Sed ut perspiciatis, unde omnis iste natus error sit voluptatem accusantium doloremque…
Concerning MOBU Technologies’ Processing of Personal Data on behalf of the Controller.
1.1 The Controller has agreed to appoint the Processor to provide software and services to the Controller under the terms of the Contract.
1.2 As part of performing the software and services the Processor will be required to Process Personal Data that may be linked to specific natural persons as described in Appendix A.
1.3 The Data Processing Agreement sets out the terms and conditions which apply to the Processor’s Processing of Personal Data.
Definitions and interpretations
2.1 The following words and expressions have the meanings stated below in the Data
Processing Agreement, unless the context requires otherwise.
|Appendix/Appendices means appendices to this Data Processing Agreement.|
|Business Day||a day other than Saturday, Sunday or public holiday|
|Business Hours||9:00 am to 5:00 pm on a Business Day|
|Contract||means the customer agreement between the Distributor and|
Customer regarding delivery of services, and Processor’s
general terms and conditions, including any schedules,
appendices and amendments hereto.
|Controller||the Customer as defined in the Contract and in accordance with|
the definition in the applicable Data Protection Law.
|Data Processing Agreement||this agreement with Appendices.|
|Data Processing Services||the services described in Appendix A|
|Data Protection Law||the legislation, as amended, protecting the fundamental rights|
and freedoms of individuals and, in particular, their right to
privacy with respect to the Processing of Personal Data
applicable to a Controller in the EEA country where the
Controller is established, including the GDPR as per 25 May
2018. A reference to Data Protection Law is a reference to it as
amended, extended or reenacted from time to time.
|Data Subject||an identified or identifiable natural person (an identifiable|
person is one who can be identified, directly or indirectly, in
particular by reference to an identifier such as a name,
identification number, location data, an online identifier or to one
or more factors specific to the physical, physiological, genetic,
mental, economic, cultural or social identity of that natural
|Destroy/Destruction||means that Personal Data is irrevocably deleted from all|
storage media on which it has been held and that the Personal
Data cannot in any way be restored, including by any Sub-
processors. This applies to all storage media used in
connection with the Processing and include all existing copies.
|Distributor||means [insert name, CVR no, and address for the relevant distributor].|
|EEA||the European Economic Area.|
|End User Licence||the agreement between MOBU Technologies and any Data Subject who accesses the workforce management software named “Carehome Schedule” and/or any related software.|
|GDPR||Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)|
|Personal Data||any information, in whatever form, relating to the Data Subject.|
|Personal Data Breach||a breach of security leading to the accidental or unlawful|
destruction, loss, alteration, unauthorized disclosure of, or
access to, Personal Data transmitted, stored or otherwise
|Process/Processing||any operation or set of operations which is performed upon|
Personal Data or on sets of Personal Data, whether or not by
automatic means, such as collection, recording, organization,
structuring, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination,
restriction, erasure or destruction.
|Processing Operations||As defined in Appendix A|
|Processor||means MOBU Technologies as defined in the Data Processing|
Agreement and in accordance with the definition in the
applicable Data Protection Law.
|Return||means that all Personal Data is returned physically or|
electronically to the Controller and that any copies thereof etc.
which may be in the Processor’s possession, or which the
Processor may have at its disposal, including Personal Data
handed over to Sub-processors, is subject to Destruction.
|Sub-processor||means another processor engaged by the Processor with the|
purpose of carrying out specific processing activities on behalf
of the Controller.
|Carehome Schedule System||any information technology system or systems on which the|
Data Processing Services are performed in accordance with
this Data Processing Agreement.
2.2 Unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular.
2.3 Any words following the terms “including”, “include”, “in particular” or “for example” or any similar phrase shall be construed as illustrative and shall not limit the generality of the related general words.
2.4 Any exclusion or cap on liability in the Contract shall also apply to the Processor’s liability under this Data Processing Agreement.
3.1 The Data Processing Agreement applies to any Processing of Personal Data performed by the Processor in connection with the performance of the Data Processing Services to the Controller as defined in Appendix A (the subject-matter).
3.2 The Customer and MOBU Technologies acknowledge that the Customer is the Controller and MOBU Technologies is the Processor in respect of any Personal Data supplied to MOBU Technologies by or on behalf of Customer, including Personal Data described in Appendix A, in the course of the supply of the Data Processing Services.
3.3 The nature and purpose of the Processing, the types of Persona Data and categories of Data Subjects are set out in Appendix A.
3.4 Nothing in this Data Processing Agreement shall prejudice MOBU Technologies’s rights and obligations set out in the End User Licence.
Obligations of the Processor
4.1 The Processor shall:
a) Process Personal Data only on documented instructions from the Controller as specified in this Data Processing Agreement and for the purposes set out in Appendix A;
b) discharge its operations under this Data Processing Agreement with all due skill, care and diligence;
c) keep a record as described in art. 30 of the GDPR at its normal place of business of any Processing of the Personal Data carried out in the course of the Data Processing Services and
of its compliance with its obligations set out in this Data Processing Agreement (“Records”);
d) ensure that persons authorised to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
e) implement appropriate technical and organisational measures to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and against all other unlawful forms of Processing, including the requirements with respect to such measures under the Data Protection Law, as specified in clause 6;
f) only make copies of the Personal Data to the extend reasonably necessary, which among other things may include back-up, mirroring, security, disaster recovery and testing of the
g) only subcontract with Sub-processors in accordance with the requirements of clause 7;
h) immediately inform the Controller if, in its opinion, an instruction infringes Data Protection Law;
i) assist the Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller’s obligation to respond to requests for exercising the Data Subject’s non-exclusive rights to access, rectification, erasure and data portability, as these are stated in the Data Protection Law;
j) at the choice of the Controller Destroy or Return all the Personal Data to the Controller either during or after the term of this Data Processing Agreement, cf. clause 11;
k) make available to the Controller all information necessary to demonstrate compliance with the Data Protection Law, e.g. annual audit certificate from the Processor’s third party accountants, if any;
l) in connection with clause 4.1(k), if legally and technically possible allow for and contribute to audits, including inspections conducted by the Controller or another mandated by the Controller as set out in clause 8;
m) comply with its obligations under Data Protection Law including, where applicable, appointing a data protection officer.
4.2 If the Processor receives any complaint, notice or communication which relates directly or indirectly to the Processing of Personal Data or to either party’s compliance with Data Protection Law, it shall immediately notify the Controller and it shall provide the Controller with full co-operation and assistance in relation to any such complaint, notice or communication.
4.3 The Processor’s liability under the Contract, including the Data Processing Agreement, is capped and disclaimed according to the terms of the Contract.
4.4 The Processor shall inform the Controller without undue delay if the Processor comes to know/aware of any Personal Data Breach.
4.5 The Processor shall be entitled to charge the Controller separately for any cost (including internal resources at the Processor’ standard rates) that may incur in relation to assistance as referred to in clause 4.1(a)-(m).
Obligations of the Controller
5.1 The Controller will be solely responsible and liable for its compliance with applicable law as Controller. The Controller will ensure before using the software and receive services under the Contract in a way that includes Processing of Personal Data that it complies with all Data Protection Law, e.g. in relation to the provision of required information/notification to and/or approvals from Data Subjects and/or regulatory authorities related to the Processing.
5.2 The Controller will promptly notify the Processor if it becomes aware that Processing of the Controller’s Personal Data may be contrary to Data Protection Law.
5.3 The Controller warrants that the Processor’s strict compliance with any instruction from the Controller with respect to the Processing of Personal Data, shall not result in a violation of applicable Data Protection Law.
5.4 The Controller will indemnify the Processor from any loss resulting from the Controller’s failure to comply with its obligations hereunder.
6.1 The Processor is obligated to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks, that are presented by Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise Processed, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, including inter alia as appropriate:
a) the pseudonymisation and encryption of Personal Data;
b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
c) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing.
6.2 The Processor shall take steps to ensure that any natural person acting under the authority of the Processor who has access to the Personal Data does not Process the Personal Data except on instructions of the Controller, unless he or she is required to do so under Data Protection Law.
6.3 The specific technical and organisational security measures implemented by the Processor are set out in appendix B (Security Measures). Subprocessors
7.1 The Controller hereby authorizes the Processor to engage Sub-processors, including without limitation the Sub-processors as stated in Appendix A, to perform Processing of
Personal Data, provided that the Processor enters into a written agreement with each Sub-processor which imposes the same obligations on the Sub-processors as are imposed on the
Processor under this Data Processing Agreement. The Controller will at any time upon reasonable prior written notice be entitled to receive a copy of the Processor’s data processing agreement with each Sub-processor.
7.2 The Processor will inform the Controller by email about any intended addition or replacement of a sub-processor in advance allowing the Controller/Data Subject the opportunity to object and/or render its informed consent, such not to be unreasonably withheld. Controller cannot object without a bona fide and objective reason, unless required by mandatory law. If the Controller object to any addition or replacement of any sub-processor, provided that such objection is based on a bona fide and objective reason, the Processor is entitled to (i) terminate the Data Processing Agreement with immediate effect by written notice.
7.3 Where a Sub-processor fails to fulfil its data protection obligations under the Data Processing Agreement referred to in clause 7.1, the Processor shall remain fully liable to the Controller for the performance of the Sub-processor’s fulfilment of its data protection obligations in general.
8.1 For the purpose of auditing the Processor’s compliance with its obligations under this Data Processing Agreement, the Processor shall allow for the Controller on reasonable written notice of not less than thirty (30) days to Processor during Business Hours, but without notice in case of any reasonable suspected breach of this Data Processing Agreement by the Processor, to perform an Audit, including but not limited to:
a) gain access to inspect, and take copies of, the records and any other information held at the Processor’s premises or on the Processor System related to the Data Processing Services, and;
b) gain access to inspect the Processor System.
8.2 The written notice shall include a proposed audit plan. If part of the requested audit scope is covered by the scope of an audit report by a qualified third party auditor within the last 12 months, the Processor may request the Controller to consider whether it could rely on such report instead of an audit. The Processor will be entitled to suggest the date and time of the audit to minimize business disruption and may suggest the audit to be combined with audits from other Controllers. Controller cannot deny such suggestions from the Processor, unless it has a bona fide objective reason to do so.
