Coreo Platform – Terms and Conditions
These terms and conditions (Terms and Conditions) form a legal agreement between the Subscriber or End User, as applicable (you and your), and Natural Apptitude Ltd (Natural Apptitude Ltd, us, we and our) as the provider of the Coreo platform (Coreo, the Platform, the Service).
You are the Subscriber under these Terms and Conditions if you are ordering or renewing a Subscription to use the Coreo platform. Where a Subscription is ordered or renewed on behalf of an organisation, the organisation is the Subscriber.
You are an End User under these Terms and Conditions if you are participating in a project and have created a User Account, or have had one created for you by the owner of the project (the Subscriber, or by an Admin User on behalf of the Subscriber).
By signing into the Coreo platform you agree to these Terms and Conditions. These Terms and Conditions include, in particular, limitations on liability in Condition 5.
If you do not agree to these Terms and Conditions, you should not use the Coreo platform. You may still be able to use facets of apps built with Coreo if these do not involve creating an account or submitting other data to the platform.
Important notice to Consumers
If you have paid a subscription fee to use the Coreo platform and you are an individual not acting for the purposes of a business or profession you have the right to withdraw from your transaction without charge and without any reason within fourteen (14) days after the commencement of your subscription.
Definitions used in these Terms and Conditions
Admin User An End User with the ability to manage other End Users and subscription payments. In a Single User Account, the sole End User is an Admin User.
Billing Contact An End User who will act as the contact point for subscription renewal payments.
Coreo platform The software hosted at https://admin.coreo.io which is accessible to authenticated users, the primary functions of which are the design and distribution of data collection apps, and the management of users of, and data submitted by, such applications.
Coreo Account The End User’s account
Coreo.io website Refers to the public facing website at https://coreo.io
Consumer A private individual purchasing a subscription to use the Coreo platform but who is not acting for the purposes of their business or profession.
Data Controller Has the meaning set out in the current UK Data Protection Legislation.
Data Protection Legislation means any law, statute, declaration, decree, directive, legislative enactment, order, ordinance, regulation, rule or other binding restriction (as amended, consolidated or re-enacted from time to time) which relates to the protection of individuals with regards to the Processing of Personal Data, including EC Directive 95/46/EC (the DP Directive), the Data Protection Act 1998 (the DPA) and Privacy and Electronic Communications (EC Directive) Regulations 2003 (up to and including 24 May 2018) and the GDPR (on and from 25 May 2018).
Data Subject Has the meaning set out in the Data Protection Legislation.
Data Subject Request Means an actual or purported subject access request or notice or complaint from (or on behalf of) a Data Subject exercising his rights under the Data Protection Legislation.
Mothball The act of Natural Apptitude Ltd changing your account upon request from active to inactive (preserving all account settings, projects and apps associated with it).
Admin User Any individual with an admin account, capable of creating projects, apps and managing users and project data.
End User Any individual who has a User Account.
Fee The payment made by you to Natural Apptitude Ltd in exchange for a Subscription to use the Coreo platform.
Freedom of Information Laws means the Freedom of Information Act 2000 (and any Scottish equivalent), the Environmental Information Regulations 2004 (and any Scottish equivalent) and any subordinate legislation made under such legislation from time to time together with any guidance and/or codes of practice issued by the UK Information Commissioner or relevant Government Department in relation to such legislation;
Natural Apptitude Ltd the creator, owner and provider of the Coreo platform. Also referred to in these Terms and Conditions as us, we and our.
Subscription Your right to use the Coreo platform for the appropriate term, provided in exchange for a Fee. The term Subscription used herein is equivalent to the term Licence.
Subscriber The individual ordering or renewing a Subscription to use the Coreo platform. Where a Subscription is ordered or renewed on behalf of an organisation, the organisation is the Subscriber. The term Subscriber used herein is equivalent to the term Licensee.
Primary Contact An End User who is an Admin User, but also has ultimate responsibility for Subscriptions, projects and data held thereunder and acts as its Controller. The sole End User in a Single User Account is the Primary Contact. Within an organisation, this individual should be made known to Natural Apptitude.
Data Processor Has the meaning set out in the Data Protection Legislation.
Enterprise Account/Subscription A Coreo platform Account/Subscription that permits any number of intra-organisation Admin and End Users. Also referred to in these Terms and Conditions as an Organisation Account.
Single User Account/ Subscription A Coreo platform Account/Subscription that permits only one Admin User.
Specification The description of the work to be undertaken if bespoke (consultancy) work is agreed within the Fee.
