Secure Schools Platform Licence Agreement

Updated April 24 2024

1. Interpretation

The definitions and rules of interpretation in this clause apply in this agreement.

Additional Order: an order placed by the Customer for additional modules or services to be provided via the Platform, other than those included within Services subject to the terms of this Agreement.

Authorised Users: those employees and agents of the Customer who are authorised by the Customer to use the Services and the Platform Specification. Where the Customer contracts with Secure Schools on behalf of more than one educational establishment, this shall include the employees and agents of the educational establishments represented by the Customer who are named in the Order Details.

Authorised User Account: an individual account linked to the Platform, established by an Authorised User for use of the Services.  

Business Day: a day other than a Saturday, Sunday or public holiday in England when banks in London are open for business.

Business Hours: means 9am until 5pm on a Business Day.

Confidential Information: information that is proprietary or confidential and is either clearly labelled as such or identified as Confidential Information in clause 11.1.

Customer: the school or other educational establishment which is receiving the Services. 

Customer Data: the data inputted into the Platform by the Customer, Authorised Users, or Secure Schools on the Customer's behalf.

Customer’s Network: means the network or networks owned by the Customer and connected devices owned by the Customer, including all software and hardware included in such networks.

Data Protection Legislation: means (i) the Data Protection Act 2018 (as amended or replaced from time-to-time) (the DPA) (ii) UK GDPR (as defined in the DPA) (iii) any other legally binding rules or regulations concerning the protection of personal data in the United Kingdom

Effective Date: the date of this Agreement.

Initial Term: the initial term of this Agreement as set out in the Order Details.

Insolvency Event: any one or more of the following events in any jurisdiction in relation to a party: making an application for a Company Voluntary Arrangement or Individual Voluntary Arrangement; the filing of a bankruptcy petition; the filing of a petition, making of an application, or passing of a resolution for the winding up of the party or for the appointment of an administrator, liquidator, receiver or trustee in bankruptcy of that party; the taking of any steps by any person to enforce any security over the assets of the party; any event analogous or which has an effect equivalent or similar to any of the foregoing.

Live Date: the date upon which the Customer is to have access to the Platform and Services, as set out in the Order Details or otherwise agreed between Secure Schools and the Customer. 

Materials: the policy documents and other materials produced for use by the Customer by or through the Platform. 

Order Details: the details of the Customer’s order for the Services, approved by the Customer on the Secure Schools website order form, detailing some or all of the following: the Subscription Fees, the features or modules available to the Customer, the address of each establishment of the Customer which will have access to the Services, and other details. Where the Customer places multiple orders at the same time, the Order Details will comprise the details of all orders placed. The Order Details will be (i) confirmed by email to the Customer after the Customer places its order for the Services, and (ii) detailed in the Customer’s Authorised User Account.   

Personal data has the meaning given in Data Protection Legislation. 

Platform: the online platform and software applications provided by Secure Schools as part of the Services, with the functionality as described in the Order Details and Platform Specification. 

Platform Specification: the document(s) made available to the Customer by Secure Schools online via app.secureschools.com or such other web address notified by Secure Schools to the Customer from time to time which sets out a description of the Services (including the features for each module of the Platform), as amended from time-to-time. 

Renewal Period: the period described in clause 13.1.

Secure Schools: Secure Schools Ltd, a company incorporated in England and Wales with company number 11737049. 

Services: the subscription services provided by Secure Schools to the Customer under this Agreement via the website https://www.secureschools.com/ (or such other website as notified from time to time by Secure Schools), or via any other method, as set out in the Order Details and including:

    • access to the Platform; 
    • the provision of the Materials; 
    • and the performance of Vulnerability Assessments and other assessments (where agreed to be included within the Services),
    • each as more particularly described in the Platform Specification. Where the Customer places an Additional Order, a separate agreement will apply to the Services provided under that Additional Order. 

Subscription Fees: the subscription fees (if any) payable by the Customer to Secure Schools for use of the Services, as set out in the Order Details and subsequently varied in accordance with clause 7.2.

Subscription Term: has the meaning given in clause 13.1  (being the Initial Term together with any subsequent Renewal Period(s)).

Virus: any thing or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by rearranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices.

Vulnerability Assessment: any penetration test or vulnerability assessment conducted by Secure Schools as part of the Services.