8.3 At the request of Controller according to Clause 8.1 and 8.2, the Controller (or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality appointed by the Controller or Regulator) will be entitled to perform audits of the Processor’s facilities and security practices directly related to the Processing of Personal Data under the Contract in order to monitor compliance with this Data Processing Agreement. Unless in case of any reasonable suspected breach of this Data Processing Agreement or as otherwise permitted by mandatory law, such audit shall be limited to 1 audit per 12 months’ period.
8.4 The Controller will bear any costs related to audits and the Processor shall be entitled to charge the Controller separately for any cost (including internal resources at the Processor’s standard rates) the Processor may incur in relation to its assistance with such audits.
8.5 Any audit shall be conducted in accordance with the Processor’s internal policies and all participants shall be subject to adequate written confidentiality obligations. To the extent allowed under applicable law, the Controller shall deliver to the Processor a copy of the audit report and the Processor be entitled to use such report free of charge in relation to other Controllers.
8.6 The Controller may use the information obtained during any audit, including any audit report, only for the purpose of meeting its audit obligations under Data Protection Law. For the avoidance of doubt, the Controller is not allowed to disclose to the public any parts of the audit report, without prior written consent from the Processor, unless required by mandatory law.
8.7 The Processor shall give all necessary assistance to the conduct of such audits during the term (as set out in clause 11) of this Data Processing Agreement.
8.8 The Controller, or its third-party representatives as specified in clause 8.3, is allowed to conduct audits with the Processor’s Sub-processors to the extent this is possible according to the terms and conditions in the then currently valid and applicable version of the Sub-processor’s terms and conditions.
Third Country Transfers
9.1 The Processor may only process the Personal Data in countries outside EEA subject to documented instructions from the Controller as specified in Appendix A.
9.2 If the Processor has the intention to process Personal Data in another third country, the Processor will inform the Controller of such intended transfer in advance allowing the Controller the opportunity to object.
10.1 The Processor acknowledges that the persons authorized to Process the Personal Data are committed to confidentiality including all information related to the Contract and the Parties business.
10.2 The provisions of confidentiality shall continue to apply after termination of this Data Processing Agreement.
Term and Termination
11.1 This Data Processing Agreement will take effect from the effective date as specified in the Contract or the date of the Controller’s signature on the signature page, whichever is earliest, and shall continue in force during the Term as defined in the Contract.
11.2 Upon termination of the Contract, this Data Processing Agreement shall also terminate.
11.3 Notwithstanding clause 11.2 above, this Data Processing Agreement shall not lapse until the Controller has received and accepted the documentation regarding deletion described in clause 11.6(b), unless the Controller specifically accepts otherwise.
11.4 Any provision of this Data Processing Agreement that expressly or by implication is intended to come into or continue in force or after termination of this Data Processing Agreement shall remain in full force and effect.
11.5 Termination of this Data Processing Agreement, for any reason, shall not affect the accrued rights, remedies, obligations or liabilities of the Parties existing at termination.
11.6 On any termination of this Data Processing Agreement for any reason:
a) the Processor shall as soon as reasonably practicable Destroy all Personal Data and all information and other materials provided to it by or on behalf of the Controller in connection with this Data Processing Agreement;
b) the Processor shall as soon as reasonably practicable ensure that all such data are destroyed and that all Personal Data is deleted from the Software and Carehome Schedule System. Notwithstanding the above, Destruction shall not take place until the Processor has informed the Controller of the contemplated method of Destruction and received the Controller’s confirmation that Destruction shall take place in accordance with such method. Should the Controller not find the contemplated method of Destruction sufficiently effective, the Controller will inform the Processor of what method is considered sufficiently effective.
11.7 The Processor shall provide written confirmation of compliance with clause 11 (a) no later than 28 working days after termination of this Data Processing Agreement. Changes due to changes in mandatory law
12.1 If there are changes in mandatory Data Protection Law, the Processor is entitled to change this Data Processing Agreement accordingly.
Governing law and disputes
13.1 This Data Processing Agreement is governed by and will be interpreted in accordance with Danish law. However, the conflict of laws rules must be disregarded to the extent that such rules are non-mandatory.
13.2 Any dispute arising out of this Data Processing Agreement, including any dispute concerning the existence or validity of this Data Processing Agreement shall be brought before the Danish courts. Appendix A to Data Processing Agreement
In connection with the Processor’s provision of services and hosting the Personal Data on behalf of the Controller, the Controller gives the Processor the instruction and grants consent to Process the following Personal Data for the purposes set out below:
1. General description and purpose of the Processing Operations
Processing Operations: The Processor processes the Personal Data of the Controller for the purpose of delivering workforce management services
2. Categories of Data Subjects
The Data Subject categories may be adjusted from time to time, to the extent that the processing of Personal Data and the purposes thereof continue to fall under the general description.
3. Types of Personal Data
Description of the types of Personal Data for each category of Data Subjects Full name & initials, address, email address, telephone, gender, National Insurance No, bank details, birth date, relative or next of kin full name & telephone, Payroll details, photograph, employee contract information, employee payslip information, data entered into custom fields created by Customer which may contain sensitive Personal Data including medical data, DBS, Right to work.
4. Who at the Processor has access to Personal Data?
Only persons engaged with the purposes for which the Personal Data is Processed will be authorized to access and Process the Personal Data, including employees providing:
5. Which external parties have access to all or part of the Personal Data (sub-processors), for which purpose(s) and their geographical location (including if outside the EEA)?
|Company name, company registration no., address, contact details, and contact details of the data protection officer (if any) etc.)||Scope and purpose of processing|
|Carehome schedule Ukraine – sub-processor||The Vietnamese, Hanoi team have full access to anonymized production data for development and innovation purposes|
|AWS hosting sub-processor||Hosting providers have no access to any data, or services|
The Processor will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of the processing. These measures include but are not limited to:
1. Access control to premises and facilities (physical)
1.1 Processor will maintain commercially reasonable physical security systems at all Processor data centre and administration sites which are used to Process Personal Data;
1.2 Visitors must be pre-approved before coming to Processor sites which are used to Process Personal Data and will be required to present identification and/or sign a visitor log, and be escorted at all times while on the sites.
2. Access control to systems (virtual)
2.1 Processor will establish and maintain safeguards against accidental or unauthorized access to, destruction of, loss of, or alteration of the Personal Data on its systems which are used to Process Personal Data:
2.1.1 access will be granted to personnel through documented access request procedures. The employees’ managers or other responsible individuals must authorise or validate access before it is given;
2.1.2 access controls are enabled at the operating system, database, or application level;
2.1.3 administrative access will be restricted to prevent changes to systems or applications;
2.1.4 users will be assigned a single account and prohibited from sharing accounts.
3. Access control to devices and laptops
3.1 Processor will implement and maintain commercially reasonable security measures with respect to mobile devices and laptops that are used to Process Personal Data.
4. Access control to Personal Data
4.1 Access will be granted only after Processing an approved “access control form”, i.e. LAN Logon ID, application access ID, or other similar identification.
4.2 Unique User IDs and passwords will be issued to the users.
4.3 Users, once authenticated, will be authorised for access levels based on their job functions.
5. Transmission and disclosure control
5.1 Processor will implement and maintain measures to prevent Personal Data from being read, copied, modified or removed without authorisation during electronic transmission or transport and to enable Processor to check and establish to which bodies the transfer of Personal Data by means of data transmission facilities is envisaged.
5.2 Processor will maintain technology and processes designed to minimize access for illegitimate Processing, including technology for the encryption of Personal Data.
6. Input control
6.1 Processor will maintain system and database logs for access to all Personal Data under its control;
6.2 All Processor systems must be configured to provide event logging to identify a system compromise, unauthorised access, or any other security violation. Logs must be protected from unauthorised access or modification;
6.3 Customer/Processor will maintain input controls on its systems.
7. Job control
7.1 Processor will implement procedures to ensure the reliability of its employees and any other person acting under its supervision that may come into contact with, or otherwise have access to and Process, Personal Data, such as requiring a clean references prior to commencement of employment.
7.2 Processor will implement procedures to ensure that its personnel is aware of its responsibilities under the Agreement. Processor shall instruct and train all persons it authorises to have access to the Personal Data on the Data Protection Legislation as well as on all relevant security standards and shall commit them in written form to comply with the data secrecy, the Data Protection Legislation and other relevant security standards.
7.3 Processor will promptly act to revoke access to Personal Data of Customer/Processor due to termination, a change in job function, or in observance of user inactivity or extended absence.
7.4 Processor shall have in place a data protection policy and a document retention policy, with which its personnel must comply.
8. Incident management
8.1 Processor will implement, maintain an incident management procedure that allows processor to inform the Controller within the required time frame of any security breach.
8.2 Should a security breach (potentially) affect personal data, Processor shall notify Controller in accordance with Clause 4 in the Data Processing Agreement.
8.3 The incident management procedure includes periodic evaluation of recurring issues that might indicate a security breach.
8.4 Processor should implement a process to learn from the incidents/attacks and improve the existing security level.
9. Availability control
9.1 Processor will protect Personal Data against accidental destruction or loss by ensuring:
9.1.1 Workstations will be protected by commercial anti-virus and malware prevention software receiving regular definition updates;
9.1.2 Upon detection of a virus or malware, Processor will take immediate steps to arrest the spread and damage of the virus or malware and to eradicate the virus or malware.
9.1.3 Servers will be protected by commercial firewalls and intrusion protection prevention systems.
10. Business continuity management
10.1 Processor will implement and maintain a business continuity plan.
10.2 Processor will regularly evaluate this plan.
11. Change management
11.1 Processor will implement and maintain a business continuity plan that will, inter alia, allow the Processor to restore the availability and access to the Personal Data in a timely manner to be agreed upon by the parties involved in the event of a physical or technical event.
11.2 As part of the change management procedure Processor will evaluate the impact on the security and adapt the measures where needed to maintain the agreed security level.
12. Control of instructions
12.1 Processor will implement and maintain procedures to ensure that Personal Data is processed only in accordance with Controller’s instructions.
13. Separation control
13.1 Processor will implement and maintain procedures to ensure that personal data collected for different purposes will be processed separately to the extent that Processor has been expressly notified about such different purposes and requested to do so and under the condition that Processor may invoice its time and expenses for complying with this request.