Upgrade The act of Natural Apptitude Ltd changing your Coreo Account type, upon request of the Primary contact, from a Single User Account to an Enterprise Account.
Downgrade The opposite of Upgrade
Use/Usage “Use” of Coreo is defined expressly as an End User logging into, or being logged into an active Coreo Account for any purpose.
- Grant and scope of use by you of the Coreo platform
1.1 In consideration of payment by you of the agreed Fee and you agreeing to abide by these Terms and Conditions, we hereby grant to you a non-exclusive, non-transferrable right to the Coreo platform under these Terms and Conditions for a term in accordance with the fee paid, renewable in increments as set out in accordance with these Terms and Conditions.
1.2 You may use the Coreo platform:
- for your internal business purposes;
- for your own personal purposes (as a Consumer);
- if you have been granted a User Account by the Subscriber as one of the number of permitted End Users agreed between the Subscriber and Natural Apptitude Ltd.
1.3 You may not use the Coreo platform:
- To provide services for commercial reasons, or for any business type (charity, limited company, etc) other than your own (that named on the contract) unless by a separate contract with Natural Apptitude Ltd.
- Responsibilities and restrictions (Applies to all users of the Coreo Platform)
2.1 Except as expressly set out in these Terms and Conditions or as permitted by any local law, you undertake:
- not to divulge your Coreo Account password to any other person or share a Coreo Account with any other person. Each person who has access to a Coreo platform Account must use a unique account. Multiple users must not log in using a single set of shared credentials (such as a ‘group account’) except by permission from Natural Apptitude.
- to notify Natural Apptitude Ltd if you become aware of any unauthorised use of the Coreo platform through your Coreo platform Account;
- not to disassemble, decompile, reverse-engineer or create derivative works based on the whole or any part of the Coreo platform, nor attempt to do any such thing except to the extent that (by virtue of section 296A of the Copyright, Designs and Patents Act 1988) such actions cannot be prohibited because they are essential for the purpose of achieving inter-operability of the Coreo platform with another software program, and provided that the information obtained by you during such activities:
- is used only for the purpose of achieving inter-operability of the Coreo platform with another software program with our prior written consent; and
- is not unnecessarily disclosed or communicated to any third party without our prior written consent; and
- is not used to create any software which is substantially similar to the Coreo platform without our prior written consent;
- to ensure you provide up-to-date contact details in the Coreo platform;
2.2. If You post material to the Platform, or otherwise make (or allow any third party to make) material available by means of the Platform (any such material, “Content”), You are entirely responsible for the content of, and any harm resulting from, that Content. That is the case regardless of whether the Content in question constitutes text, graphics, an audio file, or computer software. By making Content available, You represent and warrant to us that:
- You will not engage in any activity that interferes with or disrupts the Coreo platform (or the servers and networks which are connected to the Coreo platform);
- the Content does not contain or install any viruses, worms, malware, Trojan horses or other harmful or destructive content;
- the Content is not spam and does not contain unethical or unwanted commercial content designed to drive traffic to third party sites or boost the search engine rankings of third party sites, or to further unlawful acts (such as phishing) or mislead recipients as to the source of the material (such as spoofing);
- You will post only Content that is ethical and legal and does not hinder other Users’ ability to use Coreo;
- the Content is not libellous or defamatory, does not contain threats or incite violence towards individuals or entities, and does not violate the privacy or publicity rights of any third party;
- Your login is not named in a manner that misleads Your readers into thinking that You are another person or company. For example, Your login name is not the name of a person other than Yourself or company other than Your own;
- Your content is not getting advertised via unwanted electronic messages such as spam links on newsgroups, email lists, journals and web sites, and similar unsolicited promotional methods
- You will not use, or allow the Coreo platform to be used, in a manner that uses a disproportionate share of the Coreo platform’s resources. Natural Apptitude Ltd will notify any user who has designed a project in such a manner that it uses a disproportionate share of the Coreo platform’s resources and affects the experience of other users. Natural Apptitude Ltd reserves the right to suspend any such project and/or controlling account or increase the subscription charge accordingly, should the user choose not to take steps that Natural Apptitude Ltd recommends to address the matter.
