Registration Terms and Conditions SkillGuard for Utilities is provided by Causeway Technologies Limited (a company registered in England and Wales with company number 03921897) whose registered address is Sterling House, 20 Station Road, Gerrards Cross, Buckinghamshire, SL9 8EL. You may contact us by telephoning our contracts team at +44 (0)1753 279927 or by e-mailing us at info@utilities.skillguard.co.uk . If you wish to give us formal notice of any matter in accordance with this Agreement, please write to us at the address above and send your letter by recorded delivery. 1.TERMS OF USE 1.1.Your use of this System is governed by the terms and conditions in this Agreement. If you do not accept the terms of this Agreement by clicking the box on the Registration Form, you will not be permitted access to this System and cannot use the Services. 1.2.If you are entering into this Agreement on behalf of a company or other legal entity, you represent that you have the authority to bind such entity to this Agreement in which case the terms “you” or “your” shall refer to such entity. If you do not have such authority or if you do not agree with these terms you must not accept this Agreement and you may not use this System or the Services. 2.DEFINITIONS 2.1.The following definitions apply in this Agreement: “Active Recordholder” means a Recordholder other than a Visitor or an Inactive Recordholder. “Agreement” means this agreement; “Authorised User” means an employee (permanent or temporary) or agent of a Registrant or Entity who accesses the Services and/or this System on behalf of the Registrant or Entity; “Business Day” means a day on which banks are open for business in London but excludes Saturday, Sunday and any other day which is a legal holiday in London. “Card” means a SkillGuard for Utilities identification token comprising either a physical smartcard or a virtual card which contains Recordholder data linked to data in the System for the purposes of identification and information checks; “Confidential Information” means any and all information to which you are given access or receive regarding: (i) any Recordholder; and (ii) any other Registrant; “Consumer Price Index, (“CPI”)” means the index published by the Office for National Statistics in the United Kingdom from time to time or, if that index number is no longer published, its substitute as a cumulative indicator of the inflation rate in the UK. “Content” means all information, data, records, text, software, graphics, messages, tags, or other materials posted on and/or contained within this System; “Data Protection Legislation” means all applicable data protection and privacy legislation in force from time to time in the UK including the Retained Regulation (EU) 2016/679 (UK GDPR) and the Data Protection Act 2018 and any regulations and secondary legislation made thereunder; “Data Subject” has the meaning given in the Data Protection Legislation; “Dormant Recordholder” means a Recordholder whose employment with a Registrant has ended or whose Registrant has terminated their Agreement to use the System and whose Record has not been transferred to another Registrant; “Entity” means a utility company operating in the UK, such as Thames Water or United Utilities; “EU Skills” means Energy and Utility Skills Limited, a company registered in England and Wales with company number 03812163) whose registered address is 6th Floor, 60 Gracechurch Street, London, United Kingdom, EC3V 0HR; “EUSR Register” is an online register of individuals’ training and skills for the Energy and Utilities sector which is controlled and processed by EU Skills; “Inactive Recordholder” means a Recordholder other than a Visitor or a Dormant Recordholder for whom no active subscription exists and to whose Record Registrants are only given limited access; “Messaging Module” means the messaging functionality in the System for communicating with Recordholders who have virtual cards; “Normal Working Hours” means 08.30am to 5:00pm Monday to Friday excluding public holiday; “Personal Data” has the meaning set out in the Data Protection Legislation; “Process” has the meaning set out in the Data Protection Legislation (and Processed, Processing and Processes shall be construed accordingly); “Record" means the data relating to an individual Recordholder held on a Card and/or within this System from time to time; “Recordholder” means any individual who has a Record on the System other than Authorised Users; “Registrant” means a company, business entity or other person that registers to use the System and Services; “Services” means the services described in Schedule 1; “System” means the proprietary web-based software (including any error corrections, updates, upgrades, modifications and enhancements provided to you under this Agreement), apps and database, known as “SkillGuard for Utilities” and owned by us; “Visitor” means an individual visitor who will be accompanied while on site; “we”, “our”, “us” means Causeway Technologies Ltd; “you” and “your” means you as Registrant and as an Authorised User of a Registrant. 3.VARIATION 3.1.We reserve the right at our sole discretion, to change, modify, add, or delete portions of this Agreement other than Charges and Payment at any time with sixty days’ prior notice except where required to do so sooner by law. We may choose to notify you by email, by other electronic methods or by using any other method in respect of which we have your contact details on your Record. 3.2.Should the terms of this Agreement be varied, you will have the opportunity to review the revised terms. Unless you notify us that you wish to terminate this Agreement before the effective date, your continued use of the Services and this System after the effective date of any such changes, constitutes your acceptance of the terms of this Agreement as varied. 3.3.Should you opt to terminate this Agreement under this Clause, we shall give you a pro rata refund for any unexpired subscriptions you have already paid. 4.CHARGES AND PAYMENT 4.1.Charges and payment terms for use of the System are as set out in Schedule 2. 5.SERVICES 5.1.Payment of the relevant charges as set out at Clause 4 shall entitle you to use the System and receive the Services as described in Schedule 1. 5.2.We reserve the right to change, modify, remove, suspend, discontinue or add to the functionality in the System and/or any of the Services to the benefit of the system in our sole discretion . Where we add new functionality, we reserve the right to make a supplementary charge for use of this functionality, but where we make such a charge, use of such functionality will be optional. 6.USER LICENCE 6.1.In consideration of the fees you pay us, if any, you are granted a non-exclusive, non-transferable, revocable licence to access and use this System (“User Licence”) in the United Kingdom. 6.2.You shall ensure that you and your Authorised Users comply with the terms and conditions they sign up to when logging into this System for the first time. 6.3.Your User Licence extends to the use of this System by your Authorised Users on the condition that they accept and comply with the terms and conditions they are required to sign up to when logging into this System for the first time. 6.4.You are responsible for the use, or misuse of your login credentials by any party, whether or not that user is authorised by you to use them. You may not use login credentials to access this System from outside the United Kingdom. 6.5.Your User Licence is subject to your compliance with this Agreement. 