A person includes an individual, corporate or unincorporated body (whether or not having separate legal personality) and that person's legal and personal representatives, successors or permitted assigns.

A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.

Unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular.

A reference to a statute or statutory provision is a reference to it as it is in force as at the date of this Agreement.

A reference to a statute or statutory provision shall include all subordinate legislation made as at the date of this Agreement under that statute or statutory provision.

A reference to writing or written includes email, including messages sent within the Platform,  but not fax. 

Any words following the terms including, include, in particular, for example or any similar expression shall be interpreted as illustrative and shall not limit the sense of the words preceding those terms.

2. Licence

Secure Schools hereby grants to the Customer a non-exclusive, non-transferable right and licence, without the right to grant sublicences, to permit the Customer (acting by its Authorised Users) to use the Services (including the Materials) during the Subscription Term solely for the Customer's internal operations.

The Parties will additionally enter into a Service Level Agreement (“SLA”), which forms part of and refers to this Licence Agreement between Secure Schools and the Customer. The SLA describes the support and service commitment to be provided by Secure Schools for the duration of this Licence Agreement.

In relation to the Authorised Users, the Customer undertakes that: 
  1. it will not allow or suffer an Authorised User Account to be used by more than one individual Authorised User; and
  2. each Authorised User shall keep a secure password for their Authorised User Account.

The Customer shall not access, store, distribute or transmit any Viruses, or any material during the course of its use of the Services that is unlawful, harmful, threatening, defamatory, discriminatory, obscene, infringing, harassing or racially or ethnically offensive, or otherwise illegal or causes damage or injury to any person or property. 

The Customer shall not:
  1. use the Services to provide services to third parties; or
  2. subject to clause 15.7(a), license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services available to any third party except the Authorised Users, or
  3. attempt to obtain, or assist third parties in obtaining, access to the Services, other than as provided under this clause 2; or
  4. introduce or permit the introduction of any Virus or other vulnerability into Secure Schools’ network and information systems.

If the Customer owns or operates more than one school or establishment, it shall only permit those schools or establishments named in the Order Details, and in respect of which the Customer has paid the Subscription Fees, to access the Platform and Services and use the Materials.   

The Customer shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Services and, in the event of any such unauthorised access or use, promptly notify Secure Schools.

The rights provided under this clause 2 are granted to the Customer only, and shall not be considered granted to any subsidiary or holding company of the Customer, except where stated in the Order Details.

3. Services

Secure Schools shall, during the Subscription Term, provide the Services and make available the Platform Specification to the Customer on and subject to the terms of this Agreement. 

This Agreement shall only apply to the Services specified in the Order Details. Any Additional Order (whether made before or after the date of this Agreement) will be provided under the terms of a separate agreement. 

Secure Schools shall use commercially reasonable endeavours to make the Platform available 24 hours a day, seven days a week, except for:
  1. planned maintenance performed outside of Business Hours; and
  2. unscheduled maintenance, which Secure Schools will use reasonable endeavours to perform outside of Business Hours.

Secure Schools will supply any maintenance and support in accordance with the SLA. 

Secure Schools shall not be in breach of its obligations in the SLA or this Agreement in the event the Customer experiences a disrupted service as a consequence of a Customer not maintaining its integration with Secure Schools  for any reason.

Secure Schools will provide the other Services (not provided via the Platform) at such times as specified by Secure Schools in accordance with the Platform Specification, or such other times as agreed between the Customer and Secure Schools.

4. Data Protection

The following terms shall have the meaning given to them in Data Protection Legislation: controller, processor, data subject, personal data breach. 

The Customer and Secure Schools agree that Secure Schools acts both as a controller and processor for the purposes of Data Protection Legislation. 

Secure Schools’ privacy notice (as amended from time to time) applies to personal data collected by Secure Schools in its capacity as controller. The current privacy notice is located here

Each party shall comply with Data Protection Legislation in respect of all personal data transferred by the other party to it, in connection with the Services. 

The Customer warrants that it has in place all necessary notices and consents to permit the transfer of personal data from the Customer to Secure Schools in connection with the Services, and the use of such personal data by Secure Schools in performing the Services.  

Secure Schools may publish data regarding trends and performance, observed by Secure Schools from its Customers and their respective Authorised Users. Where such data is compiled in whole or in part, from personal data collected by Secure Schools, Secure Schools shall ensure that such data is aggregated and anonymised before publication. 

