Master Agreement



This agreement (the “Agreement”) effective as outlined in the Order Form (the “Effective Date”) between Vitrue Ltd (a UK Limited company registered no.10775942), with its registered office at Vitrue Ltd 15 Ironmonger Row, London, EC1V 3QC, UK (the ”Service Provider”) and the customer (hereinafter “Client”). 

1. The Client hereby engages the Service Provider, and the Service Provider hereby accepts such engagement, upon the terms and conditions set forth herein, for the period commencing on the Effective Date.

2. Payment. Billing will be annually in advance and the fees set out in Schedule 4 shall be paid to the Service Provider within thirty (30) days of invoice. No interest shall be charged to the Client and the Client shall not be liable to make any interest payments to the Service Provider at any time.

3. Term. This Agreement shall commence upon the Effective Date, as stated above, and will continue for a period set out in the agreed order form. Thereafter the contract is automatically renewed with subsequent periods of 12 months. The notice period for canceling the contract is 1 month before the end of each contract period. Unless terminated at an earlier date in accordance with clause 14 clause 15 and can be extended as mutually agreed in writing in advance of the termination date between the Client and the Service Provider..

3.1  The Supplier shall be entitled to increase the Subscription Fees at the start of each Renewal Period upon 30 days' prior notice to the Customer and the Contract Details shall be deemed to have been amended accordingly.

4. Independent Parties. In performing the Services, Service Provider is an independent Service Provider, and not an employee, partner or agent of the Client, nor are any of Service Provider’s employees or contract personnel employees of the Client and does not establish any joint venture or any other relationship between the parties. Service Provider shall have the right to perform services for others and the sole right to control and direct the means, methods and manner by which the Services required hereunder will be performed, consistent with the terms of this Agreement. Service Provider shall not be entitled to any fringe benefits, including health insurance, benefits, paid vacation, or other employee benefits provided by the Client to its employees.  Service Provider is responsible for payment of any taxes, withholdings and any other statutory or contractual obligations of any sort, in connection with services provided hereunder. The parties have no authority to create or assume any obligation or to make any commitment on behalf of each other, or to hold itself out as having such authority, without the prior written consent of the other Party.  

5. Confidential Information. It is understood that in the course of the Service Provider's performance hereunder each party may become privy to information which includes but is not limited to the other party’s operations, employees, finances, projects, products and production plans, research and development, system design, software, hardware, technical processes and formulas, source codes and activities (“Confidential Information”). Such Confidential Information shall be deemed confidential in every case where either a reasonable person would understand it to be confidential or the disclosing party has identified it as such or where it is clearly marked as confidential. The receiving party shall maintain the secrecy of all of the disclosing party’s confidential information (including, without limitation, all confidential information that the disclosing party has received or will receive from third parties), using the same care it applies to its own confidential information, and shall make use of such Confidential Information only to the minimum extent necessary to effect the Agreement. The receiving party shall not exploit or reveal to any third party any of such information without the disclosing party’s express prior written consent. This provision shall apply to all Confidential Information, whether it was exchanged before or after the date of this Agreement. All Confidential Information referred to in this Section in whatever form shall at all times remain the property of the disclosing party, and shall, upon written request of the disclosing party, be delivered by the receiving party to the disclosing party in all tangible forms, or, promptly destroyed by the disclosing party to the extent such delivery is impracticable.  The obligations in this Section do not apply to Confidential Information that (i) was already known to the receiving party prior to its first disclosure hereunder; (ii) has become generally known to the public through no fault of the disclosing party; (iii) is required by law to be disclosed (in which case the receiving party shall provide the disclosing party with a reasonable opportunity to seek a protective order maintaining confidentiality; (iv) is independently developed by the receiving party without breach of this Agreement; or (v) is approved for release upon the written instructions of the disclosing party provided that 7 (i) to (iv) is not applicable. Notwithstanding the forgoing,  each party may disclose the other party’s Confidential Information to those of its employees, officers, advisers, agents or representatives who need to know the other party’s Confidential Information in order to exercise the disclosing party’s rights or perform its obligations under this Agreement provided that the disclosing party shall ensure that each of its employees, officers, advisers, agents or representatives to whom Confidential Information is disclosed is aware of its confidential nature and complies with this clause.

