IT Support Service Agreement

1.1. By completing and signing the Electronic Contract the Customer is agreeing to the Terms and Conditions set out in the Agreement.

1.2. This Agreement is valid for the Contract Period as set out on the Electronic Contract from the Commencement Date.

1.3. The Contract End Date will be the last day of the Contract Period.

1.4. The period of cover will be continuous until written notification of termination of the Agreement is received by the Company (subject to terms in this Agreement).

2.1. Standard support service times are 9:00 am to 5:30 pm Monday to Friday (excluding public holidays). 2.2. Out of hours support requests shall be dealt with as per paragraph 24.

3.1. The Customer will be ultimately responsible for the appropriate and up to date licensing of software and hardware warranties used in conjunction with their business. This is not the Company’s responsibility, however from time to time we may advise the Customer of any software and hardware warranties which are due to expire.

4.1. We will send the Customer your first invoice at the beginning of the month after the IT Support Contracts and Third Party Software services commencement date and thereafter monthly, but we shall be entitled to send the Customer an invoice at a different time, which the Customer shall pay in each case in accordance with paragraph 4.4. We will send all invoices and other correspondence to the address set out in the Electronic Contract or otherwise the address the Customer asks us to. We will show on the invoice which charges are payable in advance or in arrears, as referred to in paragraph 4.2. We will include all charges on the next invoice where possible, and in any event as soon as we can. Invoices shall be deemed to have been accepted by the Customer if the Customer does not present a written objection, clearly identifying the disputed invoice and the reasons why it is challenged, to us within six (6) months of the date of the invoice. If such objection is made, we shall both make all reasonable efforts to resolve such dispute promptly. Provided the Customer complies with these requirements in presenting the Customer’s objection, if we fail to respond to that objection within thirty (30) days after its receipt by us, the objection will be deemed to have been accepted by us. We will accordingly amend the relevant invoice either with an appropriate credit to the Customer or the Customer shall be liable to pay the balance (if any) of the amended invoice within seven (7) days of its receipt by the Customer.

4.2. The Customer will incur service charges on a periodic rental basis, in which case the Customer will incur charges from the date the IT Support Contract and Third-Party Software commencement date. We will usually ask the Customer to pay the service charges in advance and the Customer’s first invoice will include both one month’s rental in advance and a charge for a part month’s rental from the commencement date up to the beginning of the first complete month, where appropriate, and then monthly in advance thereafter.

4.3. Should either party agree to terminate this Contract in accordance to paragraph 8 then a final invoice will be generated and if the Customer’s account is not in debit then we will refund to the Customer any surplus after deducting any cancellation or termination charges.

4.4. Our standard credit terms are payment within fourteen (14) days of date of invoice by direct debit and these are the credit terms which will apply to this Agreement unless we have agreed otherwise in writing. The Customer must pay all service charges within the credit terms which we have agreed and any advance payments and deposits when we ask for them. We reserve the right to apply a nominal monthly charge for non-direct debit payment methods. Where payment is arranged through a finance provider payment shall be in accordance with the terms of the finance agreement. Unless otherwise stated all charges exclude VAT which is chargeable at the applicable rate.

4.5. We reserve the right to make a nominal monthly charge for paper itemised billing; our basic online billing is provided as standard to all customers free of charge. We also reserve the right to apply a £20 per month minimum charge if your monthly invoice would be less than £20.

5.1. All information shared between the Customer and the Company will be always kept confidential and the Company will not disclose any information, or any part thereof, to any person or third party without the Customers written consent or a legal obligation placed upon the Company to do so.

5.2. Consent is deemed to be given by the Customer to enable the Company to disclose the necessary information to our officers, employees, and third-party contractors for the purpose of carrying out the requirements of this Agreement.

5.3. The Customers systems shall be accessed by the Company for the purposes of evaluating, monitoring, and maintaining data and network integrity and security for the purpose of supplying on going technical support as laid out in this Agreement only.