14. Regular testing of security measures
14.1 Processor will frequently test, assess and evaluate the effectiveness of its technical and organisational security measures.
These Terms specify how you may use Carehome Schedule, which is licensed by us to you, the End User, free of charge.
About our terms
Content means any text, image, audio or other multimedia content, or other information or material submitted to or otherwise contained in the App;
Terms means these terms and conditions of use as updated from time to time under clause 11;
We, us or our means MOBU Technologies, and the registered office of which is at 59 Barlow Road, Wednesbury, WS10 9QB, United Kingdom.
You or your means the person accessing or using the App or its Content.
3.1 The App is for your personal use only and you agree that you are solely responsible for all costs and expenses you may incur in relation to your use of the App; and keeping your login and password (and other details associated with your account) confidential. We may prevent or suspend your access to the App without notice if we reasonably consider that you have not complied with any part of these Terms or any terms or policies to which they refer or any applicable law.
Ownership, Use and intellectual Property Rights
The App and all intellectual property rights in it are owned by us. Intellectual property rights means rights such as: copyright, trademarks, domain names, design rights, database rights, patents and all other intellectual property rights of any kind whether or not they are registered (anywhere in the world). Nothing in these Terms grants you any legal rights of or in the App other than as necessary to enable you to access the App and upload Content.
Uploading information to the App
These Terms shall be effective until terminated by you or us. Your failure to comply with any of these
Terms will result in your rights hereunder terminating automatically.
You may be able to access our App in connection with or via other third party applications, services and websites. You agree to use such third party applications, services or websites at your sole risk and that you shall not hold us liable for any such third party applications, services or websites.
Limitation on our liability
Events beyond your control
We shall have no liability to you for any breach of these Terms caused by any event or circumstance beyond our reasonable control including, but not limited to, strikes, lock-outs or other industrial disputes; breakdown of systems or network access; failures of or problems with the internet or a part of the internet; hacker attacks; virus or other malicious software attacks or infections; power failures; flood, fire, explosion or accident.
Rights of third parties
No one other than a party to these Terms has any right to enforce any of these Terms.
These Terms are dated 01 June 2018. No changes to these Terms are valid or have any effect unless agreed by us in writing. We reserve the right to vary these Terms from time to time. Our updated terms will be displayed on our website (www.carehomeschedule.com) and by continuing to use and access the App following such changes, you agree to be bound by any variation made by us. It is your responsibility to check these Terms from time to time to verify such variations.
12.1 These Terms will be governed by and construed in accordance with the law in England. The courts in England will have exclusive jurisdiction to settle any dispute which arises out of or in connection with these Terms.
This content specifies the terms and conditions for Customer’s use of the Software and MOBU
Technology’s delivery of Services etc.
Definitions and interpretations
1.1 In these terms and conditions, the following expressions have the following meanings: “Confidential Information” means all information that relates to a Party (or any of its businesses) (whether written, verbal or in any other form) and which is accessed or disclosed to the other Party in connection with the Contract, but excluding information that (a) is at the relevant time in the public domain (other than by virtue of a breach); (b) was received by the other Party from a third party who did not acquire it in confidence; or (c) is developed by the other Party without any breach of the Contract.
“Contract” means the contract which comprises the Order Form, these General Subscription Terms and
Conditions and the Data Processing Agreement, including any schedules, appendices and
means the party specified in the Order Form requesting the supply of Software and Services from MOBU Technologies.
means the data, text, drawings, diagrams, images or sounds (together with any database made up of any of these) which are supplied to MOBU Technologies by the Customer and/or any EndUser in connection with the use of the Software and/or the provision of Services.
“Data Processing Agreement”
means the data processing agreement entered into between MOBU Technologies and Customer concerning MOBU Technologies’ processing of personal data on behalf of Customer forming part of the Contract, including schedules and/or appendices hereto.
means the documentation accessible online as part of the Software as amended and updated from time to time by MOBU Technologies.
means any persons being either (i) employees of Customer, (ii) third-party consultants working for Customer at Customer’s site, or (iii) users working at Customer’s clients, which have been individually created as users in the Software with individual user ID (e.g. with name and company reference etc.) and authorized by MOBU Technologies as users of the Software.
means any act, event, omission and/ or circumstance.
means the fees for the Software and Services set out in the Order Form as amended from time to time in accordance with the Contract.
“Force Majeure Event”
means circumstances outside of a Party’s control, including but not limited to an act of God (including fire, flood, earthquake, hurricane or similar natural disaster), acts of government, war, invasion, act of foreign enemies, hostilities (regardless of whether war is declared), civil war, civil unrest, rebellion, revolution, insurrection, military power or confiscation, terrorist activities, nationalization, government sanction, strikes or other labor conflicts, failures in (1) computer systems, (2) hardware, (3) telecommunications, (4) internet service provider or (5) hosting facilities, power shortages, hacking, denial of service attacks, nationwide blockage or embargo.
“General Subscription Terms and Conditions”
means this document specifying the terms and conditions for the Contract regarding e.g. Customer’s use of the Software and MOBU Technologies’ delivery of Services.
“Initial Subscription Term”
means the period commencing on the Subscription Effective Date and lasting one (1) year thereafter.
“Intellectual Property Rights” or “IPR”
means any and all patents, trademarks, trade names, copyright, moral rights, rights in design, rights in databases, know how and all or other intellectual property rights whether or not registered or capable of registration and subsisting in any part of the world together with all or any goodwill relating to them.
means the front sheet to which the General Subscription Terms and Conditions and the Data Processing Agreement are appended or the online form available through www.carehomeschedule.com (as applicable) which sets out the commercial details relating to the Contract.
means MOBU Technologies and Customer.
means MOBU Technologies or Customer.
means MOBU Technologies Ltd, Company no. 11265775, 59 Barlow Road, Wednesbury, WS10 9QB, United Kingdom
means the services which MOBU Technologies agrees in writing to provide to the Customer as set out in the Contract.
means the workforce management software named “Carehome Schedule” and any related software and documentation provided to Customer by MOBU Technologies as set out in the Contract.
“Subscription Effective Date”
means the date on which the Software or Services are first made available to the Customer or such other date as specified on the Order Form, whichever is earliest.
means any twelve (12) months period commencing on the Subscription Effective Date or on the date of the annual anniversary of the Subscription Effective Date.
means the period where the Contract is in effect. The Term is defined in clause 20.1.
means the country or countries in which the Customer have the right to use the Software and Services (not including other countries regardless of where Customer and its subsidiaries, affiliates etc. are located) and as specified in the Order Form.
means any day other than a Saturday or Sunday or a public or bank holiday in the United Kingdom. Scope, Interpretations and preliminary provisions
2.1 The purpose of the Contract is to govern the delivery of the Software and Services provided by MOBU Technologies to Customer. This means e.g. that the Contract set forth the terms and conditions for the license granted to Customer regarding the use of the Software as well as the delivery of Services.
2.2 These General Subscription Terms and Conditions are the only terms and conditions upon which MOBU Technologies will supply the Software and Services to Customer. Any general terms and conditions or standard agreements provided by Customer and any terms and conditions which may otherwise be implied by trade, custom, practice or course of dealing are hereby explicitly rejected.
2.3 MOBU Technologies will strive to deliver Services under the Contract in a professional manner consistent with good industry standards.
2.4 Expressions such as “including” and similar expressions mean “including, but not limited to”.
2.5 Words in the singular include the plural and vice versa.
2.6 The headings of the Contract are for guidance only and have no separate legal effect on the understanding or interpretation of the provisions of the Contract.
3.1 MOBU Technologies has developed the Software. Since the Software’s functionality and applicable user-manual(s) are constantly changing, Customer can find description of the Software’s current functionality and the currently applicable user-manual at www.carehomeschedule.com or any other webpage MOBU Technologies designates in its place.
4.1 MOBU Technologies grants Customer a non-exclusive, limited license per End User as set out in the Order Form to access and use the Software provided to Customer by MOBU Technologies as a cloud solution, solely for the use on Customer’s hardware within the Territory during the Term of the Contract. The license is non-transferable unless otherwise is expressly stated in the Order Form, e.g. because Customer is allowed to let its clients use the Software and Services.
4.2 Except as permitted by mandatory applicable law, or as expressly authorized by this Contract, Customer may not in any form or by any means (i) copy, make error corrections, or otherwise modify, decompile, decrypt, reverse engineer, disassemble, adapt or otherwise reduce any portion of the Software, to human-readable form; or (ii) transfer, assign, store, reproduce, sublicense, publish, rent, lease, distribute, sell, print, display, perform or create derivative works from any part of the Software; or (iii) commercialize the Software, information or products obtained from any part of the Software. To the extent that any of the foregoing items include any third party material, Customer must also obtain written permission from the applicable third party owner prior to engaging in any of the activities set forth in this clause.
4.3 Customer may not reproduce, distribute, display, sell, publish, broadcast or transfer any information or other material provided by MOBU Technologies and/or any information or other material provided as a result of the Software (e.g. advisories and security updates) to any third party, including Customer’s affiliates or group related entities, nor make such information or material available for any such use.
4.4 The Software may only be used by the legal entity that has purchased a license, has been granted a trial licence or has otherwise been granted an explicit right to use the Software, as applicable, and no shared use with any other legal entity (including Customer’s affiliates or group related entities) is allowed.
4.5 Customer may not remove, conceal, or alter any copyright notices contained in the Software, in any information or other material provided by MOBU Technologies, and/or any information or other material provided as a result of the Software or Services.
4.6 For the avoidance of doubt, Customer and any individual End User may not exceed or circumvent the permitted usage as set forth in the Contract, e.g. by using the Software and/or installing the application to access the Software outside the entity/entities which the Software has been licensed for, or perform any automatic or systematic internal distribution of received advisories and security updates, etc.
4.7 Further, Customer is obligated to ensure that it will not allow, suffer or contribute to any subscription/license to be used by more than one (1) End User, except (i) where such subscription/license has been reassigned in its entirety to another individual End User (cf. clause 5.3), in which case the prior End User shall no longer have any right to access or use the Software and Services, or (ii) where Customer explicitly has been granted an extended license covering more than one End User – such extended license to be agreed by the Parties in writing.