6.6.Unless expressly stated herein, nothing in this Agreement shall be construed as conferring any licence, right or ownership of intellectual property rights in this System or the Services, whether by estoppel, implication or otherwise. Your User Licence is revocable at any time without notice and with or without cause. In the event that your licence is revoked without cause, we shall reimburse you a pro rata amount for any unexpired fees you have paid. 6.7.You shall ensure that only your Authorised Users are given logins to the system. 7.CONTENT 7.1.Under no circumstances will we be liable in any way for the Content, including but not limited to any errors or omissions in any Content or any loss or damage of any kind incurred because of the use of any Content posted, accessed, downloaded, used, transmitted or otherwise made available on this System or through the Services. 7.2.You acknowledge that we may not pre-screen Content but you agree that we and our designees shall have the right (but not the obligation) in our sole discretion to pre-screen, refuse, or remove any Content that is available through this System. Without limiting the foregoing, we and our designees shall have the right (at our sole discretion) to remove any Content that violates the terms of this Agreement or the Authorised User Terms of this System or is otherwise objectionable or, inaccurate. 7.3.You acknowledge, consent and agree that we and the partners we use to deliver this System may access, preserve and disclose your account information and Content if required to do so by law or in a good faith belief that such access, preservation or disclosure is reasonably necessary to: 7.3.1.Comply with legal process; 7.3.2.Enforce this Agreement; 7.3.3.Respond to claims that any Content violates the rights of third parties; 7.3.4.Respond to your requests for customer service; 7.3.5.Protect the rights, property or personal safety of this System users and the public; or 7.3.6.Investigate complaints or reported violations of this Agreement and to take any action we deem appropriate, including but not limited to reporting any suspected unlawful activity to law enforcement officials, regulators or other third parties and disclose any information necessary or appropriate to such persons or entities. 7.4.You are responsible for all Content that you or your Authorised Users upload, post, e-mail, transmit or otherwise make available through the Services (“Your User Content”). This includes Content that is uploaded, posted, e-mailed transmitted or otherwise made available on your or their behalf. 7.5.You grant us and the partners we use to deliver this System a non-exclusive, transferable, royalty free, perpetual, irrevocable licence and right to use, modify, copy, reproduce, transmit, sub-license, index, model, aggregate, publish, display and distribute Your User Content as needed to provide the Services to you and other Registrants. 7.6.You agree not to: 7.6.1.upload, post, email, access, store, distribute, transmit or otherwise make available any Content that is false, misleading, unlawful, harmful, threatening, abusive, harassing, tortious, defamatory, obscene, libellous, invasive of another’s privacy, facilitates illegal activity, depicts sexually explicit images, hateful or racially, ethnically or otherwise offensive or objectionable, promoting of unlawful violence discrimination based on race, gender, colour, religious belief, sexual orientation, disability or any other illegal activities or that causes damage or injury to any person or property; 7.6.2.use the Services to impersonate any person or entity, or otherwise misrepresent your affiliation with another person or entity; 7.6.3.remove any proprietary notices from this System or the Services; 7.6.4.use the Services for fraudulent or unlawful purposes; 7.6.5.attempt to decompile, reverse engineer, disassemble or hack the Services or this System, or to defeat or overcome any encryption technology or security measures implemented with respect to the Services, this System and/or data transmitted, processed or stored therein; 7.6.6.change your user account information to include any credit card or bank account that is established by you primarily for personal, family or household purposes; 7.6.7.upload, post, e-mail, access, store, distribute, transmit or otherwise make available any Content that you do not have the right to make available under any law or under contractual or fiduciary relationships (such as inside information, proprietary and confidential information learned or disclosed as part of employment relationships or under non-disclosure agreements); 7.6.8.upload, post, e-mail, access, store, distribute, transmit or otherwise make available any: 7.6.8.1.Content that infringes any patent, trademark, trade secret, copyright or other proprietary rights of any party; 7.6.8.2.unsolicited or unauthorised advertising, promotional materials, “junk mail”, “spam”, “chain letters”, “pyramid schemes”, or any other form of solicitation; 7.6.8.3.material that contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or any telecommunications equipment; 7.6.8.4.interfere or disrupt the Services, this System, or servers or networks connected to or operated with the Services or disobey any requirements, procedures, policies or regulations of networks connected to or operated with the Services; 7.6.9.use the Services to: 7.6.9.1.intentionally or unintentionally violate any applicable law, rule or regulation 7.6.9.2.“stalk” or otherwise harass another; or 7.6.9.3.collect or store Personal Data about other users in connection with the prohibited conduct and activities set forth above. 8.MESSAGING 8.1.Where using the Messaging Module or any other means within the Services to send or instigate the sending of electronic mail (including without limitation e-mail, push notifications and in-app messaging) for the purposes of direct marketing to Recordholders you and your Authorised Users will comply with the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/24/26) (as amended) including without limitation in obtaining and maintaining any and all necessary consents, the provision to the Recordholder of a simple (and free) means of refusing the use of their contact details for the purposes of such direct marketing, at the time their details were initially collected, and, where they did not initially refuse the use of the details, at the time of each subsequent communication. 8.2.Without prejudice to the generality of clause 5.2 herein, we reserve the right, at any time and without notice or compensation to you, to disable and/or switch off your access to the Messaging Module or any other means of messaging within the Services where it has been used in a manner which breaches this clause 8 or materially breaches clause 7.6 herein including by reason of persistent breach, meaning either repeated, prolonged or non-cured breach, of clause 7.6. 9.YOUR REPRESENTATIONS AND WARRANTIES 9.1.You represent, warrant and covenant that: 9.1.1.You have the legal capacity to enter into this Agreement and to comply with its terms; 9.1.2.You will use this System for lawful purposes only and in accordance with this Agreement and all applicable laws, regulations, policies, notices and safeguarding measures including but not limited to appropriate policy documents; 9.1.3.You have taken reasonable steps to confirm that Your User Content is truthful, accurate and up to date and you have the right to provide such information; 9.1.4.When someone leaves your employment or sponsorship, you will update their Record accordingly in a timely manner; and, 9.1.5.When registering a Visitor, you will make them aware of the privacy notice on the System portal. 