SERVICE LEVEL STATEMENT

This statement explains:-

1. The services that we (Financial Services 4 Schools Limited) can provide to you, our client.
2. Who we are and what we do.
3. What you can expect from us in delivering any of the services to you.
4. What we will need from you in order to deliver the services to those expectations.
5. The other terms and conditions that apply generally to the provision of the services, or any of them

About us and our services

We are an organisation that specialises in providing support and assistance to schools and academies in dealing with their specific administrative and regulatory burdens. Our current range of services is divided into the following categories:-

1. Financial services.
2. Human resource services.
3. Payroll bureau services

Details of each of these services are set out in the relevant appendices at the end of this statement but can be adapted to your needs, by agreement.

Our personnel and what they do

The people who are responsible for ensuring that the services are to the standards set out in this statement:-

Lorraine Billis – Managing Director

Andy Madgwick – Operations Director

Neil Miles – Finance Director, to whom.queries or concerns about the provision of financial services should be directed in the first instance

Lynne Buckland– HR Manager, to whom.queries or concerns about the provision of Human Resource services should be directed in the first instance

Kerry Stewart – Payroll Manager, to whom queries or concerns about the provision of payroll bureau services should be directed in the first instance

Julie Peplow – Senior HR Consultant

Tracy Gibbons – Payroll Supervisor

They may be contacted at Financial Services 4 Schools Limited c/o Lydiard Park Academy, Grange Park Way, Swindon SN5 6HN.

How to order services from us

If you wish to order any of the services from us then you should complete and submit to us the order form that is available from us on our website under the following link:www.fs4s.co.uk. Your submission of a completed order form constitutes an expression of interest and does not of itself create a contract between us for the provision of the services or any of them

A contract for the supply of the services requested in your completed order form shall only arise upon us both having signed an agreement for their supply in a form agreed between us (“service supply agreement”)

The terms and conditions set out below (“the service supply terms”) shall form part of any service supply agreement between us to the extent that they are not dis-applied or changed by the express terms of that service supply agreement. The service, or services, to be provided under a service supply agreement are referred to in the service supply terms as “the Services”

THE SERVICE SUPPLY TERMS

1. How and when we provide the Services

1. (a)  We will provide the Services:-
   1. (i)  with all reasonable care and skill and in a professional manner
   2. (ii)  to the same standards as would have been expected of you, had you performed them yourselves
   3. (iii)  in accordance with all applicable legal and regulatory requirements, and any specific requirements contained in a service supply agreement
   4. (iv)  In a timely manner, using all reasonable efforts to perform them by any date or dates agreed with you (in respect of which time shall not be of the essence unless expressly agreed otherwise in writing between us) for the price or prices that
      we may from time to time agree

   (and all such standards and requirements are referred to as “the service standards”)

2. (b)  We will provide the Services between 9am and 5pm Mondays to Fridays (excluding Bank and statutory public holidays) and in the following ways:-
   1. (i)  by telephone – please contact us on 01793 882569
   2. (ii)  by email – the contact email address for the general office is office@fs4s.co.uk. The contact email address for the Payroll Bureau Service is payroll@fs4s.co.uk. The contact email address for HR Services is hr@fs4s.co.uk.

(iii). site visits which (outside of the visits included within the relevant service) are by separate agreement

(iv) in writing – addressed to us at Financial Services 4 Schools Ltd, c/o Lydiard Park Academy, Grange Park Way, Swindon SN5 6HN.

We will use all reasonable efforts to respond to telephone/email/written queries within two working days of receipt

2. What we need from you

You acknowledge that our ability to provide the Services to the service standards will depend upon the quality, accuracy and completeness of the information that we receive from you, and when we receive it. Accordingly, you agree that you will:-

1. (a)  in a timely manner provide or allow us all necessary access to all such information, data, co- operation and facilities as we may reasonably require in order to provide any particular service to the service standards, and where applicable evidence of the consent of any third party to the disclosure and use of any such information or data
2. (b)  provide all such co-operation and access to personnel records, information and other things as we may reasonably require
3. (c)  Indemnify us from and against any costs, claims, liabilities, proceedings, or other adverse consequences that we may suffer or incur as a result of using any incorrect or incomplete, data or information that you may have provided to us, or from us using information or data that you did not have the necessary authority to use or disclose to us

We will provide a means of secure data transfer for each Client and will transmit and accept confidential information and Client’s instructions via such secure data transfer as being to and from the person authorised by the Client to receive and send such data.