4.8 MOBU Technologies will throughout the Term on regular basis maintain the Software, e.g. by installing new versions and releases (updates) to the Software etc. Scalability (Change in number of licences)
5.1 The Customer may at any time during the Term increase its total number of licenses by adding additional End User licenses. Such addition will take effect from the date where such additional licenses are activated by the Customer. Such additional licenses are subject to the General Subscription Terms and Conditions unless otherwise agreed between the Parties, and MOBU Techhnologies will consequently invoice Customer for the purchase of such additional licenses according to the payment terms set forth in clause 11.
5.2 Customer may not decrease its total number of licenses until after the expiry of the Initial Subscription Term but may only decrease its number of licenses as set out in clause 5.4, unless otherwise agreed in writing between the Parties.
5.3 However, during the Term, Customer is entitled to reassign its End User licenses to other end users provided the requirements set forth in the “End User” definition are adhered to. An End User license may only be reassigned in its entirety to another individual End User, in which case the prior End User shall no longer have any right to access or use the Software and Services.
5.4 After expiry of the Initial Subscription Term, Customer may decrease its total number of licenses upon the same written notice as applies to termination for convenience according to clause 20.3 and with effect from the expiry of said Subscription Period.
6.1 The Customer shall:
a. at all times comply with all laws and regulations and any requirements or instructions that may be given by MOBU Technologies in relation to the Software and Services;
b. promptly provide MOBU Technologies (at Customer’s cost) with all information, resources and assistance reasonably requested by MOBU Technologies in relation to the performance of its obligations under the Contract;
c. ensure at all times that MOBU Technologies has access to necessary suitably qualified and experienced Customer representative(s) as reasonably required by MOBU Technologies in its performance of its obligations under the Contract. The Customer will ensure that such Customer representative(s) will have immediate access to any required information and resources;
d. ensure that (i) it uses the most current version of its web browser or a version which is within two years of its release date in connection with the Services; and (ii) that it complies with all other system requirements notified to it by MOBU Technologies. As general guidance, Carehome Schedule can be accessed on a PC, Mac, Android or Apple device that is capable of connecting to the internet. For smart phones, access to Carehome Schedule is via the Carehome Schedule app, which can be downloaded from Apple / Android stores free of charge. Ideal browsers are Internet Explorer 10 or higher, Firefox 30 or higher or Google Chrome, with the 2 most recent versions of these browsers being supported;
e. be responsible for obtaining appropriate licences and consents for all content and software which is owned by any third party;
f. provide a written, up-to-date list of the then-current End Users to MOBU Technologies promptly on request;
g. permit MOBU Technologies at any time to audit the Customer’s and End Users’ use of the Software and/or Services in order to verify that the Customer’s obligations are being performed in accordance with the Contract as further specified in clause 13;
h. ensure that each End User shall keep a secure password for his use of the Services and that each End User shall keep his password confidential; and
i. only issue passwords which give administrative access to the Software to appropriate End Users.
6.2 Any delay caused by Customer’s failure or delay in performing its obligations under the Contract shall be Customer’s responsibility and MOBU Technologies shall be entitled to charge its then-current standard rates for any unutilized/wasted time or increased efforts on its part that result from the Customer’s failure to fully comply with its obligations promptly or at all, together with any additional costs MOBU Technologies might incur.
7.1 Upon request, MOBU Technologies will within reasonable time provide ordinary customer support in relation to the Software to Customer free of charge within MOBU Technologies’ normal business hours as specified on the Carehome Schedule’s website.
8.1 As between MOBU Technologies, the Customer and/or any End User(s), all Intellectual Property Rights, including the right to patents, copyright, trademarks, or know how, in the Software and Services and any documents or any other material provided to Customer in association with the performance of this Contract and/or arising or developed/created under and/or in connection with this Contract (i.e. both background and foreground IPR) are and shall remain the property of MOBU Technologies and, except as expressly permitted in the Contract, the Customer and/or End User(s) shall have no right in or to the Software or Services. Save for any Intellectual Property Rights in Customer Data, any Intellectual Property Rights which come into existence as a result of the performance by MOBU Technologies of the Services will be the property of MOBU Technologies.
8.2 Customer may not use any of MOBU Technologies’ trademarks in connection with activities, product(s) or services, without MOBU Technologies’ prior written consent.
8.3 Customer shall own the rights to Customer Data.
9.1 Subject to the limitations in clause 14, MOBU Technologies shall indemnify Customer from and against any and all damages awarded by any court finding that the Software or Services delivered by MOBU Technologies to Customer infringes any intellectual property rights of any third party who is not an affiliate or a group related entity of Customer.
9.2 MOBU Technologies’ obligations under clause 9.1 are subject to the conditions that (i) Customer provides prompt (but in no event more than 30 days) written notice of such claims, (ii) Customer provides all necessary information and authority requested or required for the defence or settlement of such action or proceeding, and (iii) MOBU Technologies has sole control over the defence and settlement of such claims. Notwithstanding anything to the contrary, MOBU Technologies shall not be responsible for any cost or expense incurred or compromise made without MOBU Technologies’ prior written consent.
9.3 MOBU Technologies’ obligations under clause 9.1 shall not apply to the extent that such damages are related to or caused by (i) any modification or alteration of the Software or Services by anyone other than MOBU Technologies, (ii) Customer’s use of a non-current copy of the Software, (iii) any specifications, software, hardware or services provided by or on behalf of Customer, (iv) any combination of the Software and/or Services with any hardware, software, services or portion thereof that is not (a) supplied by or on behalf of MOBU Technologies, or (b) specified by MOBU Technologies to be used with the Software, or (v) Customer’s use of the Software in a manner not specified in the specifications and documentation or otherwise in violation of this Contract.
9.4 If the Software or any portion thereof, becomes, or MOBU Technologies believes that it is likely to become, the subject of an intellectual property claim, MOBU Technologies shall, at its option and expense, have the right to (i) procure for Customer the right to continue using the Software or the portion so affected, (ii) modify the Software to avoid the intellectual property claim, (iii) substitute functionality substantially equivalent to the Software at the time of such substitution, or (iv) terminate this Contract and provide to Customer a refund of any prepaid portions of the subscription Fees under this Contract.
9.5 Customer acknowledges that it is not entitled to claim damages from MOBU Technologies if MOBU Technologies remedies a possible intellectual property infringement as set out in clause 9.4.
10.1 Subject to clause 10.3, MOBU Technologies warrants that the Services will be provided using reasonable skill and care and that the Software will be free from material defects in design or workmanship.
10.2 Subject to clause 10.1, the Parties acknowledge and agree that all conditions, warranties and stipulations, express or implied, statutory, customary or otherwise of any kind which, but for such exclusion, would or might subsist in favour of the Customer are expressly excluded – and MOBU Technologies expressly excludes any and all warranties and conditions – to the maximum extent permitted by applicable law.
10.3 Without prejudice to the generality of clause 10.2 MOBU Technologies does not represent or warrant that: a. the functions contained in the Software will meet the Customer’s or End User’s requirements or that the access to or operation of the Software will be uninterrupted or error free;
b. the Software or Services are free of viruses, inaccuracies, errors, bugs, or interruptions, or are reliable, accurate, complete, or otherwise valid.
11.1 The Fees to be paid by Customer to MOBU Technologies for the use of the Software, Services and other deliverables provided by MOBU Technologies are set out in the Contract, including the Order Form.
11.2 MOBU Technologies is entitled to invoice Customer in advance for the Fees and any payable sums under the Contract on quarterly basis (or such other time as notified to Customer) as further specified in the Order Form or as notified by MOBU Technologies. MOBU Technologies may issue its first invoice at any time on or following the signing of the Contract. Invoices for all Fees and sums payable under the Contract are (unless otherwise stated in the Order Form) due for payment within 30 days from the date of invoice.
11.3 All Fees and sums payable by the Customer under the Contract are expressed exclusive of value added tax, which shall also be paid by the Customer at the prevailing rate subject to the provision by MOBU Technologies of a valid invoice.
11.4 MOBU Technologies will be entitled to change the Fees at any time by giving at least 60 days’ prior written notice to the Customer provided that such increases in any calendar year shall be limited to an amount equal to the greater of:
a. 5% of the then-current aggregated annual Fees; or
b. the increase in the retail price index as amended from time to time (in the UK) comprised by the Office of National Statistics ONS during the period since the later of (i) the Subscription Effective Date or (ii) the latest previous price increase.
11.5 The changes in Fees, cf. clause 11.4, will take effect from expiry of the relevant notice period as specified in clause 11.4 (or, if later, the date specified in the notice).
11.6 If, at any time, whilst using the Software and Services, the Customer exceeds the number of permitted End Users that are licensed to use the Software and/or Services as set out in the Order Form according to the terms and conditions set forth in the Contract, MOBU Technologies may retroactively charge Customer the additional license Fees according to clause 13.3.
11.7 Any Fees and/or sums not paid by Customer when due shall bear interest from the due date until paid at a rate of 2% per month. Further, without prejudice to any other rights and remedies available to MOBU Technologies (including without limitation its right to charge interest), if any sum payable under the Contract is not paid on or before the due date for payment, MOBU Technologies will be entitled to notify the Customer of such late payment and charge the Customer a fee of GBP 15 to cover its administrative costs of such notification.
11.8 In the event that the Customer fails to pay any Fees and/or sums due to MOBU Technologies on or before its due date for payment, MOBU Technologies may suspend performance of its obligations under the Contract by giving the Customer not less than seven days’ notice. In that connection, MOBU Technologies may e.g.:
a. disable the Customer’s access to the Software; and
b. suspend provision of the Services, until a reasonable time after full payment is received by MOBU Technologies.
11.9 In the event that the Contract expires or is terminated for any reason, the Customer will not be entitled to any refund of any Fees or other remuneration paid to MOBU Technologies, whether or not they are paid in advance.
12.1 MOBU Technologies reserves the right at any time in its sole discretion (i.e. without any consent from Customer) to substitute, change and/or modify the Software and Services, including their specifications and documentation, without any liability towards Customer whatsoever, including limitation to the scope, functionalities, and content of the Software, or part thereof, e.g. in order to comply with legal requirements and/or ensuring non-infringement of third party Intellectual Property Rights.
