Contact Us

Data Processing Agreement

Concerning MOBU Technologies’ Processing of Personal Data on behalf of the Controller.
1.1 The Controller has agreed to appoint the Processor to provide software and services to the Controller under the terms of the Contract.
1.2 As part of performing the software and services the Processor will be required to Process Personal Data that may be linked to specific natural persons as described in Appendix A.
1.3 The Data Processing Agreement sets out the terms and conditions which apply to the Processor’s Processing of Personal Data.
Definitions and interpretations
2.1 The following words and expressions have the meanings stated below in the Data
Processing Agreement, unless the context requires otherwise.

2.2 Unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular.
2.3 Any words following the terms “including”, “include”, “in particular” or “for example” or any similar phrase shall be construed as illustrative and shall not limit the generality of the related general words.
2.4 Any exclusion or cap on liability in the Contract shall also apply to the Processor’s liability under this Data Processing Agreement.
Scope
3.1 The Data Processing Agreement applies to any Processing of Personal Data performed by the Processor in connection with the performance of the Data Processing Services to the Controller as defined in Appendix A (the subject-matter).
3.2 The Customer and MOBU Technologies acknowledge that the Customer is the Controller and MOBU Technologies is the Processor in respect of any Personal Data supplied to MOBU Technologies by or on behalf of Customer, including Personal Data described in Appendix A, in the course of the supply of the Data Processing Services.

3.3 The nature and purpose of the Processing, the types of Persona Data and categories of Data Subjects are set out in Appendix A.
3.4 Nothing in this Data Processing Agreement shall prejudice MOBU Technologies’s rights and obligations set out in the End User Licence.
Obligations of the Processor
4.1 The Processor shall:
a) Process Personal Data only on documented instructions from the Controller as specified in this Data Processing Agreement and for the purposes set out in Appendix A;
b) discharge its operations under this Data Processing Agreement with all due skill, care and diligence;
c) keep a record as described in art. 30 of the GDPR at its normal place of business of any Processing of the Personal Data carried out in the course of the Data Processing Services and
of its compliance with its obligations set out in this Data Processing Agreement (“Records”);
d) ensure that persons authorised to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
e) implement appropriate technical and organisational measures to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and against all other unlawful forms of Processing, including the requirements with respect to such measures under the Data Protection Law, as specified in clause 6;
f) only make copies of the Personal Data to the extend reasonably necessary, which among other things may include back-up, mirroring, security, disaster recovery and testing of the
Personal Data;
g) only subcontract with Sub-processors in accordance with the requirements of clause 7;
h) immediately inform the Controller if, in its opinion, an instruction infringes Data Protection Law;
i) assist the Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller’s obligation to respond to requests for exercising the Data Subject’s non-exclusive rights to access, rectification, erasure and data portability, as these are stated in the Data Protection Law;
j) at the choice of the Controller Destroy or Return all the Personal Data to the Controller either during or after the term of this Data Processing Agreement, cf. clause 11;
k) make available to the Controller all information necessary to demonstrate compliance with the Data Protection Law, e.g. annual audit certificate from the Processor’s third party accountants, if any;
l) in connection with clause 4.1(k), if legally and technically possible allow for and contribute to audits, including inspections conducted by the Controller or another mandated by the Controller as set out in clause 8;
m) comply with its obligations under Data Protection Law including, where applicable, appointing a data protection officer.
4.2 If the Processor receives any complaint, notice or communication which relates directly or indirectly to the Processing of Personal Data or to either party’s compliance with Data Protection Law, it shall immediately notify the Controller and it shall provide the Controller with full co-operation and assistance in relation to any such complaint, notice or communication.
4.3 The Processor’s liability under the Contract, including the Data Processing Agreement, is capped and disclaimed according to the terms of the Contract.
4.4 The Processor shall inform the Controller without undue delay if the Processor comes to know/aware of any Personal Data Breach.
4.5 The Processor shall be entitled to charge the Controller separately for any cost (including internal resources at the Processor’ standard rates) that may incur in relation to assistance as referred to in clause 4.1(a)-(m).
Obligations of the Controller
5.1 The Controller will be solely responsible and liable for its compliance with applicable law as Controller. The Controller will ensure before using the software and receive services under the Contract in a way that includes Processing of Personal Data that it complies with all Data Protection Law, e.g. in relation to the provision of required information/notification to and/or approvals from Data Subjects and/or regulatory authorities related to the Processing.
5.2 The Controller will promptly notify the Processor if it becomes aware that Processing of the Controller’s Personal Data may be contrary to Data Protection Law.
5.3 The Controller warrants that the Processor’s strict compliance with any instruction from the Controller with respect to the Processing of Personal Data, shall not result in a violation of applicable Data Protection Law.
5.4 The Controller will indemnify the Processor from any loss resulting from the Controller’s failure to comply with its obligations hereunder.
Security Measures
6.1 The Processor is obligated to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks, that are presented by Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise Processed, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, including inter alia as appropriate:
a) the pseudonymisation and encryption of Personal Data;
b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
c) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing.
6.2 The Processor shall take steps to ensure that any natural person acting under the authority of the Processor who has access to the Personal Data does not Process the Personal Data except on instructions of the Controller, unless he or she is required to do so under Data Protection Law.
6.3 The specific technical and organisational security measures implemented by the Processor are set out in appendix B (Security Measures). Subprocessors
7.1 The Controller hereby authorizes the Processor to engage Sub-processors, including without limitation the Sub-processors as stated in Appendix A, to perform Processing of

Personal Data, provided that the Processor enters into a written agreement with each Sub-processor which imposes the same obligations on the Sub-processors as are imposed on the

Processor under this Data Processing Agreement. The Controller will at any time upon reasonable prior written notice be entitled to receive a copy of the Processor’s data processing agreement with each Sub-processor.
7.2 The Processor will inform the Controller by email about any intended addition or replacement of a sub-processor in advance allowing the Controller/Data Subject the opportunity to object and/or render its informed consent, such not to be unreasonably withheld. Controller cannot object without a bona fide and objective reason, unless required by mandatory law. If the Controller object to any addition or replacement of any sub-processor, provided that such objection is based on a bona fide and objective reason, the Processor is entitled to (i) terminate the Data Processing Agreement with immediate effect by written notice.

7.3 Where a Sub-processor fails to fulfil its data protection obligations under the Data Processing Agreement referred to in clause 7.1, the Processor shall remain fully liable to the Controller for the performance of the Sub-processor’s fulfilment of its data protection obligations in general.
Audits
8.1 For the purpose of auditing the Processor’s compliance with its obligations under this Data Processing Agreement, the Processor shall allow for the Controller on reasonable written notice of not less than thirty (30) days to Processor during Business Hours, but without notice in case of any reasonable suspected breach of this Data Processing Agreement by the Processor, to perform an Audit, including but not limited to:
a) gain access to inspect, and take copies of, the records and any other information held at the Processor’s premises or on the Processor System related to the Data Processing Services, and;
b) gain access to inspect the Processor System.
8.2 The written notice shall include a proposed audit plan. If part of the requested audit scope is covered by the scope of an audit report by a qualified third party auditor within the last 12 months, the Processor may request the Controller to consider whether it could rely on such report instead of an audit. The Processor will be entitled to suggest the date and time of the audit to minimize business disruption and may suggest the audit to be combined with audits from other Controllers. Controller cannot deny such suggestions from the Processor, unless it has a bona fide objective reason to do so.
8.3 At the request of Controller according to Clause 8.1 and 8.2, the Controller (or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality appointed by the Controller or Regulator) will be entitled to perform audits of the Processor’s facilities and security practices directly related to the Processing of Personal Data under the Contract in order to monitor compliance with this Data Processing Agreement. Unless in case of any reasonable suspected breach of this Data Processing Agreement or as otherwise permitted by mandatory law, such audit shall be limited to 1 audit per 12 months’ period.
8.4 The Controller will bear any costs related to audits and the Processor shall be entitled to charge the Controller separately for any cost (including internal resources at the Processor’s standard rates) the Processor may incur in relation to its assistance with such audits.
8.5 Any audit shall be conducted in accordance with the Processor’s internal policies and all participants shall be subject to adequate written confidentiality obligations. To the extent allowed under applicable law, the Controller shall deliver to the Processor a copy of the audit report and the Processor be entitled to use such report free of charge in relation to other Controllers.
8.6 The Controller may use the information obtained during any audit, including any audit report, only for the purpose of meeting its audit obligations under Data Protection Law. For the avoidance of doubt, the Controller is not allowed to disclose to the public any parts of the audit report, without prior written consent from the Processor, unless required by mandatory law.
8.7 The Processor shall give all necessary assistance to the conduct of such audits during the term (as set out in clause 11) of this Data Processing Agreement.
8.8 The Controller, or its third-party representatives as specified in clause 8.3, is allowed to conduct audits with the Processor’s Sub-processors to the extent this is possible according to the terms and conditions in the then currently valid and applicable version of the Sub-processor’s terms and conditions.

Third Country Transfers
9.1 The Processor may only process the Personal Data in countries outside EEA subject to documented instructions from the Controller as specified in Appendix A.
9.2 If the Processor has the intention to process Personal Data in another third country, the Processor will inform the Controller of such intended transfer in advance allowing the Controller the opportunity to object.
Confidentiality
10.1 The Processor acknowledges that the persons authorized to Process the Personal Data are committed to confidentiality including all information related to the Contract and the Parties business.
10.2 The provisions of confidentiality shall continue to apply after termination of this Data Processing Agreement.
Term and Termination
11.1 This Data Processing Agreement will take effect from the effective date as specified in the Contract or the date of the Controller’s signature on the signature page, whichever is earliest, and shall continue in force during the Term as defined in the Contract.
11.2 Upon termination of the Contract, this Data Processing Agreement shall also terminate.
11.3 Notwithstanding clause 11.2 above, this Data Processing Agreement shall not lapse until the Controller has received and accepted the documentation regarding deletion described in clause 11.6(b), unless the Controller specifically accepts otherwise.
11.4 Any provision of this Data Processing Agreement that expressly or by implication is intended to come into or continue in force or after termination of this Data Processing Agreement shall remain in full force and effect.
11.5 Termination of this Data Processing Agreement, for any reason, shall not affect the accrued rights, remedies, obligations or liabilities of the Parties existing at termination.
11.6 On any termination of this Data Processing Agreement for any reason:
a) the Processor shall as soon as reasonably practicable Destroy all Personal Data and all information and other materials provided to it by or on behalf of the Controller in connection with this Data Processing Agreement;
b) the Processor shall as soon as reasonably practicable ensure that all such data are destroyed and that all Personal Data is deleted from the Software and Carehome Schedule System. Notwithstanding the above, Destruction shall not take place until the Processor has informed the Controller of the contemplated method of Destruction and received the Controller’s confirmation that Destruction shall take place in accordance with such method. Should the Controller not find the contemplated method of Destruction sufficiently effective, the Controller will inform the Processor of what method is considered sufficiently effective.
11.7 The Processor shall provide written confirmation of compliance with clause 11 (a) no later than 28 working days after termination of this Data Processing Agreement. Changes due to changes in mandatory law
12.1 If there are changes in mandatory Data Protection Law, the Processor is entitled to change this Data Processing Agreement accordingly.
Governing law and disputes
13.1 This Data Processing Agreement is governed by and will be interpreted in accordance with Danish law. However, the conflict of laws rules must be disregarded to the extent that such rules are non-mandatory.
13.2 Any dispute arising out of this Data Processing Agreement, including any dispute concerning the existence or validity of this Data Processing Agreement shall be brought before the Danish courts. Appendix A to Data Processing Agreement

Appendix A to the Data Processing Agreement

In connection with the Processor’s provision of services and hosting the Personal Data on behalf of the Controller, the Controller gives the Processor the instruction and grants consent to Process the following Personal Data for the purposes set out below:
1. General description and purpose of the Processing Operations
Processing Operations: The Processor processes the Personal Data of the Controller for the purpose of delivering workforce management services
2. Categories of Data Subjects
The Data Subject categories may be adjusted from time to time, to the extent that the processing of Personal Data and the purposes thereof continue to fall under the general description.