10.YOUR CONFIDENTIALITY OBLIGATIONS 10.1.You agree that any Personal Data that you obtain through the Services or use of this System and Confidential Information will be treated in strict confidence and with the same degree of care that you use to protect your own confidential information and you shall procure that your Authorised Users do so. 10.2.You will limit access to Confidential Information to those employees and personnel who need that access in order for you to receive the benefits of the Services and use this System and you will ensure access is revoked from such employees when appropriate (e.g. when someone resigns or changes role). 10.3.You shall not disclose Confidential Information for any purpose other than for your legitimate internal business purposes as necessary to realise the benefits of the Services. 11.DATA PROTECTION AND DATA PROCESSING AGREEMENT 11.1.We are a data controller for all data in the system in that we determine the overall scope, nature and purpose of processing. We also act as data controller for Visitor records and Dormant records. You are data controller for your Recordholders and Authorised Users. Details of data processing are more fully set out in Schedule 3. 11.2.Both you and we will comply with all applicable requirements of the Data Protection Legislation and each of us shall procure that our users comply with all applicable requirements of the Data Protection Legislation. This clause 11 is in addition to, and does not relieve, remove or replace, a party’s obligations under the Data Protection Legislation. 11.3.Without prejudice to the generality of clauses 11.1 and 11.2, we will in relation to any of your Personal Data processed by us as a data processor in connection with our performance of our obligations under this Agreement process that Personal Data only in accordance with the rules and functionality of the System or your written instructions where these do not conflict with such rules and functionality unless we are required to process the data by law. Where we are relying on a legal requirement as the basis for processing Personal Data, we will promptly notify you of this before performing the processing required unless we are prohibited by that law from so notifying you. We will inform you if, in our opinion, an instruction infringes the Data Protection Legislation. 11.4.The scope, nature and purpose of processing by us and the partners we use to deliver this system, the duration of the processing and the types of Personal Data and categories of Data Subject are set out at Schedule 3, as amended from time to time by us at our sole discretion. For the avoidance of doubt, you agree that this Agreement comprises your documented instructions to us and the partners we use to deliver this system (in accordance with Article 28.3(a) of the relevant Data Protection Legislation) to process any Personal Data that forms part of Your User Content. 11.5.We will not transfer any of Your User Content that constitutes Personal Data out of the UK unless the following conditions are fulfilled: 11.5.1.there are appropriate safeguards in relation to the transfer or the transfer is based on adequacy (decision or regulations) as set out in the Data Protection Legislation; 11.5.2.the Data Subject has enforceable rights and effective legal remedies; or 11.5.3.the transfer otherwise complies with the Data Protection Legislation. 11.6.Where we process Personal Data on your behalf when performing our obligations under this Agreement, you and we record our intention that we shall be joint data controllers as set out in Schedule 3 and we shall also be a data processor as set out in Schedule 3 in accordance with the Data Protection Legislation and in any such case and without prejudice to the generality of clauses 11.1 and 11.2: 11.6.1.you shall ensure that you have all necessary appropriate consents, notices (including privacy notices / policies) and safeguarding measures (including appropriate policy documents) in place to enable lawful transfer of the relevant Personal Data (meaning any Personal Data that forms part of Your User Content) to us for the duration and purposes of this Agreement so that we and the partners we use to deliver this System may lawfully use, process and transfer the Personal Data in accordance with this Agreement on your behalf including but not limited to enabling us lawfully to view Your User Content for the purposes of service delivery, support, investigation of potential abuse, monitoring of System performance and account management. You acknowledge and agree that we are relying on you to obtain and maintain the same and you shall fully indemnify us and the partners we use to deliver this system and the Services in respect of any claim, loss or liability suffered or incurred by us as a result of you failing to comply with this clause 11.6.1; 11.6.2.you shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing and transfer as required by the Data Protection Legislation and any other applicable data protection laws; 11.6.3.both you and we shall have in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of the Personal Data and against its accidental loss, destruction or damage appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any such measures (those measures may include, where appropriate, pseudonymising and encrypting the Personal Data, ensuring confidentiality, integrity, availability and resilience of our Systems and Services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted); 11.6.4.we will ensure that all persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; 11.6.5.we will notify you without undue delay on becoming aware of any Personal Data breach; 11.6.6.we will provide you with all reasonable assistance in responding to any request from a Data Subject that you or we receive in connection with Your User Content; 11.6.7.you will indemnify us and the partners we use to deliver this System in respect of any loss or liability which we reasonably incur in connection with any request from a Data Subject that you or we receive in connection with Your User Content; 11.6.8.we will assist you in ensuring compliance with your obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with the Information Commissioner; 11.6.9.we will make available to you all information necessary to demonstrate compliance with the obligations set out at Article 28 of the relevant Data Protection Legislation and permit and contribute to audits, including inspections, conducted by you or another auditor of your choice for the purpose of ensuring such compliance; 11.6.10.you and we will maintain complete and accurate records and information to demonstrate compliance with these clauses 11.1 to 11.6. 11.7.You consent to us appointing third party processors (including the partners we use to deliver this System and referred to collectively as “the third party processors”) to process Your User Content that comprises Personal Data on our behalf. We confirm that: 11.7.1.we will enter into with each third party processor a written agreement incorporating terms substantially similar to clauses 11.1 to 11.6 and clause 12.2 of this Agreement; 11.7.2.as between you and us, we will remain liable for all acts or omissions of any third-party processor appointed by us pursuant to this clause 11.7; 11.7.3.should you object to the appointment of any new third party processor on reasonable grounds relating to the processing of Personal Data, we shall discuss with you reasonable alternative solutions in good faith. If no resolution can be reached, we will, at our sole discretion, either not appoint the new third party processor, or we shall permit you to terminate the Service in accordance with the termination provisions of this Agreement. 