12.2 Further, MOBU Technologies is entitled to suspend or discontinue the provision of the Software and Services (in whole or in part) with immediate effect, without any liability towards
Customer whatsoever, in the following circumstances:
a. Non-payment in accordance with clause 11;
b. if required by law or by any applicable governmental or regulatory body;
c. if the Software or MOBU Technologies’ systems or any part of them is subject to an attack or virus (including, without limitation, unauthorised access);
d. if Customer is in breach of the Contract, or if MOBU Technologies reasonably believes that the Software and/or Services are being used in breach of the Contract; or
e. if there is an event in respect of which MOBU Technologies reasonably believes that the suspension of the Software and/or Services is necessary to protect the Software, Services and/or MOBU Technologies’ systems, the Customer and/or MOBU Technologies’ other customers.
12.3 MOBU Technologies may provide information about the Customer’s and End Users’ use of the Software and Services and access to Customer Data in response to requests from relevant government or regulatory authorities.
13.1 MOBU Technologies may monitor Customer’s (including End Users) usage of the Software and Services in order to verify that Customer’s use of the Software and Services is compliant with the terms and conditions of the Contract and to ensure that Customer is sufficiently licensed.
13.2 MOBU Technologies may upon reasonable notice (which shall not be less than two (2) business days), subject to Customer’s reasonable security procedures and during reasonable business hours, conduct an audit in order to verify that the terms and conditions specified in the Contract are complied with and that Customer is sufficiently licensed.
13.3 If monitoring or an audit reveals that Customer is not sufficiently licensed or has underpaid any Fees, then – without prejudice to MOBU Technologies’ other rights and remedies – the Fees payable by the Customer for such additional licenses and payments shall be calculated in accordance with MOBU Technologies’ then-current standard price list and the Customer shall pay to MOBU Technologies an amount equal to the underpayment within 30 days of the date of the relevant audit. Further, in case, monitoring or an audit reveals that Customer is not sufficiently licensed or has underpaid any Fees, Customer shall pay MOBU Technologies’ reasonable costs incurred in respect of such monitoring or audit.
14.1 The Software is intended to make it convenient and easier to manage staff and business operations. However, the Software is provided “as is” without warranty of any kind, either expressed or implied, including but not limited to, any implied warranties and merchantability or fitness for a particular purpose. For the avoidance of doubt, MOBU Technologies does not warrant – and this is acknowledged by Customer – that (a) operation of the Software and supply of Services shall be uninterrupted or error free, or (b) that functions contained in the Software will be able to operate in combination with other software and systems used by Customer or meet Customer’s requirements.
14.2 Customer accepts that any information provided by MOBU Technologies is general information only and is not to be deemed as advice. MOBU Technologies will use reasonable business efforts to ensure that any information provided by MOBU Technologies is accurate. However, MOBU Technologies does not accept responsibility for any loss suffered as a result of Customer’s use of or reliance on the information provided by MOBU Technologies, other than expressly set out in the Contract.
14.3 MOBU Technologies shall in no event be liable to the Customer (or any other person or entity) for any indirect, incidental, special, punitive, exemplary, or consequential damages (including, but not limited to, procurement of substitute Software or product(s); loss of use, revenues, anticipated profits, anticipated savings, goodwill, business opportunities and/or any damage to and/or loss of data (in each case, whether direct or indirect or suffered by End Users); or business interruption) however caused and on any basis of liability, whether in contract, strict liability, misrepresentation, restitution or tort (including negligence or otherwise) arising in any way out of this Contract, the Software and Services, including Customer’s use thereof, even if advised of the possibility of such damage.
14.4 The total liability of MOBU Technologies for claims arising under or related to the Contract, tort, misrepresentation, restitution etc., howsoever arising, shall be limited to an amount equal to 50% of the aggregate annual subscription Fees paid under the Contract by the Customer to MOBU Technologies during the past twelve (12) months prior to the act or omission giving rise to the claim(s). Until twelve months has elapsed, the limitation of liability shall be calculated as the agreed annual subscription Fees for the first twelve (12) months after the Subscription Effective Date (based on the agreed number of licenses at the time of the Subscription Effective Date) multiplied by 0.5. This limitation of liability is cumulative and not per incident (i.e. the existence of two or more claims will not enlarge this limit)
14.5 Notwithstanding anything to the contrary in the Contract, MOBU Technologies’ liability to the Customer:
a. for death or personal injury caused by the negligence of MOBU Technologies, its employees or sub-contractors; and
b. for fraud or fraudulent misrepresentation, is not limited, but nothing in this clause 14 confers any right or remedy upon the Customer to which it would not otherwise be entitled.
14.6 Without prejudice to clause 10.2, MOBU Technologies is not responsible for any errors or problems of any nature arising from the use of the Software for purposes for which it was not designed.
14.7 Subject to clauses 14.5 and 17.2, MOBU Technologies will not be liable to the Customer for any damage to, loss of or costs in respect of time spent by Customer’s employees or consultants in connection with the Software and Services (in each case, whether direct or indirect or suffered by End Users).
14.8 Nothing in clause 14 shall be construed to limit MOBU Technologies’ liability under mandatory law, including e.g. (i) MOBU Technologies’ liability in cases where it is documented that MOBU Technologies has acted in a grossly negligent or intentional manner, or (ii) provisions of applicable product liability law. Any product liability is, however, disclaimed to the furthest extent possible.
14.9 This clause 14 will continue in force after termination of the Contract for whatever reason.
15.1 The Parties acknowledge and confirm that during the Term of the Contract and forever following its expiry they shall keep Confidential Information of the other Party strictly confidential and secret, i.e. neither Party may use or disclose to any third party (nor permit its use or disclosure) any Confidential Information of the other Party, unless specifically set forth in the Contract or as contemplated for the proper use of the Software.
15.2 The obligation of confidentiality set forth in clause 15 shall not apply to (i) information which is or becomes publicly known (through no fault or breach of the receiving Party), and (ii) if either Party is required by law or by any statutory or regulatory authority to which it is subject to disclose any Confidential Information, then it shall be entitled to do so provided that it (a) to the extent allowed, promptly notifies the other Party in writing of the full circumstances of the required disclosure, (b) consults with the other Party as to steps to minimise or avoid the disclosure and takes any such steps reasonably required by that other Party, and (c) to the extent possible, receives confidentiality undertakings in a form approved by the other Party from the entity to whom the Confidential Information is disclosed.
15.3 MOBU Technologies is entitled to disclose information to any regulator, sub-contractor or service provider to it. Such information will be disclosed only to parties having a confidentiality agreement with MOBU Technologies, under which such information will be kept secret and confidential.
16.1 By entering into this Contract, Customer agrees and accepts that MOBU Technologies will have the right to use Customer’s name and logos and the fact that the Customer is a customer of MOBU Technologies as a reference in brochure or advertising material issued by MOBU Technologies, provided this is used in a loyal manner and according to usual practice.
17.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the
In the event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy shall be for MOBU Technologies to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by (i) MOBU Technologies to the extent that such Customer Data is held by MOBU Technologies through the provision of Services; and/or (ii) the Customer in all other circumstances. MOBU Technologies shall not be required to restore more than one previous full iteration of the Software and/or data containing the relevant lost or damaged Customer Data and shall not be required to restore one or more individual lost or damaged files.
17.2 MOBU Technologies shall however not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by MOBU Technologies to perform services related to Customer Data maintenance and back-up).
17.3 MOBU Technologies is entitled to delete or cease processing and separate any
a. that is or may be infected with a virus or otherwise corrupted; or
b. the storage or transmission of which may put MOBU Technologies in breach of anyapplicable law.
18.1 The Parties acknowledge that MOBU Technologies may have access to personal data which the Customer has introduced into the Software. MOBU Technologies’ data processing activities are regulated in the separate Data Processing Agreement.
19.1 MOBU Technologies may at any time engage and use sub-contractors or sub-processors, without Customer’s prior consent, to provide the Software and Services according to the Contract. MOBU Technologies’ use of sub-processors are regulated in the Data
19.2 MOBU Technologies is responsible for its sub-contractors/sub-processors’ compliance with MOBU Technologies’ obligations under the Contract.
20.1 The Contract shall enter into force on the Subscription Effective Date and shall continue to be in force in the Initial Subscription Term and thereafter in successive automatically renewed Subscription Periods until terminated in accordance with the provisions of the Contract, unless another date of expiry is expressly agreed in the Order Form, in which case the Contract will expire no later than on the agreed date of expiry, (the “Term”).
20.2 The Contract may not be terminated by either Party for convenience in the Initial Subscription Term.
20.3 After expiry of the Initial Subscription Term, either Party may terminate the Contract for convenience with a written notice of at least three (3) months prior to the expiry of the then-current Subscription Period and with effect from the expiry of said Subscription Period.
21.1 The Customer may terminate the Contract with immediate effect if MOBU Technologies is in material breach of the Contract and (in the case of a breach capable of being remedied) this has not been remedied within 30 days of a written request to remedy the breach.
21.2 MOBU Technologies may terminate the Contract with immediate effect if:
a. the Customer has failed to pay Fees or any sums due to MOBU Technologies under the Contract within 30 days from the due date; or
b. the Customer is in material breach of the Contract and (in the case of a breach capable of being remedied) this has not been remedied within 30 days of a written request to remedy the breach.
21.3 MOBU Technologies will make the Customer Data electronically available in a standard format to be exported by the Customer for a period of 14 days after expiry or termination of the Contract. If any additional assistance is needed, this will be invoiced according to the time and material used by MOBU Technologies. MOBU Technologies may permanently delete any Customer Data that remains in its possession for more than 120 days following expiry or termination of the Contract.
21.4 Any termination of the Contract under this clause 21 is without prejudice to any other rights or remedies a Party may be entitled to under the Contract or applicable law. It does not affect any accrued rights or liabilities of neither Party nor any provision which is expressly or by implication intended to come into force on, or continue in force after termination.
21.5 Any other provisions which expressly or impliedly continue to have effect after expiry or termination of the Contract shall survive expiry or earlier termination of the Contract.
22.1 If either Party is affected by a Force Majeure Event under the Contract, it shall promptly notify the other Party in writing of the matters constituting the Force Majeure Event and shall keep that Party fully informed of their continuance and of any relevant change of circumstances whilst such Force Majeure Event continues.
22.2 The Party affected by a Force Majeure Event shall take all reasonable steps to minimise the effects of the Force Majeure Event.