• Employees
• Potential employees
• Former employees

3. Types of Personal Data
Description of the types of Personal Data for each category of Data Subjects Full name & initials, address, email address, telephone, gender, National Insurance No, bank details, birth date, relative or next of kin full name & telephone, Payroll details, photograph, employee contract information, employee payslip information, data entered into custom fields created by Customer which may contain sensitive Personal Data including medical data, DBS, Right to work.
4. Who at the Processor has access to Personal Data?
Only persons engaged with the purposes for which the Personal Data is Processed will be authorized to access and Process the Personal Data, including employees providing:

• Support services,
• Maintenance and backup,
• Operational system/support staff

5. Which external parties have access to all or part of the Personal Data (sub-processors), for which purpose(s) and their geographical location (including if outside the EEA)?

Appendix B to the Data Processing Agreement

Security measures
The Processor will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of the processing. These measures include but are not limited to:
1. Access control to premises and facilities (physical)
1.1 Processor will maintain commercially reasonable physical security systems at all Processor data centre and administration sites which are used to Process Personal Data;
1.2 Visitors must be pre-approved before coming to Processor sites which are used to Process Personal Data and will be required to present identification and/or sign a visitor log, and be escorted at all times while on the sites.
2. Access control to systems (virtual)
2.1 Processor will establish and maintain safeguards against accidental or unauthorized access to, destruction of, loss of, or alteration of the Personal Data on its systems which are used to Process Personal Data:
2.1.1 access will be granted to personnel through documented access request procedures. The employees’ managers or other responsible individuals must authorise or validate access before it is given;
2.1.2 access controls are enabled at the operating system, database, or application level;
2.1.3 administrative access will be restricted to prevent changes to systems or applications;
2.1.4 users will be assigned a single account and prohibited from sharing accounts.
3. Access control to devices and laptops
3.1 Processor will implement and maintain commercially reasonable security measures with respect to mobile devices and laptops that are used to Process Personal Data.
4. Access control to Personal Data
4.1 Access will be granted only after Processing an approved “access control form”, i.e. LAN Logon ID, application access ID, or other similar identification.
4.2 Unique User IDs and passwords will be issued to the users.
4.3 Users, once authenticated, will be authorised for access levels based on their job functions.
5. Transmission and disclosure control
5.1 Processor will implement and maintain measures to prevent Personal Data from being read, copied, modified or removed without authorisation during electronic transmission or transport and to enable Processor to check and establish to which bodies the transfer of Personal Data by means of data transmission facilities is envisaged.
5.2 Processor will maintain technology and processes designed to minimize access for illegitimate Processing, including technology for the encryption of Personal Data.
6. Input control
6.1 Processor will maintain system and database logs for access to all Personal Data under its control;
6.2 All Processor systems must be configured to provide event logging to identify a system compromise, unauthorised access, or any other security violation. Logs must be protected from unauthorised access or modification;
6.3 Customer/Processor will maintain input controls on its systems.
7. Job control
7.1 Processor will implement procedures to ensure the reliability of its employees and any other person acting under its supervision that may come into contact with, or otherwise have access to and Process, Personal Data, such as requiring a clean references prior to commencement of employment.
7.2 Processor will implement procedures to ensure that its personnel is aware of its responsibilities under the Agreement. Processor shall instruct and train all persons it authorises to have access to the Personal Data on the Data Protection Legislation as well as on all relevant security standards and shall commit them in written form to comply with the data secrecy, the Data Protection Legislation and other relevant security standards.
7.3 Processor will promptly act to revoke access to Personal Data of Customer/Processor due to termination, a change in job function, or in observance of user inactivity or extended absence.
7.4 Processor shall have in place a data protection policy and a document retention policy, with which its personnel must comply.
8. Incident management
8.1 Processor will implement, maintain an incident management procedure that allows processor to inform the Controller within the required time frame of any security breach.
8.2 Should a security breach (potentially) affect personal data, Processor shall notify Controller in accordance with Clause 4 in the Data Processing Agreement.
8.3 The incident management procedure includes periodic evaluation of recurring issues that might indicate a security breach.
8.4 Processor should implement a process to learn from the incidents/attacks and improve the existing security level.
9. Availability control
9.1 Processor will protect Personal Data against accidental destruction or loss by ensuring:
9.1.1 Workstations will be protected by commercial anti-virus and malware prevention software receiving regular definition updates;
9.1.2 Upon detection of a virus or malware, Processor will take immediate steps to arrest the spread and damage of the virus or malware and to eradicate the virus or malware.
9.1.3 Servers will be protected by commercial firewalls and intrusion protection prevention systems.
10. Business continuity management
10.1 Processor will implement and maintain a business continuity plan.
10.2 Processor will regularly evaluate this plan.
11. Change management
11.1 Processor will implement and maintain a business continuity plan that will, inter alia, allow the Processor to restore the availability and access to the Personal Data in a timely manner to be agreed upon by the parties involved in the event of a physical or technical event.
11.2 As part of the change management procedure Processor will evaluate the impact on the security and adapt the measures where needed to maintain the agreed security level.
12. Control of instructions
12.1 Processor will implement and maintain procedures to ensure that Personal Data is processed only in accordance with Controller’s instructions.
13. Separation control
13.1 Processor will implement and maintain procedures to ensure that personal data collected for different purposes will be processed separately to the extent that Processor has been expressly notified about such different purposes and requested to do so and under the condition that Processor may invoice its time and expenses for complying with this request.
14. Regular testing of security measures
14.1 Processor will frequently test, assess and evaluate the effectiveness of its technical and organisational security measures.

End User License Agreement

These Terms specify how you may use Carehome Schedule, which is licensed by us to you, the End User, free of charge.
About our terms
These Terms specify how you may use the software named “Carehome Schedule” (the App) which is licensed by us to you, the End User, free of charge. Your licence to use this App is subject to your prior acceptance of these Terms which you should read carefully before proceeding to use the App. Your use of the App means that you also agree to the terms of our Privacy Policy and our Cookie Policy. These Terms together with the Privacy Policy and Cookie Policy constitute the entire agreement between us relating to the App. We reserve all rights in and to the App not expressly granted to you under these Terms. References in these Terms to the App includes any changes to or enhancements of the App. If you have any questions about the App, please contact us by email: support@carehomeschedule.com
Definitions
Content means any text, image, audio or other multimedia content, or other information or material submitted to or otherwise contained in the App;
Terms means these terms and conditions of use as updated from time to time under clause 11;
Cookie policy means the policy, which governs how we use cookies in the Site;
Privacy Policy means the policy, which governs how we process any personal data collected from you;
We, us or our means MOBU Technologies, and the registered office of which is at 59 Barlow Road, Wednesbury, WS10 9QB, United Kingdom.
You or your means the person accessing or using the App or its Content.
Licence
3.1 The App is for your personal use only and you agree that you are solely responsible for all costs and expenses you may incur in relation to your use of the App; and keeping your login and password (and other details associated with your account) confidential. We may prevent or suspend your access to the App without notice if we reasonably consider that you have not complied with any part of these Terms or any terms or policies to which they refer or any applicable law.
3.2 We grant to you a non-transferable licence to use the App on any computer and/or mobile device that you own or control. These Terms together with the Privacy Policy and the Cookie Policy shall govern all Content and materials accessible from the App. You are not entitled to transfer or sublicense your use of the App nor copy, reverse-engineer, attempt to derive the source code of, modify or otherwise misuse the App or any part thereof.
Ownership, Use and intellectual Property Rights
The App and all intellectual property rights in it are owned by us. Intellectual property rights means rights such as: copyright, trademarks, domain names, design rights, database rights, patents and all other intellectual property rights of any kind whether or not they are registered (anywhere in the world). Nothing in these Terms grants you any legal rights of or in the App other than as necessary to enable you to access the App and upload Content.
Uploading information to the App
You agree that we may collect, use and retain any and all personal data, as that term is used in data protection legislation (including the General Data Protection Regulation (GDPR) (EU) 2016/679), uploaded to the App by you or on your behalf. Our use of your personal data is set out in our Privacy Policy and you agree not to input sensitive personal data (also known as special category data). You agree that we may also collect and use technical data and related information, including but not limited to data about your device and system, to enable us to improve the App, facilitate the provision of any updates to you or otherwise support your use of the App.
Termination
These Terms shall be effective until terminated by you or us. Your failure to comply with any of these
Terms will result in your rights hereunder terminating automatically.

Integrated Applications
You may be able to access our App in connection with or via other third party applications, services and websites. You agree to use such third party applications, services or websites at your sole risk and that you shall not hold us liable for any such third party applications, services or websites.
Limitation on our liability
Except for any legal responsibility that we cannot exclude in law (such as for death or personal injury), we are not legally responsible for: any losses that (a) were not foreseeable to you and us when these Terms were formed or (b) were not caused by any breach on our part; loss of data; loss of use, whether as a result of computer viruses, spyware or malware of any description or any material which might adversely affect the operation of any computer hardware or software or any communications network which affects you as a result of accessing the App; business losses; and losses to non-consumers. In any event, we shall only be liable for direct losses (excluding indirect losses) and shall not otherwise be liable to you for any damage suffered by you unless, subject to the exclusions set out above, such damage has directly been caused by your use of the App in accordance with these Terms and, where applicable, the Privacy Policy and the Cookie Policy. To the extent that we do incur any liability to you, our aggregate liability to you (other than for those liabilities we cannot exclude in law) shall not exceed £20.

Events beyond your control
We shall have no liability to you for any breach of these Terms caused by any event or circumstance beyond our reasonable control including, but not limited to, strikes, lock-outs or other industrial disputes; breakdown of systems or network access; failures of or problems with the internet or a part of the internet; hacker attacks; virus or other malicious software attacks or infections; power failures; flood, fire, explosion or accident.

Rights of third parties
No one other than a party to these Terms has any right to enforce any of these Terms.
Variations
These Terms are dated 01 June 2018. No changes to these Terms are valid or have any effect unless agreed by us in writing. We reserve the right to vary these Terms from time to time. Our updated terms will be displayed on our website (www.carehomeschedule.com) and by continuing to use and access the App following such changes, you agree to be bound by any variation made by us. It is your responsibility to check these Terms from time to time to verify such variations.
Governing Law
12.1 These Terms will be governed by and construed in accordance with the law in England. The courts in England will have exclusive jurisdiction to settle any dispute which arises out of or in connection with these Terms.