6. User Subscriptions. Subject to the Client purchasing the User Subscriptions in accordance with this agreement, the restrictions set out in this clause 6 and the other terms and conditions of this Agreement, the Service Provider hereby grants to the Client and its Affiliates a non-exclusive, worldwide, non-transferable, without the right to grant sub-licences, to permit their authorised users to use the Services and/ or Deliverables and the documentation during the Subscription Term solely for the Client’s internal business operations. Affiliate is defined as “an entity that directly or indirectly controls, is controlled by or is under common control of the Client“. Documentation is defined as the documents (in whatever media) provided or made available to the Client in hard or soft copy to facilitate use of the Services and/ or Deliverables by the Client. The Service Provider shall indemnify the Client on a worldwide basis against any losses, damages, liability, costs (including legal fees) and expenses incurred by the Client as a result of or in connection with any action demand or claim:

  a) that the Client’s use, access or connection to the Services, Deliverables or Documentation or any other resources provided by the Service Provider to the Customer infringes the Intellectual Property Rights of any third party; or

  b) based upon the Service Provider’s performance of the Services, or provision of access to the Services and Deliverables for the Client being an infringement of third-party Intellectual Property Rights.

6.1 Services are subject to usage limits specified during sign-up. If Customer exceeds a contractual usage limit, additional quantities of the applicable Services will be added to your subscription and an invoice will be raised for this excess usage. Customer will be informed as they approach their limit and when they go over.

6.2 Licenses are limited to one per user per year, if a user leaves the company this license cannot be reused or redistributed to another user in that subscription period.

7. User Restrictions. The Client shall not (except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties and except to the extent expressly permitted) under this Agreement:

attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Software and/or Documentation (as applicable) in any form or media or by any means; or

  a) attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Software; or

  b) access all or any part of the Services and Documentation in order to build a product or service which competes with the Services and/or the Documentation; or

  c) use the Services and/or Documentation to provide services to third parties; or

  d) license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services and/or Documentation available to any third party except the Client’s authorised users, or

  e) attempt to obtain, or assist third parties in obtaining, access to the Services and/or Documentation, other than permitted within this agreement; or

  f) knowingly introduce or permit the introduction of any virus into the Service Provider's network and information systems.

  g) The Client shall use reasonable endeavours to prevent any unauthorised access to, or use of, the Services and/or the Documentation and, in the event of any such unauthorised access or use, promptly notify the Service Provider. The equivalent responsibilities and requirements within clause 7 also apply to the Service Provider in respect to the Client.

8. Services. Service Provider shall, during the Subscription Term, provide the Services (as described in greater detail in Schedule 3 (“Scope of Services”) and make available the Documentation to Client subject to the terms of this Agreement. Service Provider will, as part of the Services and at no additional cost to the Client, provide the Support Services during Normal Business Hours (defined as 09:00 – 18:00 GMT) in accordance with the Service Level Agreement set out in Schedule 1. The Supplier may amend the Support Services or the Service Level Agreement upon a written notice to the Client to be provided no less than 60 days prior to the relevant amendments taking place. In the event that the intended and accordingly notified changes to the Support Services and the Service Levels are unacceptable to the Client, the Client shall be entitled to terminate the Agreement with immediate notice to the Service Provider and without penalty.

9. Feedback and Marketing

a) If the Client sends the Service Provider any feedback or suggestions regarding the Service, the Client grants the Service Provider (for itself and all of it’s Authorised Users and other Client personnel) an unlimited, irrevocable, perpetual, sublicensable, transferable, royalty-free licence to use any such feedback or suggestions for any purpose without any obligation or compensation to the Client, any Authorised User or other Client personnel.

b) The Client grants the Service Provider the right to use the Client’s company name and logo as a reference for marketing or promotional purposes on our website, social media feeds and in other public or private communications with our existing or potential customers, subject to the Client’s standard trademark usage guidelines as provided to us from time to time.