11.8.You acknowledge and agree that: 11.8.1.the System contains functionality that may permit a Recordholder to be associated and/or shared with Registrants other than the Recordholder’s original Registrant and that this allows the associated Registrant to view data about the Recordholder, download it and report on it. 11.8.2.the data relating to a Recordholder included on a Card will be visible to anyone reading the Card using compatible Card-reading software and hardware and is also capable of being saved, printed and reported to third parties; 11.8.3.all data insertions, changes and deletions to a Record will be logged in an audit trail attached to the Record; 11.8.4.Entities can view and report on the workforce in connection to any of the projects/ sites the Entity has defined regardless of which Registrant Recordholders are linked to, including Recordholders associated with the projects/sites through card swipe activity. 11.8.5.When You mark a Recordholder as a leaver, they will be transferred to a pool of dormant records from where other Registrants can pick up their record. 11.9.You agree that you will take or have taken account of the matters set out in clause 11.8 in any documentation you provide to a Recordholder in accordance with clause 11.6.1. 11.10.You agree that in the event of any loss of or damage to Your User Content, your sole and exclusive remedy shall be for us to use reasonable commercial endeavours to restore the lost or damaged data from the latest back-up of such data maintained by us in accordance with our, or our relevant partner’s, normal back-up procedures. We shall not be responsible for any loss, destruction, alteration or disclosure of Your User Content caused by any third party (except those third parties sub-contracted by us to perform services related to Your User Content maintenance and back-up). 12.DEACTIVATION, TERMINATION AND CONSEQUENCES 12.1.We reserve the right to deactivate any Card so that it will no longer work with this system and the Services and/or terminate this Agreement at any time and without compensation to you if we consider (acting reasonably) that you or the Recordholder are in material breach of this Agreement or any data on the card is untrue, incorrect or misleading or if any Recordholder requests that we deactivate their Card. 12.2.You may terminate this Agreement at any time by giving us a minimum of thirty days’ written notice. 12.3. On the termination of this Agreement for any reason, we shall convert your Recordholders to Dormant Recordholders and retain their data for a period of seven years (or longer for Recordholders who switch employer to another Registrant) before deleting or anonymising them, and we shall cancel your logins. Should you wish to make a copy of your Records, you should do this prior to termination. 13.THIRD PARTY WEBSITES 13.1.You acknowledge that the Services may enable or assist you to access the website content of, correspond with, and purchase products and services from, third parties via third-party websites and you do so solely at your own risk. We make no representation or commitment and shall have no liability or obligation whatsoever in relation to the content or use of, or correspondence with, any such third-party website, or any transactions completed, and/or any contract entered into by you with any such third party. Any contract entered into and/or transaction completed via any third-party website is between you and the relevant third party and not us. We recommend that you refer to the third party’s terms and conditions and privacy notice prior to using the relevant third-party website or concluding any contract. We do not endorse or approve any third-party website nor the content of any of the third-party website made available through the Services. 14.INDEMNITY 14.1.In addition to any other remedy available to us, you agree to defend, indemnify and hold us harmless from and against any and all direct or indirect liabilities, claims, demands, losses, damages, actions, judgments, interest, awards, penalties, costs or expenses of whatever kind, arising whether in wholly or in part resulting directly or indirectly from the matters listed below: 14.1.1.your use of the Services, the apps or this System; 14.1.2.your use of any Content obtained from this System; 14.1.3.any third party or any of your Authorised Users accessing the Services, this System, the apps or any Content in connection with your use of the same under this Agreement; 14.1.4.your breach of this Agreement or the breach of this Agreement by any of your Authorised Users. 15. INTELLECTUL PROPERTY RIGHTS INDEMNITY 15.1. We agree to indemnify you against any damages and costs (including reasonable legal fees) that may be awarded or agreed to be paid to any third party in any claim or action to the extent that the System when properly used by you infringes the Intellectual Property Rights of the said third party (an “Intellectual Property Infringement”) and we shall defend any such claim or action at its expense, provided that you: 15.1.1.give written notice to us within thirty (30) days of becoming aware of any actual or claimed Intellectual Property Infringement; 15.1.2.give us the sole conduct of the defence to any claim or action in respect of the Intellectual Property Infringement in all negotiations relating thereto and do not at any time admit liability or otherwise attempt to settle or compromise the claim or action except upon our express instructions; 15.1.3.act in accordance with our reasonable instructions and give us such assistance as it should reasonably require in respect of the conduct of the defence, including without prejudice to the generality of the foregoing the filing of all pleadings and other court process and the provision of all relevant documents, and joining any lawsuit as a party; and 15.1.4.have taken all reasonable steps to minimise such claim and have in no way encouraged any such claim. 15.2.We shall reimburse your reasonable and proper costs incurred in complying with the provision of Clause 15.1 above. 15.3.We shall have no liability to you in respect of an Intellectual Property Infringement if the same results from any breach of your obligations under this Agreement or the acts and/or omissions of a third party. 15.4.In the event of an Intellectual Property Infringement, you shall permit us promptly at our expense and in our reasonable discretion: 15.4.1.to procure your right to continue using the System on the same terms for its own purposes on no less beneficial general terms as this Agreement; or 15.4.2.to make alterations, modifications or adjustments to the System such that it becomes non-infringing without incurring a material diminution in performance or function; or 15.4.3.to replace the System or part of the System with a compatible and non-infringing item provided that the System functionality and performance do not change in any material respect as a direct result of such modification. 15.5.This Clause 15 states our entire liability in respect of any Intellectual Property Infringement or alleged infringement of any third party right of any kind whatsoever by the System. 16.LIMITATION OF LIABILITY 16.1.Nothing in this Agreement limits or excludes either party’s liability: 16.1.1.for death or personal injury caused by such party’s (or its agent’s or sub-contractor’s) negligence; or 16.1.2.for intentional repudiatory breach, fraud or fraudulent misrepresentation; or 16.1.3.for any other type of liability, including breach of Data Protection Legislation which cannot be limited or excluded by law. 16.2.To the maximum extent permitted by law, in no event shall you or we be liable to the other for any loss of use, revenue or profit, indirect or consequential loss, any exemplary, special or punitive damages whether arising out of breach of contract, tort (including negligence) or otherwise, regardless of whether such damage was foreseeable and whether or not we have been advised of the possibility of such damages. 