Menu
Terms of Service & Data Processing Addendum
Terms of Service
TS1. Introduction
SENshine agrees to provide and the Subscriber agrees to subscribe for the Services subject to these terms and conditions (Terms). Collectively, the Terms comprise this document (Terms of Service), the Order Form it references, and the Data Processing Addendum.
TS2. Interpretation
2.1 The definitions and rules of interpretation in this clause apply to the Terms.
Business Day: a day other than a Saturday, Sunday or public holiday in England, when banks in London are open for business. Confidential Information: information that is proprietary or confidential and is either labelled as such or identified as Confidential Information in clause 11.2. Data Protection Legislation: all applicable data protection and privacy legislation in force from time to time in the UK including the DPA 2018 (Data Protection Act 2018, including any regulations made thereunder), the UK GDPR (as defined in section 3(10), supplemented by section 205(4)), of the DPA 2018), the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended, and all other legislation and regulatory requirements in force from time to time which apply to a party’s use of Personal Data (including, without limitation, the privacy of electronic communications); references to Data Controller, Data Processor, Data Subject, Personal Data, Personal Data Breach, Special Categories and appropriate technical and organisational measures shall be as defined in the Data Protection Legislation. Initial Subscription Term: the initial term of the Subscription as stipulated in the Order Form. If no term is stipulated in the order form, then the Initial Subscription Term shall be taken to be one year. Intellectual Property Rights: patents, rights to inventions, copyright and related rights, trademarks and service marks, trade names and domain names, rights in get-up, rights to goodwill and to sue for passing off and unfair competition, rights in designs, rights in computer software, database rights, rights in confidential information (including knowhow and trade secrets) and any other intellectual property rights, whether registered or unregistered and including all applications (and rights to apply) for, and renewals or extensions of, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist, now or in the future, in any part of the world. Launch Date: the date upon which SENshine will make the Software available as part of the Services to new Subscribers outside of the Pilot Programme. Order Form: the order form (or registration or subscription form) or other written confirmation of the Subscription issued by SENshine (whether by email or otherwise) to which these Terms are attached specifying, inter alia, the name of the Subscriber, a description of the Services, and any Subscription Fees. Pilot Programme: a programme for prospective paying customers of SENshine to gain early access to the Services at zero charge and with the intention to provide feedback to help SENshine improve the Services. Renewal Period: has the meaning given in clause 14.1 (being any 12 month subscription period subsequent to the Initial Subscription Period). Research Community: a community of users, experts, researchers and other stakeholders who are actively working with or otherwise engaging with SENshine to help shape the Services. SENshine: Senshine Ltd (company number 15216102), whose registered office is located at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. Services: the online services provided by SENshine to the Subscriber via the Website together with any other materials or documentation, whether provided freely or on a free trial or paid subscription basis. Software: any online software applications provided by SENshine as part of the Services. Start Date: the date stated on Order Form being the date of commencement of provision of the Services. If no Start Date is stated on the Order Form, then the Start Date shall be taken to be the date that the completed Order Form was received by SENshine from the Subscriber. Subscriber: means the organisation named in the Order Form by a representative of said organisation. Subscriber Data: the data provided by the Subscriber to SENshine or inputted by the Subscriber (or by SENshine on the Subscriber’s behalf) for the purpose of using the Services or facilitating the use of the Services by the Subscriber or the Users. Subscription: the subscription to use the Services in accordance with these Terms and the Order Form. Subscription Fees: any subscription fees payable by the Subscriber to SENshine for the Subscription, as set out in the Order Form. Subscription Term: has the meaning given in clause 14.1 (being the Initial Subscription Term together with any subsequent Renewal Periods). User Content: content produced by or on behalf of the Subscriber or the Users which may include photos or footage of learners and which is captured solely to evidence and share learners’ progress and/or to help improve the performance of the Subscriber and/or Users. User(s): those employees, agents and independent contractors of the Subscriber who are authorised to use the Services. Virus: any device or other thing (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices. Website: the website operated by SENshine at www.SENshine.co and/or any other website hosted by SENshine from time to time for the purpose of providing the Services. | ||