10. Representations and Warranties: The Service Provider represents and warrants that:

  a) it has full power and authority to enter into this Agreement and to perform the Services.

  b) it is not aware as at the date hereof of any matters which might or will adversely affect its ability to perform its contractual obligations under this Agreement.

  c) it will comply with all applicable laws.

  d) that the Deliverables and the Services will be performed in a good workmanlike manner, in a timely and professional manner with all reasonable skill, care and diligence by competent and appropriately qualified personnel, and in accordance best industry practice and with applicable professional standards and applicable laws.  

  e) the Services shall conform with the specification set out in Schedule 3 and the Documents applicable to the Services. If any element of the Services does not conform to the foregoing warranty, the Client shall notify the Service Provider in writing of such non-conformance, and Service Provider shall re-perform such element in a manner that does conform.

  f) the provision of Services and the use by the Client of the Services provided under this Agreement, including the Deliverables hereunder will not infringe any Intellectual Property Rights of any third party. Accordingly, the Service Provider represents and warrants that it owns the Intellectual property rights in the Services and/or has all relevant and necessary rights, permissions, authorisations and licenses throughout the term of the Agreement to provide the said Services to the Client. Intellectual Property Rights is defined as “Intellectual Property Rights” means copyright, patents, rights in inventions, trade marks, service marks, trade names, design rights, rights in get-up, database rights, rights in data, semi-conductor chip topography rights, mask works, utility models, domain names, rights in computer software and all similar rights of whatever nature and, in each case: (i) whether registered or not, (ii) including any applications to protect or register such rights, (iii) including all renewals and extensions of such rights or applications, (iv) whether vested, contingent or future and (v) wherever existing.

  g) the Services are free from all viruses including any code or instruction that may be used to access, modify, delete or damage any service data or data files or programmes or systems that may be used by the Client.

11. Data Processing

For the purposes of this clause 12 and Schedule 2, the following definitions shall apply:

Controller, Processor, Data Subject, Personal Data, Personal Data Breach and Processing: have the meanings given to them in the Data Protection Legislation 

Data Protection Legislation means all applicable data protection and privacy legislation in force from time to time as it relates to the processing of Client Personal Data by the Service Provider including without limitation the UK GDPR; the Data Protection Act 2018 (and regulations made thereunder) (DPA 2018); and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended; and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of Personal Data (including, without limitation, the privacy of electronic communications).

Data Protection Particulars means the description of processing set out in Schedule 2 of this Agreement. 

UK GDPR: has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the DPA 2018.

  a) The Client and the Service Provider agree and acknowledge that for the purposes of the Data Protection Legislation, the Client is a Controller and the Service Provider is the Processor. Processing of Client Personal Data by the Service Provider will only be (i) for the purposes of the provision of the Services in accordance with the Client’s written instructions. The Service Provider will not process the Client Personal Data for any other purpose or in a way that does not comply with this Agreement or the Data Protection Legislation. The Provider must promptly notify the Client if, in its opinion, the Client's instructions do not comply with the Data Protection Legislation. The Data Protection Particulars describe the subject matter, duration, nature and purpose of the processing and the Client Personal Data categories and Data Subject types in respect of which the Service Provider may process the Client Personal Data to deliver the Services.

  b) The Service Provider must comply promptly with any Client written instructions requiring the Service Provider to amend, transfer, delete or otherwise process the Client Personal Data, or to stop, mitigate or remedy any unauthorised processing.

  c) The Service Provider represents that all persons authorized to Process the Client Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality and have undertaken training on the Data Protection Legislation and how it relates to their handling of the Client Personal Data and how it applies to their particular duties. 

  d) The Service Provider shall cooperate and assist the Client with any requests relating to conducting of data protection impact assessments and consultations with (or notifications to) relevant regulators as required by Data Protection Legislation in relation to Client Personal Data and the Services. The Service Provider must notify the Client immediately in writing if it receives any complaint, notice or communication that relates directly or indirectly to the processing of the Personal Data or to either party's compliance with the Data Protection Legislation. Client shall pay all reasonable costs incurred by The Service Provider in respect of the Service Provider’s obligations under this clause, provided that the Service Provider has provided the Client with prior written estimates of costs involved or applicable rates and such were approved explicitly by the Client. 