- You will not use the Coreo platform to transmit or distribute unsolicited bulk email, also known as SPAM. All email recipients must have opted in to, or otherwise validly consented to, receiving communications from you, the sender. In the event of a dispute, you must be able to prove that the recipient validly consented. Coreo Accounts may be terminated for sending unsolicited email messages;
- You will not access and use the Coreo platform via programmatic, scripted or any other automated means without our prior written consent;
- You will not use the Coreo platform in a manner that is likely to harm the reputation of the Coreo platform or Natural Apptitude Ltd . This includes, but is not limited to:
- misleading End Users about the nature of a project and the use of their data, including claiming a project is anonymous when it is not;
- the gratuitous inclusion of violent, pornographic or any other offensive content in a project/survey;
- the use of the Coreo platform to bully, threaten or harass any person or group of people; and/or
- the use of the Coreo platform to promote any form of violence, abuse or criminal activity;
- the use of copyrighted material, without permission, in a project.
Additionally, if you are the Primary Contact of an Enterprise/Organisation Account:
- to be responsible for the use of the Coreo platform within your organisation including timely deletion of User Accounts and data in accordance with current data protection rules;
- to manage the Coreo platform Account Upgrades and Downgrades and other requests on behalf of your organisation (if applicable);
- to supervise and control use of End User access to the Coreo platform and ensure the Coreo platform is used by your Coreo platform Account’s End Users in accordance with these Terms and Conditions;
- not to provide, or otherwise make available, access to the Coreo platform, including through any form of resale of licensing in whole or in part, in any form to any person or organisation for their own separate business purposes without prior written consent from Natural Apptitude Ltd .
If you are a Consumer:
- If you are a Consumer, we only supply the use of the Coreo platform for domestic and private use. You agree not to use the Coreo platform for any commercial, business or re-sale purposes.
2.3 In the event that you do not comply with the above Condition 2: Responsibilities and Restrictions in these Terms and Conditions we may terminate your Coreo platform Subscription and you will forfeit any Fees you have paid for the use of the Coreo platform. Without limiting any of those representations or warranties, Natural Apptitude Ltd has the right (though not the obligation), in Natural Apptitude Ltd’s sole discretion, to terminate or deny access to and use of the Platform to any individual or entity for any reason.
- Intellectual Property Rights
3.1 You acknowledge that all intellectual property rights in the Coreo platform belong to Natural Apptitude Ltd, that rights to use the Coreo platform are licensed (not sold) to you, and that you have no rights in, or to, the Coreo platform or any information therein other than the right to use them in accordance with these Terms and Conditions.
3.2 Any intellectual property rights in material generated by you in using the Coreo platform shall be your property unless agreed otherwise separately in writing.
3.3 By agreeing to use the Coreo platform under these Terms and Conditions you agree to provide Natural Apptitude Ltd with a non-exclusive, royalty-free licence to use, reproduce, distribute and modify your Content solely for the purposes of providing the Coreo platform service to you. We might also use the Content for other purposes not subject to known legal restrictions, such as training machine learning models.
3.4 You must not use the Coreo platform in a manner which infringes any copyright, patent, trademark, design or other intellectual property right. You must ensure you have the right to use any files/images that you upload or embed into a project. Any queries from third parties (or arising from our own audits) regarding copyright, or other intellectual property right, infringement will be passed on to the Subscriber/Primary Contact. We reserve the right to temporarily disable a project and/or User Account while any claim of infringement is investigated. If it is subsequently discovered that the project included content without permission, we reserve the right to close your account and you will forfeit any Fees you have paid for the use of the Coreo platform.
3.5 We may access your project data and project metadata for the purposes of operating and enhancing the Coreo platform, for example, to test backward compatibility of new Coreo platform features. We may publish anonymous summary statistics of the Coreo platform project data and project metadata, for example, number or projects, users, records etc. We will not publish identifiable project data or project metadata without your permission. No individuals will be identified unless we have obtained their permission.
4.1 Whilst every effort is made to ensure that Coreo is a world class and continuously improving platform, as a generalised (general, multi-purpose) platform we do not warrant that Coreo will be fit for any particular purpose or meet your requirements.
4.2 Further, we do not warrant that: (a) the service will be uninterrupted, timely, completely secure, or error-free; (b) any subscriber content that you may obtain on the service will be accurate or reliable; (c) any errors in any data or software will be corrected.