Where and to the extent Secure Schools acts as a processor of the Customer, the following terms shall apply in respect of personal data which Secure Schools processes as a processor:

The nature, purpose and scope of the processing is as follows:

    1. Secure Schools processes personal data for the purpose of providing the Service to the Customer. 
    2. Secure Schools will have access to the personal data when performing the Services as a result of it accessing the Customer’s Network, and may store, view or transmit the personal data in connection with the Services. 
    3. The processing shall continue for the duration of this Agreement. 
    4. The data subjects of the personal data processed by Secure Schools will include staff, students, parents and contacts of the Customer. 
    5. The personal data processed will include all personal data stored by the Customer on its Computer Network (including identity, address, financial and educational attainment records and special category data).

Secure Schools shall, in relation to any personal data processed in connection with the performance by Secure Schools of its obligations under this Agreement:

  1. process that personal data only on the written instructions of the Customer unless required by the laws applicable to Secure Schools to process personal data;
  2. ensure that it has in place appropriate technical and organisational measures, to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures; 
  3. ensure that all personnel who have access to and/or process personal data are obliged to keep the personal data confidential; 
  4. assist the Customer, at the Customer's cost, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
  5. notify the Customer without undue delay on becoming aware of a personal data breach;
  6. at the written direction of the Customer, delete or return personal data and copies thereof to the Customer on termination of the agreement unless required by law to store the personal data; 
  7. maintain complete and accurate records and information to demonstrate its compliance with this clause, and within 21 days of written request, provide the Customer with all information reasonably necessary to demonstrate compliance with its obligations under this clause;  and
  8. allow for and contribute to audits, including inspections during normal working hours, by the Customer (or an auditor nominated by the Customer) in relation to the processing of the personal data by Secure Schools or its sub-processors, provided Secure Schools is given reasonable notice of such audits and inspections.

The Customer authorises Secure Schools to transfer personal data to any country or territory outside of the United Kingdom as reasonably necessary for the provision of the Services, provided that Secure Schools complies with its obligations under Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred.

As regards sub-processors:

  1. Secure Schools may continue to use sub-processors already engaged by it as at the date of this Agreement. Details of the current sub-processors are available at https://www.secureschools.com/security/subprocessors/. Secure Schools confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement substantially on that third party's standard terms of business; and 
  2. Secure Schools may appoint additional or replacement sub-processors after the date of this Agreement, provided that such sub-processors are appointed in accordance with one or more of the following criteria:
    1. the arrangement between Secure Schools and the Sub-Processor is governed by a contract including terms which offer at least the same level of protection for the Personal Data as those set out in this Agreement,
    2. the sub-processor hosts data within the UK, EEA, a country with an adequacy decision or the USA (whilst under SCCs),
    3. the sub-processor holds a valid security accreditation. Including (but not limited to); ISO27001, Cyber Essentials Plus or SOC 2

In all other cases, Secure Schools shall give the Customer prior written notice of the appointment of any new sub-processor, and if the Customer objects to such appointment within 7 days of such notice, Secure Schools may not appoint such sub-processor without the consent of the Customer.

5. Secure Schools' Obligations

Secure Schools undertakes that the Services will be performed substantially in accordance with the Platform Specification and with reasonable skill and care.

The undertaking at clause 5.1 shall not apply to the extent of any non-conformance which is caused by use of the Services contrary to Secure Schools' instructions, or modification or alteration of the Services by any party other than Secure Schools or Secure Schools' duly authorised contractors or agents. If the Services do not conform with the foregoing undertaking, Secure Schools will, at its expense, use all reasonable commercial endeavours to correct any such non-conformance promptly, or provide the Customer with an alternative means of accomplishing the desired performance. Such correction or substitution constitutes the Customer's sole and exclusive remedy for any breach of the undertaking set out in clause 5.1.

Secure Schools:

Does not warrant that:
  1. the Customer's use of the Services will be uninterrupted or error-free;
  2. the Services, Platform Specification, Materials and/or other  information obtained by the Customer through the Services will meet the Customer's requirements; or
  3. the Platform or the Services will be free from vulnerabilities or Viruses;
  4. the information contained in the Platform or Platform Specification is accurate, up to date or complete;

Does not warrant that the use of any or all of the Services will satisfy any requirement of the Customer’s insurance provider(s), or satisfy any requirement of the risk protection arrangement for schools; 

Does not warrant or guarantee that the Customer will be free from attacks, breaches and failures as a result of using the Services;

Is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the Services and Platform Specification may be subject to limitations, delays and other problems inherent in the use of such communications facilities.