3. What you pay and when
   1. (a)  The price, or prices, for the Services shall be as set out in the service supply agreement and are exclusive of VAT unless agreed otherwise. Payments due from you in respect of the Services are referred to in these terms and conditions as “contract payments”
   2. (b)  Unless agreed otherwise, payment for the Services is due (i) annually in advance for the finance visits service, (ii) every six months in advance for HR and Payroll services and (iii) upon receipt of the service for training and ad hoc payroll and other services. Interest is payable on the amount of any contract payment that is overdue at the rate of four per cent above the base rate from time to time of Barclays Bank Plc from the time when payment should have been made up to the time when payment has been made. This applies in relation to whatever payment terms.
   3. (c)  For our services where the price is based upon the number of the Client’s employees, a payment will be due from the date that a Client’s employee numbers increase due to joining with another establishment for amalgamation, federation, sponsorship or other arrangement, for the additional number of employees, up to the next date that payment is calculated.
4. Termination

A service supply agreement may be terminated in the following ways:-

1. (a)  by either of us if the other is in breach of their obligations under that service supply agreement in any material respect, and (if such breach is capable of being rectified) has not rectified that breach within ten working days after they have been given written notice of it
2. (b)  by either of us if the other enters into liquidation, whether compulsorily of voluntarily, but not if the liquidation is for the purposes of amalgamation or reconstruction that is carried out expeditiously.

(c) by either of us by giving not less than 3 months written notice of termination to the other. If such notice is given by you then you will pay to us on demand and indemnify us against all amounts that we are obliged to pay to others in relation to the provision of the Services for the remainder of the terminated service supply agreement. An Exit Fee for the cost of supplying an exit data file will apply to the termination by you of payroll services.

The termination of a services supply agreement will not affect the rights or claims of either of us against the other which arose out of that agreement before it was terminated.

You shall not at any time from the commencement of a service supply agreement to the expiry of 12 months after the date of termination of a service supply agreement (Termination Date), solicit or entice away or employ or contract directly or indirectly with, or attempt to solicit or entice away or employ or contract directly or indirectly with any person, or procure or facilitate the making of an employment offer to any person, who is at the Termination Date, or who has been at any time during the period of 12 months immediately preceding the Termination Date, engaged by us as an employee.

If you breach the terms of the preceding paragraph you shall pay to us on demand a sum equivalent to 25% of the current annual remuneration of our employee as liquidated damages. You and we confirm that this sum represents a genuine pre-estimate of our loss.

5. Limitation on liability

1. (a)  Our liability to you for death or personal injury, arising from our act or default, is not limited or excluded in any way.
2. (b)  Subject to the above you agree that we will not be liable to you for:
   1. (i)  loss of profits, revenue or goodwill or any type of consequential indirect or special loss or damage or
   2. (ii) direct loss or damage (including loss or damage which is reasonably foreseeable or a natural occurrence) which is attributable to any matter beyond your direct control that arise from any breach of our contractual obligations to you or from our negligence
3. (c)  To the extent that we may be liable to for breach of contract or in negligence, or for any other reason, you agree that:-
   1. (i)  you will take all reasonable measures to mitigate any loss or damage that you may thereby suffer or incur
   2. (ii)  you will notify us of any loss or damage, or any potential loss or damage, promptly and will provide us with all reasonable opportunity and assistance to rectify and make good such damage or loss as may have been suffered or the circumstances or state of affairs that may have given rise to that loss or damage.

(iii) our maximum total liability to you in respect of each claim for a breach of contract negligence or otherwise shall in respect of each claim be limited to an amount equivalent to the lower of our charges for the provision of the Services which gave rise to the claim or the amount of the professional indemnity insurance that we may from time to time have in respect of such claim

6. Confidentiality
   1. (a)  If, in connection with the provision of any of the Services, we receive from you information or data that:-
      1. (i)  is expressed to be confidential or
      2. (ii)  could reasonably be considered to be confidential

      (“confidential information”) then we will only disclose such confidential information :-

      3. (iii)  in confidence to our employees consultants, contractors and to such other persons as may need to know for the purposes only of the performance of the Services and
      4. (iv)  otherwise only to the extent that we are legally obliged to disclose it to others
   2. (b)  Our confidentiality obligations shall not apply to confidential information that:-
      1. (i)  is or becomes within the public domain or
      2. (ii)  we are required by law to make disclosure of
7. Data Protection
   1. (a)  We will comply with the Data Protection Lawsin relation to Protected Data, as defined in Appendix 4 of this Agreement.
   2. (b)  The obligations and commitments between us in relation to Protected Data are set out in Appendix 4.