4.3 Users of the Coreo Platform do so entirely at their own risk and users of the Platform acknowledge that Natural Apptitude Ltd has not reviewed, and cannot review, all of the material, including computer software, posted to the Platform, and cannot therefore be responsible for that material’s content, use or effects. By operating the Platform, Natural Apptitude Ltd does not represent or imply that it endorses the material posted to the Platform, or that it believes such material to be accurate, useful, non-infringing or non-harmful. You are responsible for taking precautions as necessary to protect Yourself and Your computer systems from viruses, worms, Trojan horses, and other harmful or destructive content. The Platform may contain content that is offensive, indecent, or otherwise objectionable, as well as content containing technical inaccuracies, typographical and location specific errors, and other errors. The Platform may also contain material that violates the privacy or publicity rights, or infringes the intellectual property and other proprietary rights, of third parties. The downloading, copying or use of such may be subject to additional terms and conditions, stated or unstated. Natural Apptitude Ltd disclaims any responsibility for any harm resulting from the use by users of the Platform, or from any downloading by those users of content posted to the Platform.
- Limitations of liability
5.1 You acknowledge that the Coreo platform has not been developed to meet your individual requirements, and that it is therefore your responsibility to ensure that the facilities and functions of the Coreo platform meet your requirements.
5.2 We shall not, under any circumstances whatever, be liable to you, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, arising under or in connection with these Terms and Conditions, for:
- loss of profits, sales, business or revenue;
- business interruption;
- loss of anticipated savings;
- loss or corruption of data or information;
- loss of business opportunity, goodwill or reputation; or
- any indirect or consequential loss or damage.
5.3 Other than the losses set out in Condition 5.2 (for which we are not liable), our maximum aggregate liability under or in connection with these Terms and Conditions, whether in contract, tort (including negligence) or otherwise shall, in all circumstances, be limited to a sum equal to the Fee for your Subscription to use the Coreo platform. This maximum cap does not apply to Condition 5.7.
5.4 These Terms and Conditions set out the full extent of our obligations and liabilities in respect of the supply of the Coreo platform. Except as expressly stated in these Terms and Conditions, there are no conditions, warranties, representations or other terms, express or implied, that are binding on Natural Apptitude Ltd. Any condition, warranty, representation or other term concerning the supply of the Coreo platform which might otherwise be implied into, or incorporated in, these Terms and Conditions whether by statute, common law or otherwise, is excluded to the fullest extent permitted by law.
5.5 If you are a Consumer, we only supply the use of the Coreo platform for domestic and private use. You agree not to use the Coreo platform for any commercial, business or re-sale purposes, and we have no liability to you for any loss of profit, loss of business, business interruption, or loss of business opportunity.
5.6 We are only responsible for loss or damage you suffer that is a foreseeable result of our breach of these Terms and Conditions or our negligence up to the amount specified in Condition 5.3, but we are not responsible for any loss or damage that is not foreseeable. Loss or damage is foreseeable if it was an obvious consequence of our breach or if it was contemplated by you and Natural Apptitude Ltd at the time we granted you the use of the Coreo platform under these Terms and Conditions.
5.7 Nothing in these Terms and Conditions shall limit or exclude our liability for:
- death or personal injury resulting from our negligence;
- fraud or fraudulent misrepresentation; or
- any other liability that cannot be excluded or limited by English law.
6.1 We may terminate your Subscription to use the Coreo platform immediately by written notice to you if you commit a material or persistent breach of these Terms and Conditions which you fail to remedy (if remediable) within 14 days after the service of written notice requiring you to do so.
6.2 In the event of non-renewal of your Subscription your Coreo platform Account will be suspended and all User Accounts and project data will be deleted 45 days after the date of suspension.
6.3 Upon termination for any reason:
- all rights granted to you for your use of the Coreo platform under these Terms and Conditions shall cease; and
- you must immediately cease all activities authorised by these Terms and Conditions.
- Communications between us
7.1 The Primary Contact for the Coreo platform Account will act as the main point of contact between you and Natural Apptitude Ltd. Should other defined points of contact fail (e.g. Billing Contact or Admin User), the Primary Contact will be ultimately responsible.
7.2 If you wish to contact us in writing, or if any condition in these Terms and Conditions requires you to give us notice in writing, you can send this by email or pre-paid post to:
Natural Apptitude Ltd
For notices regarding the functioning of, or renewal of, your Subscription to use the Coreo platform:
We will confirm receipt of this by contacting you in writing, usually by e-mail.
For legal notices:
7.3 If we have to contact you or give you notice in writing, we will do so by e-mail or by pre-paid post to the address you have provided.
7.4 If you are a business, please note that any notice given by you to us, or by us to you, will be deemed received and properly served immediately when posted on our website, 24 hours after an e-mail is sent, or three days after the date of posting of any letter. In proving the service of any notice, it will be sufficient to prove, in the case of a letter, that such letter was properly addressed, stamped and placed in the post and, in the case of an e-mail that such e-mail was sent to the specified e-mail address of the addressee.