6.1. None of the parties should be deemed in default of their obligations under this Agreement or shall be liable to the other to the extent that it is unable to perform all or any of its obligations under this Agreement by reason of fire, earthquake, flood, epidemic, accident, explosion, strike, lock-out, riot, civil disturbance, act of public enemy, natural catastrophe, embargo, war or act of God, or any ordinance or law.

7.1. Should the Customer at any point during this Agreement enter administration, liquidation, or any other similar form of business process then this Agreement shall become null and void.

8.1. The Customer must provide written notice at least 30 days before the end of the contract period but no earlier than 120 days before the end of the contract period. Should the Customer not provide sufficient written notice at least 30 days before the end of the contract period then this Agreement shall be automatically renewed for a further 12-month period.

8.2. Should this Agreement be automatically renewed, then the new commencement date shall be the end date of the original contract period or the latest elapsed contract period.

9.1. Should the Customer wish to end this Agreement before the end contract period then the Customer must pay the service charges which would have been invoiced monthly until the end of the contract period.

9.2. The Company will raise an early termination invoice which the Customer will be entitled to pay within 14 days of the invoice date.

10.1. Except with the prior written consent from the Company, the Customer shall not be entitled to transfer the benefit of this Agreement to any third party.

10.2. This Agreement shall be governed by and construed in accordance with English law and the Parties submit to the exclusive jurisdiction of the English courts.

10.3. This Agreement and any appendices mentioned within are the entire agreement between the parties. No variations or extensions shall be effective unless made in writing and signed by the Customer and the Company.

11.1. Telephone support is offered five days a week, 8 hours a day (except on public and bank holidays in England) where support calls can be logged for any problems relating to the IT Support Service Agreement.

11.2. The Helpdesk provides second line support to customer help desks. Calls are accepted from two named customer contacts. The Company will provide the following key responsibilities in support of the IT support services for which this SLA is offered:

• Agreed fault prioritisation.

• Fault management and logging via service management system.

• Target fault response timings.

• Hardware maintenance and fault management where provided under Contract.

• Software upgrades and bug fixes for nominated supported software.

• Hand-over of faults/issues to 3rd party carriers.

12.1. Where required, the Customer shall provide the Company with a secure environment for the location of any equipment necessary to install IT server hardware including an adequate power supply feed and/or grounding earth, as agreed. The environment shall be always clean and dry and not suffer from extremes of temperature or power disruption. It shall also be the responsibility of the Customer to ensure that all relevant equipment is accessible as and when required for maintenance or provision purposes.

13.1. If our engineers or sub-contractors must enter the Customer’s premises the Customer agrees to let them do so within normal working hours (Monday to Friday, 8:30 am to 5:30 pm) or otherwise if agreed with the Customer in advance. We will meet with the Customer’s reasonable requirements regarding the safety of people on the Customer’s premises and the Customer must do the same for us.

14.1. The Customer should note that the Company cannot be held responsible for loss degradation of service resulting from works undertaken directly by, or via a third party contracted by the customer. The customer shall provide the Company with reasonable notice of all planned work activity that may affect the working of the Customers IT hardware and software or associated equipment used to provide the service which could result in service failure or service outage.

15.1. The Customer should note that use of any supported hardware and software should be used as per the manufacturers or providers guidebooks. It is the Customer’s responsibility to make sure their employees understand how to use the supported hardware and software. The Company takes no responsibility and shall not be held responsible for the training of the Customers employees to use the Customers hardware and software supported through this Agreement.

16.1. For all queries relating to faults, issues, and incidents – the Customer shall contact the Company Technical Support Helpdesk: Telephone 01274 508300 Email: technical@acsitservices.co.uk.

17.1. The following defines the process involved in fault reporting and fault resolution. The Company Technical Support Helpdesk will provide a single point of contact for handling fault issues. All problem reports are allocated a unique reference number for reference throughout the history of the fault.

18.1. The Company requires that the Customer provides first line support to make initial assessment of any fault raised by their user base to determine if the issue is related to hardware and software supported by the Company in this Agreement. Having assessed the problem and determined that the fault is (or could be) related to hardware and or software supported within this service level agreement then the Customer shall report all faults to the Company Technical Support Helpdesk.