| 2.2 | A person includes an individual, corporate or unincorporated body (whether or not having separate legal personality) and that person’s legal and personal representatives, successors or permitted assigns. | |
| 2.3 | A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established. | |
| 2.4 | Unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular. | |
| 2.5 | Unless the context otherwise requires, a reference to one gender shall include a reference to the other genders. | |
TS3. Licence
| 3.1 | Subject to these Terms (including the obligation to pay any applicable Subscription Fees stated in the Order Form), SENshine hereby grants to the Subscriber a non-exclusive, non-transferable licence, without the right to grant sub-licences, to permit the Users to use the Services during the Subscription Term solely for the Subscriber’s internal business purposes. | ||
| 3.2 | The Subscriber undertakes that: | ||
| a) | it shall permit Senshine (or its agent) to audit its usage of the Services in order to establish compliance with the Terms. Each such audit may be conducted no more than once per quarter, at Senshine’s expense, and this right shall be exercised with reasonable prior notice; | ||
| b) | if any of the audits referred to in clause 3.2(a) reveal that the Subscriber has underpaid Subscription Fees to Senshine, then without prejudice to Senshine’s other rights, the Subscriber shall pay to Senshine an amount equal to any underpaid Subscription Fees within 30 days. | ||
| 3.3 | The Subscriber shall not: | ||
| a) | except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties and except to the extent expressly permitted under these Terms: | ||
| (i) | attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Software in any form or media or by any means; or | ||
| (ii) | attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Software; | ||
| b) | access all or any part of the Services in order to build a product or service which competes with the Services; | ||
| c) | use the Services to provide services to third parties; | ||
| d) | subject to clause 21.1, license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services available to any third party except the Users; | ||
| e) | attempt to obtain or assist third parties in obtaining access to the Services, other than as provided under this clause 3; or | ||
| f) | introduce or permit the introduction of, any Virus into Senshine’s network and information systems. | ||
| 3.4 | The Subscriber shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Services and, in the event of any such unauthorised access or use, promptly notify Senshine. | ||
| 3.5 | The rights provided under this clause 3 are granted to the Subscriber only. | ||
TS4. Pilot Programme & Research Community
| 4.1 | If an organisation registers to become part of the Pilot Programme and Research Community, they are subsequently deemed to belong to both, unless they are not a school or other educational institution, in which case they will be deemed to belong to the Research Community only. | |
| 4.2 | All members of the Research Community will be given access to the members area on the Website and to the Services as they become available for beta testing prior to the Launch Date. | |
| 4.3 | Members of the Pilot Programme will be considered eligible for certain benefits outlined in 4.4, so long as they complete the Pilot entry and exit questionnaires within one month of being requested to do so, providing feedback on their usage of the Services (Eligible Members). | |
| 4.4 | SENshine warrants that all Eligible Members of the Pilot Programme will receive an agreed discount off then current rates of their first paid year’s subscription if taken up within 12 months of the Launch Date, this discount will be 50% off the standard prices at that time for schools who join the pilot at its start in March or April 2025 or 40% off for those starting the pilot later in 2025, and | |
| a) | 3 months of free access to the Services (including the Software) immediately following the Launch Date if they became a member of the Pilot Programme prior to 1st January 2025 and join the pilot at its start in March or April 2025; or | |
| b) | 6 months of free access to the Services (including the Software) immediately following the Launch Date if they became a member of the Pilot Programme prior to 1st April 2025; and | |
| c) | a 25% discount off the standard price of their second paid year’s subscription if they became a member of the Pilot Programme prior to 1st January 2025 and join the pilot at its start in March or April 2025 or 20% discount if they join the pilot later in 2025; and | |
| d) | a 25% discount off the standard price of their third paid year’s subscription if they became a member of the Pilot Programme prior to 1st January 2024. | |
TS5. Services
| 5.1 | Senshine shall, during the Subscription Term, provide the Services to the Subscriber subject to the Terms. |
| 5.2 | Senshine shall use commercially reasonable endeavours to make the Services available 24 hours a day, seven days a week, except for times during which any maintenance is required and where reasonable advance notice has been provided to the Subscriber. |