- Events outside our control
8.1 We will not be liable or responsible for any failure to perform, or delay in performance of, any of our obligations under these Terms and Conditions that is caused by an Event Outside Our Control. An Event Outside Our Control is defined below in Condition 8.2.
8.2 An Event Outside Our Control means any act or event beyond our reasonable control including, without limitation, failure of public or private telecommunications networks.
8.3 If an Event Outside Our Control takes place that affects the performance of our obligations under these Terms and Conditions:
- our obligations under these Terms and Conditions will be suspended and the time for performance of our obligations will be extended for the duration of the Event Outside Our Control;
- we will use reasonable endeavours to find a solution by which our obligations under these Terms and Conditions may be performed despite the Event Outside Our Control.
- Data protection requirements
9.1 The Subscriber and Natural Apptitude Ltd shall observe their obligations under the Data Protection Legislation. The parties shall comply with the provisions of Schedule 2, Data Protection.
9.2 In the event of any conflict between Schedule 2 and any other provision of these service terms, the relevant provision of Schedule 2 shall take precedence.
- Freedom of Information Obligations
10.1 Natural Apptitude Ltd is not subject to the requirements of the Freedom of Information Laws and is not obliged to respond to requests for information under the Freedom of Information Laws (“Request for Information”).
10.2 Natural Apptitude Ltd acknowledges that the Subscriber may be obliged to respond to any Request for Information where it is subject to the requirements of the Freedom of Information Laws. If this is the case the Subscriber shall be responsible for determining in its absolute discretion and, notwithstanding any other provision in these Terms and Conditions or any other agreement, whether any information is exempt from disclosure in accordance with the provisions of the Freedom of Information Laws. Without prejudice to the foregoing, if the Subscriber receives a Request for Information and such request includes commercially sensitive information or confidential information of Natural Apptitude Ltd under the Freedom of Information laws, the Subscriber shall, as soon as reasonably practicable, notify Natural Apptitude Ltd of such request and shall consult with Natural Apptitude Ltd and consider any representations which Natural Apptitude Ltd may make in relation to the requested disclosure prior to deciding whether to comply with or to refuse the request (in whole or in part).
10.3 Natural Apptitude are entitled to charge the Subscriber for time spent at its day rate in effect at the time.
- Other important terms
11.1 We may transfer our rights and obligations under these Terms and Conditions to another organisation, but this will not affect your rights or obligations under these Terms and Conditions.
11.2 You may only transfer your obligations under these Terms and Conditions to another person if we agree in writing.
11.3 These Terms and Conditions constitute the entire agreement between you and us. You acknowledge that you have not relied on any statement, promise or representation made or given by, or on behalf of, us which is not set out in these Terms and Conditions or any document expressly referred to in it.
11.4 If we fail to insist you perform any of your obligations under these Terms and Conditions, or if we do not enforce our rights against you, or if we delay in doing so, that will not mean that we have waived our rights against you and will not mean that you do not have to comply with those obligations. If we do waive a default by you, we will only do so in writing, and that will not mean that we will automatically waive any later default by you.
11.5 We may be required to review content to determine if it is appropriate or if it is violating any terms of service such as our receipt of a report of unlawful content, however we have no obligation to monitor or review content.
11.6 Any price changes will become effective upon Subscription renewal or immediately upon our agreement to provide additional services.
11.7 If you wish to downgrade your Coreo platform Account this can only be done at renewal time. No refunds will be available during the term of your Subscription.
11.8 If you wish to upgrade your Coreo platform Account during your existing Subscription term, we will calculate the cost of the upgrade on a daily rate for the remainder of that term. The additional functionality will be added on payment of the additional fee as notified to you.
11.9 Each of the conditions of these Terms and Conditions operates separately. If any court or competent authority decides that any of them are unlawful or unenforceable, the remaining conditions will remain in full force and effect.
11.10 We reserve the right to alter these Terms and Conditions during the term of your Subscription.
11.11 Please note that these Terms and Conditions, their subject matter and their formation are governed by English law. You and we both agree that the courts of England and Wales will have exclusive jurisdiction.
Schedule 1 – Coreo platform Service Levels
1.1 This Service Level Agreement sets out the levels of availability and support the Subscriber can expect from Natural Apptitude Ltd .
