1. TERMS AND CONDITIONS:

Insomuch as you, or a company or other organisation you are representing, are the user of this software system, you are seen as 'The Customer' for the purposes of this document.

2. The Parties to this Agreement

The Parties to this agreement are The BlueBox: BlueBox WorldWide Ltd, Company No. 6494351 - 85 High Street, Tunbridge Wells, United Kingdom, TN1 1XP (also referred to as BlueBox or The BlueBox) and, the Customer, as described above.

3. Summary

This document is provided in good faith and without prejudice, and intends to define the scope of the relationship between The Company and The Customer. The Company has developed certain software products and modules which the Customer is interested in using as an end-user.

4. Commencement & Duration

This agreement will commence from the date The Customer sign's up to use the software and will remain in force until terminated by either party.

5. Limit of liability and Warranty

The limits to warranty and liability for goods and services provided by the BlueBox, as laid out in this sub-section, are not intended to supercede standard consumer/corporate rights. Within the bounds of current consumer/corporate rights legislation: You acknowledge that you have reviewed and evaluated BlueBox products and services, confirming their fitness and suitability for your purposes. In view of this evaluation, you agree that products and services supplied by BlueBox, beyond those features viewed and evaluated by yourself, are without warrant of performance, to the extent permitted by applicable law, and furthermore, that BlueBox does not warrant that products and services are without defect. The liability of BlueBox to you or other parties associated with you (Staff, Associates, Partners, Customers, Suppliers), in terms of this agreement, will be strictly limited to rectifying any malfunction within a reasonable time and free of charge, provided that the Bluebox are immediately notified of the malfunction and provided that a third party has not interfered with the system. Without limiting the generality of this clause, BlueBox will not be liable for any delay, downtime, errors, data loss, failure, damage or injury howsoever caused. You accept that BlueBox assumes no responsibility for loss of income, data or any other loss that you or other parties associated with you (Staff, Associates, Partners, Customers, Suppliers) may incur resulting either directly or indirectly from any products or services provided by BlueBox, or which arises from any act or omission of BlueBox or its consultants, agents or employees.

6. Payment

You agree to pay all amounts due to BlueBox timeously as follows: 50% non-refundable deposit payable on all setup fees with 50% payable on completion. Monthly fees for products/services/module rentals will be invoiced in advance in the preceding month and are to be paid within 30 days of date of invoice. Monthly module rental fees are payable from the start of the project, during system setup/development or from the installation date of the system, whichever comes first. All fees exclude VAT where applicable. If you are exempt from VAT for any reason, the onus is on you to inform us of this so that the correct accounting procedures can be put in place. Without prejudice to any other remedy which we may have, we may, in the event that you default in your obligations in terms of this agreement and without notice, remove, reclaim or otherwise terminate products and services being provided to you. In such event, the limitations of liability, and indemnities will apply. You will be held liable for any legal fees incurred in the recovery of outstanding monies owing to us. BlueBox reserves the right to increase monthly/recurring fees in line with inflation, and such increases, if applicable, will be effected no more than once per calendar year.

7. Software Licensing

Where applicable BlueBox grants you a license to use BlueBox products for the duration of this agreement, for the benefit of yourself and your organization solely through the installation of a single instance of BlueBox software as a hosted service provided by BlueBox. You may not copy, sell or otherwise transfer licenses or provide any unauthorized person with access to BlueBox products, source code or passwords.

8. Backups

You acknowledge full responsibility for the backing-up of any data residing on any BlueBox product or service related database. Data extraction tools are provided by BlueBox but the responsibility of backing up data remains with you at all times.

9. Hardware

The Blue Box cannot warrant that the hardware provided by you will be compatible with our systems, as such the onus is on you to ensure compatibility with our software. Ownership and risk in all hardware will remain with you. The maintenance and repair of the hardware will remain your responsibility. You are responsible for the repair and, if necessary, replacement of all hardware relating to BlueBox software. In the event that hardware becomes non-functional to the extent that it cannot operate, the Blue Box's obligations in terms of this agreement will be suspended and, unless otherwise agreed in writing, you shall remain liable for any software license and software support fee.