| 5.3 | The Subscriber may, if agreed separately with Senshine in writing, purchase additional services at the Supplier’s then current rates. Any such services so purchased will be subject to the Terms unless expressly agreed otherwise. |
TS6. Data Protection
| 6.1 | All Users are obliged to agree and accept the Terms as a condition of accessing the Services. These Terms govern the obligations of Senshine and the Users in relation to data protection matters. To the extent that the Subscriber controls any Personal Data of any User, it shall ensure that it has all necessary appropriate consents, policies and notices in place as required by the Data Protection Legislation (Data Protection Permissions) to enable the lawful transfer of any Personal Data which the Subscriber processes in connection with these Terms for the duration of the Subscription Term. | |
| 6.2 | The Subscriber shall not upload nor allow any of its Users to upload any User Content to the Website unless the Subscriber has obtained any required Data Protection Permissions from the relevant Data Subjects who may be included in such content. Senshine shall be entitled to demand from the Subscriber at any time a copy of the relevant Data Protection Permissions that it holds in order to evidence compliance with this clause 6.2. Upon receipt of such a request the Subscriber shall supply the relevant Data Protection Permissions to Senshine within 5 Business Days. | |
| 6.3 | On each occasion that the Subscriber or a User uploads User Content to the Website the Subscriber warrants to Senshine that such upload has been made in compliance with clause 6.2 and indemnifies Senshine and holds Senshine harmless against any and all losses that Senshine may suffer in consequence of the Subscriber’s failure to comply with clause 6.2. | |
| 6.4 | SENshine occupies the role of Processor only in respect of any Personal Data within the User Content uploaded to the Website and the Subscriber occupies the role of Controller for these purposes. Accordingly, the Data Processing Addendum to this agreement sets out obligations of the processor and Controller and acts as an appropriate contract as required by UK GDPR Article 28. | |
TS7. SENshine’s Obligations
| 7.1 | Senshine undertakes that the Services will be performed with reasonable skill and care. | ||
| 7.2 | The undertaking at clause 7.1 shall not apply to the extent of any non-conformance which is caused by use of the Services contrary to Senshine’s instructions, or modification or alteration of the Services by any party other than Senshine or Senshine’s duly authorised contractors or agents. | ||
| 7.3 | Senshine: | ||
| a) | does not warrant that: | ||
| (i) | the Subscriber’s use of the Services will be uninterrupted or error-free; | ||
| (ii) | that the Services and/or the information obtained by the Subscriber through the Services will meet the Subscriber’s requirements; or | ||
| (iii) | the Software or the Services will be free from Viruses; | ||
| b) | is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Subscriber acknowledges that the Services may be subject to limitations, delays and other problems inherent in the use of such communications facilities. | ||
| 7.4 | These Terms shall not prevent Senshine from entering into similar agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under these Terms. | ||
| 7.5 | In the event of any loss or damage to any Subscriber Data, the Subscriber’s sole and exclusive remedy against Senshine shall be for Senshine to use reasonable commercial endeavours to restore the lost or damaged Subscriber Data from the latest back-up of such Subscriber Data maintained by Senshine in accordance with its archiving procedures in place from time to time. Senshine shall not be responsible for any loss, destruction, alteration or disclosure of Subscriber Data caused by any third party (except those third parties sub-contracted by Senshine to perform services related to Subscriber Data maintenance and back-up for which it shall remain fully liable). | ||
TS8. Subscriber’s Obligations
| 8.1 | The Subscriber shall: | |
| a) | provide SENshine with all necessary co-operation in relation to these Terms and all necessary access to such information as may be required by Senshine in order to provide the Services, including but not limited to the Subscriber Data; | |
| b) | without affecting its other obligations under these Terms, comply with all applicable laws and regulations with respect to its activities under these Terms; | |
| c) | ensure that the Users use the Services in accordance with the Terms of Service and shall be responsible for any User’s breach of the Terms of Service; | |
| d) | ensure that its network and systems comply with the relevant specifications provided by Senshine from time to time; and | |
| e) | be, to the extent permitted by law, solely responsible for procuring, maintaining and securing its network connections and telecommunications links from its systems to Senshine’s data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Subscriber’s network connections or telecommunications links or caused by the internet. | |
