limited to, the access, control and security of the Personal Data, the processing purposes, categories of processing, and a general description of the technical and organisational security measures referred to in paragraph 5.1 (Records).

Exhibit 1 – Part 1 – Supplier Controllership Personal Data

11. Scope

Power consumption data collected via supplier provided Hardware that are connected to the internet. This data is collected and accessible to the Customer on the Supplier information platform, which allows the Customer certain access rights and for the manipulation of labelling datasets.
Any Personal Data inserted or provided via the Supplier platform, and forms part of the Captured Data.

12. Nature

The processing of Personal Data required in providing the Contract Service for the Customer as inserted during the term of servicing the contract and communicating with the Customer and their employees, contractors, staff, authorised representatives and personnel as is required.

13. Purpose of Processing

The details required for use of the Service, including support Services, provided under the contract.

14. Duration of Processing

The processing will be for the duration of the Subscription Term, or the duration of the Nominated Customer Account(s) Service and following twenty four (24) months.

15. Categories of Personal Data

Names, contact details, nominated employee emails for the formation of Supplier platform accounts, Customer inputted Personal Data, SSO provided details from Customer records, IP addresses of Supplier devices, IP addresses of Customer devices used to access the Supplier platform, Wi-Fi Network Information used by Supplier Hardware to connect to the network (including unique identifiers of customer networking equipment).

16. Categories of Data Subjects

Customer designated end users, employees, staff and personnel.

17. Approved Subcontractors

Name	Location	Processing Activity
HubSpot Inc (HubSpot)	United Kingdom, EU Data Centres, international transfers in accordance with Data Protection Legislation	CRM and Customer Success case management
Xero Limited (Xero)	EU Data Centres, international transfers in accordance with Data Protection Legislation	Invoicing and Accounting
Cin7 Americas, Inc (Cin7)	EU Data Centres, international transfers in accordance with Data Protection Legislation	Order Management
DHL	International data processing	Shipping
DPD	International data processing	Shipping

Exhibit 1 – Part 2 – Customer Controllership Personal Data

18. Scope

Power consumption data collected via supplier provided Hardware that are connected to the internet. This data is collected and accessible to the Customer on the Supplier information platform, which allows the Customer certain access rights and for the manipulation of labelling datasets.
Any Personal Data inserted or provided via the Supplier platform, and forms part of the Captured Data.

19. Nature

The processing of Personal Data required in providing the Contract Service for the Customer as inserted during the term of servicing the contract and communicating with the Customer and their employees, contractors, staff, authorised representatives and personnel as is required.

20. Purpose of Processing

The details required for use of the Service, including support Services, provided under the contract.

21. Duration of Processing

The processing will be for the duration of the Subscription Term, or the duration of the Nominated Customer Account(s) Service and following twenty four (24) months.

22. Categories of Personal Data

Names, contact details, nominated employee emails for the formation of Supplier platform accounts, Customer inputted Personal Data, SSO provided details from Customer records, IP addresses of Supplier devices, IP addresses of Customer devices used to access the Supplier platform, Wi-Fi Network Information used by Supplier Hardware to connect to the network (including unique identifiers of customer networking equipment).

23. Categories of Data Subjects

Customer designated end users, employees, staff and personnel.

24. Approved Subcontractors

Name	Location	Processing Activity
Google Inc (Google Cloud)	United Kingdom, EU Data Centres	Cloud hosting supplier (with no logical access to data)
Amazon Inc (AWS)	United Kingdom, EU Data Centres	Software and Cloud hosting supplier (with no logical access to data)
MongoDB	United Kingdom, EU Data Centres	Machine learning and configuration monitoring, hosting and maintenance.

Exhibit 2 – Part 1 – Supplier Security Measures

25. Supplier Security Measures

Firewall and protection of the Supplier’s domain and all subdomains by Cloudflare.
Firewall and protection of the Supplier’s servers and databases by Google Cloud Platform and Amazon Web Services.
Multi-factor authentication (MFA) or Single Sign On (SSO) password protection for all services.
User management and identification for all services by the Supplier’s team.
Hardware cryptography on Hardware for all data sent to and from the Supplier to provide the Service.
Ongoing security and vulnerability testing.
Accreditation to Cyber Essentials Plus and IoT Cyber Assurance Level 2.

Exhibit 2 – Part 2 – Recommended Security Measures

26. Recommended Security Measures to be Implemented by Customer

Secure IoT specific Wi-Fi network with specific list of devices allowed to access network using MAC addresses or similar process.
Change passwords immediately when passwords are suspected to be compromised.
Do not save passwords within browsers.
Do not leave Software open after use (i.e. close browser).
Do not use the Software on public access devices.

Schedule 2 – Nominated Customer Account Service

Nominated Customer Account Access and Capabilities within the Software

When using the Captured Data Service, the Nominated Customer, and the Customer, dependent on individual end user permissions set by Customer administrators, will have access to the Captured Datapool and the capabilities listed below:

Access and export energy performance, energy cost, safety events and carbon emissions Reports;
Control of Units;
Management of Units, including updating configurations;
Enable, disable and adjust manual and automated schedules;
Enable and disable automated energy reduction features;
Receive notifications, inclusive of safety events;
Set power limits for Units;
Manage, add or remove profiles for users;
Edit Unit groups;
Access asset reporting;
Access occupancy reporting;
Setup API calls; and
Other such access and usage capabilities which…