• The Company Technical Support Helpdesk shall receive all fault, problem or incident reporting calls placed by the Customer.

• The Technical Support Helpdesk shall log and issue a support case reference.

• Support case references will be logged against the Company with relevant details recorded of the Customer representative who reports the call and the fault, problem, or incident details.

• Progress for resolution any recorded fault or problem and provide updates and confirm resolution for test and closure.

The following information should be provided when reporting the fault:

• Details of the Customer representative reporting the fault, including name, location, mobile telephone number and return contact number.

• Device or devices affected; user or users affected, service or functionality/application affected, full address information and any access restrictions.

• A comprehensive statement pertaining to the problem, including the type of fault, e.g. loss of network connectivity, inability to connect to application / total loss of service, hardware failure. This should also include any error indications identified by the users and the service impact upon the Customer’s ability to carry out its normal business.

• Any specific requests or instructions.

• Any other information felt relevant.

18.2. The Company’s Technical Support Helpdesk shall issue a fault reference (cross referred to the Customer’s fault reference where applicable). This shall constitute fault acknowledgement. If a priority 1 or 2 fault cannot be cleared remotely, the Company shall make arrangements for a Technical Support Representative to attend site. Site attendance is solely at the Company discretion.

19.1. For the purposes of fault response measurement – measurement is calculated from the time at which a fault acknowledgement is issued by the Company Technical Helpdesk Representative.

20.1. Out of service time will be excluded from:

• Local geography or atmospheric conditions that may from time to time affect the ability to use the Customers IT hardware and or software.

• Where the Company having followed stipulated access procedures; is unable to gain access to equipment on a customer premises to carry out necessary testing, maintenance or repairs to rectify any logged fault.

• Service downtime because of a successful denial of service or hacking attempt or where such an attempt is identified, and it is required that the service is shut down proactively by either end customer or the Company. to protect any or all parties.

• Any circumstance or event (Force Majeure) beyond the reasonable control of the Company.

• Any failure of fault in hardware or software (code) which is referred to 3rd party manufacturers for fix over which the Company has no control or is out of scope for formal response targets.

• Any services which are being delivered as part of a new product or service trial for which a separate and distinct Agreement will be provided as required.

• Any failure of connectivity which denies the Company or the Customer from accessing software or systems.

21.1. The Company has established a system for prioritising service problems based upon the severity of the problem reported. Below is a guideline for defined priorities. At the time of placing the call, the Company will identify the likely priority of the incident using the guidelines below. The following table details the priority of calls for a particular scenario. The agreed priority will be recorded in the call details.

21.2. Fault Prioritisation table

22.1. Initial diagnosis of problems reported will be made remotely via scripted questioning or network management tools. The Company will make all reasonable endeavours to isolate the fault and restore affected services and provide a work around to any network – hardware or software failure. As required site attendance will be made to rectify any issues. On restoration of any fault, the call will be referenced back to the customer representative for confirmation and re-test before closure.

23.1. The Company shall use reasonable endeavours to fix or provide a work around to any service-related problem that affects the functionality, performance, or availability of the Customers hardware and or software. The Company will make all reasonable endeavours to meet the service criteria detailed in the table overleaf.

24.1. All out of hours support through the Company must be agreed contractually prior to a call out being raised. Out of hours support is only provided for the hardware and or software identified by the Customer which is supported under this Agreement. The Company will not accept responsibility for any fault found outside of the agreed customer hardware and or software. If out of hours support is requested and an out of hours support contract is not in place then the standard hours rates shall apply - £75 per hour Monday to Friday, £100 per hour Saturday and Sunday, £150 per hour on Bank Holidays.

25.1.The Customer understands that any Third-Party Software which is quoted and digitally accepted by the Customer on the Company Electronic Contract is not owned or manufactured by the Company. The Customer understands that by accepting this Agreement they are fully aware that any Third Party Software provided by the Company shall be governed by the Third Party Software Providers Terms and Conditions not this Agreement, except for the payment of service charges in line with the contract period. The Company will work with the Third-Party Software provider to manage any support requests or service issues the Customer may have in line with the Third-Party Software Providers Terms and Conditions.