8. Indemnity

If any person shall take action against us on the grounds that our use of any information or data that you provided to us constitutes an infringement of their industrial or intellectual property or other rights then you will indemnify and keep indemnified us from and against all costs, liabilities and expenses suffered or incurred by us in connection with any such claim but subject to us:-

1. (a)  notifying you in writing of such claim within twenty eight days of the same coming to our attention giving such details of the claim as are then available or capable of being ascertained upon reasonable enquiry
2. (b)  giving you full control of any proceedings or negotiations in connection with any such claim
3. (c)  giving you reasonable assistance in connection with any such proceedings or negotiations
4. (d)  not paying or accepting any claim or compromising or settling any proceedings without your prior written consent (such consent not to be unreasonably withheld or delayed)
5. (e)  taking such steps as you may reasonably require to mitigate or reduce any loss, liability, damages or costs, or other consequences, for which you may be liable under this indemnity

9. Dispute Resolution

If there shall be any dispute or disagreement between us arising from a service supply agreement which cannot be resolved within twenty one days of you having notified us in writing of the dispute or disagreement then the following provisions will apply:-

1. (a)  the dispute or disagreement shall first be referred to in a meeting called by either of us at which we will each use reasonable endeavours to resolve the dispute or disagreement
2. (b)  if no meeting is held or, if any such meeting fails to resolve the dispute or disagreement then we will both use all reasonable endeavours to agree upon a procedure for resolving the dispute or disagreement in question and, in that respect, either of us may seek the assistance of the Centre for Effective Dispute Resolution (currently of 100 Fetter Lane London) or such other similar body as we may agree. We each agree to follow the advice given by such body and to implement any dispute resolution procedure which they may propose.
3. (c)  the above mentioned procedures will not affect the rights of either of us to pursue the dispute or disagreement by any other legitimate means

10. Other terms

(a) A service supply agreement shall be governed by English law and shall be subject to the non exclusive jurisdiction of English courts of law

2. (b)  All notices or communications sent in relation to a service supply agreement must be in writing and must be sent to the recipient at their address set out in the service supply agreement or otherwise notified to the sender for that purpose, and addressed to a director or the secretary in the case of a limited company. Any such notices or communications may be served:-
   1. (i)  by hand delivery. If it can be proved that delivery was made then any such notice or communication shall be deemed to have been served at the time of delivery or
   2. (ii)  by pre-paid first class recorded delivery or registered post (air mail if sent to an address outside the country of posting). If it can be proved that the
      envelope containing such notice or communication was properly addressed and posted as a pre-paid first class delivery letter then it shall be deemed to have been served two working days following the day of sending (if sent by post) or five working days following the day of sending (if sent by air mail)
3. (c) For the purposes of the Contracts (Rights of Third Parties) Act 1999 no one other than the parties to a service supply agreement shall have the benefit of, or have the right to enforce the terms of that service supply agreement
4. (d)  any industrial or intellectual property rights that may arise (or which may be created by following any appropriate registration procedure) from the performance by us of the Services shall belong to us to the extent that they relate to or could reasonably be applied the provision of the Services by us.
   If we ask you to do so, you will, at our cost, and on our written request, take such action (including the signing of any appropriate documentation) as may be reasonably necessary to give us legal title to, and the full and exclusive benefit of, any such rights including, where applicable, their registration in our name. We will indemnify you against any liability that you may incur in taking any such action as we may ask you to take.
5. (e)  No variation of these service supply terms shall be effective unless it is in writing and signed by us and you.

11. Exclusivity

During any period during which there is a service supply agreement between us for the provision of the Services or any of them, you will not:-

1. (a)  appoint any other person or persons to perform those services in addition to us;
2. (b)  perform those services yourself;
3. (c)  allow any other person or persons to perform those services in addition to us.

APPENDIX 1

The Finance Service

1. Half day (three hour) on site visit (including Contact 4 Schools) by a named finance consultant annually purchased as a package or individually
2. Finance training, meetings and seminars for school staff on site or at external locations
3. Advice on budget preparation, budget planning, monitoring, year-end projections and advice on “what if” scenarios
4. Finance software system checks and error corrections using an FS4S log-in
5. Support for year end preparation and close of LA accounts
6. Guidance on regulation
7. Advice on finance staff recruitment
8. Independent examination of external funds e.g. voluntary funds, nursery funds, PTA funds
9. Provision of Responsible Officer reporting service

APPENDIX 2

The Human Resource Service H R Consultancy

1. Employee issues including non legal support for managing individual cases in relation to disciplinary matters, employee grievances, capability and performance management, guidance on restructuring and redundancy activities
2. Initial non legal advice in relation to employment tribunal cases and consultation with recognised trade unions
3. Guidance and interpretation of legislation on employment matters including pay and conditions for teachers and support staff
4. Advice and guidance relating to Change Management activities
5. Support and guidance in managing and dealing with absenteeism including attendance at formal meeting to support managers and access to Occupational Health services through a local external provider
6. Resourcing and retention – advising on recruitment of new staff and the re-deployment or secondment of existing staff
7. Advice, support and interpretation of existing applicable policies and process and new ones