16.3.Except where otherwise stated, to the maximum extent permitted by law, our entire financial liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution, debt or otherwise arising in connection with the performance or contemplated performance of this Agreement shall in all circumstances be limited to the fees paid by or due from you in the twelve (12) month period immediately preceding the event giving rise to such liability. 16.4.Notwithstanding anything to the contrary herein, we, and the partners we use to deliver this System, shall not be deemed to be in default of any provision of this Agreement, or be liable to you or to any third party for any delay, error, failure in performance or interruption of performance due to or as a result of any events, circumstances or causes beyond our reasonable control including without limitation any act of God, flood, drought, earthquake or other natural disaster, epidemic or pandemic, terrorist attack, civil war, civil commotion or riots, boycott, strikes, interruption of power service, interruption of internet or communications service, interruption or failure of any utility service, interruption or failure of a third party cloud hosting platform or service, malicious use or malfunction of computers/service undetectable to you or us, war, threat of or preparation for war, armed conflict, imposition of sanctions, embargo, any law, action or measure taken by a government or public authority including without limitation imposing an export or import restriction, quota or prohibitions, acts of any other person not under our control or other similar causes. Should any of the events in this Clause 16.4 continue for a period longer than 5 Business Days, you may terminate this Agreement and, should you opt to terminate this Agreement under this Clause 16.4, we shall give you a pro rata refund for any unexpired subscriptions you have already paid. 17.WARRANTY 17.1.We warrant that the System will: 17.1.1.work substantially in accordance with the service description in Schedule 1; 17.1.2.be delivered in accordance with the service criteria in Schedule 4. 17.2.To the extent permitted by law, all other conditions and warranties, statutory or otherwise and whether express or implied that relate to the provision of the Services or the operation of this system, are hereby excluded. 18.NOTICES 18.1.All notices issued by you under this Agreement shall be in writing and shall be delivered by recorded delivery post to our registered company address. 18.2.Your notice address for notices issued by us under this Agreement shall be that address you provided to us on your registration form or as updated within the system. 19.GOVERNING LAW, JURSIDICTION AND OTHER MATTERS 19.1.Each party irrevocably agrees this Agreement and any disputes or claims arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by the law of England. 19.2.Each party irrevocably agrees that the courts of England shall have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims). 19.3.You and we are independent contractors to each other. This Agreement does not, is not intended to and shall not be deemed to create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between us. 19.4.You may not assign or delegate your rights or obligations under this Agreement without our prior written consent. 19.5.We may perform the Services through third party contractors. As between you and us, we will remain liable for all acts or omissions of any third party contractor appointed by us pursuant to this Clause 19.5. 19.6.Any provisions of this Agreement which are intended by their nature to survive the termination or expiration of this Agreement and/or your use of the Services shall so survive, including without limitation, your obligations to indemnify us and the partners we use to deliver this System, the limitations on our liability, the confidentiality obligations herein, the obligation under clause 12.2 herein (deactivation, termination and consequences) and the governing law and jurisdiction provisions. 19.7.Headings used in this Agreement are for convenience only and will not be used to construe or interpret any provision hereof. 19.8.This Agreement is the entire agreement between you and us regarding your use of the Services, this System and the apps and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. 19.9.Each party acknowledges that in entering into this Agreement it does not rely on, and shall have no remedies in respect of, any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in this Agreement. Nothing in this clause shall limit or exclude any liability for fraud, wilful misrepresentation or wilful concealment. 19.10.Any provision of this Agreement that is held to be wholly or partially invalid, illegal or unenforceable will be deleted from this Agreement to the extent that it is invalid, illegal or unenforceable and the remaining provisions will continue in full force and effect. 19.11.This Agreement does not confer any rights on any person or party (other than the parties to this Agreement and (where applicable) their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999. . 19.12.No failure or delay by a party to exercise any right or remedy provided under this agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy. A waiver of any right under this Agreement is only effective if it is in writing and it applies only to the party to whom the waiver is addressed and to the circumstances for which it is given. ? Schedule 1: About SkillGuard for Utilities SkillGuard for Utilities is a workforce and supply chain management system provided as a cross industry platform for use by Entities and contractors working in the utilities sector. It can also be used by agencies supplying labour into this sector. The System is for managing required and trusted information about the workforce to reduce duplication of data and data sources, maximise on efficiency and help ensure workforce safety. At the System’s heart is the individual’s record, paired to a corresponding Card, which holds relevant information to provide real- time “authority to work”. This includes qualifications, site-specific events or briefings, job roles, work status, hours worked for fatigue monitoring and summary occupational health status including any work restrictions. The information is stored so, as a Recordholder changes employment or goes to work on sites for a variety of different utilities, Recordholder information is available on the System or on the corresponding Card eliminating unnecessary duplication of data and making controlled and limited access to current information available as and when needed. The rules and functions of the System are determined by us under advisement from a Policy Board representing users. The System comprises a database of individual records, corresponding smartcards enrolled on to that database, and mobile apps which an authorised individual who is checking the Card may download onto a smartphone or tablet to access key data about Recordholders on site such as competency, to ensure they have the appropriate pre-requisites to work. Historic data is retained in the System to enable workers to change employment without losing their historic record as well as providing historic information in the event of an investigation. The System enables reporting across a range of user roles and issues notifications to relevant users including Recordholders as a result of critical changes to a record. Each Recordholder can be issued with a Card which is either virtual or physical. Virtual Cards are issued to a digital wallet called Vircarda and a powerful messaging feature in the System enables work related messages to be sent to targeted Recordholders. Each Recordholder must have a primary employer and a current subscription for their Record to be available for authentication and checking. It is possible for an employer to