This Agreement shall not prevent Secure Schools from entering into similar agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under this Agreement.

Secure Schools warrants that it has and will maintain all necessary licences, consents, and permissions necessary for the performance of its obligations under this Agreement.

Secure Schools shall follow its archiving procedures for Customer Data as applied by Secure Schools in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against Secure Schools shall be for Secure Schools to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by Secure Schools in accordance with Secure Schools’ customary archiving procedure. Secure Schools shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by Secure Schools to perform services related to Customer Data maintenance and back-up for which it shall remain fully liable.)

6. Customer's Obligations

The Customer shall:

Provide Secure Schools with:

  1. all necessary co-operation in relation to this Agreement; and
  2. all necessary access to such information as may be required by Secure Schools;

In order to provide the Services;

Without affecting its other obligations under this Agreement, comply with all applicable laws and regulations with respect to its activities under this Agreement;

Carry out all other Customer responsibilities set out in this Agreement in a timely and efficient manner. In the event of any delays in the Customer's provision of such assistance as agreed by the parties, Secure Schools may adjust any agreed timetable or delivery schedule as reasonably necessary;

Comply with, and ensure that the Authorised Users comply with, any terms of use for the Secure Schools website or Platform applicable from time to time; 

Ensure that the Authorised Users use the Services in accordance with the terms and conditions of this Agreement and shall be responsible for any Authorised User's breach of this Agreement;

Obtain and shall maintain all necessary licences, consents, and permissions necessary for Secure Schools, its contractors and agents to perform their obligations under this Agreement, including without limitation the Services;

Ensure that its network and systems comply with the relevant specifications provided by Secure Schools from time to time; and

Be, to the extent permitted by law and except as otherwise expressly provided in this Agreement, solely responsible for procuring, maintaining and securing its network connections and telecommunications links from its systems to Secure Schools' data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Customer's network connections or telecommunications links or caused by the internet.

The Customer accepts and agrees the following:
  1. the Customer is and at all times remains fully responsible for the Customer’s Network and its digital infrastructure generally (including without limitation their confidentiality, integrity, availability and resilience);
  2. any Vulnerability Assessment, scanning or audit is based only on sampling, and can only look at the condition of the Customer’s Network at the time it is undertaken. It is not possible to review everything and there will always be parts or areas of the Customer’s Network which are not reviewed; and
  3. any management information and Materials provided as part of the Services, are for guidance only, and are intended to help to improve the Customer’s cyber security. Secure Schools does not guarantee that the Customer will be free from attacks, breaches and failures.

The Customer shall own all right, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of all such Customer Data.

The Customer shall defend, indemnify and hold harmless Secure Schools against claims, actions, proceedings, losses, liabilities, damages, expenses and costs (including without limitation court costs and reasonable legal fees) arising out of or in connection with the Customer's breach of this Agreement or use of the Services and/or Platform Specification in breach of this Agreement.

7. Charges and Payment

The Customer shall pay the Subscription Fees (if any) to Secure Schools as follows (unless agreed otherwise in the Order Details or in writing between Secure Schools and the Customer):

  1. the Subscription Fees for the Initial Period shall be due on or before the Live Date. Secure Schools shall not be required to make the Services available unless and until the Subscription Fees for the Initial Period have been paid; and
  2. Secure Schools shall issue an invoice for the Subscription Fees for each Renewal Period not more than 3 months before the commencement for that Renewal Period, and the Subscription Fees shall be payable within 30 days of the date of the invoice. 

Secure Schools may vary the Subscription Fees for each Renewal Period by giving the Customer not less than 4 months notice of the variation, unless agreed otherwise in the Order Details. 

If Secure Schools has not received payment of the relevant Subscription Fees by the due date, without prejudice to any other rights and remedies of Secure Schools:

  1. Secure Schools may, without liability to the Customer, disable the Customer's and its Authorised Users’ password, account and access to all or part of the Services and Secure Schools shall be under no obligation to provide any or all of the Services while the invoice(s) concerned remain unpaid; and
  2. interest shall accrue on a daily basis on such due amounts at an annual rate equal to 4% over the Bank of England base rate from time to time, commencing on the due date and continuing until fully paid, whether before or after judgement.