H R Administration

Provision of HR Administration support with:-

1. New starter/higher administration including screening and online CRB disclosures (through third parties)

2. Maintenance of employee records
3. Administration of contracts
4. Routine pension administration
5. Acting on information provided by our payroll bureau team in relation to the changes (joiners, leavers etc) (if you use our payroll bureau service)
6. Access to (but not provision of) Occupational Health services
7. On site HR Administration support where required

APPENDIX
3 Payroll Bureau Service

1. Service
(i). The Bureau will undertake the preparation of the Client’s payroll in a form that complies with the Client’s statutory obligations.
(ii). The Bureau will calculate gross and net wages and salaries payable, based upon information supplied to the Bureau by the Client and in accordance with the statutory tax and National Insurance rates appropriate at the time.
(iii). The Bureau will arrange for the payment of wages and salaries to the Client’s employees and applicable deductions to third parties using BACS.
(iv). Payment of wages and salaries will only be made upon the specific written instruction of the Client’s named contact(s).
(v). It is the Client’s responsibility to ensure that sufficient funds are available in the bank account nominated by the Client for the BACS process to take place.
(vi) With reference to the Data Protection Laws in relation to Protected Data you are the Data Controller and we are the Data Processor. .

2. Contingency Service
(i). Should the Bureau’s payroll operations be disrupted for any reason, the Bureau will provide the Client with as full a service as possible.
(ii). The Bureau will advise the Client should its payroll operations be disrupted to such an extent that it needs to put into place its Contingency Service.
(iii). In the event that the Contingency Service has been put into place, the Client can communicate with the Bureau via the Bureau Contingency Contact at (a) the registered office address and (b) its IT Consultants, Datalibrium Ltd (for data retrieval only).

3. Data Delivery
(i) The Client will provide the Bureau with details of employee bank accounts (namely bank name, address, sorting code, account number and account name) and ensure that the Bureau is advised of any changes to these details.
(ii) The Client will deliver the information necessary to calculate the wages and salaries due to the Client’s employees to the Bureau at its office address e.g. hours worked, changes to rates of pay, bank details, pension details, additional payments due from basic pay and any other payroll related item in accordance with the schedule published by FS4S.
(iii) The Bureau will produce payslips in a format agreed with the Client.

(iv) The Bureau will arrange for payslips and a payroll summary report to be delivered to the Client at its above address in accordance with the schedule published by FS4S.

4. Data Verification
(i) The Client will check the payroll summary report in accordance with the Schedule published by FS4S and ensure that the Processing Date and the Client’s bank details are correct.
(ii)The Client will verify that the information contained on payroll summary reports is in accordance with the information supplied to the Bureau to calculate the wages and salaries due to the Client’s employees.
(iii) The Client will check the payroll summary report to ensure that:

• The number of transactions equate to the number of the Client’s employees;
• The total value of payments is in line with the Clients’ normal wages and salaries for the period involved;
• No single payment is exceptional, after taking account of overtime and special payments or bonuses.

(iv) The Client will inform the Bureau of any errors identified on payroll summary reports in accordance with the Schedule published by FS4S.

Cancellation of Payments
(i) The client will advise of the cancellation of individual payments by contacting the Bureau in accordance with the Schedule published by FS4S.

5. Reporting
(i) The Bureau will supply reports to the Client in accordance with the Schedule published by FS4S as follows:

• • • • Payroll Summary Report
      • Payroll Detailed Confirmation Report in a format suitable to input into school software
      • Year to date cumulative report

6. BACS Input
(i) The Bureau will supply payroll details in a format compliant with BACS requirements to BACS no later than the BACS “Processing Date”.
(ii) The Bureau must check to ensure that a BACS Input Report is received on the morning of Processing Day. If the BACS Input Report is not received it is the responsibility of the Bureau to contact the relevant body for verification of the BACS transmission.
(iii) The Client will check the BACS Input Report to:

• • • • Ensure the User Number and User Name reflect the Client’s registration with BACS;
      • Ensure that both the number and value of payments agree with the payroll summary report;
      • Ascertain details of any rejected or adjusted records.

(iv) The Client is responsible for dealing with any rejected or adjusted records identified in the BACS Input Report.