26.1. We accept liability for personal injury or death because of our negligence. We also accept liability for fraud or fraudulent misrepresentation. We do not limit that liability and paragraphs 26.3 and 26.4 do not apply to that liability.

26.2. We have no liability (howsoever caused including (without limitation) by negligence) for any loss of business, profits, revenue, or savings the Customer expected to make, wasted expense, financial loss, data being lost or damaged, lack of availability of IT and/or communications systems not provided by us, damage to reputation or for any liability for any loss that is not reasonably foreseeable or for any indirect or consequential loss.

26.3. Any liability we have of any sort (including any liability because of our negligence) is limited to £100,000 for any one event or any series of related events, and in any twelve (12) month period to £500,000 in total.

26.4. Except as expressly set out in this Agreement, all conditions, warranties, terms, undertakings, and obligations implied by statute, common law, custom, trade usage or otherwise are hereby excluded to the maximum extent permitted by law.

26.5. Each part of this Agreement that excludes or limits our liability operates separately. If any part is disallowed or is not effective, the other parts will continue to apply.

26.6. We are not responsible for any pricing, typographical, or other errors and reserve the right to reject any orders where such an error may have occurred.

26.7. The provisions of this paragraph 26 shall continue to apply notwithstanding termination of this Agreement.

27.1. The Terms of, and any future changes to, this Agreement will be administered and managed by the Company. In certain cases, the Company may procure products and/or services from third parties to provide service or solution support. The Company will use all reasonable endeavours to procure the response and / or restoration levels required to support this. Any changes that will impact the offering within will be reviewed with the Customer and agreed in writing where applicable and reviewed under change control.

28.1. The Company Technical Support Helpdesk management team is responsible for actively monitoring the progress of events. To provide excellent service, quick resolution to customer problems and to achieve fault restoration targets (time to fix); The Company has defined guidelines for the internal escalation of events that have reached a particular threshold. The Customer has the right to request escalation of a given fault or incident should they feel the level of response is insufficient or the severity of the fault is such that there is unreasonable business impact or continued delay in resolution. Should the customer feel the response from the Company is failing to meet the objectives set within this document, the Customer representative can in the first instance, request a review with the Company.

29.1. A complaint is defined as an expression of dissatisfaction with the Company or the service it provides to any given customer. A complaint should not be confused with a query (a request for information) or with a fault report (when a customer representative is reporting a service failure etc). All complaints should be directed, in the first instance, to the Company Technical Support Helpdesk. The target resolution for complaints will be 20 working days from receipt. If the complaint cannot be resolved within these timescales, a mutually agreed course of action will be followed.

30.1. The Company accepts no responsibility neither in contract nor for the management and administration of any services connected to the cellular network; handheld devices; leased line connections or internet connections; servers (gateways) and associated software; firewalls or router hardware the Customer uses unless they form part of another service agreement from the Company.

30.2. In addition to the above statements, the following are not provided for within the scope of service offered under the Terms of the Contract.

30.3. ACS cannot assume liability for warranty or replacement in the event that a third party or manufacturer becomes insolvent or enters into liquidation.

40.1. The Company and the Customer shall comply with their respective obligations set out in Schedule 1 overleaf.

SCHEDULE 1: DATA PROTECTION

1. INTERPRETATION

1.1 In this Schedule:

Controller: Shall have the meaning set out in the GDPR.

Data Protection Laws: means the GDPR and the Privacy and Electronic Communication Regulations 2003, any amendment, consolidation, or re-enactment thereof, any legislation of equivalent purpose or effect enacted in the United Kingdom, or, where relevant, the European Union, and any orders, guidelines and instructions issued under any of the above by relevant national authorities, a judicial authority in England and Wales or, where relevant, a European Union judicial authority.