2.1 Phone and email support are available for Enterprise Account users only.
- Support hours
3.1 Support hours are 09:00 – 17:00, Monday to Friday, excluding Bank Holidays and Natural Apptitude Ltd closure days. Natural Apptitude Ltd closure days are from the 24th December to 1st January inclusive.
4.1 The Subscriber acknowledges that, from time to time during the term of their Subscription, Natural Apptitude Ltd may apply enhancements to the Coreo platform, and that such enhancements may, subject to paragraph 4.2, result in changes to the appearance and/or functionality of the Coreo platform.
4.2 We warrant that no enhancement shall significantly impair the main functionality of the Coreo platform.
- Scheduled maintenance
5.1 Any scheduled maintenance will be publicised on the Coreo platform Website prior to being carried out. Natural Apptitude Ltd will do everything possible to minimise and avoid downtime during such maintenance.
- Backup and restoration
6.1 The Coreo platform is hosted on a fully backed up infrastructure. In the event of service failure we will make all reasonable efforts to restore service as quickly as possible.
Schedule 2 – Data Protection
1.1. The following definitions apply to this Data Protection Schedule
Agreement means the agreement between Natural Apptitude Ltd and the Subscriber for the provision of the Service;
Applicable EU Law any law of the European Union (or the law of one of the Member States of the European Union);
Controller, Processor and Data Subject Shall have the meaning given to those terms in the GDPR;
Data Protection Legislation means (a) any law, statute, declaration, decree, directive, legislative enactment, order, ordinance, regulation, rule or other binding restriction (as amended, consolidated or re-enacted from time to time) which relates to the protection of individuals with regards to the processing of Personal Data to which a Party is subject, including EC Directive 95/46/EC (the DP Directive), the Data Protection Act 1998 (the DPA) and Privacy and Electronic Communications (EC Directive) Regulations 2003 (up to and including 24 May 2018) and the GDPR (on and from 25 May 2018), or, in the event that the UK leaves the European Union, all legislation enacted in the UK in respect of the protection of Personal Data; and (b) any code of practice or guidance published by the Regulator from time to time;
Data Protection Particulars means, in relation to any Processing under this Agreement:
the subject matter and duration of the Processing;
the nature and purpose of the Processing;
the type of Personal Data being Processed; and
the categories of Data Subjects.
Data Subject Request means an actual or purported subject access request or notice or complaint from (or on behalf of) a Data Subject exercising his rights under the Data Protection Legislation;
Data Transfer means transferring the Personal Data to, and/or accessing the Personal Data from and/or Processing the Personal Data within, a jurisdiction or territory that is a Restricted Country;
GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and repealing Directive 95/46/EC (General Data Protection Regulation) OJ L 119/1, 4.5.2016;
Permitted Purpose means the purpose of the Processing as specified in the Data Processing Particulars;
Personal Data has the meaning given to it in the GDPR and for the purposes of this Agreement includes Sensitive Personal Data;
Personal Data Breach has the meaning given to it in the GDPR and, for the avoidance of doubt, includes a breach of Clause 4.1.3;
Personnel means all persons engaged or employed from time to time by Natural Apptitude Ltd in connection with this Agreement, including employees, consultants, contractors and permitted agents;
Processing has the meaning given to it in the GDPR (and “Process” and “Processed” shall be construed accordingly);
Regulator means the UK Information Commissioner’s Office (including any successor or replacement body);
Regulator Correspondence means any correspondence or communication (whether written or verbal) from the Regulator in relation to the Processing of the Personal Data;
Restricted Country means a country, territory or jurisdiction outside of the European Economic Area which the EU Commission has not deemed to provide adequate protection in accordance with Article 25(2) of the DP Directive and/ or Article 45(1) of the GDPR (as applicable);
Security Requirements means the requirements regarding the security of the Personal Data, as set out in the Data Protection Legislation (including, in particular, the seventh data protection principle of the DPA and/ or the measures set out in Article 32(1) of the GDPR (taking due account of the matters described in Article 32(2) of the GDPR)) as applicable;
Sensitive Personal Data means Personal Data that incorporates such categories of data as are listed in Article 9(1) of the GDPR;
Service means the Coreo platform service provided by Natural Apptitude Ltd ;
Schedule means this schedule which forms part of the Agreement.