delegate management of their Recordholders to another organisation (a sponsor) – a practice that typically occurs when a small contractor’s Recordholders work exclusively for one primary contractor who agrees to take on the day-to-day management of their Records. An employer can also share a Recordholder with another employer (a practice that typically applies to labour agencies) acting in a secondary role. Registrants use the System to record information about their Recordholders delivering projects for Entities. Information the System can hold about a Recordholder includes summary personal information including emergency contact, employment status, qualifications, training, competencies, site briefings and inductions, other industry cards and credentials, drug and alcohol test results, summary occupational health outcomes with any consequent work restriction, and Card swipe activity for management of fatigue and analysis of site activity. Some Recordholders have data held on the EUSR which is managed by EU Skills. For those Recordholders, there is the option, within SkillGuard for Utilities, to create a link between the record in EUSR and the Record in SkillGuard for Utilities such that the data in EUSR and all updates to it for the remainder of the subscription period are automatically imported into SkillGuard for Utilities. This process is activated through a dedicated button labelled “Link to EUSR”. Registrants and Recordholders can provide the Recordholder’s unique Record number, surname and date of birth to another Registrant for the purpose of association. Successful matching of all three of these criteria enables the new Registrant to associate with the Recordholder to obtain advance information about them. Registrants can directly associate Recordholders with any linked Entity. This enables the Entity to obtain information about recordholders who are or may be supplied by the Registrant for work with the Entity without the need for a swipe association. Recordholder credentials can be checked and reviewed by authorised Card checkers using the SkillGuard app or web card reader. Every aspect of the check is audited and recorded on the System. The app and web card reader enable the following: •Authentication of the Card checker and the site where the app is being used (Each site is linked to an Entity and a Registrant acting as principal contractor for that Entity on that site). •Swipe in of Cards at the start of the work session •An authority to work check confirming the Recordholder’s status in relation to general System rules and any specific site access rules. •Card spot check •Award of site-based events such as briefings and inductions managed by the principal contractor for the site to attending Recordholders. •Swipe out of Cards at the end of the work session. When an Active Recordholder has their Card checked on site using the app or web card reader, the swipe associates the individual with the principal contractor and Entity for the site. Until the Card is presented at a subsequent site under a different principal contractor and Entity, summary Recordholder data will be available to the principal contractor and Entity, and even once the Recordholder is working elsewhere will endure for reporting purposes. Authorised Training Providers granted access to the system are able to award training outcomes to Recordholders. Basic personal details are shared with the Training Provider to ensure outcomes are awarded to the correct Record Holder. Authorised Medical Providers granted access to the system are able to award medical and D&A outcomes to Recordholders. Basic personal details are shared with the Medical Provider to ensure outcomes are awarded to the correct Record Holder. Training outcomes can be awarded to Recordholders via the system API, directly into the System using a Training Provider login, via our CourseSight online booking solution or via the link with EUSR. Basic personal details are shared with the CourseSight solution to verify that outcomes are awarded to the correct Record Holder. Outcomes imported from EUSR will be displayed as “Source System EUSR” which can provide extra assurance for the System user community. Helpdesk and system admin users also have visibility of Recordholder details for support purposes. The System includes functionality to log Recordholder swipe in and out times for the purposes of access control. Registrants can create limited visitor records for Visitors who will be accompanied while on site and a visitor pass can be issued to cover the period of their visit. With the permission of the Visitor, their record can be accessed by other Registrants if they visit a different site. No more than 10 visitor passes can be issued to an individual in any twelve-month period. Users of the System Recordholders: Recordholders (other than Visitors) can have a MySkillGuard login that gives them access to their Record. MySkillGuard enables the Recordholder to report any errors in their record to their employer, perform routine housekeeping/ account management activities such as changing preferences and view all current employment and associations. Registrants: Registrants can create, view, update and report on their Recordholder data. Registrants choose what functionality they wish to utilise and act as data controllers for the data in the System relating to their own Recordholders, but supplementary information can be directly added to Records by approved training providers and medical providers. Registrants who are not principal contractors can view and report on their workforce of direct employees, sponsored workers and workers associated through direct association. Principal contractors: Registrants acting as principal contractors can view and report on the workforce for any of the projects/ sites they are linked to. This covers both direct employees and any member of the supply chain workforce associated with the site – either through direct association or through card swipe association. It is Card checkers working on behalf of the principal contractor who normally undertake Card swipes on site. Entities: As well as using the System to record information about their direct employees, Entities can view summary details about Registrant organisations that are linked. Entities can view and report on the workforce in connection to any of the projects/ sites the Entity has defined regardless of which principal contractor it is linked to. This covers both direct employees as well as any member of the supply chain workforce associated with the project through card swipe activity. Entities can also partially or fully suspend individuals from working on their sites/projects. Entities can also view and report on any Recordholder directly associated with the Entity. EU Skills: Statistical, anonymised data may be provided to EU Skills from time to time to allow for an understanding of the specific training requirements of the utilities sector. ? Schedule 2: Charges Except where otherwise agreed, the charge for the service shall be £27.00 per annum + VAT for each Active Recordholder. There will be no charge for Visitor records. For each physical smartcard requested, there will be an additional one-off charge of £5.50 + VAT, which includes card stock, printing, encoding, postage and packing. On the 1st October each year starting on the 1st October 2023, charges shall be increased in line with the rise in the Consumer Price Index for the twelve months up to the 1st August previous. The above charges may be varied by us by giving twenty-four months’ prior notice. The additional service of linking EUSR data to SkillGuard for Utilities via the “Link to EUSR” button is currently provided free of charge. We reserve the right to charge a fee for this service and any such charge