| 8.2 | The Subscriber shall own all right, title and interest in and to all of the Subscriber Data that is not Personal Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of all such Subscriber Data. | |
TS9. Charges & Payment
| 9.1 | The Subscriber shall pay any Subscription Fees to Senshine for the Services in accordance with this clause 9. | |
| 9.2 | Senshine shall invoice the Subscriber: | |
| a) | on or before the Start Date for the Subscription Fees payable in respect of the Initial Subscription Term; and | |
| b) | subject to clause 14.1, at least 30 days prior to each anniversary of the Start Date for the Subscription Fees payable in respect of the next Renewal Period, and the Subscriber shall pay each invoice within 30 days after the date of such invoice. | |
| 9.3 | If Senshine has not received payment within 30 days after the due date, and without prejudice to any other rights and remedies of Senshine may, without liability to the Subscriber, disable the Subscriber’s password, account and access and that of any of its Users to all or part of the Services and Senshine shall be under no obligation to provide any or all of the Services while the invoice(s) concerned remain unpaid. | |
| 9.4 | All amounts and fees stated or referred to in these Terms: | |
| a) | shall be payable in the currency stipulated in the Order Form; | |
| b) | are, subject to clause 13.3(b), non-cancellable and non-refundable; | |
| c) | are exclusive of value added tax, which shall (if applicable) be added to Senshine’s invoice(s) at the appropriate rate. | |
| 9.5 | Senshine shall be entitled to increase the Subscription Fees at the start of each Renewal Period upon 30 days’ prior notice to the Subscriber and the Order Form shall be deemed to have been amended accordingly. | |
TS10. Intellectual Property
| 10.1 | The Subscriber acknowledges and agrees that Sunshine and/or its licensors own all Intellectual Property Rights in the Services. Except as expressly stated herein, these Terms do not grant the Subscriber any rights to, under or in, any Intellectual Property Rights in the Services or any other rights or licences in respect thereof. |
| 10.2 | Where Users employ the Services to create outputs (e.g. draft documentation) based at least in part upon Subscriber Data, then the Subscriber may be considered to have a licence from Senshine to use such outputs for any purpose that does not contravene any of the Terms. |
TS11. Confidentiality
| 11.1 | Each party may be given access to Confidential Information from the other party in order to perform its obligations under these Terms. A party’s Confidential Information shall not be deemed to include information that: | |
| a) | is or becomes publicly known other than through any act or omission of the receiving party; | |
| b) | was in the other party’s lawful possession before the disclosure; or | |
| c) | is lawfully disclosed to the receiving party by a third party without restriction on disclosure. | |
| 11.2 | The Subscriber acknowledges that details of the Services constitute Senshine’s Confidential Information. | |
| 11.3 | Subject to clause 11.5, each party shall hold the other’s Confidential Information in confidence and not make the other’s Confidential Information available to any third party, or use the other’s Confidential Information for any purpose other than the implementation of these Terms. | |
| 11.4 | Each party shall take all reasonable steps to ensure that the other’s Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of these Terms. | |
| 11.5 | A party may disclose Confidential Information to the extent such Confidential Information is required to be disclosed by law, by any governmental or other regulatory authority or by a court or other authority of competent jurisdiction, provided that, to the extent it is legally permitted to do so, it gives the other party as much notice of such disclosure as possible and, where notice of disclosure is not prohibited and is given in accordance with this clause 11.5, it takes into account the reasonable requests of the other party in relation to the content of such disclosure. | |
| 11.6 | The above provisions of this clause 11 shall survive termination of the Subscription under these Terms. | |
TS12. Indemnity
| The Subscriber shall defend, indemnify and hold harmless Senshine against claims, actions, proceedings, losses, damages, expenses and costs (including without limitation court costs and reasonable legal fees) arising out of or in connection with the Subscriber’s use of the Services, provided that: | |
| a) | Senshine provides reasonable co-operation to the Subscriber in the defence and settlement of any such claim, at the Subscriber’s expense; and |
| b) | the Subscriber is given sole authority to defend or settle the claim. |
TS13. Limitation of Liability
| 13.1 | Except as expressly provided in these Terms: | |
| a) | the Subscriber assumes sole responsibility for results obtained from the use of the Services by the Subscriber and Users. Senshine shall have no liability for any damage caused by errors or omissions in any information or instructions provided to Senshine by the Subscriber in connection with the Services, or any actions taken by Senshine at the Subscriber’s request or direction; | |
| b) | all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from these Terms; and | |