General Subscription Terms and Conditions

This content specifies the terms and conditions for Customer’s use of the Software and MOBU
Technology’s delivery of Services etc.
Definitions and interpretations
1.1 In these terms and conditions, the following expressions have the following meanings: “Confidential Information” means all information that relates to a Party (or any of its businesses) (whether written, verbal or in any other form) and which is accessed or disclosed to the other Party in connection with the Contract, but excluding information that (a) is at the relevant time in the public domain (other than by virtue of a breach); (b) was received by the other Party from a third party who did not acquire it in confidence; or (c) is developed by the other Party without any breach of the Contract.
“Contract” means the contract which comprises the Order Form, these General Subscription Terms and
Conditions and the Data Processing Agreement, including any schedules, appendices and
amendments hereto.
“Customer”
means the party specified in the Order Form requesting the supply of Software and Services from MOBU Technologies.
“Customer Data”
means the data, text, drawings, diagrams, images or sounds (together with any database made up of any of these) which are supplied to MOBU Technologies by the Customer and/or any EndUser in connection with the use of the Software and/or the provision of Services.
“Data Processing Agreement”
means the data processing agreement entered into between MOBU Technologies and Customer concerning MOBU Technologies’ processing of personal data on behalf of Customer forming part of the Contract, including schedules and/or appendices hereto.
“Documentation”
means the documentation accessible online as part of the Software as amended and updated from time to time by MOBU Technologies.
“End User”
means any persons being either (i) employees of Customer, (ii) third-party consultants working for Customer at Customer’s site, or (iii) users working at Customer’s clients, which have been individually created as users in the Software with individual user ID (e.g. with name and company reference etc.) and authorized by MOBU Technologies as users of the Software.
“Event”
means any act, event, omission and/ or circumstance.
“Fees”
means the fees for the Software and Services set out in the Order Form as amended from time to time in accordance with the Contract.
“Force Majeure Event”
means circumstances outside of a Party’s control, including but not limited to an act of God (including fire, flood, earthquake, hurricane or similar natural disaster), acts of government, war, invasion, act of foreign enemies, hostilities (regardless of whether war is declared), civil war, civil unrest, rebellion, revolution, insurrection, military power or confiscation, terrorist activities, nationalization, government sanction, strikes or other labor conflicts, failures in (1) computer systems, (2) hardware, (3) telecommunications, (4) internet service provider or (5) hosting facilities, power shortages, hacking, denial of service attacks, nationwide blockage or embargo.
“General Subscription Terms and Conditions”
means this document specifying the terms and conditions for the Contract regarding e.g. Customer’s use of the Software and MOBU Technologies’ delivery of Services.

“Initial Subscription Term”
means the period commencing on the Subscription Effective Date and lasting one (1) year thereafter.
“Intellectual Property Rights” or “IPR”
means any and all patents, trademarks, trade names, copyright, moral rights, rights in design, rights in databases, know how and all or other intellectual property rights whether or not registered or capable of registration and subsisting in any part of the world together with all or any goodwill relating to them.
“Order Form”
means the front sheet to which the General Subscription Terms and Conditions and the Data Processing Agreement are appended or the online form available through www.carehomeschedule.com (as applicable) which sets out the commercial details relating to the Contract.
“Parties”
means MOBU Technologies and Customer.
“Party”
means MOBU Technologies or Customer.
“MOBU Technologies”
means MOBU Technologies Ltd, Company no. 11265775, 59 Barlow Road, Wednesbury, WS10 9QB, United Kingdom
“Services”
means the services which MOBU Technologies agrees in writing to provide to the Customer as set out in the Contract.
“Software”
means the workforce management software named “Carehome Schedule” and any related software and documentation provided to Customer by MOBU Technologies as set out in the Contract.
“Subscription Effective Date”
means the date on which the Software or Services are first made available to the Customer or such other date as specified on the Order Form, whichever is earliest.
“Subscription Period”
means any twelve (12) months period commencing on the Subscription Effective Date or on the date of the annual anniversary of the Subscription Effective Date.
“Term”
means the period where the Contract is in effect. The Term is defined in clause 20.1.
“Territory”
means the country or countries in which the Customer have the right to use the Software and Services (not including other countries regardless of where Customer and its subsidiaries, affiliates etc. are located) and as specified in the Order Form.
“Working Day”
means any day other than a Saturday or Sunday or a public or bank holiday in the United Kingdom. Scope, Interpretations and preliminary provisions
2.1 The purpose of the Contract is to govern the delivery of the Software and Services provided by MOBU Technologies to Customer. This means e.g. that the Contract set forth the terms and conditions for the license granted to Customer regarding the use of the Software as well as the delivery of Services.
2.2 These General Subscription Terms and Conditions are the only terms and conditions upon which MOBU Technologies will supply the Software and Services to Customer. Any general terms and conditions or standard agreements provided by Customer and any terms and conditions which may otherwise be implied by trade, custom, practice or course of dealing are hereby explicitly rejected.
2.3 MOBU Technologies will strive to deliver Services under the Contract in a professional manner consistent with good industry standards.
2.4 Expressions such as “including” and similar expressions mean “including, but not limited to”.
2.5 Words in the singular include the plural and vice versa.
2.6 The headings of the Contract are for guidance only and have no separate legal effect on the understanding or interpretation of the provisions of the Contract.

Description of Software

3.1 MOBU Technologies has developed the Software. Since the Software’s functionality and applicable user-manual(s) are constantly changing, Customer can find description of the Software’s current functionality and the currently applicable user-manual at www.carehomeschedule.com or any other webpage MOBU Technologies designates in its place.

Customer licence and user rights

4.1 MOBU Technologies grants Customer a non-exclusive, limited license per End User as set out in the Order Form to access and use the Software provided to Customer by MOBU Technologies as a cloud solution, solely for the use on Customer’s hardware within the Territory during the Term of the Contract. The license is non-transferable unless otherwise is expressly stated in the Order Form, e.g. because Customer is allowed to let its clients use the Software and Services.
4.2 Except as permitted by mandatory applicable law, or as expressly authorized by this Contract, Customer may not in any form or by any means (i) copy, make error corrections, or otherwise modify, decompile, decrypt, reverse engineer, disassemble, adapt or otherwise reduce any portion of the Software, to human-readable form; or (ii) transfer, assign, store, reproduce, sublicense, publish, rent, lease, distribute, sell, print, display, perform or create derivative works from any part of the Software; or (iii) commercialize the Software, information or products obtained from any part of the Software. To the extent that any of the foregoing items include any third party material, Customer must also obtain written permission from the applicable third party owner prior to engaging in any of the activities set forth in this clause.
4.3 Customer may not reproduce, distribute, display, sell, publish, broadcast or transfer any information or other material provided by MOBU Technologies and/or any information or other material provided as a result of the Software (e.g. advisories and security updates) to any third party, including Customer’s affiliates or group related entities, nor make such information or material available for any such use.
4.4 The Software may only be used by the legal entity that has purchased a license, has been granted a trial licence or has otherwise been granted an explicit right to use the Software, as applicable, and no shared use with any other legal entity (including Customer’s affiliates or group related entities) is allowed.
4.5 Customer may not remove, conceal, or alter any copyright notices contained in the Software, in any information or other material provided by MOBU Technologies, and/or any information or other material provided as a result of the Software or Services.
4.6 For the avoidance of doubt, Customer and any individual End User may not exceed or circumvent the permitted usage as set forth in the Contract, e.g. by using the Software and/or installing the application to access the Software outside the entity/entities which the Software has been licensed for, or perform any automatic or systematic internal distribution of received advisories and security updates, etc.
4.7 Further, Customer is obligated to ensure that it will not allow, suffer or contribute to any subscription/license to be used by more than one (1) End User, except (i) where such subscription/license has been reassigned in its entirety to another individual End User (cf. clause 5.3), in which case the prior End User shall no longer have any right to access or use the Software and Services, or (ii) where Customer explicitly has been granted an extended license covering more than one End User – such extended license to be agreed by the Parties in writing.
4.8 MOBU Technologies will throughout the Term on regular basis maintain the Software, e.g. by installing new versions and releases (updates) to the Software etc. Scalability (Change in number of licences)
5.1 The Customer may at any time during the Term increase its total number of licenses by adding additional End User licenses. Such addition will take effect from the date where such additional licenses are activated by the Customer. Such additional licenses are subject to the General Subscription Terms and Conditions unless otherwise agreed between the Parties, and MOBU Techhnologies will consequently invoice Customer for the purchase of such additional licenses according to the payment terms set forth in clause 11.
5.2 Customer may not decrease its total number of licenses until after the expiry of the Initial Subscription Term but may only decrease its number of licenses as set out in clause 5.4, unless otherwise agreed in writing between the Parties.
5.3 However, during the Term, Customer is entitled to reassign its End User licenses to other end users provided the requirements set forth in the “End User” definition are adhered to. An End User license may only be reassigned in its entirety to another individual End User, in which case the prior End User shall no longer have any right to access or use the Software and Services.
5.4 After expiry of the Initial Subscription Term, Customer may decrease its total number of licenses upon the same written notice as applies to termination for convenience according to clause 20.3 and with effect from the expiry of said Subscription Period.

Customer’s Obligations

6.1 The Customer shall:
a. at all times comply with all laws and regulations and any requirements or instructions that may be given by MOBU Technologies in relation to the Software and Services;
b. promptly provide MOBU Technologies (at Customer’s cost) with all information, resources and assistance reasonably requested by MOBU Technologies in relation to the performance of its obligations under the Contract;
c. ensure at all times that MOBU Technologies has access to necessary suitably qualified and experienced Customer representative(s) as reasonably required by MOBU Technologies in its performance of its obligations under the Contract. The Customer will ensure that such Customer representative(s) will have immediate access to any required information and resources;
d. ensure that (i) it uses the most current version of its web browser or a version which is within two years of its release date in connection with the Services; and (ii) that it complies with all other system requirements notified to it by MOBU Technologies. As general guidance, Carehome Schedule can be accessed on a PC, Mac, Android or Apple device that is capable of connecting to the internet. For smart phones, access to Carehome Schedule is via the Carehome Schedule app, which can be downloaded from Apple / Android stores free of charge. Ideal browsers are Internet Explorer 10 or higher, Firefox 30 or higher or Google Chrome, with the 2 most recent versions of these browsers being supported;
e. be responsible for obtaining appropriate licences and consents for all content and software which is owned by any third party;
f. provide a written, up-to-date list of the then-current End Users to MOBU Technologies promptly on request;
g. permit MOBU Technologies at any time to audit the Customer’s and End Users’ use of the Software and/or Services in order to verify that the Customer’s obligations are being performed in accordance with the Contract as further specified in clause 13;
h. ensure that each End User shall keep a secure password for his use of the Services and that each End User shall keep his password confidential; and
i. only issue passwords which give administrative access to the Software to appropriate End Users.
6.2 Any delay caused by Customer’s failure or delay in performing its obligations under the Contract shall be Customer’s responsibility and MOBU Technologies shall be entitled to charge its then-current standard rates for any unutilized/wasted time or increased efforts on its part that result from the Customer’s failure to fully comply with its obligations promptly or at all, together with any additional costs MOBU Technologies might incur.