7. Definitions
BACS BACS Limited
BACS Processing Cycle The three consecutive working days in the BACS Processing Cycle are:
Day 1 – Input Day (the last day when the file may be received by BACS)

Day 2 – Processing Day
Day 3 – Debit/Credit Day (the day when items should reach destination)
Payroll Date 23rd of each month except (a) where the 23rd falls on a Saturday or Sunday when the date will be the preceding Friday or (b) if otherwise advised by the
Client.

8. Additional Services
Additional services may be purchased outside of the inclusive service described above

What the services described in Appendices 1, 2 and 3 do not include:-

1. Any form of tax advice
2. Any form of investment advice
3. Any form of legal advice
4. The execution of any documentation on behalf of the client
5. Making any decisions on behalf of the client

APPENDIX 4
Data Processing Provisions

• Processing of Personal Data Definitions
  1.1 In this clause 1:
  • 1.1.1 Applicable Law means as applicable and binding on you, us and/or the Services:
    (a) any law, statue, regulation, byelaw or subordinate legislation in force from time to time to which a party is subject and/or in any jurisdiction that the Services are provided to or in respect of;
    (b) the common law and laws of equity as applicable to the parties from time to time;
    (c) any binding court order, judgement or decree; or
    (d) any applicable direction, policy rule or order that is binding on a party and that is made or given by any regulatory body having jurisdiction over a party or any of that party’s assets, resources or business;
  • 1.1.2 Appropriate Safeguards means such legally enforceable mechanism(s) for transfers of Personal Data as may be permitted under Data Protection Laws from time to time.
  • 1.1.3 Controller, Data Subject, Personal Data, Processor and processing shall have the respective meanings given to them in applicable Data Protection Laws from time to time (and related expressions, including process, processed, processing, and processes shall be construed accordingly) and international organisation and Personal Data Breach shall have the respective meanings given to them in the GDPR;
  • 1.1.4 Data Protection Laws means, as binding on either party or the Services:
    • (a) the Data Protection Act 2018 and the UK GDPR;
      (b) any laws which implement any such laws; and
      (c) any laws that replace, extend, re-enact, consolidate or amend any of the foregoing;
  • 1.1.5  Data Protection Losses means all liabilities, including all:
    • (a) costs (including legal costs), claims, demands, actions, settlements, interest, charges, procedures, expenses, losses and damages (including relating to material or non-material damage); and
      (b) to the extent permitted by Applicable Law:
      • (i) administrative fines, penalties, sanctions, liabilities or other remedies imposed by any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering Date Protection Laws (Supervisory Authority).
        (ii) compensation which is ordered by a Supervisory Authority to be paid to a Data Subject; and
        (iii) the costs of compliance with investigations by a Supervisory Authority.;
  • 1.1.6 Data Subject Request means a request made by a Data Subject to exercise any rights of Data Subjects under Data Protection Laws
  • 1.1.7 GDPR means the UK General Data Protection Regulation.
  • 1.1.8 Protected Data means Personal Data processed for you or on your behalf in connection with
    the performance of our obligations under this Agreement; and
  • 1.1.9 Sub-Processor means any agent, subcontractor or other third party (excluding its employees) engaged by us for carrying out any processing activities on your behalf in respect of the Protected Data.

2 Data Processor and Data Controller

• 2.1 The parties agree that for the Protected Data, you shall be the Data Controller and we shall be the Data Processor.
• 2.2 We shall process the Protected Data in compliance with the obligations placed on us as Data Processors under the Data Protection Laws and the terms of this Agreement.
• 2.3 You shall comply with:
  • 2.3.1 all Data Protection Laws in connection with the processing of the Protected Data, the Services and the exercise and performance of your respective rights and obligations under this Agreement, including maintaining all relevant regulatory registrations and notifications as required under Data Protection Laws; and
    2.3.2 the terms of this Agreement.

4. 2.4  You warrant, represent and undertake, that:
   1. 2.4.1  all data sourced by you for use in connection with the Services shall comply in all respects, including in terms of its collection, storage and processing (which shall include you providing all of the required fair processing information to, and obtaining all necessary consents from, Data Subjects), with Data Protection Laws;
   2. 2.4.2  all instructions given by you to us in respect of Personal Data shall at all times be in accordance with Data Protection Laws; and
   3. 2.4.3  you are satisfied that:
      1. (a)  our processing operations are suitable for the purposes for which you propose to use the Services and engage us to process the Protected Data; and
      2. (b)  we have sufficient expertise, reliability and resources to implement technical and organisational measures that meet the requirements of Data Protection Laws.
5. 2.5  You shall not unreasonably withhold, delay or condition your agreement to any change requested by us in order to ensure the Services and we (and each Sub-Processor) can comply with Data Protection Laws.