| c) | the Services are provided to the Subscriber on an “as is” basis. | |
| 13.2 | Nothing in these Terms excludes the liability of Senshine: | |
| a) | for death or personal injury caused by Senshine’s negligence; or | |
| b) | for fraud or fraudulent misrepresentation. | |
| 13.3 | Subject to clause 13.1 and clause 13.2: | |
| a) | Senshine shall not be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for any loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, or for any special, indirect or consequential loss, costs, damages, charges or expenses however arising under these Terms; and | |
| b) | Senshine’s total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of the Terms shall be limited to the total Subscription Fees paid for the User Subscriptions during the 12 months immediately preceding the date on which the claim arose. | |
| 13.4 | In no event shall Senshine, its employees, agents and sub-contractors be liable to the Subscriber to the extent that any claim arises in consequence of: | |
| a) | The modification of the Services by anyone other than Senshine; or | |
| b) | the Subscriber’s or User’s use of the Services in a manner contrary to the instructions of Senshine. | |
| 13.5 | Nothing in these Terms excludes the liability of the Subscriber for any breach, infringement or misappropriation of Senshine’s Intellectual Property Rights in the Services. | |
TS14. Term & Termination
| 14.1 | These Terms shall, unless otherwise terminated as provided in this clause 14, commence on the Start Date and shall continue for the Initial Subscription Term and, thereafter, the Subscription shall be automatically renewed for successive periods of 12 months (each a Renewal Period), unless: | |
| a) | The Subscriber notifies Senshine that it wishes to terminate, at least 60 days before the end of the Initial Subscription Term or any Renewal Period, in which case the Subscription shall terminate upon the expiry of the applicable Initial Subscription Term or Renewal Period; | |
| b) | Senshine notifies the Subscriber that it will terminate, at any time before the end of the Initial Subscription Term or any Renewal Period, in which case the Subscription shall terminate upon the expiry of the applicable Initial Subscription Term or Renewal Period; or | |
| c) | otherwise terminated in accordance with the provisions of these Terms; | |
| and the Initial Subscription Term together with any subsequent Renewal Periods shall constitute the Subscription Term. | ||
| 14.2 | Without affecting any other right or remedy available to it, Senshine may terminate the Subscription with immediate effect if the Subscriber fails to pay any amount due under these Terms on the due date for payment and remains in default not less than 10 days after being notified in writing to make such payment. | |
| 14.3 | On termination of the Subscription for any reason: | |
| a) | all licences granted under these Terms shall immediately terminate and the Subscriber shall immediately cease (and procure that all Users immediately cease) all use of the Services; | |
| b) | Senshine may destroy or otherwise dispose of any of the Subscriber Data in its possession; and | |
| c) | any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of these Terms which existed at or before the date of termination shall not be affected or prejudiced. | |
TS15. Force Majeure
SENshine shall have no liability to the Subscriber under these Terms if it is prevented from or delayed in performing its obligations under these Terms, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes (whether involving the workforce of SENshine or any other party), failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, pandemic, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or subcontractors, provided that the Subscriber is notified of such an event and its expected duration.
TS16. Variation
Senshine shall be entitled to amend these Terms by serving 10 days’ notice of such changes in writing on the Subscriber.
TS17. Waiver
No failure or delay by a party to exercise any right or remedy provided under these Terms or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.
TS18. Rights & Remedies
Except as expressly provided in these Terms, the rights and remedies provided under these Terms are in addition to, and not exclusive of, any rights or remedies provided by law.
TS19. Severance
If any provision or part-provision of these Terms is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of these Terms.
TS20. Entire Agreement
| 20.1 | These Terms constitute the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter. |
| 20.2 | Each party acknowledges that it does not rely on, and shall have no remedies in respect of, any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in these Terms. |
TS12. Assignment
| 21.1 | The Subscriber shall not, without the prior written consent of Senshine, assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under these Terms. |
| 21.2 | Senshine may at any time assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under these Terms. |
TS22. Third Party Rights
These Terms do not confer any rights on any person or party (other than the parties hereto and, where applicable, their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.