Support

7.1 Upon request, MOBU Technologies will within reasonable time provide ordinary customer support in relation to the Software to Customer free of charge within MOBU Technologies’ normal business hours as specified on the Carehome Schedule’s website.

Intellectual property rights

8.1 As between MOBU Technologies, the Customer and/or any End User(s), all Intellectual Property Rights, including the right to patents, copyright, trademarks, or know how, in the Software and Services and any documents or any other material provided to Customer in association with the performance of this Contract and/or arising or developed/created under and/or in connection with this Contract (i.e. both background and foreground IPR) are and shall remain the property of MOBU Technologies and, except as expressly permitted in the Contract, the Customer and/or End User(s) shall have no right in or to the Software or Services. Save for any Intellectual Property Rights in Customer Data, any Intellectual Property Rights which come into existence as a result of the performance by MOBU Technologies of the Services will be the property of MOBU Technologies.
8.2 Customer may not use any of MOBU Technologies’ trademarks in connection with activities, product(s) or services, without MOBU Technologies’ prior written consent.
8.3 Customer shall own the rights to Customer Data.

Indemnification against third party claims

9.1 Subject to the limitations in clause 14, MOBU Technologies shall indemnify Customer from and against any and all damages awarded by any court finding that the Software or Services delivered by MOBU Technologies to Customer infringes any intellectual property rights of any third party who is not an affiliate or a group related entity of Customer.
9.2 MOBU Technologies’ obligations under clause 9.1 are subject to the conditions that (i) Customer provides prompt (but in no event more than 30 days) written notice of such claims, (ii) Customer provides all necessary information and authority requested or required for the defence or settlement of such action or proceeding, and (iii) MOBU Technologies has sole control over the defence and settlement of such claims. Notwithstanding anything to the contrary, MOBU Technologies shall not be responsible for any cost or expense incurred or compromise made without MOBU Technologies’ prior written consent.
9.3 MOBU Technologies’ obligations under clause 9.1 shall not apply to the extent that such damages are related to or caused by (i) any modification or alteration of the Software or Services by anyone other than MOBU Technologies, (ii) Customer’s use of a non-current copy of the Software, (iii) any specifications, software, hardware or services provided by or on behalf of Customer, (iv) any combination of the Software and/or Services with any hardware, software, services or portion thereof that is not (a) supplied by or on behalf of MOBU Technologies, or (b) specified by MOBU Technologies to be used with the Software, or (v) Customer’s use of the Software in a manner not specified in the specifications and documentation or otherwise in violation of this Contract.
9.4 If the Software or any portion thereof, becomes, or MOBU Technologies believes that it is likely to become, the subject of an intellectual property claim, MOBU Technologies shall, at its option and expense, have the right to (i) procure for Customer the right to continue using the Software or the portion so affected, (ii) modify the Software to avoid the intellectual property claim, (iii) substitute functionality substantially equivalent to the Software at the time of such substitution, or (iv) terminate this Contract and provide to Customer a refund of any prepaid portions of the subscription Fees under this Contract.
9.5 Customer acknowledges that it is not entitled to claim damages from MOBU Technologies if MOBU Technologies remedies a possible intellectual property infringement as set out in clause 9.4.

Warranty

10.1 Subject to clause 10.3, MOBU Technologies warrants that the Services will be provided using reasonable skill and care and that the Software will be free from material defects in design or workmanship.
10.2 Subject to clause 10.1, the Parties acknowledge and agree that all conditions, warranties and stipulations, express or implied, statutory, customary or otherwise of any kind which, but for such exclusion, would or might subsist in favour of the Customer are expressly excluded – and MOBU Technologies expressly excludes any and all warranties and conditions – to the maximum extent permitted by applicable law.
10.3 Without prejudice to the generality of clause 10.2 MOBU Technologies does not represent or warrant that: a. the functions contained in the Software will meet the Customer’s or End User’s requirements or that the access to or operation of the Software will be uninterrupted or error free;
b. the Software or Services are free of viruses, inaccuracies, errors, bugs, or interruptions, or are reliable, accurate, complete, or otherwise valid.

Prices and Payment terms

11.1 The Fees to be paid by Customer to MOBU Technologies for the use of the Software, Services and other deliverables provided by MOBU Technologies are set out in the Contract, including the Order Form.
11.2 MOBU Technologies is entitled to invoice Customer in advance for the Fees and any payable sums under the Contract on quarterly basis (or such other time as notified to Customer) as further specified in the Order Form or as notified by MOBU Technologies. MOBU Technologies may issue its first invoice at any time on or following the signing of the Contract. Invoices for all Fees and sums payable under the Contract are (unless otherwise stated in the Order Form) due for payment within 30 days from the date of invoice.
11.3 All Fees and sums payable by the Customer under the Contract are expressed exclusive of value added tax, which shall also be paid by the Customer at the prevailing rate subject to the provision by MOBU Technologies of a valid invoice.
11.4 MOBU Technologies will be entitled to change the Fees at any time by giving at least 60 days’ prior written notice to the Customer provided that such increases in any calendar year shall be limited to an amount equal to the greater of:
a. 5% of the then-current aggregated annual Fees; or
b. the increase in the retail price index as amended from time to time (in the UK) comprised by the Office of National Statistics ONS during the period since the later of (i) the Subscription Effective Date or (ii) the latest previous price increase.
11.5 The changes in Fees, cf. clause 11.4, will take effect from expiry of the relevant notice period as specified in clause 11.4 (or, if later, the date specified in the notice).
11.6 If, at any time, whilst using the Software and Services, the Customer exceeds the number of permitted End Users that are licensed to use the Software and/or Services as set out in the Order Form according to the terms and conditions set forth in the Contract, MOBU Technologies may retroactively charge Customer the additional license Fees according to clause 13.3.

11.7 Any Fees and/or sums not paid by Customer when due shall bear interest from the due date until paid at a rate of 2% per month. Further, without prejudice to any other rights and remedies available to MOBU Technologies (including without limitation its right to charge interest), if any sum payable under the Contract is not paid on or before the due date for payment, MOBU Technologies will be entitled to notify the Customer of such late payment and charge the Customer a fee of GBP 15 to cover its administrative costs of such notification.
11.8 In the event that the Customer fails to pay any Fees and/or sums due to MOBU Technologies on or before its due date for payment, MOBU Technologies may suspend performance of its obligations under the Contract by giving the Customer not less than seven days’ notice. In that connection, MOBU Technologies may e.g.:
a. disable the Customer’s access to the Software; and
b. suspend provision of the Services, until a reasonable time after full payment is received by MOBU Technologies.
11.9 In the event that the Contract expires or is terminated for any reason, the Customer will not be entitled to any refund of any Fees or other remuneration paid to MOBU Technologies, whether or not they are paid in advance.

Suspension, modifications and other MOBU Technologies Rights

12.1 MOBU Technologies reserves the right at any time in its sole discretion (i.e. without any consent from Customer) to substitute, change and/or modify the Software and Services, including their specifications and documentation, without any liability towards Customer whatsoever, including limitation to the scope, functionalities, and content of the Software, or part thereof, e.g. in order to comply with legal requirements and/or ensuring non-infringement of third party Intellectual Property Rights.
12.2 Further, MOBU Technologies is entitled to suspend or discontinue the provision of the Software and Services (in whole or in part) with immediate effect, without any liability towards
Customer whatsoever, in the following circumstances:
a. Non-payment in accordance with clause 11;
b. if required by law or by any applicable governmental or regulatory body;
c. if the Software or MOBU Technologies’ systems or any part of them is subject to an attack or virus (including, without limitation, unauthorised access);
d. if Customer is in breach of the Contract, or if MOBU Technologies reasonably believes that the Software and/or Services are being used in breach of the Contract; or
e. if there is an event in respect of which MOBU Technologies reasonably believes that the suspension of the Software and/or Services is necessary to protect the Software, Services and/or MOBU Technologies’ systems, the Customer and/or MOBU Technologies’ other customers.
12.3 MOBU Technologies may provide information about the Customer’s and End Users’ use of the Software and Services and access to Customer Data in response to requests from relevant government or regulatory authorities.

Monitoring and Audit

13.1 MOBU Technologies may monitor Customer’s (including End Users) usage of the Software and Services in order to verify that Customer’s use of the Software and Services is compliant with the terms and conditions of the Contract and to ensure that Customer is sufficiently licensed.
13.2 MOBU Technologies may upon reasonable notice (which shall not be less than two (2) business days), subject to Customer’s reasonable security procedures and during reasonable business hours, conduct an audit in order to verify that the terms and conditions specified in the Contract are complied with and that Customer is sufficiently licensed.
13.3 If monitoring or an audit reveals that Customer is not sufficiently licensed or has underpaid any Fees, then – without prejudice to MOBU Technologies’ other rights and remedies – the Fees payable by the Customer for such additional licenses and payments shall be calculated in accordance with MOBU Technologies’ then-current standard price list and the Customer shall pay to MOBU Technologies an amount equal to the underpayment within 30 days of the date of the relevant audit. Further, in case, monitoring or an audit reveals that Customer is not sufficiently licensed or has underpaid any Fees, Customer shall pay MOBU Technologies’ reasonable costs incurred in respect of such monitoring or audit.

Limitation of Liability

14.1 The Software is intended to make it convenient and easier to manage staff and business operations. However, the Software is provided “as is” without warranty of any kind, either expressed or implied, including but not limited to, any implied warranties and merchantability or fitness for a particular purpose. For the avoidance of doubt, MOBU Technologies does not warrant – and this is acknowledged by Customer – that (a) operation of the Software and supply of Services shall be uninterrupted or error free, or (b) that functions contained in the Software will be able to operate in combination with other software and systems used by Customer or meet Customer’s requirements.
14.2 Customer accepts that any information provided by MOBU Technologies is general information only and is not to be deemed as advice. MOBU Technologies will use reasonable business efforts to ensure that any information provided by MOBU Technologies is accurate. However, MOBU Technologies does not accept responsibility for any loss suffered as a result of Customer’s use of or reliance on the information provided by MOBU Technologies, other than expressly set out in the Contract.
14.3 MOBU Technologies shall in no event be liable to the Customer (or any other person or entity) for any indirect, incidental, special, punitive, exemplary, or consequential damages (including, but not limited to, procurement of substitute Software or product(s); loss of use, revenues, anticipated profits, anticipated savings, goodwill, business opportunities and/or any damage to and/or loss of data (in each case, whether direct or indirect or suffered by End Users); or business interruption) however caused and on any basis of liability, whether in contract, strict liability, misrepresentation, restitution or tort (including negligence or otherwise) arising in any way out of this Contract, the Software and Services, including Customer’s use thereof, even if advised of the possibility of such damage.
14.4 The total liability of MOBU Technologies for claims arising under or related to the Contract, tort, misrepresentation, restitution etc., howsoever arising, shall be limited to an amount equal to 50% of the aggregate annual subscription Fees paid under the Contract by the Customer to MOBU Technologies during the past twelve (12) months prior to the act or omission giving rise to the claim(s). Until twelve months has elapsed, the limitation of liability shall be calculated as the agreed annual subscription Fees for the first twelve (12) months after the Subscription Effective Date (based on the agreed number of licenses at the time of the Subscription Effective Date) multiplied by 0.5. This limitation of liability is cumulative and not per incident (i.e. the existence of two or more claims will not enlarge this limit)
14.5 Notwithstanding anything to the contrary in the Contract, MOBU Technologies’ liability to the Customer:
a. for death or personal injury caused by the negligence of MOBU Technologies, its employees or sub-contractors; and
b. for fraud or fraudulent misrepresentation, is not limited, but nothing in this clause 14 confers any right or remedy upon the Customer to which it would not otherwise be entitled.
14.6 Without prejudice to clause 10.2, MOBU Technologies is not responsible for any errors or problems of any nature arising from the use of the Software for purposes for which it was not designed.
14.7 Subject to clauses 14.5 and 17.2, MOBU Technologies will not be liable to the Customer for any damage to, loss of or costs in respect of time spent by Customer’s employees or consultants in connection with the Software and Services (in each case, whether direct or indirect or suffered by End Users).
14.8 Nothing in clause 14 shall be construed to limit MOBU Technologies’ liability under mandatory law, including e.g. (i) MOBU Technologies’ liability in cases where it is documented that MOBU Technologies has acted in a grossly negligent or intentional manner, or (ii) provisions of applicable product liability law. Any product liability is, however, disclaimed to the furthest extent possible.
14.9 This clause 14 will continue in force after termination of the Contract for whatever reason.