will be notified to you prior to the renewal of your subscription. Payment Terms The initial fee (subscription) for each record shall be paid by credit/debit card in the System when the Record is created and shall be valid for twelve months from the date the Record is created. At the end of the period and each subsequent subscription period, the subscription must be renewed to gain continued access to the Recordholder’s full data for a further twelve-months. This can be paid up to twelve weeks in advance of the renewal date. Charges for physical smartcards shall become due when the card is requested. Except where a pay-on-account arrangement has been agreed, payments shall be paid in the System by debit/credit card when they become due and the System will issue a VAT receipt. If a pay-on-account arrangement has been agreed, provided a valid purchase order is in place, fees for subscriptions and physical cards shall be invoiced at the start of the month following the month in which they became due. Where an invoice remains unpaid more than thirty days from invoice date, we reserve the right to suspend your access to the System and to terminate pay-on-account facilities. ? Schedule 3: Scope, Nature and Purpose of Processing by Us Data Subject: Active Recordholders, Inactive Recordholders and Authorised Users Data Controller: Us Purpose of Processing by Us: To provide a workforce and supply chain management system provided as a cross industry platform for use by Entities and contractors working in the utilities sector for managing required and trusted information about the workforce to reduce duplication of data and data sources, maximise on efficiency and help ensure workforce safety. Legal Basis for Processing: Legitimate interest and performance of a contract Nature of Processing: We determine the rules and functionality for the System in consultation with an advisory board made up of System users. Types of Personal Data: We determine the System rules and functionality that apply to all data and data subject types Duration of Processing: For the life of the System or until otherwise notified Who We Share Data With: Not applicable Data Subject: Active Recordholders in your employment Data Controller: You Data Processor: Us Purpose of Processing by Us: To enable you to participate in a cross-industry platform used by Entities and contractors working in the utilities sector for managing required and trusted information about the workforce to reduce duplication of data and data sources, maximise on efficiency and help ensure workforce safety to the benefit of all. Legal Basis for Processing by Us: Performance of a Contract Nature of processing by Us: The nature of processing is as described in Schedule 1. Special category/sensitive data is used to allow you - and where relevant other contracted workforce suppliers and authorised personnel with a need to access such data - to ensure subjects have the appropriate pre-requisites to complete work on your/their behalf and to uniquely identify people. Types of Personal Data: Information the System can hold about a Recordholder includes: summary personal information including contact details, national insurance number, emergency contact, employment status, qualifications, training, competencies, site briefings and inductions, other industry cards and credentials, and Card swipe activity for management of fatigue and analysis of site activity. Sensitive data or special category personal data comprises data concerning safety critical occupational health including medical examination date, medical provider, summary result of medical examination (fit/not-fit/fit with adjustment/fit with restriction plus restriction). If D&A test result is recorded, whether the outcome is positive/negative. How Data is Collected: Personal Information – Recorded by the initial employer and maintained by the current employer. Contact information - Recorded by the initial employer and maintained by the current employer, and maintainable by the Record Holder via mySkillGuard. Qualifications – Recorded by the current or previous employers, by approved Training Providers, or via integration with Our CourseSight online booking system or via integration with EU Skills’ EUSR Site Briefings and Inductions – Recorded by the current or previous employer, or by authorised Card checkers. Medical and D&A outcomes – Recorded by approved Medical Providers. Duration of Processing by Us: Until the Recordholder becomes an Inactive or Dormant Recordholder Who We Share Your Data With: Data is shared in accordance with system functionality outlined in Schedule 1. Data Subject: Inactive Recordholders in your employment Data Controller: You Data Processor: Us Purpose of Processing by Us: To maintain historic records for data integrity; to enable investigation of historic incidents; to enable you to generate reports of historic activity. To allow re-subscription of Recordholders. Legal Basis for Processing by Us: Legitimate interest and Performance of a Contract Nature of processing by Us: Storage of Recordholder data; provide access to data to you for reports and to renew lapsed Recordholder subscriptions. Types of Personal Data: A full copy of the original Active Cardholder Record is stored. (You are enabled to view a summary of the Record in order to renew the subscription and to generate historic reports.) Duration of Processing by Us: Six years (but encrypted data back-ups are kept for a further twelve months). Who We Share Your Data With: The Recordholder via MySkillGuard. Historic swipe data is shared with other Registrants and Entities related to the swipes. Data Subject: Your Authorised Users Data Controller: You Data Processor: Us Purpose of Processing by Us: To enable your Authorised Users to manage data pertaining to records in SkillGuard for Utilities Legal Basis for Processing by Us: Performance of a Contract Nature of Processing by Us: Data relating to Authorised Users is stored and processed to ensure relevant controls are in place so that access to data can be restricted to only those individuals with a legitimate need to view/process this data, and so that an audit history of changes to data made by Authorised Users can be maintained. Details of correspondence including email address and any other contact information provided are stored and processed for the purpose of responding to that correspondence. Types of Personal Data: details to allow individual to be identified for user maintenance and audit purposes (Name, Email Address); details to allow access to workforce data to be appropriately restricted How Data is Collected: Personal Information – Recorded by your Authorised Users or the Helpdesk. Contact information - Recorded by your organisation’s administrator or the helpdesk, and maintainable by them or the Authorised User. Duration of Processing by Us: For the life of the System or until otherwise notified Who We Share Your Data With: Audit information – when you make updates to information in the System, your name may be visible as the updating user. Authorised Users may have visibility of your details to maintain your System access. Helpdesk and our system admin users may also have visibility of your record for support purposes. Data Subject: Visitors Data Controller: Us Purpose of Processing by Us: To enable Visitors to access sites without being registered on the System as Active Recordholders Legal Basis for Processing: Legitimate interest and performance of a contract Nature of Processing: Grant temporary access to sites; secure storage of data; responding to data subject access requests Types of Personal Data: Name, DoB, email address and (optionally) mobile number and vehicle details. How Data is Collected: Personal Information – Recorded by your original host or