TS23. Notices
| 23.1 | Any notice required to be given under these Terms shall be in writing and shall be delivered by hand or sent by pre-paid first-class post or recorded delivery post to the other party at its address set out in these Terms or the Order Form, or such other address as may have been notified by that party for such purposes, or sent by email to the other party’s email address as set out in the Order Form. |
| 23.2 | A notice delivered by hand shall be deemed to have been received when delivered (or if delivery is not in business hours, at 9am on the first business day following delivery). A correctly addressed notice sent by pre-paid first-class post or recorded delivery post shall be deemed to have been received at the time at which it would have been delivered in the normal course of post. A notice sent by email shall be deemed to have been received on the Business Day following the date of sending or (if shown by a delivery receipt obtained by the sender) at the time of transmission. |
TS24. Governing Law & Jurisdiction
| 24.1 | These Terms and any dispute or claim arising out of or in connection with them or their subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales. |
| 24.2 | Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with these Terms or their subject matter or formation (including non-contractual disputes or claims). |
Data Processing Addendum
DPA1. Definitions
2.1 In this agreement, unless the text specifically notes otherwise, the following definitions have the meanings given below:
Consent: is as defined in the Data Protection Laws.
Contract: means the Contract between the Controller and Processor for the provision of services.
Controller: is the Data Controller for this project, which is the customer for the services provided by the Processor as defined in the Contract.
Data Protection Laws: is the UK Data Protection Legislation and EU Data Protection Legislation and any other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of personal data (including, without limitation, the privacy of electronic communications).
UK Data Protection Legislation: is The UK GDPR as defined in The Data Protection Act 2018 Section 3(10), The Data Protection Act 2018, the Privacy & Electronic Communications (EC Directive) Regulations 2003 and any other applicable UK laws or replacement legislation coming into effect from time to time.
EU Data Protection Legislation: is the GDPR – The General Data Protection Regulation (Regulation (EU) 2016/679) and any other applicable EU laws or replacement legislation coming into effect from time to time.
Personal Data: is as defined in the Data Protection Laws.
Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
Processing, processes, process: means any activity that involves the use of Personal Data or as the Data Protection Laws may otherwise define processing, processes or process. It includes any operation or set of operations which is performed on Personal Data or on sets of Personal Data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Processing also includes transferring Personal Data to a third party.
Processor: is the Data Processor for this project, which is Senshine Ltd., 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, registration number 15216102.
Services: the services set out in Schedule 1 and the Contract
Sub-Processor: means another processor engaged by the processor for carrying out processing activities in relation to this agreement
Supervisory Authority: means the Information Commissioner’s Office (ICO) in the United Kingdom, or the local supervisory authority within the EU or EEA member state of the Controller
DPA2. Terms of Agreement
2.1 The parties agree the above definitions of Controller and Processor and accept the roles described.
2.2 All processing of personal data by the Processor on behalf of the Controller shall be governed by this agreement and the terms obligations and rights set forth in this agreement relate directly to the data processing activities described in Schedule 1.
DPA3. Obligations & Rights of the Processor
3.1 The Processor shall comply with the Data Protection Laws at all times and must:
(a) only process the Personal Data to the extent, and in such a manner, as is necessary for the Provision of the Services in accordance with the Controller’s written instructions. The Processor will not process the Personal Data for any other purpose or in a way that does not comply with this Agreement or the Data Protection Laws;
(b) promptly notify the Controller if, in its opinion, the Controller’s instruction would not comply with the Data Protection Laws;
(c) maintain the confidentiality of all Personal Data and not disclose Personal Data to third parties unless the Controller specifically authorises the disclosure, or as required by law. If a law, court, regulator or Supervisory Authority requires the Processor to process or disclose Personal Data, the Processor must first inform the Controller of the legal or regulatory requirement and give the Controller an opportunity to object or challenge the requirement, unless the law prohibits such notice;
(d) ensure that any people or Sub-Processors processing the Personal Data are subject to a duty of confidentiality and that such persons comply at all times with the terms of this Agreement;
(e) Ensure that any natural person acting under their authority who has access to personal data does not process that data except on written instructions from the Controller;
(f) Use its best endeavours to safeguard and protect all Personal Data from unauthorised or unlawful processing including but not limited to accidental loss destruction or damage and will ensure the security of processing through the demonstration and implementation of appropriate technical and organisational measures as specified in Schedule 1 of this agreement;