Confidentiality

15.1 The Parties acknowledge and confirm that during the Term of the Contract and forever following its expiry they shall keep Confidential Information of the other Party strictly confidential and secret, i.e. neither Party may use or disclose to any third party (nor permit its use or disclosure) any Confidential Information of the other Party, unless specifically set forth in the Contract or as contemplated for the proper use of the Software.
15.2 The obligation of confidentiality set forth in clause 15 shall not apply to (i) information which is or becomes publicly known (through no fault or breach of the receiving Party), and (ii) if either Party is required by law or by any statutory or regulatory authority to which it is subject to disclose any Confidential Information, then it shall be entitled to do so provided that it (a) to the extent allowed, promptly notifies the other Party in writing of the full circumstances of the required disclosure, (b) consults with the other Party as to steps to minimise or avoid the disclosure and takes any such steps reasonably required by that other Party, and (c) to the extent possible, receives confidentiality undertakings in a form approved by the other Party from the entity to whom the Confidential Information is disclosed.
15.3 MOBU Technologies is entitled to disclose information to any regulator, sub-contractor or service provider to it. Such information will be disclosed only to parties having a confidentiality agreement with MOBU Technologies, under which such information will be kept secret and confidential.

Use as reference in MOBU Technologies Marketing

16.1 By entering into this Contract, Customer agrees and accepts that MOBU Technologies will have the right to use Customer’s name and logos and the fact that the Customer is a customer of MOBU Technologies as a reference in brochure or advertising material issued by MOBU Technologies, provided this is used in a loyal manner and according to usual practice.

Customer Data

17.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the
Customer Data.
In the event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy shall be for MOBU Technologies to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by (i) MOBU Technologies to the extent that such Customer Data is held by MOBU Technologies through the provision of Services; and/or (ii) the Customer in all other circumstances. MOBU Technologies shall not be required to restore more than one previous full iteration of the Software and/or data containing the relevant lost or damaged Customer Data and shall not be required to restore one or more individual lost or damaged files.
17.2 MOBU Technologies shall however not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by MOBU Technologies to perform services related to Customer Data maintenance and back-up).
17.3 MOBU Technologies is entitled to delete or cease processing and separate any
Customer Data:
a. that is or may be infected with a virus or otherwise corrupted; or
b. the storage or transmission of which may put MOBU Technologies in breach of anyapplicable law.

Data Protection

18.1 The Parties acknowledge that MOBU Technologies may have access to personal data which the Customer has introduced into the Software. MOBU Technologies’ data processing activities are regulated in the separate Data Processing Agreement.

Use of sub-contractors

19.1 MOBU Technologies may at any time engage and use sub-contractors or sub-processors, without Customer’s prior consent, to provide the Software and Services according to the Contract. MOBU Technologies’ use of sub-processors are regulated in the Data
Processing Agreement.
19.2 MOBU Technologies is responsible for its sub-contractors/sub-processors’ compliance with MOBU Technologies’ obligations under the Contract.

Term and termination of convenience

20.1 The Contract shall enter into force on the Subscription Effective Date and shall continue to be in force in the Initial Subscription Term and thereafter in successive automatically renewed Subscription Periods until terminated in accordance with the provisions of the Contract, unless another date of expiry is expressly agreed in the Order Form, in which case the Contract will expire no later than on the agreed date of expiry, (the “Term”).
20.2 The Contract may not be terminated by either Party for convenience in the Initial Subscription Term.
20.3 After expiry of the Initial Subscription Term, either Party may terminate the Contract for convenience with a written notice of at least three (3) months prior to the expiry of the then-current Subscription Period and with effect from the expiry of said Subscription Period.

Termination for breach

21.1 The Customer may terminate the Contract with immediate effect if MOBU Technologies is in material breach of the Contract and (in the case of a breach capable of being remedied) this has not been remedied within 30 days of a written request to remedy the breach.
21.2 MOBU Technologies may terminate the Contract with immediate effect if:
a. the Customer has failed to pay Fees or any sums due to MOBU Technologies under the Contract within 30 days from the due date; or
b. the Customer is in material breach of the Contract and (in the case of a breach capable of being remedied) this has not been remedied within 30 days of a written request to remedy the breach.
21.3 MOBU Technologies will make the Customer Data electronically available in a standard format to be exported by the Customer for a period of 14 days after expiry or termination of the Contract. If any additional assistance is needed, this will be invoiced according to the time and material used by MOBU Technologies. MOBU Technologies may permanently delete any Customer Data that remains in its possession for more than 120 days following expiry or termination of the Contract.
21.4 Any termination of the Contract under this clause 21 is without prejudice to any other rights or remedies a Party may be entitled to under the Contract or applicable law. It does not affect any accrued rights or liabilities of neither Party nor any provision which is expressly or by implication intended to come into force on, or continue in force after termination.
21.5 Any other provisions which expressly or impliedly continue to have effect after expiry or termination of the Contract shall survive expiry or earlier termination of the Contract.

Force Majeure

22.1 If either Party is affected by a Force Majeure Event under the Contract, it shall promptly notify the other Party in writing of the matters constituting the Force Majeure Event and shall keep that Party fully informed of their continuance and of any relevant change of circumstances whilst such Force Majeure Event continues.
22.2 The Party affected by a Force Majeure Event shall take all reasonable steps to minimise the effects of the Force Majeure Event.
22.3 Either Party shall have the right to terminate the Contract forthwith for convenience with thirty (30) days’ prior written notice, if the Force Majeure Event exists for a consecutive period of sixty (60) days.
22.4 Neither Party shall be in breach of this Contract, or otherwise liable to the other Party, by reason of any delay in performance, or non-performance of any of its obligations which is caused by a Force Majeure Event.

Miscellaneous

23.1 Notices: Any notices shall, unless otherwise expressly stated, be in writing and shall be given by sending the same by e-mail or registered post to the other Party’s address as may be designated in writing from time to time. Any notice sent by registered post shall be deemed to have been delivered five Working Days after its posting if sent domestically and 10 Working Days after its posting if sent internationally. Any notice given by e-mail shall be deemed to have been delivered on the next Working Day following transmission.
23.2 Order of precedence: In the event of any conflict or inconsistency between the terms and conditions of this Contract, the following order of precedence apply:
1. Order Form
2. Any addenda
3. General Subscription Terms and Conditions
4. Data Processing Agreement
5. Any appendices
6. Other documents
Notwithstanding the above-mentioned order of precedence, the Data Processing Agreement will take precedence in relation to the processing of personal data, however not in relation to the liability section of the General Subscription Terms and Conditions. This means that the Order Form has the highest rank in case of conflict and/or inconsistency between terms and conditions in the Order Form and the terms and conditions set forth in the General Subscription Terms and Conditions.
23.3 Assignment: The Customer may not assign, novate, transfer or subcontract any rights or obligations under the Contract without MOBU Technologies’s prior written consent. MOBU Technologies shall have the right to assign, novate, transfer or subcontract all or any of its rights and obligations under the Contract to any third party upon written notice to the Customer including without limitation appointing agents to invoice and receive payment from the Customer under the Contract.
23.4 Sale of shares and transfer of assets: MOBU Technologies is at any time entitled (without consent from Customer) to divest its business (transfer of assets) in whole or in part and to enter into any investment agreements or share sale and purchase agreements etc. with any third parties.
23.5 No waiver: Failure by either Party to exercise or enforce any right conferred (which, for the avoidance of doubt, includes without limitation MOBU Technologies’ right to charge any costs and/or expenses at any time) shall not be deemed to be a waiver of any such right nor operate so as to prevent exercise or enforcement thereof or of any other right on any later occasion.
23.6 Changes/amendments: The Contract may only be varied or amended in writing and any such variation or amendment must be signed by a duly authorised representative of each of the Parties.
23.7 Entire Contract: The Contract constitutes the entire agreement between the Parties and supersedes any prior agreement or arrangement in respect of its subject matter. Neither Party has entered into the Contract in reliance upon, and it will have no rights in respect of, any misrepresentation, representation or statement (whether made by the other Party or any other person and whether made to the first Party or any other person) which is not expressly set out in the Contract. Nothing in this clause 23.7 will be interpreted or construed as limiting or excluding the liability of any Party for fraud, intent or fraudulent misrepresentation.
23.8 Severability: In the event that any provision of the Contract is declared by any judicial or other competent authority to be void, voidable, illegal or otherwise unenforceable or indications of the same are received by either of the Parties from any relevant competent authority, then (i) such provision shall be severed from the Contract and the remaining provisions shall remain in full force and effect, and (ii) the Parties shall discuss in good faith with a view to substituting any void and/or unenforceable provision with a valid and enforceable provision which achieves to the greatest extent possible the economic, legal and commercial objectives of the void and/or unenforceable provision.

Governing law and disputes

24.1 Governing law
24.1.1 The validity, interpretation, and performance of this Contract shall be governed by and construed under the laws in England.
24.2 Negotiations
24.2.1 Should a dispute arise between the Parties as to the interpretation or the legal effects of the Contract, the Parties shall first seek to resolve such dispute through negotiations.
24.2.2 If such negotiations do not succeed within ten (10) Working Days, or a different period agreed by the Parties, each of the Parties may request that the dispute be brought before (i) an independent expert appointed by the Parties, or (ii) submitted for mediation, cf. clause 24.3, or (iii) the English courts, cf. clause 24.4.
24.3 Mediation
24.3.1 If a dispute related to this Contract has not been resolved after negotiations, the Parties shall attempt to resolve the dispute through mediation unless either Party objects to mediation.
24.4 Competent courts
24.4.1 If a dispute is not resolved through negotiations, through mediation or by an independent expert, the dispute may be brought before the English courts.

Policies and Procedures

You can find MOBU Technologies’ specific policies below
Policies overview
Here, you can find more information about MOBU Technologies’ policies and procedures as they relate to GDPR.
General Data Protection Regulation (GDPR) is a standardised regulatory framework that gives individuals the right:

• To be Informed
• To Rectification
• To Restrict Processing
• To Object
• To Erasure (“to be forgotten”)
• Of Data Portability
• Of Access
• To understand automated decision making and profiling

GDPR also ensures that personal information is obtained, handled and disposed of properly.
GDPR ensures that personal information shall be:
1. processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’)
2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’)
3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)
4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)
5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’)
6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)
As a data controller and data processor, MOBU Technologies is fully committed to comply to GDPR principles. MOBU Technologies have adequate and effective measures, controls and procedures in place, that protect and secure your personal information and guarantee that it is only ever obtained, processed and disclosed in accordance with data protection laws and regulations.