their administrator. Contact information - Recorded by your original host or their administrator. Site Access – Recorded by a site access controller using the mobile app or PC-based card reader. Duration of Processing: Six years from last visit (but encrypted data back-ups are kept for a further twelve months). Who We Share Data With: Data is visible to Contractors that wish to give the Visitor site access. Helpdesk and our system admin users may also have visibility of your record for support purposes. Data Subject: Dormant Recordholders Data Controller: Us Data Processor: Us Purpose of Processing by Us: To enable Recordholders to be transferred between Registrants; to ensure data integrity is maintained across the System. Legal Basis for Processing: Legitimate interest and performance of a contract Nature of Processing: making Recordholder available for transfer to a new Registrant; secure storage of data; responding to data subject access requests Types of Personal Data: A copy of the most recent Active Cardholder Record is stored Duration of Processing: Six years from end of last Active Cardholder Record status (but encrypted data back-ups are kept for a further twelve months). Who We Share Data With: Data is shared with the Recordholder and Registrants that wish to transfer the Recordholder to their employment. Historic swipe data is shared with Registrants and Entities related to the swipes. Helpdesk and our system admin users may also have visibility of Recordholder details for support purposes. ? Schedule 4: Service Criteria Hosting The Service 1.Hosting: 1.1.We shall host the Software in the cloud such that it can be accessed over the Internet 24 hours a day, 365/6 days a year, with a targeted uptime, excluding maintenance, of 99.9%. 1.2.We shall host the Software with sufficient capacity to handle the level of demand required. We shall monitor service performance and configure cloud resources and scale the solution as required to enable 98% of page requests, (excluding pages with high volumes of data such as reports), to be processed on the server and served within 2 seconds. (Note this excludes network latency / time taken to transfer data over the internet or browser processing time). 2.Maintenance 2.1.We shall be responsible for provisioning, servicing and maintaining the Software, the cloud services used to host the Software and any third-party services needed to host the Software to ensure smooth, uninterrupted running of the Service. 2.2.Scheduled maintenance requiring the Service to be taken offline will be at times least likely to be disruptive to users and announced in advance. 2.3.We shall be responsible for installing upgrades and updates to the Software and will maintain a record of version numbers and installation dates for each upgrade. Upgrades will be installed at times announced in advance. The patching schedule shall ensure that the underlying platform is protected with regular security updates. We shall closely monitor patching activity and ensure that high availability features are appropriately configured so that any such updates do not impact on the availability of the Service. 3.Security 3.1.We shall implement appropriate security measures to ensure the integrity of the hosted service and the data held within it in-line with accepted industry good practice prevailing at the time. We shall work closely with cloud security specialists to ensure best practice in the configuration of the Software and infrastructure. This includes appropriate use of encryption protocols, application firewalls and other network security restrictions in conjunction with specific security measures integrated into the Software. 3.2.The Software platform shall be subjected to annual external penetration testing by an external IT security specialist service provider. 3.3.All our personnel involved in the design, configuration and operation of the service shall carry out their duties in relation to delivery of the service in accordance with our ISO 27001 certification and security policies which are annually audited by an external ISO 27001 accrediting body. 4.Third Party Software/Services 4.1.We shall be responsible for the cost of supplying, licensing and operating any third-party software or services (including Microsoft Azure Platform) necessary to deploy, monitor, configure or otherwise provide the Service. 5.Data Back-Up 5.1.We shall implement back-up procedures commensurate with standard industry good practice prevailing at the time. The back-up process shall not affect availability of the Service. 5.2.At a minimum: 5.2.1.all database data shall be backed up hourly and replicated to a separate geo-diverse data centre; and 5.2.2.the entire platform shall be backed up to secure, resilient storage every 24 hours to allow for rapid recovery if a catastrophic failure occurs. 5.3.In the event of damage to or loss of your data on the servers, we shall be responsible for restoring the data from the most appropriate back-up. 6.Upgrades 6.1.We shall supply periodic upgrades to the System. 6.2.Upgrades will be announced beforehand, with reasonable lead time. During these upgrades, the System may be taken offline to perform the task at a time confirmed in advance. Schedule 5: Support 1.We shall provide 24/7 support to Authorised Users via a Virtual Assistant that enables individuals to access a wide range of resources, FAQs and guides to answer their queries. Depending on the query, issues shall either be resolved using the Virtual Assistant or, where appropriate, may be ticketed for escalation to our support team for direct follow-up. We shall also offer Live Chat during Normal Working Hours to Authorised Users of the system where required. Authorised Users will need to confirm their details as part of engagement with a member of our support team. 2.For System problems, we shall use reasonable endeavours to respond to and resolve them within the following timescales: Nature of Problem Response Time Temporary Fix/Workaround Permanent Fix Major Error 30 Minutes 12 hours 5 Business Days Serious Error 30 Minutes 1 Business Day 14 Business Days Other Error 30 Minutes 14 Business Days 50 Business Days Key: •A “major error” is an error which prevents the Services from being run effectively and/or cripples the Services or causes substantial damage to user data. •A “serious error” is an error which causes severe performance degradation; causes a halt to the operation of important tasks by users or places the operation of such tasks at risk; including without limitation, failure of a major feature; where the error severely degrades performance of the System where no alternative exists; causes delay in a time critical implementation of any aspect of the Services; or causes any damage to user data. •An “other error” is any defect in the System or Services other than a major error or a serious error. •A “temporary fix” is an acceptable temporary workaround, which allows users to make proper use of the Services (or the affected part thereof) without substantial degradation in performance. •A “permanent fix” is a permanent resolution of the error, which restores the Services (or the affected part thereof) to full performance in accordance with the terms of this Agreement. Schedule 6: Smartcard Production 1.We shall supply printed and personalised smartcards compatible with the System upon request by Authorised Users 2.Smartcard requests received before 10.00am shall be processed and despatched the following day if received within Normal Working Hours and the next Normal Business Day otherwise. 3.Smartcard requests received after 10.00am shall be processed and despatched the day following the next Business Day. 4.Smartcards shall be despatched by first class post to a central address nominated by the requester.