(g) Ensure all processing meets the requirements of applicable Data Protection Laws;
(h) Ensure that where a Sub-Processor is used they
- Only engage a Sub-Processor with the written consent of the Controller
- Inform the Controller of any intended changes regarding the addition or replacement of Sub-Processors;
- Implement a written contract containing the same data protection obligations as set out in this agreement in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Data Protection Laws;
- Understand that where any Sub-Processor is used on their behalf that any failure on the part of the Sub-Processor to comply with the Data Protection Laws or relevant data processing agreement the Processor remains fully liable to the Controller for the performance of the Sub-Processor’s obligations;
(i) The Controller gives the Processor general authorisation to utilise Sub-Processors that provide general information technology and technical support including data storage and transmission services such as Microsoft office 365 provided that obligations equivalent to the obligations set out in this clause 3 are included in all contract(s) between the Processor and the permitted Sub-Processors who will be processing Personal Data;
(j) Assist the Controller in providing subject access and allowing Data Subjects to exercise their rights under the Data Protection Laws insofar as the Processor holds Personal Data relating to the Data Subjects;
(k) Assist the Controller in meeting its data protection obligations in relation to:
- The security of processing by the Processor;
- Data Protection Impact Assessments for the provision of this service;
- The investigation and notification of personal data breaches caused by the Processor’s Processing; and
(l) Delete or return all personal data to the Controller as requested at the end of the agreement, or at such other time as the Controller may request;
(m) Make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in the Data Protection Laws and allow for and contribute to one audit annually conducted by the Controller at the Controller’s cost;
(n) Cooperate with the Supervisory Authority in accordance with the Data Protection Laws;
(o) Notify the Controller of any personal data breaches as soon as reasonably possible and in accordance with the Data Protection Laws.
3.2 Nothing within this agreement relieves the Processor of their own direct responsibilities obligations and liabilities under the Data Protection Laws.
3.3 The Processor is responsible for ensuring that each of its employees agents subcontractors or vendors are made aware of its obligations regarding the security and protection of the personal data and terms set out in this agreement.
3.4 The Processor is responsible for ensuring that each of its employees, agents, subcontractors or vendors are made aware of its obligations regarding the security and protection of the personal data and terms set out in this agreement.
3.5 The Processor shall maintain induction and training programmes that adequately reflect the Data Protection Law requirements and ensure that all employees are afforded the time resources and budget to undertake such training on a regular basis.
3.6 Any transfers of personal data to a third country or an international organisation shall only be carried out on written instructions from the controller unless required to do so by law and where such a legal requirement exists the Processor will inform the Controller of that legal requirement before processing.
3.7 Where required under the Data Protection Laws the Processor shall maintain a record of all categories of processing activities carried out on behalf of the Controller containing:
- The name and contact details of the Processor and of each Controller on behalf of which the Processor is acting and where applicable the Data Protection Officer;
- The categories of processing carried out on behalf of each Controller;
- Transfers of personal data to a third country or an international organisation including the identification of that third country or international organisation and the documentation of suitable safeguards;
- A general description of the technical and organisational security measures referred to in the Data Protection Laws.
3.8 When assessing the appropriate level of security and the subsequent technical and organisational measures the Processor shall consider the risks presented by any processing activities in particular from accidental or unlawful destruction loss alteration unauthorised disclosures of or access to personal data transmitted stored or otherwise processed.
DPA4. Obligations & Rights of the Controller
4.1 The Controller is responsible for determining the means and purpose of processing and the lawful basis for processing and for meeting its obligations to the data subjects under the Data Protection Laws including providing the data subjects with an appropriate privacy notice.
4.2 The Controller reserves the right to verify that the Processor has adequate and documented processes for data breaches data retention and data transfers in place.
4.3 The Controller reserves the right to obtain evidence from the Processor as to the:
- Verification and reliability of the employees used by the Processor;
- Technical and organisational measures described in Schedule 1 of this agreement;
- Procedures in place for allowing data subjects whose data are Processed under this agreement to exercise their rights in accordance with the Data Protection Laws.
4.4 Where the Controller has authorised the use of any Sub-Processors by the Processor the Controller may verify that similar data protection agreements are in place between the Processor and Sub-Processor.