All of our policies are explained in this part of the website.

How do I file a complaint about MOBU Technologies’ subject access request policy or
process?
Please refer to our Complaints process

MOBU Technologies’ voluntary registration with supervisory authorities
MOBU Technologies is registered with these supervisory authorities:
1. UK-based Information Commissioner’s Office and our registration number is …..
Details about MOBU Technologies’ Data Protection Officer
MOBU Technologies Data Protection Officer (DPO) is as follows:
Name: Rodwell Mnkandla
Position: Director
Address: MOBU Technologies Ltd 59, Barlow Road, Wednesbury, WS10 9QB, United Kingdom
Email: support@carehomeschedule.com , for the attention of MOBU Technologies’ DPO

Complaints Policy and procedure

Carehome Schedule’s complaint handling policy and procedure has been created to address any complaints from admins or end users of Carehome Schedule accounts, and complies with Data Privacy regulations. Carehome Schedule is committed to delivering a fair, open and clear process for complaints and ensure a satisfactory outcome for all admins and end users of Carehome Schedule portals who raise a complaint. We provide thorough staff training in our complaint handling procedures and support our staff in how to handle complaint situations in a face-to-face, written, or via phone. Carehome Schedule considers and responds to all complaints and issues, no matter how they are raised or what they refer to. Some issues and complaints our Support Team can resolve immediately, but some issues have to be escalated to our Management Team. Any data processing related complaints, data protection infringes or data breaches are immediately escalated to our Data Protection Officer.
How do I file a complaint?
If you have a complaint about Carehome Schedule’s product or service, please email us at support@carehomeschedule.com If the complaint is related to data processing, data protection infringes, or data breaches, please address the email to MOBU Technologies’s DPO (Rodwell Mnkandla), and clearly state that your complaint is about data. After you go through this process, we will create a customer support case, and will send through an acknowledgement of your complaint, as well as a timeline within which it will be addressed. MOBU Technologies will then internally investigate the issue, and work with you to resolve it. If you are unhappy with our process or the outcome of the investigation related to data processing, data protection infringes or data breaches, then you can contact the relevant supervisory authority:
1. UK-based Information Commissioner’s Office via their Contact Us page
Your right to file a complaint against MOBU Technologies with supervisory authorities
You have the right to file a complaint with the supervisory authority if you think we have infringed on your rights as covered by the General Data Protection Regulation (GDPR), or where MOBU Technologies has breached data protection law. The supervisory authority with which the complaint has been lodged, is responsible for informing you on the progress and the outcome of the complaint, including the possibility of a judicial remedy where the supervisory authority does not handle a complaint or does not inform the data
subject within three months on the progress or outcome of the complaint lodged.

Communications Policy

MOBU Technologies sends the following notifications and communications:

• Product and service notifications, (e.g. notifications about product updates and new features, product webinars)
• Incident and data breach notifications
• Marketing communications (e.g. notifications about events, news about the industry, blogs and newsletters)

MOBU Technologies, GDPR and Article 21
MOBU Technologies enables admins and end-users to manage notifications and communications.
Article 21 of the GDPR gives you the right to object to the processing of your personal data for notifications and communications. Carehome Schedule is fully committed to ensuring this.

How can I manage my preferences for product and service notifications from Carehome Schedule?
Product and service notifications are communications from Carehome Schedule’s Product Team. These are sent to admins of Carehome Schedule accounts via email and push notifications in the Carehome Schedule product, in order to alert admins of any changes to features, functionality, or service that may impact their use of Carehome Schedule. At least one admin of a Carehome Schedule account is required to receive all product and service notifications. If an admin would like to opt out from receiving these notifications, we encourage them to ensure there is another admin on their Carehome Schedule account who will receive them and address any actions required on behalf of their company. We highly recommend that admins do not unsubscribe from receiving these notifications. Restricted admin users and end users without admin permissions cannot opt in to product and service notifications.
How do I manage my preferences for incident and data breach notifications?
Carehome Schedule reports on all types of incidents on support@carehomeschedule.com. Examples of incidents reported are: if a feature is temporarily unavailable or there are performance issues in some parts of the product. These types of security notices are not sent out to admins and end-users automatically; you need to opt in to receive these notices. We highly recommend that admins and end users subscribe to receive these security notifications. You can do so by opting in by clicking the Subscribe to updates button. Please note that these preferences will be stored for your contact record and will not save your preferences for other users of your Carehome Schedule account.
Where can I manage my preferences for marketing communications from Carehome Schedule?
You may submit your email address to opt-out of marketing communications from CarehomeSchedule by emailing support@carehomeschedule.com

As an admin, can I assign preferences for other admins of my Carehome Schedule account?
Admins only have control of their own individual settings. Preference updates for other admins are managed individually.
As an admin, can I assign preferences for other end users of my Carehome Schedule account?
No, preference updates related to notifications and communications to end-users are managed individually.
Subject Access request Policy
Carehome Schedule collects and processes personal data, as described in MOBU Technologies’ Privacy Policy.
Under GDPR, data that Carehome Schedule holds on an individual is made available to the individual.
I use a Carehome Schedule account, can I request data?
As an individual, you can request a copy of the data that Carehome Schedule holds on you. Carehome Schedule highly recommends that you also contact the admin of your account and
ask for a copy of your data. To request data, please see the section “How do I make a subject access request?”
I am an admin of a Carehome Schedule account, can I request data?
If you are an admin, and you want a full copy of data on the account, please contact support@carehomeschedule.com You can request data on behalf of an employee, as a representative of the employee. This has to be clearly stated, and you must provide confirmation that you have the employee’s
permission to request data. To request data on behalf of an employee, please see the section “How do I make a subject access request?”
How current is the available data?
Any data requested is the data that Carehome Schedule holds as at that point in time. If an employee has requested that their data is deleted, and Carehome Schedule has (after internal consultation and investigation) deleted this data, then that data may not be available. If an admin has deleted data in the account, this data will also not be available to the employee.
When will I receive the data Carehome Schedule has on me?
Carehome Schedule will give you a copy of the data held on you at within one month (calendar days) of the request. This timeline starts the day after the request was made until the corresponding calendar date in the next month.
How do I file a complaint about Carehome Schedule’s subject access request policy or process?
Please refer to our complaints policy.

Access Request form

Under the General Data Protection Regulation, you are entitled as a data subject to obtain a copy of the data that Carehome Schedule holds on you. We have the right to establish your identity when making a request, and may ask for additional identification proof, such as your National Insurance Number, Payroll ID. The submitted form will be sent to support@carehomeschedule.com , then a support case with a reference number will be opened, and our Support team will acknowledge receipt. The timeline your admin has to respond to these queries is 30 calendar days. Please note that once this form is submitted electronically, this is equivalent to signing a paper copy of the form.

Right to be informed Policy and procedure

Carehome Schedule collects and processes personal data, as described in MOBU Technologies’ privacy policy.
Under GDPR, an individual has the right to be informed about:

• What data are we collecting
• Why we are processing individual’s personal data
• Our legal basis for processing
• Our retention periods
• Our complaints process
• Who it will be shared with, transfers, storage etc.

You also have the right to be informed if we sourced your data from third parties. Carehome Schedule has ensured that whenever we collect personal data from you, you are made aware of our Privacy Policy and any other related terms. We also ensure that you consent to processing of your personal data. We are transparent about the data we collect, and more detailed information can be accessed in the Carehome Schedule product via the Help section. This policy explains how you can exercise the Right to be Informed.

What is Carehome Schedule’s legal basis for processing?

Carehome Schedule processes data based on the legal basis of: performance of contract, consent, compliance, and legitimate interest.

What are Carehome Schedule’s retention periods?

Please contact support@carehomeschedule.com for details on our data retention periods.

I use a Carehome Schedule account, how do I request to be informed?

As an individual, you can request more information about your data, as described in the policy overview. You can also consult our Privacy Policy for more details, as well as this section of our website.
To get more details, please contact support@carehomeschedule.com and clearly state that you are seeking more details on data processing.
How do I file a complaint about Carehome Schedule’s Right to be Informed policy or process?
Please refer to our Complaints policy
Rights to restrict processing policy and procedure
Carehome Schedule collects and processes personal data, as described in MOBU Technologies’ Privacy Policy.
Under GDPR, an individual has the right to request a restriction of processing under certain circumstances:

• you contest the accuracy of your personal data processed by Carehome Schedule, and you are verifying the accuracy of the data;
• the data has been unlawfully processed and the individual opposes erasure and requests restriction instead;
• Carehome Schedule does not need the personal data any longer but you need us to keep it in order to establish, exercise or defend a legal claim; or
• you have objected to Carehome Schedule’s processing of your data , as per your right to object to processing.

Please note that this right is not absolute, and Carehome Schedule will investigate your request
and respond accordingly.

I use a Carehome Schedule account, how do I request to restrict processing?
If any of the following apply to you, please contact support@carehomeschedule.com with details about your request:

• If you contest the accuracy of your personal data and want to rectify it
• If you think your data has been unlawfully processed
• If you need us to keep your data

If you are objecting to us processing your data, specifically for marketing communication, please contact support@carehomeschedule.com as well.

When will Carehome Schedule process my request?
Carehome Schedule has one month to reply to your request.

How do I file a complaint about Carehome Schedule’s Right to Restrict Processing policy or process?
Please refer to our Complaints policy

Right to Object Policy and Procedure

Carehome Schedule collects and processes personal data, as described in MOBU Technologies’ Privacy Policy.
When you consent to process your personal data for marketing purposes, we process your personal data for the following:

• Sharing product releases and new features
• Sending tips on how to improve your business, and how you can get involved in the Carehome Schedule community to hear more from other customers
• Sending tips on how to use the product more effectively
• Sharing market research and inviting you to participate in market research, including seeing new features we are working on
• Being invited to our webinars and events

You have the right to object to marketing from Carehome Schedule.
This removes your consent to receive any type of marketing information from Carehome Schedule, and you will need to actively opt in again.

How do I remove consent for marketing?
To remove your consent for marketing, please contact support@carehomeschedule.com When you sign up for a trial or download any marketing content from our website, you also have the option to opt into marketing from Carehome Schedule.

What about other types of communications and notifications? How do I manage my preferences for these?
Please contact support@carehomeschedule.com.

When will Carehome Schedule process my request?
Carehome Schedule will process your request within one working day.

How do I file a complaint about Carehome Schedule’s Right to Object policy or process?
Please refer to our Complaints Policy

Right to rectification Policy and Procedure

Carehome Schedule collects and processes personal data, as described in MOBU Technologies’ Privacy Policy.
Under GDPR, an individual has the right to rectify any personal data that Carehome Schedule holds by:
– correcting inaccurate data
– completing incomplete data
This policy explains how you can exercise this right.