Data Subject: shall have the meaning set out in the GDPR.

Disclosing Party: shall mean the party to the Agreement who discloses or makes available Personal Data.

GDPR: means General Data Protection Regulation (EU) 2016/679 as in force from time to time.

Personal Data: has the meaning given to it by the GDPR but shall only include personal data to the extent that such personal data, or any part of such personal data, is processed in relation to the services provided under the Agreement.

Processor: shall have the meaning set out in the GDPR.

Receiving Party: Shall mean the party to the Agreement who receives or obtains personal data whether directly from the disclosing party or indirectly.

Replacement National Legislation: means legislation in the United Kingdom, which is enacted to cover, in whole or part, the same subject matter as the GDPR.

1.2 Words and phrases with defined meanings in the GDPR have the same meanings when used in this Schedule, unless otherwise defined in this Schedule.

1.3 If the GDPR ceases to apply to the United Kingdom, references to the GDPR, to provisions within it and words and phrases with defined meanings in it, shall be deemed references to Replacement National Legislation, the nearest equivalent provisions in it and the nearest equivalent words and phrases in it (as the case maybe).

2. OBLIGATIONS

2.1 Each party shall comply with the Data Protection Laws applicable to it in connection with the Agreement and shall not cause the other party to breach any of its obligations under Data Protection Laws.

2.2 The parties have agreed that the Receiving Party will process personal data as the processor on behalf of the disclosing party which shall act as a Controller of such personal data in connection with the Agreement. The processor shall, or shall ensure that its sub-contractor shall:

2.2.1 Process the personal data only on behalf of the Controller, only for the purposes of performing its obligations under the Agreement, and only in accordance with instructions contained in the Agreement or instructions received in writing from the Controller from time to time. The Processor shall notify the Controller if, in its opinion, any instruction given by the Controller breaches Data Protection Laws or other applicable law.

2.2.2 Not otherwise modify, amend, or alter the contents of the personal data or disclose or permit the disclosure of any of the personal data to any third party (including without limitation the data subject itself) unless specifically authorised in writing by the Controller.

2.2.3 document all processing in accordance with Article 30 GDPR.

2.2.4 only grant access to the personal data to persons who need to have access to it for the purposes of performing the Agreement.

2.2.5 ensure that all persons with access to the personal data are:

2.2.5.1 reliable, trustworthy, and suitably trained on Data Protection Laws; and 2.2.5.2 subject to an obligation of confidentiality or are under an appropriate statutory obligation of confidentiality.

2.2.6 Considering the nature of the processing and the information available to the Processor, assist the Controller (at the Controller’s cost) in ensuring compliance with its obligations pursuant to Article 32 to 36 GDPR inclusive.

2.2.7 Take such measures as are required pursuant to Article 32 GDPR in accordance the security obligations set out in the Agreement (as amended from time to time) and at the request of the Controller provide a written description of the technical and organizational measures implemented, or to be implemented, to:

2.2.7.1 protect the personal data against unauthorized or unlawful processing and accidental loss, destruction, damage, alteration, or disclosure; and

2.2.7.2 detect and report personal data breaches within good time.

2.2.8 notify any loss, damage, or destruction of personal data to the Controller as soon as reasonably practicable and in any event within 24 hours of becoming aware of such breach and provide all reasonable assistance to the Controller in relation to the notification of such breach to the Information Commissioner and any other applicable regulator and data subject.

2.2.9 provide all reasonable assistance to the Controller (at the Controller’s cost) in ensuring compliance with its legal obligations relating to data protection impact assessments.

2.2.10 not engage another processor (a "Sub-Processor") to process the personal data on its behalf without specific written consent of the Controller, approving a named Sub-Processor, such consent always subject to:

2.2.10.1 the Processor binding any Sub-Processor by written agreement, imposing on the Sub Processor obligations in relation to the personal data equivalent to those set out in the Agreement; and

2.2.10.2 the Processor remaining liable to the Controller for the acts and omissions of any Sub Processor, as if they were the acts and omissions of the Processor.