22.3 Either Party shall have the right to terminate the Contract forthwith for convenience with thirty (30) days’ prior written notice, if the Force Majeure Event exists for a consecutive period of sixty (60) days.
22.4 Neither Party shall be in breach of this Contract, or otherwise liable to the other Party, by reason of any delay in performance, or non-performance of any of its obligations which is caused by a Force Majeure Event.
23.1 Notices: Any notices shall, unless otherwise expressly stated, be in writing and shall be given by sending the same by e-mail or registered post to the other Party’s address as may be designated in writing from time to time. Any notice sent by registered post shall be deemed to have been delivered five Working Days after its posting if sent domestically and 10 Working Days after its posting if sent internationally. Any notice given by e-mail shall be deemed to have been delivered on the next Working Day following transmission.
23.2 Order of precedence: In the event of any conflict or inconsistency between the terms and conditions of this Contract, the following order of precedence apply:
1. Order Form
2. Any addenda
3. General Subscription Terms and Conditions
4. Data Processing Agreement
5. Any appendices
6. Other documents
Notwithstanding the above-mentioned order of precedence, the Data Processing Agreement will take precedence in relation to the processing of personal data, however not in relation to the liability section of the General Subscription Terms and Conditions. This means that the Order Form has the highest rank in case of conflict and/or inconsistency between terms and conditions in the Order Form and the terms and conditions set forth in the General Subscription Terms and Conditions.
23.3 Assignment: The Customer may not assign, novate, transfer or subcontract any rights or obligations under the Contract without MOBU Technologies’s prior written consent. MOBU Technologies shall have the right to assign, novate, transfer or subcontract all or any of its rights and obligations under the Contract to any third party upon written notice to the Customer including without limitation appointing agents to invoice and receive payment from the Customer under the Contract.
23.4 Sale of shares and transfer of assets: MOBU Technologies is at any time entitled (without consent from Customer) to divest its business (transfer of assets) in whole or in part and to enter into any investment agreements or share sale and purchase agreements etc. with any third parties.
23.5 No waiver: Failure by either Party to exercise or enforce any right conferred (which, for the avoidance of doubt, includes without limitation MOBU Technologies’ right to charge any costs and/or expenses at any time) shall not be deemed to be a waiver of any such right nor operate so as to prevent exercise or enforcement thereof or of any other right on any later occasion.
23.6 Changes/amendments: The Contract may only be varied or amended in writing and any such variation or amendment must be signed by a duly authorised representative of each of the Parties.
23.7 Entire Contract: The Contract constitutes the entire agreement between the Parties and supersedes any prior agreement or arrangement in respect of its subject matter. Neither Party has entered into the Contract in reliance upon, and it will have no rights in respect of, any misrepresentation, representation or statement (whether made by the other Party or any other person and whether made to the first Party or any other person) which is not expressly set out in the Contract. Nothing in this clause 23.7 will be interpreted or construed as limiting or excluding the liability of any Party for fraud, intent or fraudulent misrepresentation.
23.8 Severability: In the event that any provision of the Contract is declared by any judicial or other competent authority to be void, voidable, illegal or otherwise unenforceable or indications of the same are received by either of the Parties from any relevant competent authority, then (i) such provision shall be severed from the Contract and the remaining provisions shall remain in full force and effect, and (ii) the Parties shall discuss in good faith with a view to substituting any void and/or unenforceable provision with a valid and enforceable provision which achieves to the greatest extent possible the economic, legal and commercial objectives of the void and/or unenforceable provision.
24.1 Governing law
24.1.1 The validity, interpretation, and performance of this Contract shall be governed by and construed under the laws in England.
24.2.1 Should a dispute arise between the Parties as to the interpretation or the legal effects of the Contract, the Parties shall first seek to resolve such dispute through negotiations.
24.2.2 If such negotiations do not succeed within ten (10) Working Days, or a different period agreed by the Parties, each of the Parties may request that the dispute be brought before (i) an independent expert appointed by the Parties, or (ii) submitted for mediation, cf. clause 24.3, or (iii) the English courts, cf. clause 24.4.
24.3.1 If a dispute related to this Contract has not been resolved after negotiations, the Parties shall attempt to resolve the dispute through mediation unless either Party objects to mediation.
24.4 Competent courts
24.4.1 If a dispute is not resolved through negotiations, through mediation or by an independent expert, the dispute may be brought before the English courts.
You can find MOBU Technologies’ specific policies below
Here, you can find more information about MOBU Technologies’ policies and procedures as they relate to GDPR.
General Data Protection Regulation (GDPR) is a standardised regulatory framework that gives individuals the right:
GDPR also ensures that personal information is obtained, handled and disposed of properly.
GDPR ensures that personal information shall be:
1. processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’)
2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’)
3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)
4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)
5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’)
6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)
As a data controller and data processor, MOBU Technologies is fully committed to comply to GDPR principles. MOBU Technologies have adequate and effective measures, controls and procedures in place, that protect and secure your personal information and guarantee that it is only ever obtained, processed and disclosed in accordance with data protection laws and regulations.
How do I file a complaint about MOBU Technologies’ subject access request policy or
Please refer to our Complaints process
MOBU Technologies’ voluntary registration with supervisory authorities
MOBU Technologies is registered with these supervisory authorities:
1. UK-based Information Commissioner’s Office and our registration number is …..
Details about MOBU Technologies’ Data Protection Officer
MOBU Technologies Data Protection Officer (DPO) is as follows:
Name: Rodwell Mnkandla
Address: MOBU Technologies Ltd 59, Barlow Road, Wednesbury, WS10 9QB, United Kingdom
Email: firstname.lastname@example.org , for the attention of MOBU Technologies’ DPO
Carehome Schedule’s complaint handling policy and procedure has been created to address any complaints from admins or end users of Carehome Schedule accounts, and complies with Data Privacy regulations. Carehome Schedule is committed to delivering a fair, open and clear process for complaints and ensure a satisfactory outcome for all admins and end users of Carehome Schedule portals who raise a complaint. We provide thorough staff training in our complaint handling procedures and support our staff in how to handle complaint situations in a face-to-face, written, or via phone. Carehome Schedule considers and responds to all complaints and issues, no matter how they are raised or what they refer to. Some issues and complaints our Support Team can resolve immediately, but some issues have to be escalated to our Management Team. Any data processing related complaints, data protection infringes or data breaches are immediately escalated to our Data Protection Officer.
How do I file a complaint?
If you have a complaint about Carehome Schedule’s product or service, please email us at email@example.com If the complaint is related to data processing, data protection infringes, or data breaches, please address the email to MOBU Technologies’s DPO (Rodwell Mnkandla), and clearly state that your complaint is about data. After you go through this process, we will create a customer support case, and will send through an acknowledgement of your complaint, as well as a timeline within which it will be addressed. MOBU Technologies will then internally investigate the issue, and work with you to resolve it. If you are unhappy with our process or the outcome of the investigation related to data processing, data protection infringes or data breaches, then you can contact the relevant supervisory authority:
1. UK-based Information Commissioner’s Office via their Contact Us page
Your right to file a complaint against MOBU Technologies with supervisory authorities
You have the right to file a complaint with the supervisory authority if you think we have infringed on your rights as covered by the General Data Protection Regulation (GDPR), or where MOBU Technologies has breached data protection law. The supervisory authority with which the complaint has been lodged, is responsible for informing you on the progress and the outcome of the complaint, including the possibility of a judicial remedy where the supervisory authority does not handle a complaint or does not inform the data
subject within three months on the progress or outcome of the complaint lodged.
MOBU Technologies sends the following notifications and communications:
MOBU Technologies, GDPR and Article 21
MOBU Technologies enables admins and end-users to manage notifications and communications.
Article 21 of the GDPR gives you the right to object to the processing of your personal data for notifications and communications. Carehome Schedule is fully committed to ensuring this.
How can I manage my preferences for product and service notifications from Carehome Schedule?
Product and service notifications are communications from Carehome Schedule’s Product Team. These are sent to admins of Carehome Schedule accounts via email and push notifications in the Carehome Schedule product, in order to alert admins of any changes to features, functionality, or service that may impact their use of Carehome Schedule. At least one admin of a Carehome Schedule account is required to receive all product and service notifications. If an admin would like to opt out from receiving these notifications, we encourage them to ensure there is another admin on their Carehome Schedule account who will receive them and address any actions required on behalf of their company. We highly recommend that admins do not unsubscribe from receiving these notifications. Restricted admin users and end users without admin permissions cannot opt in to product and service notifications.
How do I manage my preferences for incident and data breach notifications?
Carehome Schedule reports on all types of incidents on firstname.lastname@example.org. Examples of incidents reported are: if a feature is temporarily unavailable or there are performance issues in some parts of the product. These types of security notices are not sent out to admins and end-users automatically; you need to opt in to receive these notices. We highly recommend that admins and end users subscribe to receive these security notifications. You can do so by opting in by clicking the Subscribe to updates button. Please note that these preferences will be stored for your contact record and will not save your preferences for other users of your Carehome Schedule account.
Where can I manage my preferences for marketing communications from Carehome Schedule?
You may submit your email address to opt-out of marketing communications from CarehomeSchedule by emailing email@example.com
As an admin, can I assign preferences for other admins of my Carehome Schedule account?
Admins only have control of their own individual settings. Preference updates for other admins are managed individually.
As an admin, can I assign preferences for other end users of my Carehome Schedule account?
No, preference updates related to notifications and communications to end-users are managed individually.
Subject Access request Policy
Under GDPR, data that Carehome Schedule holds on an individual is made available to the individual.
I use a Carehome Schedule account, can I request data?
As an individual, you can request a copy of the data that Carehome Schedule holds on you. Carehome Schedule highly recommends that you also contact the admin of your account and
ask for a copy of your data. To request data, please see the section “How do I make a subject access request?”
I am an admin of a Carehome Schedule account, can I request data?
If you are an admin, and you want a full copy of data on the account, please contact firstname.lastname@example.org You can request data on behalf of an employee, as a representative of the employee. This has to be clearly stated, and you must provide confirmation that you have the employee’s
permission to request data. To request data on behalf of an employee, please see the section “How do I make a subject access request?”
How current is the available data?