I use a Carehome Schedule account, how do I request data to be rectified?
You can request that personal data be rectified verbally or in writing. If your request is made verbally, our Support Team will ask you to confirm this in writing. Any requests should be sent to support@carehomeschedule.com with details of what data needs to be corrected. The Support Team will ask you to verify your identification, and confirm any changes in writing.
When will Carehome Schedule correct my data?
Carehome Schedule has one month to correct any personal data.
Can I update my own data in my account?
Yes. If you are an employee, good practice is to let your admin know that data has been updated.
Data updated by yourself or by your admin, on your behalf, is controlled and processed by you and your admin, and Carehome Schedule has no responsibility for this.

How do I file a complaint about Carehome Schedule’s right to rectification policy or process?
Please refer to our Complaints policy.

Right to Data portability policy and Procedure

Under GDPR, data that Carehome Schedule has on you will be made available if you request it. If you are an employee, you should ask your employer for the data first. Then, you can email support@carehomeschedule.com and we’ll be happy to assist you. If you’re an admin of your Carehome Schedule account, please contact support@carehomeschdule.com If you have a complaint about how Carehome Schedule handles data portability, please refer to our Complaints policy.

Right to Erasure Policy

Carehome Schedule collects and processes personal data, as described in MOBU Technologies’ Privacy Policy. Under GDPR, an individual has the right to request that any personal data is deleted. This right is not absolute, which means that we need to investigate your request, review our data retention schedule, work with your account’s admin, then determine whether this is request can be complied with. If we cannot fulfil this request, we will explain why.
How do I request for my data to be deleted?
As an individual, you can request that your data is deleted. You need to speak to the admin of your Carehome Schedule account first to fulfil this right. You can also contact us at support@carehomeschedule.com and we will help out by working with the admin of your account.
How long does it take to process this request?
Carehome Schedule will work with the admin of your account to review this request. You will receive a response within one month (calendar days) of receipt of request. This timeline starts the day after the request was made until the corresponding calendar date in the next month.
How do I file a complaint about Carehome Schedule’s Right of Erasure policy or process?
Please refer to our Complaints Policy.

Automatic Profiling policy

Carehome Schedule collects and processes personal data, as described in MOBU Technologies Privacy Policy. The Customer (i.e. Care home or agency) has a choice to use the following personal data to automatically profile admins or end-users. Skills, Position, while agencies can additionally use the following: No of times at the home, location.
If you have any questions about this, please contact us as support@carehomeschedule.com
If you have a complaint about our policy, please refer to our Complaints policy

MOBU Technologies is committed to protect you and your employer’s privacy. We only collect
and use Personal Data to provide you and your employer with the workforce management
system and all associated services.

Who we are

Carehome Schedule system, Trademark and trading name is wholly owned by MOBU
Technologies Ltd
MOBU Technologies Ltd is a company registered in the United Kingdom at 59 Barlow Road,
Wednesbury, WS10 9QB. Company No: 11265775.
Email customer service: support@carehomeschedule.com
Telephone customer service: (+44) 121 502 0333
Data Protection Officer (DPO): Our DPO can be contacted as above. Please address any
questions for attention of our DPO.

Statement of Privacy, and Acceptance of the Privacy Policy

MOBU Technologies is committed to protecting your privacy and developing technology that
gives you the most powerful and safe online experience.
This is our privacy policy (the “Privacy Policy”) and it applies when you use our workforce
management system and associated services (the “App”) and our website
carehomeschedule.com and all other connected MOBU Technologies websites worldwide (the
“Sites”).
This Privacy Policy governs the collection and usage by us of your “personal data”, namely any
information which personally identifies you e.g. your e-mail address, name, home address, work
address or telephone number etc).
Please read the following carefully to understand our views and practices regarding your
personal data and how we will treat it.
By visiting the website, using an associated service, or by using the App, and by ticking the “I
agree” buttons when first registering or logging into the App you are accepting and consenting
to us collecting your personal data and using it in accordance with the practices described in
this Policy.
You may withdraw your consent at any time as listed in the “Your rights” section below.
For the purposes of the UK Data Protection Act 1998, the General Data Protection Regulation
(“GDPR”) and any subsequent UK legislation implementing the GDPR (the “Legal Framework”),
the data controller, in relation to personal data entered by you into the App, is MOBU
Technologies of 59 Barlow Road, Wednesbury, WS10 9QB, United Kingdom
Our UK ICO registration no. is …… MOBU Technologies is a certified holder of CyberEssentials
(UK Government-backed cyber protection scheme, now industry standard).
In relation to data provided to us by our business customers to enable us to provide services to
them, that business will be the data controller and we will be the data processor. These
businesses warrant in our agreements with them that they have complied with and shall
continue to comply with the Legal Framework in relation to the data they control and pass to us
and that they have the necessary consents to use the data in relation to the services we provide
to them.

What will MOBU Technologies do with my Personal Data?

MOBU Technologies limits the personal data collected and processed for the following
purposes:

• to provide, operate, support use of, maintain and improve the App, Sites, associated services, and services we advertise on our website;
• to carry out our obligations arising from any contracts entered into between your employer and us and to provide you and/or your employer with the information, products and services that you and/or your employer request from us;
• to enable your employer to contact you via the App;
• to enable your employer to be able to be able to produce analytical reports for the purposes of understanding trends per care home e.g. lateness, sickness;
• to provide automatic responses to certain services, like welcoming messaging to the product, and default customer support answers and to notify you or your employer of MOBU Technologies service updates, incidents, and product features and news. These communications are considered essential to the provision of the service you have requested. You will not be able to choose to unsubscribe to these automatic responses, as they are considered a part of the service you have chosen;
• to notify you or your employer about changes to our service and to provide and deliver any other products and services that you or your employer requests;
• to ensure that content from our App is presented in the most effective manner for you, your employer and for your computer, or mobile device;
• to provide you and your employer with information about other products and services we offer;
• to create lookalike audiences within social networks to enable us to advertise our services, or to create anonymised high-level research reports on workplace trends in a given industry, geography, or to compare industries and/or geographies on key workforce metrics;
• to provide you and your employer or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing user of the App, we may contact you with information about goods and services similar to those which you currently use; if you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you only if you have consented to this. For information on your rights relating to consent, please see the section “Your rights”;
• to protect against, investigate and deter fraudulent, unauthorised or illegal activity.

What Personal Data does MOBU Technologies collect?

MOBU Technologies collects the following Personal Data:

• data provided by you and / or your employer/ or your Agent when you sign up for the App and use any of the associated services by filling in a field or forms in our App or Sites or any of our social media platforms, or by corresponding with us by phone, e-mail or otherwise;
• data provided through the use of the App, for example employee details, and/or work pattern information or uploaded documents (including photographs) or any other details entered into our App;
• data provided by you or your employer or agent when subscribing to our emails, participating in discussion boards or other social media functions linked to or on our App or associated services, including responding to a survey from us;
• data provided when updating your subscription preferences via the Subscription Centre;
• data you or your employer or your agent give our Sales, or Support teams when you or your employer /agent report a problem, request our support services, request or complete a review, demo or other trial of our services, register to use our App;
• data transferred via any other software services integrated with the App;
• data automatically collected when using the Sites, such as cookies;
• data automatically collected when using the App and / or Sites, including:
  • the data we need access to on your device in order to deliver the App and associated services, such as device and app history, identity, location, Wi-Fi connection information, device ID and call information;
  • technical data, such as the make, model and operating system of your device, a device identifier, geolocation settings, time zones, and network information, your IP address, browser type, domain names, access times and referring web site addresses;
  • usage data, as collected via Analytical Services;
• data provided via other sources, for example Net Promoter Scores or customer
  feedback.

Analytical Services

We may use third party analytics services (“Analytics Services”), to help analyse how you and/or
your employer use our Sites and the App. The information generated by the cookies or other
technologies about your and/or your employer/agent’s use of the App and/or Sites (the
“Analytics Information”) is transmitted to the Analytics Services. The Analytics Services use
Analytics Information to compile reports on product usage and activity.
The Analytics Services may also transfer the Analytics Information to third parties where
required to do so by law, or where such third parties process Analytics Information on their
behalf. Each Analytics Service’s ability to use and share Analytics Information is restricted by
such Analytics Service’s particular Terms of Use and Privacy Policy. By using MOBU
Technologies’s services and products, you and/or your employer/agent consent to the
processing of your Personal Data by Analytics Services in the manner and for the purposes
detailed in this Policy.

Anonymous Data

“Anonymous Data” is the type of data that does not enable us to identify you, either by using this
data by itself or combining it with any other information, for example data derived from personal
data that is aggregated and compiled in anonymous form, Analytics Information and information
collected from cookies.
We may create Anonymous Data from the personal data we receive from you and/or your
employer/agent through any of the methods listed in this Policy, including usage data. We
convert personal data into Anonymous Data by removing personal information, such as names,
ID’s, etc. We use this data to analyse requests and usage patterns for innovation and for
improving our App, associated services, and Sites. We may share Anonymous Data with third
parties.

Who will MOBU Technologies share my personal data and/or usage data with?

MOBU Technologies does not sell, rent or lease its customer or end users lists to third parties.
MOBU Technologies will share your personal data and usage data with the following third
parties (such third parties are prohibited from using your personal data except to provide these
services to MOBU Technologies):

• MOBU Technologies’ operational service partners in order to operate the App and the Sites and deliver the services you have requested; and/or with trusted partners to help us perform statistical analysis, marketing campaigns, PR campaigns, remarketing, send you email or postal mail, or provide customer support;
• any existing or future member of its group, which means its subsidiaries, its ultimate holding company and their subsidiaries, as defined in section 736 of the UK Companies Act 2006.

In the event that MOBU Technologies sells or buys any business or assets it may disclose your
personal data and/or usage data to the prospective seller or buyer of such business or assets.
In the event that substantially all of MOBU Technologies’ assets are acquired by a third-party
purchaser, your Personal Data and/or usage data may be one of the transferred assets.
MOBU Technologies will not disclose your personal data and/or usage data to any other third

parties without your consent unless required to do so by law or in the good faith belief that such
action is necessary to:

• comply with the law or with legal process served on MOBU Technologies;
• protect and defend the rights or property of MOBU Technologies;
• and act under exigent circumstances to protect the personal safety of users of the App and/or the Sites.

Please keep in mind that if you publicly disclose Personal Data and/or usage data through our
App or our Sites, we are not responsible for the security of the personal data you publicly
disclose and it may be collected and used by others.
The Sites may contain links to make it easier for you to visit other websites. These websites are
managed by third parties and MOBU Technologies encourages you to review the privacy
statements of websites you choose to link to from the Sites so that you can understand how
those websites collect, use and share your information. MOBU Technologies is not responsible
for the privacy statements or other content on websites it may link to.

Does MOBU Technologies collect or process sensitive data?