  e) The Service Provider shall forward to Client without undue delay and will otherwise cooperate with and assist Client by appropriate technical and organizational measures insofar as this possible, with any requests from data subjects of Client Personal Data pursuant to the Data Protection Legislation. Client shall pay all reasonable costs incurred by the Service Provider in respect of the Service Provider’s under this clause. 

  f) In respect of The Service Provider’s Processing of Client Data including Client Personal Data, the Service Provider shall implement technical and organisational security measures against accidental, unauthorised or unlawful processing, access, copying, modification, reproduction, display or distribution of the Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage of Personal Data.

  g) The Service Provider may not authorize any third party or subcontractors to Process the Client Personal Data other than those subcontractors as set out in the Data Protection Particulars. The Client provides its general consent to allow the Service Provider to engage the Approved Processors set out in Schedule 2 and any other processors and sub-contractors for the purposes of the Service Provider providing the Services, provided such Approved Processors and any other processors or sub-contractors are contractually bound to equivalent obligations as are contained in this Agreement. The Service Provider will endeavor (acting reasonably) to provide notice within 30 days for any change to Approved Processors and any other processors or sub-contractors. Where the subcontractor fails to fulfil its obligations under the written agreement with the Service Provider which contains terms substantially the same as those set out in this Agreement, the Service Provider shall also remain fully liable to The Client for the subcontractors performance of its agreement obligations.

  h) The Service Provider (or any Approved Processor) shall not be permitted to transfer Client Personal Data from the United Kingdom or European Union to an organization in a country outside the European Economic Area or the United Kingdom without the Client’s prior written consent.

  i) The Service Provider shall make available to the Client all information necessary to demonstrate the Service Provider’s compliance with its obligations under clause 12 and applicable Data Protection Legislation.   

  j) Service Provider shall notify Client in writing within twenty-four (24) hours and in any event without undue delay if it becomes aware of:

        (i) the loss, unintended destruction or damage, corruption, or unusability of part or all of the Personal Data. The Provider will restore such Personal Data at its own expense as soon as possible;

       (ii) any accidental, unauthorised or unlawful processing of the Personal Data;

      (iii) any Personal Data Breach; 

      (iv) any actual or reasonably suspected unauthorized access to or disclosure of Client confidential information (any such event, a “Data Security Incident”); or

      (v) any actual or reasonably suspected security breach in computer systems, data, databases, materials or other resources required to provide the Services which are owned, operated or controlled by or on behalf of Service Provider (collectively, “Service Systems”) that may result in the unauthorized access to or disclosure of any Client Personal Data or Client confidential information.            

  k) Such notice should include a description of the nature of (i)-(v) above, including the categories of in-scope Personal Data and approximate number of both Data Subjects and the Personal Data records concerned, the reasonably expected impact of such unauthorized access or disclosure on Client and its customers and shall specify the remediation or corrective action to be taken to prevent or mitigate any such unauthorised access or disclosure. Service Provider shall, at its expense, cooperate fully with Client or any applicable auditors or personnel of a governmental body or regulatory authority to investigate any such Personal Data Breach of Data Security Incident. Service Provider is subject to the reasonable direction of Client in the event any such breach necessitates (i) reporting by Client or any affiliate or subcontractor of Client of the breach or the results of any such investigation to any applicable auditor or the personnel of any governmental body or regulatory authority or (ii) the disclosure of the breach or such results to Client’s or any such affiliates’ or subcontractors’ employees or customers.

  l) Immediately following any accidental, unauthorised or unlawful Personal Data processing or Personal Data Breach or any Data Security Incident, the parties will co-ordinate with each other to investigate the matter. Further, the Service Provider will reasonably co-operate with the Client at no additional cost to the Client, in the Client's handling of the matter, including but not limited to:

    (i) assisting with any investigation;

   (ii) providing the Client with physical access to any facilities and operations affected;

  (iii) facilitating interviews with the Service Provider's employees, former employees and others involved in the matter including, but not limited to, its officers and directors;