All amounts and fees stated or referred to in this Agreement:

  1. shall be payable in pounds sterling;
  2. are, subject to clause 12.3(b), non-cancellable and non-refundable;
  3. are exclusive of value added tax, which shall be added to Secure School's invoice(s) at the appropriate rate.

8. Proprietary Rights

The Customer acknowledges and agrees that Secure Schools and/or its licensors own all intellectual property rights in the Services (including the Materials), the Platform Specification, and any other materials produced in the course of providing the Services. Except as expressly stated herein, this Agreement does not grant the Customer any rights to, under or in, any patents, copyright, database right, trade secrets, trade names, trade marks (whether registered or unregistered), or any other rights or licences in respect of the Services (including the Materials) or the Platform Specification.

The Customer shall not:
  1. except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties and except to the extent expressly permitted under this Agreement:
    1. attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Platform and/or Platform Specification (as applicable) in any form or media or by any means; or
    2. attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Platform; or
  2. access all or any part of the Services and Platform Specification in order to build a product or service which competes with the Services and/or the Platform Specification; or
  3. use the Materials for any purpose other than the purpose for which they were provided to the Customer, or distribute the Materials (or any variation of them) to any other school, educational establishment or third party. Without limitation to the foregoing, where the Customer owns or operates more than one school or establishment, it shall only permit those schools or establishments named in the Order Details to use the Materials. 

Secure Schools confirms that it has all the rights in relation to the Services and the Platform Specification that are necessary to grant all the rights it purports to grant under, and in accordance with, the terms of this Agreement.

9. Use of Materials

The Materials (and any variation of them) shall belong to Secure Schools. 

The Customer shall only use the Materials for the purpose for which they are supplied by Secure Schools. 

The Customer may modify any Materials provided for its own use, but:
  1. Secure Schools shall have no liability or responsibility for any such modifications or the effect of those modifications on the correctness or adequacy of the Materials;
  2. where the Materials are amended by the Customer, this may result in other aspects of the Services not performing as intended, and Secure Schools shall not be responsible or liable for any defects in the Services caused by modifications made to the Materials by the Customer.  

Certain Materials supplied to the Customer are tailored to the Customer’s needs, based upon information and responses provided by the Customer. The Customer must provide complete and accurate information in the Platform, and Secure Schools are not liable or responsible for any defects or errors in the Materials to the extent they result from inaccurate or incomplete information provided by the Customer.

Although Secure Schools endeavours to ensure the Materials are suitable for the Customer’s requirements (based on the information provided by the Customer within the Platform), Secure Schools does not warrant or represent that the Materials are suitable for the Customer’s requirements, and it is the responsibility of the Customer to ensure that the Materials are relevant to the Customer, are suitable for its requirements, and are fit for their intended purpose.

10. Module Specific Terms

The terms in this clause 10 apply to specific modules of the Services, where these are included within the Services provided to the Customer. 

Policy Builder

The following terms shall apply where the Customer subscribes for Policy Builder:

  1. Where Secure Schools provides access to a Customer to a library of cyber security document templates through the Platform, Secure Schools is not responsible for the content, or ongoing maintenance of the templates, or the accuracy of the information which are the responsibility of the Customer. The Customer must review all such templates, and take legal advice, on its own behalf as needed.
  2. Secure Schools is not responsible for, and shall have no liability in respect of, any omissions or inaccuracy in the information provided.
  3. The Customer is responsible for determining whether they are required to hold any such cyber security policies in its organisation, completing all necessary information and requirements of any such policies including but not limited to compliance with the policies, keeping any policies under review and up to date and implementing measures and safeguards to mitigate any identified risks.

Cyber Security Audit

The following terms shall apply where the Customer subscribes for the Cyber Security Audit module:
  1. the Customer shall ensure that all information provided to Secure Schools for the purpose of Secure Schools conducting the cyber security audit is complete and accurate in all respects. Secure Schools shall have no liability for any errors or omissions in the audit report to the extent caused by the provision of inaccurate or incomplete information by the Customer;
  2. the audit and recommendations provided by Secure Schools are provided as at the date of the report, and Secure Schools shall have no obligation to update the audit report unless and until Secure Schools is engaged to conduct a further audit;
  3. Secure Schools will only conduct an audit on schools, items and areas within the agreed scope and only during the reporting period as defined within the audit report (the Scope). Secure Schools shall not be responsible for identifying vulnerabilities that are outside of the Scope.
  4. For the avoidance of doubt, should the Customer require any additional third-party involvement in the audit process, Secure Schools shall not be liable for any costs associated with such third-party involvement.