Third Party Request means a written request from any third party for disclosure of Personal Data where compliance with such request is required or purported to be required by law or regulation;
- Arrangement between the parties
2.1. The Parties shall each Process the Personal Data in accordance with the terms of this Schedule. The Parties acknowledge that the factual arrangement between them dictates the classification of each Party in respect of the Data Protection Legislation. Notwithstanding the foregoing, the Parties anticipate and agree that the Subscriber shall act as Controller and Natural Apptitude Ltd shall act as Processor, as follows:
2.1.1 The Subscriber shall be a Controller where it is Processing the Personal Data in relation to the services being supplied by Natural Apptitude Ltd; and
2.1.2 Natural Apptitude Ltd shall be a Processor where it is Processing the Personal Data in relation to the Permitted Purpose in connection with the performance of its obligations under these service terms.
2.2. Each of the Parties acknowledges and agrees that the following table sets out an accurate description of the Data Protection Particulars:
The subject matter and duration of the Processing
The Coreo platform provides tools and functionality to create and deliver projects, which themselves have users. Coreo is used to administer users and administer and analyse data. Admin Users, managed by the Primary Contact, have the capacity to run projects which may capture a range of information about a Data Subject (which may include Personal Data). The duration of the Processing will be for the term of the Service agreement between the Subscriber and Natural Apptitude Ltd.
The nature and purpose of the Processing
The Personal Data will be Processed in order to provide the Service ordered by the Subscriber.
The type of Personal Data being Processed
End Users have the capacity to collect any type of Personal Data, this may include (but is not limited to) user’s first name, last name, email address, phone number, date of birth and location.
The categories of Data Subjects
End Users of the Coreo platform. Individuals that have participated in a project created by Admin Users
- Controller Obligations
3.1. As the Controller in respect of the Processing of the Personal Data, the Subscriber shall ensure that:
3.1.1 it is not subject to any prohibition or restriction which would prevent or restrict it from disclosing or transferring the Personal Data to Natural Apptitude Ltd in accordance with the terms of this Schedule; and
3.1.2 all fair processing notices have been given (and/ or, as applicable, consents obtained) and are sufficient in scope to allow the Subscriber to disclose the Personal Data (including any Sensitive Personal Data) to Natural Apptitude Ltd for the delivery of the Service in accordance with the Data Protection Legislation.
- Processor Obligations
4.1. Natural Apptitude Ltd (as a Processor in relation to any Personal Data Processed by (or on behalf of) the Subscriber pursuant to the Agreement) undertakes to the Subscriber that it shall:
4.1.1 Process the Personal Data for and on behalf of the Subscriber in connection with the performance of the Service only and for no other purpose in accordance with the terms of this Agreement and any instructions from the Subscriber;
4.1.2 unless prohibited by law, promptly notify the Subscriber (and in any event within forty-eight (48) hours of becoming aware of the same) if it considers, in its opinion (acting reasonably) that it is required by Applicable EU Law to act other than in accordance with the instructions of the Subscriber, including where it believes that any of the Subscriber’s instructions under Clause 4.1.1 infringes any of the Data Protection Legislation;
4.1.3 implement and maintain appropriate technical and organisational security measures to comply with at least the obligations imposed on a Controller by the Security Requirements. If requested by the Subscriber, Natural Apptitude Ltd will provide a description of the technical and organisational security measures that Natural Apptitude Ltd will implement and maintain;
4.1.4 take all reasonable steps to ensure the reliability and integrity of any of the Personnel who shall have access to the Personal Data, and ensure that each member of Personnel shall have entered into appropriate contractually-binding confidentiality undertakings;
4.1.5 notify the Customer promptly, and in any event within forty-eight (48) hours, upon becoming aware of any actual or suspected, threatened or ‘near miss’ Personal Data Breach, and:
- implement any measures necessary to restore the security of compromised Personal Data;
- assist the Subscriber to make any notifications to the Regulator and affected Data Subjects;
4.1.6 notify the Subscriber promptly (and in any event within ninety-six (96) hours) following its receipt of any Data Subject Request or Regulator Correspondence and shall:
not disclose any Personal Data in response to any Data Subject Request or Regulator Correspondence without the Subscriber’s prior written consent; and
provide the Subscriber with all reasonable co-operation and assistance required by the Subscriber in relation to any such Data Subject Request or Regulator Correspondence;
4.1.7 not disclose Personal Data to a third party in any circumstances without the Subscriber’s prior written consent, other than:
- in relation to Third Party Requests where Natural Apptitude Ltd is required by law to make such a disclosure, in which case it shall use reasonable endeavours to advise the Subscriber in advance of such disclosure and in any event as soon as practicable thereafter, unless prohibited by law or regulation from notifying the Subscriber;
- to Natural Apptitude Ltd ‘s employees, officers, representatives and advisers who need to know such information for the purposes of Natural Apptitude Ltd performing its obligations under this Agreement and in this respect Natural Apptitude Ltd shall ensure that its employees, officers, representatives and advisers to whom it discloses the Personal Data are made aware of their obligations with regard to the use and security of Personal Data under this Agreement; and
- to a sub-contractor appointed in accordance with Clause 5.