  (iv) making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by the Client; and

   (v) taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Data Breach or accidental, unauthorised or unlawful Personal Data processing.

  m) The Service Provider will not inform any third-party of any accidental, unauthorised or unlawful processing of all or part of the Personal Data and/or a Personal Data Breach without first obtaining the Client's written consent, except when required to do so by applicable law.

   n) The Service Provider agrees that the Client has the sole right to determine:

   (i) whether to provide notice of the accidental, unauthorised or unlawful processing and/or the Personal Data Breach to any Data Subjects, the Commissioner, other in-scope regulators, law enforcement agencies or others, as required by law or regulation or in the Client's discretion, including the contents and delivery method of the notice; and

   (ii) whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy.

  o) The Service Provider will cover all reasonable expenses associated with the performance of the obligations under (k)(i) and (k)(ii) unless the matter arose from the Client's specific written instructions, negligence, wilful default or breach of this Agreement, in which case the Client will cover all reasonable expenses.

  p) The Service Provider will also reimburse the Client for actual reasonable expenses that the Client incurs when responding to an incident of accidental, unauthorised or unlawful processing and/or a Personal Data Breach to the extent that the Provider caused such, including all costs of notice and any remedy as set out in (k) above.

  q) Service Provider shall not (i) sell Personal Information, (ii) Process Personal Information in any way not necessary for the Services provided by Service Provider under this Agreement, or (iii) otherwise Process Personal Information unless expressly permitted under this Agreement.  

  r) At the Client's request, the Service Provider will give the Client, or a third-party nominated in writing by the Client, a copy of or access to all or part of the Personal Data in its possession or control in the format and on the media reasonably specified by the Client. 

  s) If any law, regulation, or government or regulatory body requires the Service Provider to retain any documents, materials or Client Personal Data that the Service Provider would otherwise be required to return or destroy, it will notify the Client in writing of that retention requirement, giving details of the documents, materials or Client Personal Data that it must retain, the legal basis for such retention, and establishing a specific timeline for deletion or destruction once the retention requirement ends.

  t) The Service Provider will certify in writing to the Client that it has deleted or destroyed the Client Personal Data within 7 days after it completes the deletion or destruction.

  u) The Service Provider will permit the Client and its third-party representatives to audit the Service Provider's compliance with its Agreement obligations, on at least 20 days' notice, during business hours and no more than once annually during the Term. The Service Provider will give the Client and its third-party representatives all necessary assistance to conduct such audits at no additional cost to the Client. The assistance may include, but is not limited to:

    (i) physical access to, remote electronic access to, and copies of the Records and any other information held at the Service Provider's premises or on systems storing the Personal Data;

    (ii) access to and meetings with any of the Service Provider's personnel reasonably necessary to provide all explanations and perform the audit effectively; and

   (iii) inspection of the infrastructure, electronic data or systems, facilities, equipment or application software used to process the Personal Data.

(v) Notice requirements in Clause (r) will not apply if the Client reasonably believes that a Personal Data Breach has occurred or is occurring, or the Provider is in material breach of any of its obligations under this Agreement or any of the Data Protection Legislation

12. Limitation of Liability. Subject to Clauses 13(a), 13(b), and 13(c) below, each party’s liability under or in connection with this Agreement, shall be limited in respect of any one or more claims in each year of the duration of this Agreement to an aggregate amount equal to the total fees paid or payable by the Client during that year (and for these purposes, a “year” shall be each consecutive period of 12 months starting on commencement of the Agreement and each anniversary). 

    a. No limitation of liability caps shall apply in relation to the Service Provider’s liability under (i) breach of the obligations under clause 10, (ii) Data Security Incident as described in clause 12(iv), (iii) breach of the data protection processing obligations in clause 12(iv), (iii) breach of the data protection processing obligations in clause 12, or (iv) any breach of the confidentiality obligations under clause 5.

    b.  Under no circumstances shall either party be liable to the other party or any third party for any indirect, consequential or special damages resulting from any part of this Agreement including but not limited to, loss of revenue or anticipated profit or lost business.

     c. Nothing in this Agreement limits or excludes a party's liability for:

           (i)  any death or personal injury caused by its negligence; or

          (ii) any fraud or fraudulent misrepresentation; or

          (iii) the Service Provider’s willful default or willful abandonment of this Agreement or any part of it; and

          (iv) any statutory or other liability which cannot be excluded under applicable law.