3 Instructions and details of processing

3.1 Insofar as we process Protected Data on your behalf, we:

1. 3.1.1  unless required to do otherwise by Applicable Law, shall (and shall take steps to ensure each person acting under our authority shall) process the Protected Data only on and in accordance with your documented instructions as set out in this clause 3 and Part A of this Appendix 4 (Data processing details), as updated from time to time (Processing Instructions);
2. 3.1.2  if Applicable Law requires us to process Protected Data other than in accordance with the Processing Instructions, shall notify you of any such requirement before processing the Protected Data (unless Applicable Law prohibits such information on important grounds of public interest); and
3. 3.1.3  shall promptly inform you if we become aware of a Processing Instruction that in our opinion infringes Data Protection Laws, and we will be entitled to cease to provide the relevant Services until the parties have agreed appropriate amended instructions which are not infringing, provided that:
   1. (a)  this shall be without prejudice to clauses 2.3 and 2.4;
   2. (b)  to the maximum extent permitted by mandatory law, we shall have no liability howsoever arising (whether in contract, tort (including negligence) or otherwise) for any losses, costs, expenses or liabilities (including any Data Protection Losses) arising from or in connection

      with any processing in accordance with your Processing Instructions following your receipt of that information.

      3.2 The processing of Protected Data to be carried out by us under this Agreement shall comprise the processing set out in Part A of this Appendix 4 (Data processing details), as may be updated from time to time.

      4 Technical and organisational measures

      1. 4.1  We shall implement and maintain, at our cost and expense, the technical and organisational measures:
         1. 4.1.1  in relation to the processing of Protected Data by us, as set out in Part B of this Appendix 4(Technical and organisational measures); and
         2. 4.1.2  taking into account the nature of the processing, to assist you insofar as is possible in the fulfilmentof your obligations to respond to Data Subject Requests relating to Protected Data.
      2. 4.2  Any additional technical and organisational measures shall be at your cost and expense.

      5 Using staff and other processors

      1. 5.1  We shall ensure that all persons authorised by us (or by any Sub-Processor) to process Protected Data are subject to a binding written contractual obligation to keep the Protected Data confidential (except where disclosure is required in accordance with Applicable Law, in which case we shall, where practicable and not prohibited by Applicable Law, notify you of any such requirement before such disclosure).
      2. 5.2  We shall not permit any processing of Protected Data by any agent, sub-contractor or other third party (except our or our Sub-Processors’ own employees in the course of their employment that are subject to anenforceable obligation of confidence with regards to the Protected Data) without your prior written authorisation and ensure in each case that processing is strictly limited to individuals who need to know / access the Protected Data as strictly necessary for the purpose of providing the Services.
      3. 5.3  We shall not engage any Sub-Processor for carrying out any processing activities in respect of the Protected Data without your written authorisation of that specific Sub-Processor (such authorisation not to be unreasonably withheld, conditioned or delayed) provided that you authorise us to use the Sub-Processors already engaged by us as at the date of this Agreement. We shall make available to you a list of all Sub- Processors authorised to process the Protected Data (Sub-Processor List). At least 30 days prior to authorising any new Sub-Processor to process Protected Data, we shall provide notice to you of the update to the Sub- Processor List.
      4. 5.4  If you notify us in writing of any objections (on reasonable grounds) to a Sub-Processor being added to the Sub-Processor List within 14 days after the date of the applicable Sub-Processor notice to you:
         1. 5.4.1  we shall work with you in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Sub-Processor; and
         2. 5.4.2  where such a change cannot be made and we choose to retain the Sub-Processor, we shall notify you at least 14 days prior to the authorisation of the Sub-Processor to process Personal Data and you may discontinue using the relevant services and terminate the relevant portion of the Services which require the use of the proposed Sub-Processor immediately upon written notice to us, such notice to be given by you within 30 days of having been so notified by us.
      5. 5.5  We shall:
         1. 5.5.1  prior to the relevant Sub-Processor carrying out any processing activities in respect of the Protected Data, appoint each Sub-Processor under a written contract containing materially the same obligations as under clauses 2 to 12 (inclusive) that is enforceable by us;
         2. 5.5.2  ensure each such Sub-Processor complies with all such obligations; and
         3. 5.5.3  remain fully liable to you under this Agreement for all the acts and omissions of each Sub-Processor as if they were our own.