2.2.11 notify the Controller (within seven days) if it receives:

2.2.11.1 a request from a data subject to have access to that person's personal data; or 2.2.11.2a complaint or request relating to the Controller's obligations under Data Protection Laws; or

2.2.11.3 any other communication relating directly or indirectly to the processing of any personal data in connection with the Agreement.

2.2.12 Not act in relation to such communication, unless compelled by Law or a Regulator, without the Controller's prior approval, and shall comply (at the Controller’s cost) with any reasonable instructions the Controller gives in relation to such communication.

2.2.13 Provide the Controller with reasonable co-operation and assistance (at the Controller’s cost) in relation to any complaint or request made in respect of any personal data including by: 2.2.13.1 providing the Controller with details of the complaint or request.

2.2.13.2 complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the Controller's reasonable instructions; and

2.2.13.3 providing the Controller with any personal data it holds in relation to a data subject making a complaint or request within the timescales reasonably required by the Controller.

2.2.14 On termination of the Agreement and otherwise at the Controller's request, delete or return to the Controller the personal data, and procure that any party to whom the Processor has disclosed the personal data does the same.

2.2.15 Where reasonably possible, store the personal data in a structured, commonly used, and machine readable format.

2.2.16 Not transfer personal data outside of the European Economic Area without the prior written consent of the Controller except that the Data Processor may disclose personal data to its employees providing maintenance and support services provided that such disclosure is solely for the purpose of, and no more than is necessary for, the purpose of maintenance and support under the Agreement. Where the Controller consents to the transfer of personal data outside the European Economic Area, the Processor shall comply with:

2.2.16.1 the obligations of a Controller under Articles 44 to 50 GDPR inclusive by providing an adequate level of protection to any personal data transferred; and

2.2.16.2 any reasonable instructions of the Controller in relation to such transfer.

2.2.17 Have a Data Protection Officer where required by the GDPR, and where a Data Protection Officer is not required, have a named individual that is responsible and available to deal with data protection issues as and when they arise in conjunction with the Controller; and

2.2.18 Allow the Controller, or its external advisers who are not in the reasonable opinion of the Processor competitors of the Processor (subject to reasonable notice and the execution of appropriate confidentiality undertakings), to inspect and audit the Processor’s data processing activities and those of its relevant agents, group companies and sub-contractors during normal business hours, and comply with all reasonable requests of the Controller, to enable the Controller to verify and procure that the Processor is in full compliance with its obligations under this Schedule.

3. LIABILITY

3.1 Subject to paragraphs 3.1 and 3.2, the Processor shall indemnify and keep indemnified the Controller against any fine imposed by an applicable regulatory body (and where applicable any appellate court or tribunal of competent jurisdiction) under Data Protection Laws if and to the extent that such fine is imposed on the Controller solely and directly as a result of a breach by the Processor and/or any Sub Processor of its obligations under this Schedule, unless such indemnity is prohibited on the grounds of public policy.

3.2 The Processor’s maximum liability under this Schedule shall be capped at a sum equal to the value of the payments received by the Processor under the Agreement in the previous year or [£50,000], whichever is the higher.

3.3 The Processor’s obligations under paragraph 3.1 shall be subject to the Conditions that the Controller: (i) promptly gives the Processor written notice of the claim; (ii) gives the Processor sole control of the defence and/or settlement of the claim including the bringing of any appeal that may be available (provided that the Processor may not settle the claim in any manner that the Controller reasonably regards as adverse to its interests without the consent of the Controller, which shall not be unreasonably withheld or delayed)); and (iii) provides the Processor, at the Processor’s expense, with all reasonable assistance in the defence and/or settlement of the claim.

4. INTELLECTUAL PROPERTY RIGHTS

4.1 All intellectual property rights in the personal data vest and shall remain vested absolutely in the disclosing party, that transferred the relevant personal data to the receiving party. Electronic media and other means of transport containing the personal data received by the receiving party and all copies or reproductions thereof shall also remain the property of the disclosing party, that transferred these media or provided other means of transport.