Any data requested is the data that Carehome Schedule holds as at that point in time. If an employee has requested that their data is deleted, and Carehome Schedule has (after internal consultation and investigation) deleted this data, then that data may not be available. If an admin has deleted data in the account, this data will also not be available to the employee.
When will I receive the data Carehome Schedule has on me?
Carehome Schedule will give you a copy of the data held on you at within one month (calendar days) of the request. This timeline starts the day after the request was made until the corresponding calendar date in the next month.
How do I file a complaint about Carehome Schedule’s subject access request policy or process?
Please refer to our complaints policy.
Under the General Data Protection Regulation, you are entitled as a data subject to obtain a copy of the data that Carehome Schedule holds on you. We have the right to establish your identity when making a request, and may ask for additional identification proof, such as your National Insurance Number, Payroll ID. The submitted form will be sent to email@example.com , then a support case with a reference number will be opened, and our Support team will acknowledge receipt. The timeline your admin has to respond to these queries is 30 calendar days. Please note that once this form is submitted electronically, this is equivalent to signing a paper copy of the form.
Under GDPR, an individual has the right to be informed about:
Carehome Schedule processes data based on the legal basis of: performance of contract, consent, compliance, and legitimate interest.
Please contact firstname.lastname@example.org for details on our data retention periods.
To get more details, please contact email@example.com and clearly state that you are seeking more details on data processing.
How do I file a complaint about Carehome Schedule’s Right to be Informed policy or process?
Please refer to our Complaints policy
Rights to restrict processing policy and procedure
Under GDPR, an individual has the right to request a restriction of processing under certain circumstances:
Please note that this right is not absolute, and Carehome Schedule will investigate your request
and respond accordingly.
I use a Carehome Schedule account, how do I request to restrict processing?
If any of the following apply to you, please contact firstname.lastname@example.org with details about your request:
If you are objecting to us processing your data, specifically for marketing communication, please contact email@example.com as well.
When will Carehome Schedule process my request?
Carehome Schedule has one month to reply to your request.
How do I file a complaint about Carehome Schedule’s Right to Restrict Processing policy or process?
Please refer to our Complaints policy
When you consent to process your personal data for marketing purposes, we process your personal data for the following:
You have the right to object to marketing from Carehome Schedule.
This removes your consent to receive any type of marketing information from Carehome Schedule, and you will need to actively opt in again.
How do I remove consent for marketing?
To remove your consent for marketing, please contact firstname.lastname@example.org When you sign up for a trial or download any marketing content from our website, you also have the option to opt into marketing from Carehome Schedule.
What about other types of communications and notifications? How do I manage my preferences for these?
Please contact email@example.com.
When will Carehome Schedule process my request?
Carehome Schedule will process your request within one working day.
How do I file a complaint about Carehome Schedule’s Right to Object policy or process?
Please refer to our Complaints Policy
Under GDPR, an individual has the right to rectify any personal data that Carehome Schedule holds by:
– correcting inaccurate data
– completing incomplete data
This policy explains how you can exercise this right.
I use a Carehome Schedule account, how do I request data to be rectified?
You can request that personal data be rectified verbally or in writing. If your request is made verbally, our Support Team will ask you to confirm this in writing. Any requests should be sent to firstname.lastname@example.org with details of what data needs to be corrected. The Support Team will ask you to verify your identification, and confirm any changes in writing.
When will Carehome Schedule correct my data?
Carehome Schedule has one month to correct any personal data.
Can I update my own data in my account?
Yes. If you are an employee, good practice is to let your admin know that data has been updated.
Data updated by yourself or by your admin, on your behalf, is controlled and processed by you and your admin, and Carehome Schedule has no responsibility for this.
How do I file a complaint about Carehome Schedule’s right to rectification policy or process?
Please refer to our Complaints policy.
Under GDPR, data that Carehome Schedule has on you will be made available if you request it. If you are an employee, you should ask your employer for the data first. Then, you can email email@example.com and we’ll be happy to assist you. If you’re an admin of your Carehome Schedule account, please contact firstname.lastname@example.org If you have a complaint about how Carehome Schedule handles data portability, please refer to our Complaints policy.
How do I request for my data to be deleted?
As an individual, you can request that your data is deleted. You need to speak to the admin of your Carehome Schedule account first to fulfil this right. You can also contact us at email@example.com and we will help out by working with the admin of your account.
How long does it take to process this request?
Carehome Schedule will work with the admin of your account to review this request. You will receive a response within one month (calendar days) of receipt of request. This timeline starts the day after the request was made until the corresponding calendar date in the next month.
How do I file a complaint about Carehome Schedule’s Right of Erasure policy or process?
Please refer to our Complaints Policy.
If you have any questions about this, please contact us as firstname.lastname@example.org
If you have a complaint about our policy, please refer to our Complaints policy
MOBU Technologies is committed to protect you and your employer’s privacy. We only collect
and use Personal Data to provide you and your employer with the workforce management
system and all associated services.
Carehome Schedule system, Trademark and trading name is wholly owned by MOBU
MOBU Technologies Ltd is a company registered in the United Kingdom at 59 Barlow Road,
Wednesbury, WS10 9QB. Company No: 11265775.
Email customer service: email@example.com
Telephone customer service: (+44) 121 502 0333
Data Protection Officer (DPO): Our DPO can be contacted as above. Please address any
questions for attention of our DPO.
MOBU Technologies is committed to protecting your privacy and developing technology that
gives you the most powerful and safe online experience.
management system and associated services (the “App”) and our website
carehomeschedule.com and all other connected MOBU Technologies websites worldwide (the
information which personally identifies you e.g. your e-mail address, name, home address, work
address or telephone number etc).
Please read the following carefully to understand our views and practices regarding your
personal data and how we will treat it.
By visiting the website, using an associated service, or by using the App, and by ticking the “I
agree” buttons when first registering or logging into the App you are accepting and consenting
to us collecting your personal data and using it in accordance with the practices described in
You may withdraw your consent at any time as listed in the “Your rights” section below.
For the purposes of the UK Data Protection Act 1998, the General Data Protection Regulation
(“GDPR”) and any subsequent UK legislation implementing the GDPR (the “Legal Framework”),
the data controller, in relation to personal data entered by you into the App, is MOBU
Technologies of 59 Barlow Road, Wednesbury, WS10 9QB, United Kingdom
Our UK ICO registration no. is …… MOBU Technologies is a certified holder of CyberEssentials
(UK Government-backed cyber protection scheme, now industry standard).
In relation to data provided to us by our business customers to enable us to provide services to
them, that business will be the data controller and we will be the data processor. These
businesses warrant in our agreements with them that they have complied with and shall
continue to comply with the Legal Framework in relation to the data they control and pass to us
and that they have the necessary consents to use the data in relation to the services we provide
MOBU Technologies limits the personal data collected and processed for the following
We may use third party analytics services (“Analytics Services”), to help analyse how you and/or
your employer use our Sites and the App. The information generated by the cookies or other
technologies about your and/or your employer/agent’s use of the App and/or Sites (the
“Analytics Information”) is transmitted to the Analytics Services. The Analytics Services use
Analytics Information to compile reports on product usage and activity.
The Analytics Services may also transfer the Analytics Information to third parties where
required to do so by law, or where such third parties process Analytics Information on their
behalf. Each Analytics Service’s ability to use and share Analytics Information is restricted by
Technologies’s services and products, you and/or your employer/agent consent to the
processing of your Personal Data by Analytics Services in the manner and for the purposes
detailed in this Policy.
“Anonymous Data” is the type of data that does not enable us to identify you, either by using this
data by itself or combining it with any other information, for example data derived from personal
data that is aggregated and compiled in anonymous form, Analytics Information and information
collected from cookies.
We may create Anonymous Data from the personal data we receive from you and/or your
employer/agent through any of the methods listed in this Policy, including usage data. We
convert personal data into Anonymous Data by removing personal information, such as names,
ID’s, etc. We use this data to analyse requests and usage patterns for innovation and for
improving our App, associated services, and Sites. We may share Anonymous Data with third
MOBU Technologies does not sell, rent or lease its customer or end users lists to third parties.
MOBU Technologies will share your personal data and usage data with the following third
parties (such third parties are prohibited from using your personal data except to provide these
services to MOBU Technologies):
In the event that MOBU Technologies sells or buys any business or assets it may disclose your
personal data and/or usage data to the prospective seller or buyer of such business or assets.
In the event that substantially all of MOBU Technologies’ assets are acquired by a third-party
purchaser, your Personal Data and/or usage data may be one of the transferred assets.
MOBU Technologies will not disclose your personal data and/or usage data to any other third
parties without your consent unless required to do so by law or in the good faith belief that such
action is necessary to:
Please keep in mind that if you publicly disclose Personal Data and/or usage data through our
App or our Sites, we are not responsible for the security of the personal data you publicly
disclose and it may be collected and used by others.
The Sites may contain links to make it easier for you to visit other websites. These websites are
managed by third parties and MOBU Technologies encourages you to review the privacy
statements of websites you choose to link to from the Sites so that you can understand how
those websites collect, use and share your information. MOBU Technologies is not responsible
for the privacy statements or other content on websites it may link to.
MOBU Technologies does not systematically monitor individuals based on personal data.
The App does have custom text fields in which sensitive data can be added by either you and/or
your employer/agent. These fields are configured by you and/or your employer, and you and/or
your employer accept full liability (and hold MOBU Technologies free from any liability under the
Legal Framework) for any sensitive data entered into these fields. Any data entered into these
fields will be processed in the same way as we process personal data.
Where does MOBU Technologies transfer, store and/or process my personal data?
The data that we collect from you may be transferred to, and stored at, a destination outside the
UK. It may also be processed by staff operating outside the UK who work for us or for one of our
suppliers. The third-party supplies may be engaged in, among other things, the development of
the App and/or Sites, the enrichment of your data, the fulfilment of your order, the processing of
your payment details and the provision of support services.
We will only transfer, store or process your data with such third-party suppliers who have
agreed to comply with the required data security standards, policies and procedures and have
put adequate security measures in place. By ticking the “I agree” button when first registering or
logging into the App and by submitting your personal data, you consent to this transfer, storing
or processing of your personal data with our sister companies and business partners located
outside of the UK.
All information you provide to us is stored on secure servers within a private network and is
encrypted when in transit between those servers and a third-party supplier. We retain your data
as per our data retention schedule.