         6 Assistance with your compliance and Data Subject rights

         1. 6.1  We shall refer all Data Subject Requests we receive in respect of the Protected Data to you within 5 Business Days of receipt of the request, provided that if there is more than 2 Data Subject Requests per two calendar months, you shall pay our charges to be calculated on a time and materials basis at our rates to be notified to you in writing prior to us incurring these charges for recording and referring the Data Subject Requests in accordance with this clause 6.1.
         2. 6.2  Taking into account the nature of the processing, we shall assist you, at your cost, by appropriate and technical and organisational measures, insofar as this is possible, for the fulfilment of your obligation to respond any request from a Data Subject.
         3. 6.3  We shall provide such reasonable assistance as you reasonably require (taking into account the nature of processing and the information available to us) in ensuring compliance with your obligations under Data Protection Laws with respect to:
            1. 6.3.1  security of processing;
            2. 6.3.2  data protection impact assessments (as such term is defined in Data Protection Laws);
            3. 6.3.3  prior consultation with a Supervisory Authority regarding high risk processing; and
            4. 6.3.4  notifications to the Supervisory Authority and/or communications to Data Subjects by the Customer in response to any Personal Data Breach,

            provided you shall pay our charges for providing the assistance in this clause 6.3, such charges to be calculated on a time and materials basis at our rates to be notified to you in writing prior to us incurring these charges.

         7 International data transfers

         7.1 You agree that we may transfer Protected Data that includes that types of Personal Data set out in Part A of this Appendix 4 for the purpose of providing the Services to countries outside the UK or to any International Organisation(s) (an International Recipient), provided all transfers by us of Protected Data to an International Recipient (and any onward transfer) shall (to the extent required under Data Protection Laws) be effected by way of Appropriate Safeguards and in accordance with Data Protection Laws. The provisions of this Agreement shall constitute your instructions with respect to transfers in accordance with clause 3.1.

         8 Records, information and audit

         1. 8.1  We shall maintain, in accordance with Data Protection Laws binding on us, written records of all categories of processing activities carried out on your behalf.
         2. 8.2  We shall, in accordance with Data Protection Laws, make available to you such information as is reasonably necessary to demonstrate our compliance with our obligations under Article 28 of the GDPR (and under any Data Protection Laws equivalent to that Article 28), and allow for and contribute to audits, including inspections, by you (or another auditor mandated by you) for this purpose, subject to you:
            1. 8.2.1  giving us reasonable prior notice of such information request, audit and/or inspection being required by you;
            2. 8.2.2  ensuring that all information obtained or generated by you or your auditor(s) in connection with such information requests, inspections and audits is kept strictly confidential (save for disclosure to the Supervisory Authority or as otherwise required by Applicable Law);
            3. 8.2.3  ensuring that such audit or inspection is undertaken during normal business hours, with minimal disruption to our business, the Sub-Processors’ business and the business of other of our customers; and
            4. 8.2.4  paying us reasonable costs for assisting with the provision of information and allowing for and contributing to inspections and audits.

            9 Breach notification

            9.1 In respect of any Personal Data Breach involving Protected Data, we shall, without undue delay:

            1. 9.1.1  notify you of the Personal Data Breach; and
            2. 9.1.2  provide you with details of the Personal Data Breach.

            10 Deletion or return of Protected Data and copies

            10.1 We shall, at your written request, either delete or return all the Protected Data to you in such form as you reasonably request within a reasonable time after the earlier of:

            1. 10.1.1  the end of the provision of the relevant Services related to processing; or
            2. 10.1.2  once processing by us of any Protected Data is no longer required for the purpose of our performance of our relevant obligations under this Agreement,

            and delete existing copies (unless storage of any data is required by Applicable Law and, if so, we shall inform you of any such requirement).

            11 Liability, indemnities and compensation claims

            1. 11.1  You shall indemnify and keep us indemnified in respect of all Data Protection Losses suffered or incurred by, awarded against or agreed to be paid by, us and any Sub-Processor arising from or in connection with any:
               1. 11.1.1  non-compliance by you with the Data Protection Laws;
               2. 11.1.2  processing carried out by us or any Sub-Processor pursuant to any Processing Instruction that infringes any Data Protection Law; or
               3. 11.1.3  breach by you of any of your obligations under clauses 2 to 12 (inclusive),

               except to the extent we are liable under clause 11.2.

            2. 11.2  We shall be liable for Data Protection Losses (howsoever arising, whether in contract, tort (including negligence) or otherwise) under or in connection with this Agreement:

            11.2.1 only to the extent caused by the processing of Protected Data under this Agreement and directly resulting from our breach of clauses 2 to 12 (inclusive); and

            11.2.2 in no circumstances to the extent that any Data Protection Losses (or the circumstances giving rise to them) are contributed to or caused by any breach of this Agreement by you (including in accordance with clause 3.1.3(b)).