MOBU Technologies does not systematically monitor individuals based on personal data.
The App does have custom text fields in which sensitive data can be added by either you and/or
your employer/agent. These fields are configured by you and/or your employer, and you and/or
your employer accept full liability (and hold MOBU Technologies free from any liability under the
Legal Framework) for any sensitive data entered into these fields. Any data entered into these
fields will be processed in the same way as we process personal data.
Where does MOBU Technologies transfer, store and/or process my personal data?
The data that we collect from you may be transferred to, and stored at, a destination outside the
UK. It may also be processed by staff operating outside the UK who work for us or for one of our
suppliers. The third-party supplies may be engaged in, among other things, the development of
the App and/or Sites, the enrichment of your data, the fulfilment of your order, the processing of
your payment details and the provision of support services.
We will only transfer, store or process your data with such third-party suppliers who have
agreed to comply with the required data security standards, policies and procedures and have
put adequate security measures in place. By ticking the “I agree” button when first registering or
logging into the App and by submitting your personal data, you consent to this transfer, storing
or processing of your personal data with our sister companies and business partners located
outside of the UK.
All information you provide to us is stored on secure servers within a private network and is
encrypted when in transit between those servers and a third-party supplier. We retain your data
as per our data retention schedule.

How does MOBU Technologies protect my personal data?

As you would expect, MOBU Technologies takes security of personal data very seriously. Our
risk management and security controls include:

• embedding data privacy by design into everything we do;
• consent and permission management for both you and/or your employer;
• internal access control based on role and least privilege; all access is logged;
• risk management, business continuity, including disaster recover, backups, business impact assessments, risk registers and Data Protection Impact Assessments;
• data breach management: MOBU Technologies will inform all users impacted of a data breach within 72 Hours;
• cryptography, crypto controls, key management;
• all data is backed-up;
• securing all of MOBU Technologies’ office facilities;
• asset management;
• network segregation, penetration testing, and a software development cycle.

Protecting my password

Your password enables you to access certain parts of our App. You are responsible for keeping
this password confidential and for updating it regularly. We ask you not to share a password
with anyone. Should you forget your password, it is your responsibility to request a new
password from us.

How we use cookies on our websites and in our App

MOBU Technologies uses “cookies” to help you personalise your online experience. A cookie is
a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run
programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can
only be read by a web server in the domain that issued the cookie to you.
MOBU Technologies uses cross-domain cookie tracking, so cookies issued by one MOBU
Technologies domain can be read by another MOBU Technologies -owned domain. One of the
primary purposes of cookies is to enhance your user experience.
MOBU Technologies keeps track of the websites and pages you or your employer/agent visit
within our Sites and may process this personal data in order to determine which services and
facilities are the most popular.
You have the ability to accept or decline cookies through your browser settings. Most web
browsers automatically accept cookies, but you can usually modify your browser setting to
decline cookies if you prefer. If you choose to decline cookies, you may not be able to use our
Sites or sections of our sites.

Your Rights

The Legal Framework gives you the right to access information held about you and to have
inaccurate personal data rectified or completed, if incomplete. You are also entitled to request
the restriction or suppression of your personal data or that we erase it completely. You are also
entitled to obtain from us and reuse your personal data for your purposes.
You have the right not to consent to us processing your personal data for marketing purposes.
You may have given us your consent to do so when you first logged into our App. You can
exercise your right to prevent such processing by checking certain boxes on the “Subscription
Centre”. You can also exercise this right at any time by contacting us at
support@carehomeschedule.com
Your rights can be exercised in accordance with the Legal Framework. Any query you have
regarding the handling of your data should be made in the first instance at
support@carehomeschedule.com addressed for the attention of our Data Protection Officer.
If you are not happy with our response to your query, you are entitled to contact the relevant
supervising authority, which in the UK is the ICO

Changes to our Privacy Policy

Any changes we make to our Privacy Policy in the future will be updated on the Sites, and,
where appropriate, the changes will be notified to you by e-mail. Please check back frequently
to see any updates or changes to our Privacy Policy.
We last reviewed this Privacy Policy in June 2018. © MOBU Technologies 2018. All Rights
Reserved.
PRIVACY POLICY OF MOBU Technologies
This Application collects some Personal Data from its Users.
Owner and Data Controller
MOBU Technologies Ltd, 59 Barlow Road, Wednesbury, WS10 9QB, United Kingdom
Owner contact email: support@carehomeschedule.com

Types of Data collected

Among the types of Personal Data that this Application collects, by itself or through third parties,
there are: Cookies, Usage Data, email address, first name, last name, phone number, company
name, address, country, various types of Data, city, number of employees, passport details and
geographic position.
Complete details on each type of Personal Data collected are provided in the dedicated sections
of this privacy policy or by specific explanation texts displayed prior to the Data collection.
Personal Data may be freely provided by the User, or, in case of Usage Data, collected
automatically when using this Application.
Unless specified otherwise, all Data requested by this Application is mandatory and failure to
provide this Data may make it impossible for this Application to provide its services. In cases
where this Application specifically states that some Data is not mandatory, Users are free not to
communicate this Data without consequences to the availability or the functioning of the
Service.
Users who are uncertain about which Personal Data is mandatory are welcome to contact the
Owner.

Any use of Cookies – or of other tracking tools – by this Application or by the owners of third-
party services used by this Application serves the purpose of providing the Service required by

the User, in addition to any other purposes described in the present document and in the Cookie
Policy, if available.
Users are responsible for any third-party Personal Data obtained, published or shared through
this Application and confirm that they have the third party’s consent to provide the Data to the
Owner.

Mode and place of processing the Data

Methods of processing

The Owner takes appropriate security measures to prevent unauthorized access, disclosure,
modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following
organizational procedures and modes strictly related to the purposes indicated. In addition to
the Owner, in some cases, the Data may be accessible to certain types of persons in charge,
involved with the operation of this Application (administration, sales, marketing, legal, system
administration) or external parties (such as third-party technical service providers, mail carriers,
hosting providers, IT companies, communications agencies) appointed, if necessary, as Data
Processors by the Owner. The updated list of these parties may be requested from the Owner
at any time.

Legal basis of processing

The Owner may process Personal Data relating to Users if one of the following applies:

• Users have given their consent for one or more specific purposes. Note: Under some legislations the Owner may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law;
• provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
• processing is necessary for compliance with a legal obligation to which the Owner is subject;
• processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner;
• processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.

In any case, the Owner will gladly help to clarify the specific legal basis that applies to the
processing, and in particular whether the provision of Personal Data is a statutory or contractual
requirement, or a requirement necessary to enter into a contract.

Place

The Data is processed at the Owner’s operating offices and in any other places where the
parties involved in the processing are located.
Depending on the User’s location, data transfers may involve transferring the User’s Data to a
country other than their own. To find out more about the place of processing of such transferred
Data, Users can check the section containing details about the processing of Personal Data.
Users are also entitled to learn about the legal basis of Data transfers to a country outside the
European Union or to any international organization governed by public international law or set
up by two or more countries, such as the UN, and about the security measures taken by the
Owner to safeguard their Data.
If any such transfer takes place, Users can find out more by checking the relevant sections of
this document or inquire with the Owner using the information provided in the contact section.

Retention time

Personal Data shall be processed and stored for as long as required by the purpose they have
been collected for.
Therefore:

• Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
• Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Owner.

The Owner may be allowed to retain Personal Data for a longer period whenever the User has
given consent to such processing, as long as such consent is not withdrawn. Furthermore, the
Owner may be obliged to retain Personal Data for a longer period whenever required to do so
for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right to
access, the right to erasure, the right to rectification and the right to data portability cannot be
enforced after expiration of the retention period.

The purposes of processing

The Data concerning the User is collected to allow the Owner to provide its Services, as well as
for the following purposes: Analytics, Interaction with external social networks and platforms,
Remarketing and behavioral targeting, Advertising, Managing contacts and sending messages,
User database management, Contacting the User, Content commenting, Displaying content
from external platforms, Handling payments, Hosting and backend infrastructure, Infrastructure
monitoring, Interaction with support and feedback platforms, Location-based interactions,
Managing support and contact requests, Registration and authentication and Commercial
affiliation.
Users can find further detailed information about such purposes of processing and about the
specific Personal Data used for each purpose in the respective sections of this document.

Detailed information on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

Permissions asked for when installing the app

When installing the mobile app on your device we ask for:

• Device and App history
• Identity
• Location
• Wifi connection information
• Device ID information

Push Notifications

• This application may send push notifications to the user

The rights of Users

Users may exercise certain rights regarding their Data processed by the Owner.
In particular, Users have the right to do the following:

Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.

Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.

Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.

Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.

Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.

Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.

Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.

Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

Details about the right to object to processing

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in
the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to

such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their Personal Data be processed for direct marketing purposes,
they can object to that processing at any time without providing any justification. To learn, whether the
Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant
sections of this document.

How to exercise these rights

Any requests to exercise User rights can be directed to the Owner through the contact details provided in
this document. These requests can be exercised free of charge and will be addressed by the Owner as
early as possible and always within one month.

Additional information about Data collection and processing

Legal action
The User’s Personal Data may be used for legal purposes by the Owner in Court or in the stages leading
to possible legal action arising from improper use of this Application or the related Services.
The User declares to be aware that the Owner may be required to reveal personal data upon request of
public authorities.

Additional information about User’s Personal Data
In addition to the information contained in this privacy policy, this Application may provide the User with
additional and contextual information concerning particular Services or the collection and processing of
Personal Data upon request.

System logs and maintenance
For operation and maintenance purposes, this Application and any third-party services may collect files
that record interaction with this Application (System logs) use other Personal Data (such as the IP
Address) for this purpose.

Information not contained in this policy
More details concerning the collection or processing of Personal Data may be requested from the Owner
at any time. Please see the contact information at the beginning of this document.

How “Do Not Track” requests are handled
This Application does not support “Do Not Track” requests.
To determine whether any of the third-party services it uses honour the “Do Not Track” requests, please
read their privacy policies.

Changes to this privacy policy
The Owner reserves the right to make changes to this privacy policy at any time by giving notice to its
Users on this page and possibly within this Application and/or – as far as technically and legally feasible –
sending a notice to Users via any contact information available to the Owner. It is strongly recommended
to check this page often, referring to the date of the last modification listed at the bottom.
Should the changes affect processing activities performed on the basis of the User’s consent, the Owner
shall collect new consent from the User, where required.

Definitions and legal preferences

Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information — including a personal
identification number — allows for the identification or identifiability of a natural person.

Usage Data
Information collected automatically through this Application (or third-party services employed in this
Application), which can include: the IP addresses or domain names of the computers utilized by the
Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request,
the method utilized to submit the request to the server, the size of the file received in response, the
numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country
of origin, the features of the browser and the operating system utilized by the User, the various time
details per visit (e.g., the time spent on each page within the Application) and the details about the path
followed within the Application with special reference to the sequence of pages visited, and other
parameters about the device operating system and/or the User’s IT environment.
User
The individual using this Application who, unless otherwise specified, coincides with the Data Subject.
Data Subject
The natural person to whom the Personal Data refers.
Data Processor (or Data Supervisor)
The natural or legal person, public authority, agency or other body which processes Personal Data on
behalf of the Controller, as described in this privacy policy.
Data Controller (or Owner)
The natural or legal person, public authority, agency or other body which, alone or jointly with others,
determines the purposes and means of the processing of Personal Data, including the security measures
concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is
the Owner of this Application.
This Application
The means by which the Personal Data of the User is collected and processed.
Service
The service provided by this Application as described in the relative terms (if available) and on this
site/application.
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all
current member states to the European Union and the European Economic Area.
Cookies
Small piece of data stored in the User’s device.
Legal information
This privacy statement has been prepared based on provisions of multiple legislations, including Art.
13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation). This privacy policy relates
solely to this Application, if not stated otherwise within this document.