10. Hosting

Hosting for your BlueBox system is provided within our cloud hosting environments based in the UK or USA depending on the location of your business. We provide free/inclusive hosting for each system, based on the number of modules rented which normally comfortably covers monthly fair system use. For example, for a single module system we would consider fair usage to be approx. 20,000 page requests and 15 million database queries per month and hard-drive usage up to 50GB. A 3 module system would be up to 60,000 page requests and 45 million database queries per month and hard-drive usage up to 150GB. If your system exceeds these fair-usage guidelines, we reserve the right to add the additional cost to your monthly invoice. We will discuss this thoroughly with you before implementing any extra charges. Please note that the values mentioned above are for illustrative purposes only - each system consumes cloud hosting resources differently.

11. Confidentiality and Non Disclosure

Both parties may be exposed to sensitive information relating to the business activities of the other. Each party undertakes to treat such information with care and diligence, and to avoid any unnecessary disclosure of the same to unrelated parties.

12. Intellectual Property, Code Ownership and Data Ownership rights

You acknowledge that all present and future intellectual property rights used or embodied in BlueBox products or services remain the sole property of BlueBox. You will not question or dispute the ownership of BlueBox rights over it's products or services at any time during the period of this agreement or thereafter. Bespoke code written specifically for your project will remain your property. Ownership of bespoke code is strictly limited specifically to the files outside of the main BlueBox Platform, normally found in the custom_modules folder of the server they are hosted on. Where portions of The BlueBox offering are provided as 3rd Party Open-Source add-ons, you are bound by the Terms and Conditions related to the specific add-on, which are provided with the code for that portion. BlueBox acknowledges that all data held in your database, which has been added by you through use of our systems, is your exclusive property. Such data will be available to you at any stage during the period of this agreement or within 30 days of termination.

13. General Data Protection Regulations (GDPR)

Under General Data Protection Regulations we have a legal duty to protect any personal information we collect from you. We will only use personal information you supply to us for the reason that you provided it for. We will only hold your information for as long as necessary to fulfil that purpose. We will not pass your information to any other parties. In the same way, you have a responsibility to protect any personal information entered or otherwise captured/imported by you, your staff, your agents or any other authorised data capturer into the BlueBox System. You agree to be bound by the current General Data Protection Regulations and will not infringe upon the rights of the individuals to whom this data belongs. You agree to take all necessary precautions and safety measures to protect this data from being stolen or abused in any way. With regards to GDPR codes of conduct, requirements and best practices, The BlueBox:

• recognises the importance of data protection and identifies itself primarily as a Data Processor in its role as a software provider and, to a lesser extent, as a Data Controller with regards to data it holds and controls directly
• is a registered entity with the UK Information Commissioner's Office (ICO) - Reg No. ZA319494 - and recognises the ICO as the lead data protection supervisory authority to which it reports
• will report any significant data breaches to the ICO and the related parties within 48 hours of becoming aware of any such breach
• has a nominated Data Protection Officer who undertakes to maintain and monitor the ongoing GDPR requirements within the company
• undertakes to educate and train its staff about their responsibilities in working with private data and information, specifically relating to GDPR legislation
• provides facilities to accommodate requests from data owners, including data access, data erasure, data amendments, data portability etc and will respond to such requests within the time constraints specified by the GDPR
• conducts regular data security reviews which include:
• reviewing all systems and databases, evaluating their data risks and data profiles (nature of the data, origins of the data, destinations of the data)
• conducting security tests through 3rd party CREST certified organisations
• confirming we have the correct legal agreements with associates, suppliers, customers and staff - including provisions for storing data relating to children.
• undertakes a Data Protection Impact Assessment (DPIA) or Privacy Impact Assessment (PIA) for any new system or database design to ensure systems are maintained and developed with a 'Data Protection by Design' approach
• provides facilities within its software for unambiguous, detailed and granular consent for the storage and processing of private information

If you and/or your organisation use BlueBox software to store, retrieve or process data which is personal or private in nature you are effectively a Data Controller under the GDPR guidelines. Consequently, you confirm that you and/or your organisation will:

• comply with the General Data Protection Regulations (GDPR) of the European Union, specifically in your capacity as the Data Controller
• undertake to educate and inform users of your BlueBox system as to their responsibilities relating to GDPR legislation
• take the necessary steps to analyse the risks to data security within your organisation and take all precautions necessary to mitigate these risks
• ensure that you communicate clear and informative privacy information to all individuals who have private information held in the system, including but not limited to, Privacy Policies, Opt-In Notices etc
• ensure that you get clear, unforced and unambiguous consent from each individual before storing or processing their personal information
• ensure that you take into account individual's rights before storing and processing personal information and that you have the processes in place to accommodate their rights. These include, but are not limited to, the right to be informed about, access, rectify, erase, move and restrict the use of their data.
• ensure that you have a legal right (lawful basis) to store and process the personal information stored within your system
• ensure that you keep records of actions taken to secure and audit the data you keep
• inform The BlueBox of any data requirements which require specific opt-in or consent routines to be applied to the software, and, in event of a change in the nature of your data which would impact the requirement for specific opt-in or consent routines, update us in the event of such a change
• inform The BlueBox if you store, retrieve or process children's personal data so that we can ensure the required consent steps are in place
• inform The BlueBox immediately of any data breaches pertaining to data held in our systems, however minor, so that we may assess with you the severity of the breach and the required actions to be taken as a result of the breach

14. Service Levels (The SLA Clause)

This clause outlines the service levels offered by BlueBox to users of our software. The purpose of this clause is to ensure that proper mechanisms are in place to provide high quality service and support to BlueBox users and to provide a clear description of service ownership, roles and responsibilities, service quality metrics, and available support. As system users, you and your team/staff/associates/customers or other users of your system will be responsible for consuming services offered in a non malicious manner, protecting and backing up your data, and promptly reporting encountered problems. BlueBox staff, partners and associates will be responsible for handling issues related to software support, maintenance and failure. Hardware/network issues are not the responsibility of the BlueBox and must be referred to their related suppliers. Availability of services offered: Under normal conditions, BlueBox software will be available 24 hours a day 7 days a week. Service interruptions for emergency fixes and unscheduled outages: Due to unpredictable nature of such occurrences it is not possible to specify the exact outage duration, however due diligence will be taken to resolve them in a timely manner. Performance of services offered: BlueBox software is web-based and the software will perform according to the speed of the connection between the client (browser) and the server hosting the software. Code Updates and Roll Back Facility: BlueBox software is updated weekly on average and some updates can cause interruptions to normal services based on unique installation configuration or bugs. In this instance a roll-back option is provided to ensure system availability while the issues are resolved. Available support and means of problem reporting: System users are kindly requested to firstly deal with their direct account manager/partner for support before approaching BlueBox support structures. Available user support for application usage includes self-service via the BlueBox website knowledge base. The BlueBox callcenter is available, as second-tier support via email, skype, online chat and direct telephone contact to assist with software related issues. Support is provided during office hours on weekdays. After hour support is available via emergency mobile numbers but no response time is guaranteed in this regard. Examples of Service Procedures and Responses Critical Outage - no service available: user logs call with partner/agent or callcenter. Issue is immediately attended to and the problem is resolved as a matter of urgency. Partial Outage - services are generally available, some features are not, but work-arounds are possible: user logs call with partner/agent or callcenter. Issue is attended to within 24 hours or as soon as possible thereafter. Feature Request - services are available, but a new feature is requested: user logs call with partner/agent or callcenter. Issue is logged and either developed free of charge as a generic feature, or quoted on for purchase as a specific user request. All requests will be logged and communicated back to stakeholders via the BlueBox task system.

15. Breach and Termination

Without prejudice to any other remedies, which either of the parties may have, if either party is in breach of any term of this agreement the aggrieved party will be entitled to require that the breach be rectified in 7 days and, if the breach is not rectified within the said period, the aggrieved party may terminate this agreement forthwith. Either party may, in any event, terminate this agreement: within one (1) calendar month's written notice by the Customer or three (3) calendar month's written notice by The BlueBox.

16. Assignment, cession and delegation

You may not assign, cede, delegate or transfer any rights or obligations in terms of this agreement to any other party without the prior written consent of BlueBox, which consent we will not unreasonably withhold. BlueBox may, with notice, assign, cede, delegate or transfer any rights or obligations in terms of this agreement to a third party.

17. General

No indulgence granted by a party shall constitute a waiver of any of that party's rights under this agreement. This agreement constitutes the entire contract between the parties with regard to the matters dealt with in this agreement and no representations, terms, conditions or warranties not contained in this agreement shall be binding on the parties. No agreement varying, adding to, deleting from or cancelling this agreement, shall be effective unless reduced to writing and signed by or on behalf of the parties.