            3. 11.3  If a party receives a compensation claim from a person relating to processing of Protected Data, it shall promptly provide the other party with notice and full details of such claim. The party with conduct of the action shall:
               1. 11.3.1  make no admission of liability nor agree to any settlement or compromise of the relevant claim without the prior written consent of the other party (which shall not be unreasonably withheld or delayed); and
               2. 11.3.2  consult fully with the other party in relation to any such action, but the terms of any settlement or compromise of the claim will be exclusively the decision of the party that is responsible under this Agreement for paying the compensation.
            4. 11.4  The parties agree that you shall not be entitled to claim back from us any part of any compensation paid by you in respect of such damage to the extent that you are liable to indemnify us in accordance with clause 11.1.
            5. 11.5  This clause 11 is intended to apply to the allocation of liability for Data Protection Losses as between the parties, including with respect to compensation to Data Subjects, notwithstanding any provisions under Data Protection Laws to the contrary, except:
               1. 11.5.1  to the extent not permitted by Applicable Law (including Data Protection Laws); and
               2. 11.5.2  that it does not affect the liability of either party to any Data Subject.

            12 Survival of data protection provisions

            12.1 Clauses 2 to 12 (inclusive) shall survive termination (for any reason) or expiry of this Agreement and continue:

            1. 12.1.1  indefinitely in the case of clauses 10 to 12 (inclusive); and
            2. 12.1.2  until 12 months following the earlier of the termination or expiry of this Agreement in the case clauses 2 to 9 (inclusive),

            provided always that any termination or expiry of clauses 2 to 9 (inclusive) shall be without prejudice to any accrued rights or remedies of either party under any such clauses at the time of such termination or expiry.

            Part A
            Data processing details

            Processing of the Protected Data by us under this Agreement shall be for the subject-matter, duration, nature and purposes and involve the types of Personal Data and categories of Data Subjects set out in this Part A of Appendix 4.

            1. 1  Subject Matter, Nature, Purpose and Duration of processing:We will process Protected Data to provide the Services to you. The processing of Protected Data shall be for the term of this Agreement or until our legal obligations in relation to the processing of the Protected Data have ceased.
            2. 2  Type of Personal Data:In accordance with this Agreement to provide the Services to you we shall process (but not limited to) the following types of Personal Data:
               1. (a)  In relation to Payroll Service:(i) name, job title, date of birth, place of birth, private address, private telephone number, private email address, emergency contact, employee number, department ID, name of department, supervisor ID, name of supervisor, work location, days of absence and cause and holiday entitlement, National Insurance Number, bank account details, Court orders, Union Membership, pension details, Tax code, Grade, WPY and HPW.
               2. (b)  In relation to HR Consultancy Service:(i) name, date of birth, private address, telephone number, email address, contractual details and contract history, Occupational Health Services, redundancy, TUPE documentation, disciplinary and grievance, accident reports, right to work checks (passport details), referees, CRB/DBS disclosures, insurance documents, references, exit interviews, accident reports, holiday entitlement, time sheets / reports, qualifications, beneficiaries and absence management.
               3. (c)  In relation to Finance Support Services:(i) budgets, name and pay grades of your employees, job applicants, contractors or other relevant third parties; and(ii) relevant types of Personal Data obtained from the Payroll Service and HR Consultancy service mentioned above, which is required to provide the Finance Support Services.

            3  Categories of Data Subjects:We shall process (but not limited to) Protected Data in relation to the following data subjects:

            1. (a)  your current and former employees;
            2. (b)  your contractors and sub-contractors;
            3. (c)  your job applicants;
            4. (d)  your employee’s emergency contacts;
            5. (e)  your clients; and
            6. (f)  other categories of subjects which may be required for us to perform the Services to you.

         3. 4  Specific processing instructions:We shall process Protected Data as reasonably necessary for the provision of the Services arising from this Agreement and in accordance with your written instructions. Please refer to clause 3 of this Appendix 4 for further details. If you have any specific processing instructions, please notify us in writing so that we may process the Protected Data in accordance with those specific instructions.

         Part B
         Technical and organisational security measures

         1 We shall implement and maintain the following technical and organisational security measures to protect the Protected Data:

         1.1 In accordance with the Data Protection Laws, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of the Protected Data to be carried out under or in connection with this Agreement, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons and the risks that are presented by the processing, especially from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to theProtected Data transmitted, stored or otherwise processed, we shall implement appropriate technical and organisational security measures appropriate to the risk, including as appropriate those matters mentioned in Articles 32(a) to 32(d) (inclusive) of the GDPR (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of our systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by us).

         2 We reserve the right to update our technical and organisational measures and will not materially decrease the overall security of our Services under this Agreement.