As you would expect, MOBU Technologies takes security of personal data very seriously. Our
risk management and security controls include:
Your password enables you to access certain parts of our App. You are responsible for keeping
this password confidential and for updating it regularly. We ask you not to share a password
with anyone. Should you forget your password, it is your responsibility to request a new
password from us.
MOBU Technologies uses “cookies” to help you personalise your online experience. A cookie is
a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run
programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can
only be read by a web server in the domain that issued the cookie to you.
MOBU Technologies uses cross-domain cookie tracking, so cookies issued by one MOBU
Technologies domain can be read by another MOBU Technologies -owned domain. One of the
primary purposes of cookies is to enhance your user experience.
MOBU Technologies keeps track of the websites and pages you or your employer/agent visit
within our Sites and may process this personal data in order to determine which services and
facilities are the most popular.
You have the ability to accept or decline cookies through your browser settings. Most web
browsers automatically accept cookies, but you can usually modify your browser setting to
decline cookies if you prefer. If you choose to decline cookies, you may not be able to use our
Sites or sections of our sites.
The Legal Framework gives you the right to access information held about you and to have
inaccurate personal data rectified or completed, if incomplete. You are also entitled to request
the restriction or suppression of your personal data or that we erase it completely. You are also
entitled to obtain from us and reuse your personal data for your purposes.
You have the right not to consent to us processing your personal data for marketing purposes.
You may have given us your consent to do so when you first logged into our App. You can
exercise your right to prevent such processing by checking certain boxes on the “Subscription
Centre”. You can also exercise this right at any time by contacting us at
Your rights can be exercised in accordance with the Legal Framework. Any query you have
regarding the handling of your data should be made in the first instance at
firstname.lastname@example.org addressed for the attention of our Data Protection Officer.
If you are not happy with our response to your query, you are entitled to contact the relevant
supervising authority, which in the UK is the ICO
where appropriate, the changes will be notified to you by e-mail. Please check back frequently
This Application collects some Personal Data from its Users.
Owner and Data Controller
MOBU Technologies Ltd, 59 Barlow Road, Wednesbury, WS10 9QB, United Kingdom
Owner contact email: email@example.com
Among the types of Personal Data that this Application collects, by itself or through third parties,
there are: Cookies, Usage Data, email address, first name, last name, phone number, company
name, address, country, various types of Data, city, number of employees, passport details and
Complete details on each type of Personal Data collected are provided in the dedicated sections
Personal Data may be freely provided by the User, or, in case of Usage Data, collected
automatically when using this Application.
Unless specified otherwise, all Data requested by this Application is mandatory and failure to
provide this Data may make it impossible for this Application to provide its services. In cases
where this Application specifically states that some Data is not mandatory, Users are free not to
communicate this Data without consequences to the availability or the functioning of the
Users who are uncertain about which Personal Data is mandatory are welcome to contact the
party services used by this Application serves the purpose of providing the Service required by
the User, in addition to any other purposes described in the present document and in the Cookie
Policy, if available.
Users are responsible for any third-party Personal Data obtained, published or shared through
this Application and confirm that they have the third party’s consent to provide the Data to the
The Owner takes appropriate security measures to prevent unauthorized access, disclosure,
modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following
organizational procedures and modes strictly related to the purposes indicated. In addition to
the Owner, in some cases, the Data may be accessible to certain types of persons in charge,
involved with the operation of this Application (administration, sales, marketing, legal, system
administration) or external parties (such as third-party technical service providers, mail carriers,
hosting providers, IT companies, communications agencies) appointed, if necessary, as Data
Processors by the Owner. The updated list of these parties may be requested from the Owner
at any time.
The Owner may process Personal Data relating to Users if one of the following applies:
In any case, the Owner will gladly help to clarify the specific legal basis that applies to the
processing, and in particular whether the provision of Personal Data is a statutory or contractual
requirement, or a requirement necessary to enter into a contract.
The Data is processed at the Owner’s operating offices and in any other places where the
parties involved in the processing are located.
Depending on the User’s location, data transfers may involve transferring the User’s Data to a
country other than their own. To find out more about the place of processing of such transferred
Data, Users can check the section containing details about the processing of Personal Data.
Users are also entitled to learn about the legal basis of Data transfers to a country outside the
European Union or to any international organization governed by public international law or set
up by two or more countries, such as the UN, and about the security measures taken by the
Owner to safeguard their Data.
If any such transfer takes place, Users can find out more by checking the relevant sections of
this document or inquire with the Owner using the information provided in the contact section.
Personal Data shall be processed and stored for as long as required by the purpose they have
been collected for.
The Owner may be allowed to retain Personal Data for a longer period whenever the User has
given consent to such processing, as long as such consent is not withdrawn. Furthermore, the
Owner may be obliged to retain Personal Data for a longer period whenever required to do so
for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right to
access, the right to erasure, the right to rectification and the right to data portability cannot be
enforced after expiration of the retention period.
The Data concerning the User is collected to allow the Owner to provide its Services, as well as
for the following purposes: Analytics, Interaction with external social networks and platforms,
Remarketing and behavioral targeting, Advertising, Managing contacts and sending messages,
User database management, Contacting the User, Content commenting, Displaying content
from external platforms, Handling payments, Hosting and backend infrastructure, Infrastructure
monitoring, Interaction with support and feedback platforms, Location-based interactions,
Managing support and contact requests, Registration and authentication and Commercial
Users can find further detailed information about such purposes of processing and about the
specific Personal Data used for each purpose in the respective sections of this document.
Personal Data is collected for the following purposes and using the following services:
|Purpose||Services||Personal data collected||Company|
|Contacting the User||By filling in the contact|
form with their Data, the
User authorizes this
Application to use these
details to reply to
requests for information,
quotes or any other kind
of request as indicated
by the form’s header.
Users that provided their
phone number might be
contacted for commercial
or promotional purposes
related to this
Application, as well as
for fulfilling support
address, first name,
last name, phone
number and various
types of Data.
|Hosting and backend infrastructure||This type of services has|
the purpose of hosting
data and files that enable
this Application to run
and be distributed as
well as to provide a
infrastructure to run
specific features or parts
of this Application. Some
of these services work
making it difficult to
determine the actual
location where the
Personal Data are
|various types of Data|
as specified in the
Services is a
online, is an
|Infrastructure monitoring||This type of services|
allows this Application to
monitor the use and
behavior of its
components so its
troubleshooting can be
|Interaction with external social network and platforms||This type of services allows interaction with social networks or other|
directly from the pages of
The interaction and
through this Application
are always subject to the
User’s privacy settings
for each social network.
This type of service
might still collect traffic
data for the pages where
the service is installed,
even when Users do not
|Cookies and Usage Data||Facebook Twitter Linkedin|
|Location based interactions||This Application may|
collect, use, and share
User location Data in
order to provide location-
Most browsers and
devices provide tools to
opt out from this feature
by default. If explicit
authorization has been
provided, the User’s
location data may be
tracked by this
The geographic location
of the User is determined
in a manner that isn’t
continuous, either at the
specific request of the
User or when the User
doesn’t point out its
current location in the
appropriate field and
allows the application to
detect the position
|Managing support and contact requests||This type of services|
allows this Application to
manage support and
received via email or by
other means, such as the
|The Personal Data|
processed depend on
provided by the User
in the messages and
the means used for
|Registration and Authentication||By registering or|
allow this Application to
identify them and give
them access to
Depending on what is
described below, third
parties may provide
In this case, thisApplication will be able to
access some Data,
stored by these third
party services, for
When installing the mobile app on your device we ask for:
Users may exercise certain rights regarding their Data processed by the Owner.
In particular, Users have the right to do the following:
Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.
Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in
the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to
such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their Personal Data be processed for direct marketing purposes,
they can object to that processing at any time without providing any justification. To learn, whether the
Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant
sections of this document.
Any requests to exercise User rights can be directed to the Owner through the contact details provided in
this document. These requests can be exercised free of charge and will be addressed by the Owner as
early as possible and always within one month.
The User’s Personal Data may be used for legal purposes by the Owner in Court or in the stages leading
to possible legal action arising from improper use of this Application or the related Services.
The User declares to be aware that the Owner may be required to reveal personal data upon request of
Additional information about User’s Personal Data
additional and contextual information concerning particular Services or the collection and processing of
Personal Data upon request.
System logs and maintenance
For operation and maintenance purposes, this Application and any third-party services may collect files
that record interaction with this Application (System logs) use other Personal Data (such as the IP
Address) for this purpose.
Information not contained in this policy
More details concerning the collection or processing of Personal Data may be requested from the Owner
at any time. Please see the contact information at the beginning of this document.
How “Do Not Track” requests are handled
This Application does not support “Do Not Track” requests.
To determine whether any of the third-party services it uses honour the “Do Not Track” requests, please
read their privacy policies.
Users on this page and possibly within this Application and/or – as far as technically and legally feasible –
sending a notice to Users via any contact information available to the Owner. It is strongly recommended
to check this page often, referring to the date of the last modification listed at the bottom.
Should the changes affect processing activities performed on the basis of the User’s consent, the Owner
shall collect new consent from the User, where required.
Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information — including a personal
identification number — allows for the identification or identifiability of a natural person.
Information collected automatically through this Application (or third-party services employed in this
Application), which can include: the IP addresses or domain names of the computers utilized by the
Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request,
the method utilized to submit the request to the server, the size of the file received in response, the
numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country
of origin, the features of the browser and the operating system utilized by the User, the various time
details per visit (e.g., the time spent on each page within the Application) and the details about the path
followed within the Application with special reference to the sequence of pages visited, and other
parameters about the device operating system and/or the User’s IT environment.
The individual using this Application who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
Data Processor (or Data Supervisor)
The natural or legal person, public authority, agency or other body which processes Personal Data on
Data Controller (or Owner)
The natural or legal person, public authority, agency or other body which, alone or jointly with others,
determines the purposes and means of the processing of Personal Data, including the security measures
concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is
the Owner of this Application.
The means by which the Personal Data of the User is collected and processed.
The service provided by this Application as described in the relative terms (if available) and on this
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all
current member states to the European Union and the European Economic Area.
Small piece of data stored in the User’s device.
This privacy statement has been prepared based on provisions of multiple legislations, including Art.
solely to this Application, if not stated otherwise within this document.