External and Internal Vulnerability Assessments

The following terms shall apply where the Customer subscribes for the External Vulnerability Assessment and/or Internal Vulnerability Assessment modules:
  1. the Customer authorises Secure Schools to access and take control of any part of the Customer’s Network, including all hardware and software included on such network, for the purpose of performing a Vulnerability Assessment. The Customer must notify in writing Secure Schools of any part of its network which Secure Schools should not attempt to access. The Customer must also notify Secure Schools  in writing from time to time of its correct IP address which shall be subject to such Vulnerability Assessments. For the avoidance of doubt, the Customer must notify Secure Schools as a matter of urgency if their IP address has changed to prevent any delays in Secure Schools providing any Vulnerability Assessments, and Secure Schools shall not be liable for any delays caused by such issues with the Customer providing any incorrect IP address, or not updating Secure Schools;
  2. the Customer shall obtain all necessary consents and permissions to allow Secure Schools to conduct the relevant Vulnerability Assessments, including any consents and permissions needed from third parties to allow Secure Schools to seek to access hardware or software hosted or controlled by those third parties; 
  3. the Customer shall indemnify Secure Schools against all costs, claims, damages, liabilities, losses and expenses (including professional fees) incurred by Secure Schools as a result of or in connection with a Vulnerability Assessment conducted by Secure Schools as part of the Services including where the Customer has given incorrect information (or failed to update such information) to Secure Schools such as an incorrect IP address (except to the extent caused by Secure School’s own negligence or wilful misconduct); 
  4. the Customer acknowledges and accepts that a Vulnerability Assessment may cause damage to the Customer’s Network and devices, including loss of data and network downtime. The Customer accepts the risk of such damage, and agrees that Secure Schools shall have no liability for any loss or damage whatsoever suffered by the Customer arising out of the performance of a Vulnerability Assessment unless caused by the negligence or wilful misconduct of Secure Schools; and
  5. where a dedicated server is established within the Customer’s Network from which to operate the tools necessary to conduct a Vulnerability Assessment, the Customer shall be responsible for decommissioning the server and removing all tools and scripts from the Customer’s Network after completion of the Vulnerability Assessment. 
  6. For the avoidance of doubt, Secure Schools shall not be liable for any additional costs incurred by the Customer in preparation for  the External Vulnerability Assessment and/or Internal Vulnerability Assessment.

Phishing Simulation

  1. The following terms shall apply where the Customer subscribes for the Phishing Simulation module:
    Secure Schools will recommend the potential content for emails and communications to users, but the Customer is responsible for the selection of content appropriate to the make up of its user base; 
  2. the Customer shall obtain the permission of any person who is impersonated by Secure Schools for the purpose of conducting the phishing simulation; and 
  3. the Customer shall indemnify Secure Schools against all costs, claims, damages, liabilities, losses and expenses (including professional fees) incurred by Secure Schools as a result of or connection with a phishing simulation exercise conducted by Secure Schools as part of the Services (except to the extent caused by Secure School’s own negligence or wilful misconduct).

Training 

The following terms shall apply where the Customer subscribes for the Training module:

  1. The Customer must ensure that Authorised Users use the Training module on an individual basis, and that each Authorised User accesses the Training module and completes training assessments using their own unique user account. Where any individual accesses training through another Authorised User’s account, Secure Schools cannot confirm whether that individual has successfully received or completed any training.
  2. The Training module provides a link to the National Cyber Security Centre’s own training resources and assessments. Secure Schools does not charge a fee for accessing these resources, and is not responsible for the content of these resources or for ensuring that an Authorised User has properly completed the relevant training using them. 

11. Confidentiality

Each party undertakes that it shall not at any time, disclose to any person any confidential information concerning the business, assets, affairs, staff, students, Authorised Users, Customer Data, clients or suppliers of the other party, except as permitted by Clause 11.2. 