13. Termination. Either party may terminate this Agreement at any time by giving notice in writing to the other if that other party:

    a) commits a material breach of this Agreement and such breach is not remediable; and

    b) commits a material breach of this Agreement which is not remedied within 30 days of receiving written notice of such breach.

The Client may terminate this Agreement at any time by giving notice to the Service Provider in the event that any consent, licence or authorisation held by the Client is revoked or modified such that it is no longer able to comply with its obligations under this Agreement.

The Client may terminate this Agreement at any time by giving notice in writing to the Service Provider if the Service Provider:

   (i) stops carrying on all or a significant part of its business, or indicates in any way that it intends to do so; or

   (ii) is unable to pay its debts either within the meaning of section 123 of the Insolvency Act 1986 or if the non-defaulting party reasonably believes that to be the case; or

   (iii) becomes subject to a moratorium under Part A1 of the Insolvency Act 1986; or

   (iv) becomes the subject of a company voluntary arrangement under the Insolvency Act 1986; or

   (v) becomes subject to a restructuring plan under Part 26A of the Companies Act 2006; or

   (vi) becomes subject to a scheme of arrangement under Part 26 of the Companies Act 2006; or

   (vii) has a receiver, manager, administrator or administrative receiver appointed over all or any part of its undertaking, assets or income; or

  (viii) has a resolution passed for its winding up; or

    (ix) has a petition presented to any court for its winding up or an application is made for an administration order, or any winding-up or administration order is made against it; or

    (x) is subject to any procedure for the taking control of its goods that is not withdrawn or discharged within [seven] days of that procedure being commenced; or

   (xi)  has a freezing order made against it; or

   (xii) is subject to any recovery or attempted recovery of items supplied to it by a supplier retaining title to those items; or

   (xiii) is subject to any events or circumstances analogous to those in clauses 20.3.1 to 20.3.12 in any jurisdiction; and

   (xiv) If the Service Provider becomes aware that any event has occurred, or circumstances exist, which may entitle the Client to terminate this Agreement under this clause, it shall immediately notify the Client in writing.

The Client may terminate this Agreement at any time by giving not less than two weeks’ notice in writing to the Service Provider if the Service Provider undergoes a change of Control.

Termination or expiry of this Agreement shall not affect any accrued rights and liabilities of either party at any time up to the date of termination.

14. Client acknowledgment. The Client acknowledges and agrees that the Services do not offer medical advice and any content accessed through the Platform is intended for informational purposes only. 

15. Force Majeure. Neither party will be liable for inadequate performance to the extent caused by a condition (for example, natural disaster, act of war or terrorism, pandemic, riot, labour strikes, governmental action, and Internet disturbance) that was beyond the party's reasonable control and could not have been prevented by reasonable precautions or cannot be reasonably circumvented by the non-performing party through the use of alternate sources, work-around plans or other means.

16. Waiver. The failure by either party to exercise any right, power or privilege under the terms of this Agreement will not be construed as a waiver of any subsequent or further exercise of that right, power or privilege or the exercise of any other right, power or privilege. 

17. Legal Fees. In the event of a dispute resulting in legal action, the successful party will be entitled to its legal fees, including, but not limited to its attorneys’ fees.

18. Third party rights. Except as expressly provided for in this Agreement, a person who is not a party to this Agreement shall not have any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any of the provisions of this Agreement.

19. Governing Law. This Agreement shall be governed by the laws of England, and any dispute arising hereunder shall be resolved in the courts of England.

20. Assignment. Neither party may transfer or assign this Agreement, in whole or in part, in any manner whatsoever without the prior written consent of the other.  