DPA5. Warranties
5.1 The Processor warrants and represents that:
- its employees, subcontractors, agents and any other person or persons accessing Personal Data on its behalf are reliable and trustworthy and have received the required training on the Data Protection Laws relating to the Personal Data;
- it has no reason to believe that the Data Protection Laws prevents it from providing any of the Services; and
- considering the current technology environment and implementation costs, it will take appropriate technical and organisational measures to prevent the unauthorised or unlawful processing of Personal Data and the accidental loss or destruction of, or damage to, Personal Data, and ensure a level of security appropriate to:
- the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage;
- the nature of the Personal Data protected; and
- comply with all applicable Data Protection Laws.
DPA6. Termination
6.1 This Agreement shall remain in full force and effect for so long as the Processor is providing the Services or the Processor retains Personal Data on behalf of the Controller.
6.2 The Processor’s failure to comply with any of its obligations in clause 3 of this Agreement or if any of the warranties in clause 5 are found to be untrue or misleading then this shall be considered a material breach and the Controller may terminate effective immediately without further liability or obligation.
DPA7. Governing Law
7.1 This Agreement is governed by the laws of England and Wales.
7.2 This Agreement, and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) is governed by and shall be construed and interpreted in accordance with the laws of England and Wales, and the Parties irrevocably submit to the exclusive jurisdiction of the Courts of England and Wales.
Schedule 1 (to the Data Processing Addendum)
Subject Matter of Processing
Provision of the SENshine SaaS (Software as a Service).
Duration of the Processing
Until such time as the Contract between the Controller and Processor for the provision of service ends.
Nature & Purpose of Processing
Provision for the SENshine SaaS to schools to enable the school to support the learning and development needs of their pupils, and the management needs of their teaching and support staff.
Categories of Data Subjects
School staff, learners, and parents/carers.
Categories of Personal Data
For school staff: Name, address, email address, job title / role information, school name, account ID, timetable data, absences data, salary data, activity log.
For learners: Name, age, class, family data, medical data, demographics, learning needs and planning data, achievement data, timetable data, attendance data, behaviour data, detentions data, exclusions data, communications with school.
For parents/carers: Name, address, email address, family data, cultural identifiers data, communications with school.
Special Categories of Personal Data
Learners whose data are processed by the SENshine staff may well have special needs or medical conditions which constitute special category data related to health and/or genetics, including their emotional or intellectual capacity. SENshine may also process racial and ethnicity data about learners and their families.
International Transfers
The Processor is a UK based entity and as such international transfers where the Controller is based in the EU or EEA are on the basis of the UK being an adequate nation for data protection purposes.
International Transfers relating to sub-processors are specified in the table below (see ‘Sub-Processors’).
Technical & Organisational Measures
The Processor agrees that they shall implement the following suitable measures to preserve the security of the data collected:
- No copies of data are to be held by the Processor without the Controller’s permission.
- Any such copies data will be held in secure, password protected IT systems,
- All data are encrypted in transit and at rest,
- The Processor shall ensure that their IT systems use modern software that is kept up-to-date,
- When personal data are deleted this will be done safely such that the data are irrecoverable,
- Appropriate back-up and disaster recovery solutions are in place,
- Where multi-factor authentication exists for the tools used to deliver the service the Processor shall have enabled it,
- The Processor retains personal data by default for 30 days from when data about person(s) concerned are no longer controlled by the Controller (for example when a learner leaves a School that is a customer of SENshine) or if said Controller ceases to be a customer of the Processor.
Sub-Processors
List of Sub-Processors used by the Processor to deliver the agreed services which the Controller consents to.
| Name of Sub-Processor | Address (& details of transfer mechanism if not a UK organisation) | Nature of processing activity |
| Microsoft Ltd | Microsoft Campus, Thames Valley Park, Reading, Berkshire, RG6 1WG | Data storage (Azure SQL), Email Provider (Office 365), Hosting (Azure Container App), Authentication (Entra ID), Internal messaging (Service Bus) |
| Wonde Limited | Furlong House, 2 Kings Court, Newmarket, Suffolk, England, CB8 7SG | Source data |
| Name Hero, LLC | 680 S Cache Street, Suite 100-12679, Jackson, Wyoming 83002 | Domain provider |
| Hubspot, Inc. | 2 Canal Park Cambridge, MA 02141 United States | Customer Relationship Management (CRM) and Marketing |