Each party may disclose the other party's confidential information:

  1. to its employees, officers, representatives, contractors, subcontractors or advisers who need to know such information for the purposes of exercising the party's rights or carrying out its obligations under or in connection with this agreement. Each party shall ensure that its employees, officers, representatives, contractors, subcontractors or advisers to whom it discloses the other party's confidential information comply with this Clause 9; and
  2. as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority.

No party shall use any other party's confidential information for any purpose other than to exercise its rights and perform its obligations under or in connection with this agreement.

12. Limitation of Liability

Except as expressly and specifically provided in this Agreement:

  1. the Customer assumes sole responsibility for use of the Services and the Platform Specification. Secure Schools shall have no liability for any damage caused by:
    1. the Customer using the Services;
    2. errors or omissions in any information, instructions or scripts provided to Secure Schools by the Customer in connection with the Services (including errors in Customer Data);
    3. any actions taken by Secure Schools at the Customer's direction;
    4. any errors or omissions in any information contained within the Platform Specification or the Platform;
  2. all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this Agreement; and
  3. the Services and the Platform Specification are provided to the Customer on an "as is" basis.
Nothing in this Agreement excludes the liability of Secure Schools:
  1. for death or personal injury caused by Secure Schools' negligence; or
  2. for fraud or fraudulent misrepresentation.

Subject to clause 12.1 and clause 12.2:

  1. Secure Schools shall not be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for any:
    1. direct losses comprising loss of profits, loss of expenses, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss; or
    2. for any special, indirect or consequential loss, costs, damages, charges or expenses, in each case however arising under this Agreement or in connection with the provision of the Services; and
  2. Secure Schools's total aggregate liability in contract (including in respect of any indemnity given in this agreement), tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of this Agreement shall be limited to the total Subscription Fees paid by the Customer during the 12 months immediately preceding the date on which the claim arose.

The Customer agrees the limitations of liability in this clause 12 are reasonable. 

Nothing in this Agreement excludes the liability of the Customer for any breach, infringement or misappropriation of Secure Schools’ Intellectual Property Rights.

13. Term and Termination

Unless agreed in writing otherwise between Secure Schools and the Customer, this Agreement shall, unless otherwise terminated as provided in this clause 13, commence on the Effective Date and shall continue for the Initial Term and, thereafter, this Agreement shall be automatically renewed for successive periods of 12 months (each a Renewal Period), unless:

  1. either party notifies the other party of termination, in writing, at least 3 months before the end of the Initial Term or any Renewal Period, in which case this Agreement shall terminate upon the expiry of the applicable Initial Term or Renewal Period; or
  2. otherwise terminated in accordance with the provisions of this Agreement;
  3. and the Initial Term together with any subsequent Renewal Periods shall constitute the Subscription Term.

Where the Customer places, or has placed, Additional Orders, the subscription term for the services provided under the Additional Orders shall be determined by the agreement relating to those Additional Orders, and there shall be no merging of the term for services provided under Additional Orders and the Services provided under the terms of this Agreement. 

Without affecting any other right or remedy available to it, either party may terminate this Agreement with immediate effect by giving written notice to the other party if:

  1. the other party fails to pay any amount due under this Agreement on the due date for payment and remains in default not less than 10 Business Days after being notified in writing to make such payment;
  2. the other party commits a material breach of any other term of this Agreement and (if such breach is remediable) fails to remedy that breach within a period of 30 days after being notified in writing to do so; 
  3. the other party suspends, or threatens to suspend, payment of its debts or is unable to pay its debts as they fall due or admits inability to pay its debts or is deemed unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986;
  4. the other party is subject to an Insolvency Event; 
  5. the other party suspends or ceases, or threatens to suspend or cease, carrying on all or a substantial part of its business; or
  6. the terminating party lawfully terminates any other agreement between the parties relating to the Customer’s licence to use the Platform. 

For the purposes of clause 13.2(b), a material breach shall include any breach of clauses 2.4 , 2.5 (Grant of Licence) or 8.2 (Proprietary Rights). 

On termination of this Agreement for any reason:

  1. all licences granted under this Agreement shall immediately terminate and the Customer shall immediately cease all use of the Services and/or the Platform Specification, except that the Customer may be permitted to retain access to any free-to-access areas of the Platform.
  2. the Customer’s right to use the Materials shall immediately terminate. The Customer shall destroy all copies of the Materials in its possession or control, and shall (on request) provide a written statement signed by an officer of the Customer confirming the Customer’s full compliance with this clause; 
  3. each party shall return and make no further use of any equipment, property, Platform Specification and other items (and all copies of them) belonging to the other party;
  4. Secure Schools may destroy or otherwise dispose of any of the Customer Data in its possession, and the Customer shall have no right to access the Materials or Customer Data stored on the Platform;
  5. any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the agreement which existed at or before the date of termination shall not be affected or prejudiced.