21. Severability. If any term or other provision of this Agreement, or any application thereof to any circumstance is invalid, illegal or incapable of being enforced by any rule of law, or public policy in whole or in part, such provisions or applications shall to that extent be severable and shall not affect other provisions or applications of this Agreement.  

22. Entire Agreement. With the exception of any existing non-disclosure agreements, this Agreement contains a complete statement of all arrangements between the parties relating to its subject matter, supersedes any previous arrangements or understandings, whether written or oral, and may only be changed by a written agreement signed by the parties hereto. 

Schedule 1: Service Level Agreement

Service Provider shall use commercially reasonable endeavours to make the Services available 24 hours a day, seven days a week, except for:

  1. scheduled maintenance to be carried out during the maintenance window of 22:00 to 06:00 GMT; and
  2. unscheduled maintenance performed in emergency cases (such being defined as cases which the Service Provider could have not reasonably predicted or prevent despite providing the Services in compliance with its contractual obligations under this Agreement) outside Normal Business Hours.

If the Client requests maintenance outside of the scheduled maintenance window (22:00 to 06:00 GMT), any uptime or downtime calculation will exclude periods affected by such maintenance. 

Availability target per calendar month is 99% or more measured monthly, excluding holidays and weekends and scheduled maintenance. 

For each period of downtime lasting longer than one hour, the Service Provider will credit the Client 5% of that month’s Service fees for each period of 60 or more consecutive minutes of downtime. Such credits are capped at a maximum of 30 days of paid service. Downtime will begin to accrue as soon as the Client (with notice to Service Provider, email including details with screenshot acceptable) recognizes that downtime is taking place and continues until the availability of Services is restored. Such credits may not be redeemed for cash.


Schedule 2: Data Protection Particulars

  1. Subject-matter of processing:

Processing of user personal data in respect to a workspace wellbeing/Display Screen Equipment (DSE) assessment platform.

 2. Duration of the processing:

We will hold your Personal Data on our systems for as long as your subscription is active plus 5 years or until you request that the Data be deleted.

Even if we delete your Data, it may persist on backup or archival media for legal, tax or regulatory purposes. Additionally, fully anonymised data is used in the training of our algorithms and may remain.    

3. Nature and purpose of the processing:

Provision of a workspace assessment platform which provides businesses with the ability to provide DSE / workspace assessments to their employees. 

4. Type of Personal Data:

Names and email addresses

Information relating to a person’s workspace including lists of equipment

Information related to any existing aches or pains (e.g. pain rating /10)

Other information required to provide ergonomic advice (height, weight, pregnancy)

5. Categories of Data Subjects

Past, current and future employees and workers of the Client 

6. Approved Processors as at the date of this Agreement

Data Controller has authorized the use of the following Subprocessors:


Address and region(s) of processing

Purposes for processing

Amazon Web Services EMEA SARL, ("AWS Europe")

Region of processing depends on customer preference. By default all processing occurs in AWS datacenters based in the UK. However this can be configured to other regions by request.

Storage and processing of data. AWS provides the back end and data storage facilities used by the VIDA product.


N.B. The only “Personal Data” processed by Sendgrid is Name and Email address.

Herndon, VA; Las Vegas, NV; and Chicago, IL.

Sendgrid provides email functionality for the VIDA product. They process the user's name and email address. 

Sentry (Registered trademark of Functional Software Inc)

N.B. Sentry does not process “Personal Data” as all identifiable information is removed before transfer.

Google Cloud Servers in Iowa, USA


Sentry is used for logging of incidents in the VIDA product. 

Hotjar Ltd

N.B. Hotjar does not process “Personal Data” as all identifiable information is removed before transfer.

AWS Ireland

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience.



United States of America 

WorkOS provides a connection between your user provisioning system and VIDA. This allows for seamless onboarding and management of users using your existing systems.

**Only for clients who choose to enable user provisioning through certain providers


United States of America

Service provider for AI-enabled functionality

**Only for clients who choose to enable OpenAI 


Never miss out!

Join our waitlist by entering your email below and we’ll let you know as soon as we upload our latest webinar.

    Get workplace insights straight to your inbox

    Subscribe to our monthly newsletter to get exclusive compliance and wellbeing updates.