4.1.8 not make (nor instruct or permit a third party to make) a Data Transfer without putting in place measures to ensure the Subscriber’s compliance with Data Protection Legislation;
4.1.9 on the written request of the Subscriber, and with reasonable notice, allow representatives of the Subscriber to audit Natural Apptitude Ltd in order to ascertain compliance with the terms of this Clause 4 and/ or to provide the Subscriber with reasonable information to demonstrate compliance with the requirements of this Clause 4, provided that:
- the Subscriber shall only be permitted to exercise its rights under this Clause 1.9 no more frequently than once per year (other than where an audit is being undertaken by a Subscriber in connection with an actual or ‘near miss’ Personal Data Breach, in which case, an additional audit may be undertaken each year by the Subscriber within thirty (30) days of the Subscriber having been notified of actual or ‘near miss’ Personal Data Breach);
- each such audit shall be performed at the sole expense of the Subscriber;
- Natural Apptitude will be compensated for any time spent at its current day rate at the time
- the Subscriber shall not, in its performance of each such audit, unreasonably disrupt the business operations of Natural Apptitude Ltd;
- the Subscriber shall comply with Natural Apptitude Ltd ‘s health and safety, security, conduct and other rules, procedures and requirements in relation to Natural Apptitude Ltd’s property and systems which have been notified by Natural Apptitude Ltd to the Subscriber in advance; and
- in no case shall the Subscriber be permitted to access any data, information or records relating to any other customer of Natural Apptitude Ltd.
4.1.10 except to the extent required by Applicable EU Law, on the earlier of:
the date of termination or expiry of the Agreement (as applicable); and/or
the date on which the Personal Data is no longer relevant to, or necessary for, the performance of the Service,
cease Processing any of the Personal Data and, within sixty (60) days of the date being applicable under this Clause 4.1.10, return or destroy (as directed, in writing, by the Subscriber) the Personal Data belonging to, or under the control of, the Subscriber and ensure that all such data is securely and permanently deleted from its systems, provided that Natural Apptitude Ltd shall be entitled to retain copies of the Personal Data for evidential purposes and to comply with legal and/or regulatory requirements;
4.1.11 comply with the obligations imposed upon a Processor under the Data Protection Legislation; and
4.1.12 assist the Subscriber in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of Processing and the information available to Natural Apptitude Ltd , provided that Natural Apptitude Ltd shall be entitled to charge a fee to the Subscriber (on a time and materials basis and at such rate notified by Natural Apptitude Ltd to the Subscriber from time to time) in respect of providing any such assistance to the Subscriber.
4.2. Notwithstanding anything in this Agreement to the contrary, this Clause 4 shall continue in full force and effect for so long as Natural Apptitude Ltd Processes any Personal Data on behalf of the Subscriber.
5.1 Natural Apptitude Ltd may from time to time use sub-contractors to perform all or any part of its obligations under this schedule. The appointment of any sub-contractor shall be at Natural Apptitude Ltd ‘s absolute discretion and Natural Apptitude Ltd shall have no obligation to act in accordance with any objection raised by the Subscriber.
5.2 Natural Apptitude Ltd may from time to time disclose Personal Data to its sub-contractors (or allow its sub-contractors to access Personal Data) for Processing solely in connection with the fulfilment of the Permitted Purpose.
5.3 Where Natural Apptitude Ltd uses a sub-contractor to Process Personal Data for or on its behalf, it will ensure that the sub-contractor contract (as it relates to the Processing of Personal Data) is on terms which are substantially the same as, and in any case no less onerous than, the terms set out in Clause 4 of this schedule.
5.4 Natural Apptitude Ltd shall remain liable to the Subscriber for the acts, errors and omissions of any of its sub-contractors to whom it discloses Personal Data, and shall be responsible to the Subscriber for the acts, errors and omissions of such sub-contractor as if they were Natural Apptitude Ltd ‘s own acts, errors and omissions to the extent that Natural Apptitude Ltd would be liable to the Subscriber under this Agreement for those acts and omissions.