14. Force Majeure

Neither party shall be in breach of this Agreement nor liable for delay in performing, or failure to perform, any of its obligations under this Agreement if such delay or failure result from events, circumstances or causes beyond its reasonable control (provided that this shall not apply to any obligation of the Customer to pay the Subscription Fees or other sums due under this Agreement). The time for performance of such obligations shall be extended accordingly. If the period of delay or non-performance continues for 12 weeks, the party not affected may terminate this Agreement by giving 30 days’ written notice to the affected party.

15. General

Authority: the Customer shall ensure that any person approving this Agreement or any other document or terms relating to the Services, has authority to enter into the Agreement, document or terms on behalf of the Customer. Secure Schools are entitled to rely upon such person having sufficient authority to bind the Customer, and shall not be required to otherwise confirm or validate the authority of any such person.  

Conflict: If there is an inconsistency between any of the provisions in this Agreement and the Order Details, the provisions in the Order Details shall prevail.

Variation
  1. Subject to clause (b), no variation of this Agreement shall be effective unless it is in writing and signed by the parties (or their authorised representatives).
  2. Secure Schools may vary the terms of this Agreement at any time by giving not less than 3 months’ notice to the Customer. Upon receipt of such notice, the Customer shall be entitled to object to the variation by giving a notice in writing within 10 Business Days of receipt of the notice of variation from Secure Schools. Where the Customer gives such notice, the variation shall not apply, and this Agreement shall continue on the existing terms for the then current Initial Period or Renewal Period (unless agreed otherwise in writing between Secure Schools and the Customer). 

Waiver

  1. A waiver of any right or remedy is only effective if given in writing and shall not be deemed a waiver of any subsequent right or remedy.
  2. A delay or failure to exercise, or the single or partial exercise of, any right or remedy shall not waive that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy.

Severance: If any provision or part-provision of this Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of this Agreement.

Entire agreement

  1. This Agreement, and the other agreements referred to in it, constitute the entire agreement between the parties and supersedes and extinguishes all previous and contemporaneous agreements, promises, assurances and understandings between them, whether written or oral, relating to its subject matter.
  2. Each party acknowledges that in entering into this Agreement it does not rely on, and shall have no remedies in respect of, any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in this Agreement.
  3. Each party agrees that it shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on any statement in this Agreement.
  4. Nothing in this clause shall limit or exclude any liability for fraud.

Assignment

  1. Except as set out in clause (b) below, neither the Customer nor Secure Schools shall, without the prior written consent of the other, assign, novate, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement.
  2. Secure Schools may at any time assign, transfer, charge, novate, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement to any member of its Group. For these purposes, Group shall mean any subsidiary undertaking of Secure Schools, parent undertaking of Secure Schools, or subsidiary undertaking of such parent undertaking (as those terms are defined in s1161 & 1162 Companies Act 2006). 

No partnership or agency: Nothing in this Agreement is intended to or shall operate to create a partnership between the parties, or authorise either party to act as agent for the other.

Third party rights: This Agreement does not confer any rights on any person or party (other than the parties to this Agreement and, where applicable, their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.

Notices

  1. Any notice given to a party under or in connection with this Agreement shall be in writing and shall be:
    1. delivered by hand or by pre-paid first-class post or other next working day delivery service at its registered office (if a company or corporate body) or its principal place of business (in any other case); or
    2. sent by a message within the Platform messaging service;
    3. sent by email to the addresses for service given in the Order Details (in the case of a notice to the Customer) or to accounts@secureschools.com (in the case of a notice to Secure Schools).
  2. Any notice shall be deemed to have been received:
    1. if delivered by hand, at the time the notice is left at the proper address;
    2. if sent by pre-paid first-class post or other next working day delivery service, at 9.00 am on the second Business Day after posting; or
    3. if sent by email, at the time of transmission.

This clause does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.

Governing law and Jurisdiction  

  1. This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and interpreted in accordance with the law of England and Wales.
  2. Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims).