Aladdin Terms & Conditions
(last updated on 29th March 2023, view previous version here)
1. DEFINITIONS AND INTERPRETATION
- 1.1 In these Terms the following words shall have the following meanings:
Aladdin IP means the IP Rights owned or licensed by Aladdin including those that exist in the Services and any updates or modifications thereto; Aladdin Support means support and maintenance services provided by Aladdin under these Terms; Business Day a day other than a Saturday, Sunday or public holiday in Ireland when banks are open for business; Charges means Aladdin’s standard charges as provided to the School in the price list(s) provided to the School and as may be amended (including revised upwards) from time to time on notification to the School in accordance with Clause 7.8; Commencement Date means the date when these Terms is executed by both parties; Data Controller, Data Processor, Data Subject, Personal Data Breaches and processing shall have the meanings given to them in Data Protection Law; Data Protection Law means the Data Protection Acts 1988 to 2018, the General Data Protection Regulation (EU) 2016/679 (GDPR), and any other applicable law or regulation relating to the processing of Personal Data and to privacy, including the E-Privacy Directive 2002/58/EC and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011, as such legislation shall be supplemented, amended, revised or replaced from time to time and all guidance and codes of practice issued by a relevant supervisory authority, from time to time and which are applicable to the Data Processor; DPC means the Supervisory Authority in Ireland for the purposes of Article 51 of the GDPR whose principal administrative offices are at 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland, or any replacement Supervisory Authority under Data Protection Legislation, appointed from time to time in Ireland; End User means any individual using the Services as a result of these Terms; Force Majeure any cause preventing either party from performing any or all of its obligations which arises from or is attributable to acts, events, omissions or accidents beyond the reasonable control of the party so prevented including, without limitation, compliance with any law or governmental order, rule, regulation or direction, acts of God, war or terrorist activity, epidemics and pandemics, riot or civil commotion; Guardians has the meaning given to this term in Clause 3.2; Initial Term the initial term of these Terms which shall be a period of twelve (12) months from the Commencement Date; IP Rights means all intellectual property rights, including (without limitation) patents, supplementary protection certificates, petty patents, utility models, trademarks, database rights, rights in designs, copyrights and topography rights (whether or not any of these rights are registered, and including applications and the right to apply for registration of any such rights) and all inventions, know-how, trade secrets, techniques and confidential information, customer and supplier lists and other proprietary knowledge and information, and all rights and forms of protection of a similar nature or having equivalent or similar effect to any of these which may subsist anywhere in the world, in each case for their full term, and together with any renewals or extensions; Non Software Failure means any defect, error or fault in the Services which is caused by
(i) the Services having been used by the School or the End User other than in accordance with the specifications or its proper intended purpose;
(ii) any modification, variation or reconfiguration of the Services at the request of the School, including any documentation or information which the School requests to be integrated with the Services ;
(iii) any defect in the hardware, network or device using the Services;
(iv) the combination, operation, use or failure of third party or School proprietary information, software or networks with which the Service interfaces or is connected; or
(v) any virus or worm infecting the Services;
Normal Business Hours 9.00am to 5.00 pm in Ireland; Personal Data has the meaning given to the term in the GDPR and shall include all Personal Data relating to individuals which is processed by the Data Processor on behalf of the Data Controller in accordance with this Schedule; Renewal Period has the meaning set out at clause 13.1; School Data the data input by the School, End Users, or Aladdin (at the School’s request) , which shall include Personal Data, for the purpose of using the Services or facilitating the School's use of the Services; Services means all or any part(s) of the School administration services provided by Aladdin, including the Aladdin software, and any other products or services (including Aladdin Support) provided by Aladdin or its authorised agents, distributors, and licensees and all updates and amendments thereto, including the specifications and the associated documentation related thereto; Services Webpage means the landing page made available as part of the Services providing access to the Services; Standard Contractual Clauses the model contractual clauses dealing with the transfer of Personal Data outside the European Economic Area, which have been approved, as applicable, by (i) the European Commission under Data Protection Legislation, or (ii) by the DPC or an equivalent competent authority under Data Protection Legislation, as may be amended, supplemented or replaced from time to time; Supervisory Authority any court, regulatory agency or authority which, according to applicable laws and/or regulations (including Data Protection Law), supervises privacy issues and/or the processing of Personal Data; Term means the period of time starting on the Commencement Date and ending on the date of termination of these Terms; and Third-Party Sub-processors means any third-parties which may be engaged by Aladdin, from time to time, for the purpose of carrying out any element of the Services on behalf of Aladdin.
- 1.2 In these Terms (except where the context otherwise requires):
- 1.2.1 use of the singular includes the plural and vice versa and the use of any gender includes the other genders; and
- 1.2.2 any phrase introduced by the terms "including", "include", "in particular" or any similar expression shall be construed as illustrative and shall not limit the sense of the words preceding those terms.
2. LICENCE GRANTED BY ALADDIN
- 2.1. Subject to the School paying the Charges, the restrictions set out in this clause 2 and the other terms and conditions of these Terms, Aladdin hereby grants to the School a non-exclusive, non-transferable right to permit the End Users to use the Services during the Term solely for the School's internal operations.
- 2.2. The School undertakes:
- 2.2.1. to inform Aladdin if the number of children in the School exceeds the range specified when signing up for the Services;
- 2.2.2. to ensure that each End User shall keep a secure username and password for his use of the Services and that each End User shall keep his password confidential;
- 2.2.3. to ensure that each End User is reminded to change their password regularly; and
- 2.2.4. that it shall maintain a register of End Users as required adding and removing End Users as necessary.
- 2.3. The School shall not use or access the Services in any way that:
- 2.3.1. is unlawful, immoral, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive, as solely determined by Aladdin;
- 2.3.2. facilitates illegal activity;
- 2.3.3. depicts sexually explicit images;
- 2.3.4. promotes unlawful violence;
- 2.3.5. is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability;
- 2.3.6. is otherwise illegal or causes damage or injury to any person or property;
- 2.3.7. impersonates any person, business or entity, or misrepresents the School’s or End User’s identity;
- 2.3.8. contains viruses, worms or corrupted files or any other computer code, files or similar programs that interrupt, damage or limit the operation of any computer software, hardware or telecommunications equipment;
- 2.3.9. constitutes the sending of, either directly or indirectly, any unsolicited bulk e-mail or communications or unsolicited commercial e-mail or communications;
- 2.3.10. harvests or otherwise illegally collects personal information about others;
- 2.3.11. encourages behaviour that would constitute a criminal offence, or that gives rise to civil liability;
- 2.3.12. hinders the use of the Services by any other person; or
- 2.3.13. violates these Terms or any other Aladdin policy posted on the Services Webpage.
- 2.4. Aladdin reserves the right, without liability or prejudice to its other rights, to disable the School's access to the Services in the event of misuse of the Services or where the School or End User’s use is otherwise than in accordance with the provisions of these Terms.
- 2.5. The School shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Services and, in the event of any such unauthorised access or use, promptly notify Aladdin and take such additional steps as may be required to mitigate any losses which may arise as a result of such unauthorised access.
- 2.6. The End Users may be provided with different access rights to use the Services, as determined by the School. The School is responsible for allocating the relevant access rights to each End User so that each End Users use of the Services is appropriate to their requirements.
- 3.1. Aladdin shall provide:
- 3.1.1. the Services to the School on and subject to the terms of these Terms during the Term;
- 3.1.2. a Services Webpage from where the End Users may log in and access the Services;
- 3.1.3. Aladdin Support and training on the use of the Services as agreed between the parties from time to time; and
- 3.1.4. an off-site back-up and disaster recovery facility.
- 3.2. Aladdin shall provide additional Services where specifically agreed with
the School including a facility to enable the collection of monies and/or the provision of information to
parents or guardians of children at the School (the “Guardians”). Such communications will be sent via email or
SMS to the Guardians as requested by the School. The School is responsible for:
- 3.2.1. ensuring that it has all required permissions and consents to enable Aladdin to send the relevant communication to the Guardian; and
- 3.2.2. the content of all communications sent, including ensuring that the appropriate opt out language is included to enable Guardian’s to manage their communication preferences; and
- 3.2.3. ensuring the accuracy of all contact details provided for the Guardians.
- 3.3. The School acknowledges that the use of the Services is not suitable for emergency situations and should not be relied upon during such times. Aladdin shall not be liable for any reliance placed by the School on the Services being available for any situation, including in the case of an emergency. Aladdin cannot guarantee that the Guardians will receive, read or respond to any communication sent to them.
- 3.4. The School will appoint one End User to receive training on the Services on behalf of the School on a train-the-trainer basis. Such training will be provided over the phone. Aladdin Support will also include the provision of free webinars, videos and user guides to the School. An Aladdin Support helpline will be provided to the School and this will be available during the working day. Any training required by the School in addition to this, including on-site training, may be chargeable by Aladdin.
- 3.5. In the unlikely event that the Services are suspended for a continuous period exceeding 48 hours, the School’s subscription will be extended by an equivalent period, rounded up to the nearest day. Aladdin will have no liability for any loss, interruption, discontinuance or unavailability of its Services for any reason, or for any loss of, or inability to access any School Data.
- 3.6. Aladdin reserves the right to modify the Services at any time. Aladdin will make available to the School all improvements from time to time made available by it to other customers. In the event that additional Charges are associated with any new Service features the School will be notified by Aladdin in advance and can subscribe to such Services.
4. RESPONSIBILITIES OF THE SCHOOL
- 4.1. The School shall:
- 4.1.1. provide Aladdin with all necessary co-operation in relation to these Terms and access to information as may be required in order to provide the Services, including but not limited to the School Data, security access information and configuration services;
- 4.1.2. comply with all applicable laws and regulations with respect to its activities under these Terms;
- 4.1.3. carry out all other School responsibilities set out in these Terms in a timely and efficient manner. In the event of any delays in the School's provision of such assistance, Aladdin may adjust any agreed timetable or delivery schedule as reasonably necessary;
- 4.1.4. ensure that the End Users use the Services in accordance with the terms and conditions of these Terms and be responsible for any End User's breach of these Terms;
- 4.1.5. obtain and maintain all necessary licences, consents, and permissions required for Aladdin, its contractors and agents to perform their obligations under these Terms, including, without limitation, the Services;
- 4.1.6. ensure that its network and systems comply with the relevant specifications provided by Aladdin from time to time; and
- 4.1.7. be solely responsible for procuring and maintaining its network connections and telecommunications links from its systems to Aladdin's software services. Use of the Services requires a broadband connection and Aladdin shall not be responsible for problems, conditions, delays, delivery failures and any other loss or damage arising from or relating to the School's network connections or telecommunications links, broadband or modem issues or other related faults.
5. SCHOOL DATA
- 5.1. The School shall own all right, title and interest in and to all of the School Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the School Data.
- 5.2. Aladdin uses Google Inc as its Third-Party Sub-Processor, which stores School Data in Google data centres in the EU using the Google hosting service. Under the EU Regulation 679/2016 (the GDPR) and the Data Protection Act 2018, Schools remain the data controllers of the School Data and Aladdin and Google act as data processors and sub-processors respectively, on your behalf. For further information on the Google hosting services please go to https://cloud.google.com/terms/ or such other address notified by Google from time to time.
- 5.3. In the event of any loss or damage to School Data due to Aladdin’s breach of these Terms, the School's sole and exclusive remedy shall be for Aladdin to use reasonable commercial endeavours to restore the lost or damaged School Data from the latest back-up of such School Data. Aladdin shall not be responsible for any loss, destruction, alteration or disclosure of School Data caused by any third party.
- 5.5. Where Aladdin processes any Personal Data on the School's behalf
when performing its obligations under these Terms, the parties record their intention that the School shall
be the data controller and Aladdin shall be a data processor and in any such case:
- 5.5.1. the School shall ensure that the School is entitled to transfer the relevant personal data to Aladdin so that Aladdin may lawfully use, process and transfer the personal data in accordance with these Terms on the School's behalf;
- 5.5.2. the School shall ensure that the relevant data subjects have been informed of, and have given their consent where necessary to, such use, processing and transfer as required by all applicable data protection legislation and that the School has a lawful basis for processing the relevant personal data in all circumstances;
- 5.5.3. Aladdin shall process the personal data only in accordance with the terms of these Terms and in accordance with the terms of the Data Processing Terms attached in the Schedule to these Terms and any lawful instructions reasonably given by the School from time to time; and
- 5.5.4. the School shall inform Aladdin of any additional technical and organisational measures required to be taken by Aladdin, which are not otherwise set out in these Terms, to protect the School Data against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
- 5.5.5. If there should be a conflict between these Terms and the Data Processing Terms/Schedule, then the Data Processing Terms/Schedule shall prevail.. If there is a conflict between the Standard Contractual Clauses and the Terms or the Data Processing Terms/Schedule, then the Standard Contractual Clauses shall prevail.
6. THIRD PARTY PROVIDERS
- 6.2. The School acknowledges that the Services may not be available in certain circumstances where the websites, products or services of third party providers are unavailable.
7. CHARGES AND PRICING
- 7.1. The Charges for the Services will be as set out in the price list(s) provided by Aladdin to the School from time to time or as otherwise notified to the School by Aladdin.
- 7.2. In consideration for receipt of the Services, the School shall pay the Charges to Aladdin. The Charges may be paid by cheque, direct debit or bank transfer or such other payment facility agreed by the parties.
- 7.3. The Charges are payable annually or monthly in advance, or otherwise as agreed between Aladdin and the School, and Aladdin shall send the relevant invoice to the School in advance of the payment date. The School shall, on or prior to the Commencement Date or at least thirty (30) days prior to the relevant Renewal Period, provide to Aladdin valid, up-to-date and complete bank account information acceptable to Aladdin and any other relevant valid, up-to-date and complete contact and billing details.
- 7.4. The School hereby authorises Aladdin to bill such account in accordance with the frequency agreed by the parties or as may be stated in the relevant invoice.
- 7.5. The School agrees to pay each invoice within the period agreed in the invoice.
- 7.6. If Aladdin has not received payment within the period specified in
- 7.6.1. Aladdin may, without liability to the School, disable the School’s, account and access to all or part of the Services. Aladdin shall be under no obligation to provide any or all of the Services while the invoice(s) concerned remain unpaid; and
- 7.6.2. Aladdin may charge interest at a monthly rate of 2% of the invoice amount.
- 7.7. All Charges stated or referred to in these Terms:
- 7.7.1. are non-cancellable and non-refundable; and
- 7.7.2. are exclusive of value added tax or other applicable sales tax, which shall be added to Aladdin's invoice(s) at the appropriate rate.
- 7.8. Aladdin shall be entitled to increase the Charges for the core Services subscribed to by the School including for excess storage fees upon thirty (30) days' prior notice to the School. The School may notify Aladdin of its’ intention not to renew the Services pursuant to clause 13.1 in the event that it does not agree with the increase in Charges for the core Services, provided that the School must pay a minimum of six (6) months Charges to Aladdin at the original Charge agreed by the parties before these Terms may be terminated.
- 7.9. Aladdin shall be entitled to increase the Charges for any part of the Services provided by a third party if that third party increases the fees to Aladdin on ten (10) days written notice. The School shall have the option to withdraw from that element of the Service provided by the third party, in the event that it does not agree to the increase, provided it sends written notice to Aladdin within ten (10) days of the notice of increase from Aladdin. If no response is received from the School within ten (10) days of Aladdin’s notice of the increase then the revised Charges shall be deemed to be accepted by the School.
8. ALADDIN IP
- 8.1. The Aladdin IP and all copies thereof, including translations, compilations, derivative works and partial copies, are and shall at all times remain the property of Aladdin or its licensors. Aladdin acknowledges that it owns or licenses the Aladdin IP and all registrations and applications throughout the world but makes no warranties regarding the validity or enforceability of the Aladdin IP. School will acquire no rights in or to Aladdin IP by virtue of these Terms, School's activities under it, or any relationship School may have with Aladdin.
- 8.2. The School acknowledges and agrees that documents, records or other materials provided or made available to the School by or on behalf of Aladdin and any amendments additions or changes to them including any IP Rights created by School as a result of these Terms and the use of the Services, shall be owned by and remain within the ownership of Aladdin and be considered Aladdin IP and nothing in these Terms or otherwise shall confer on the School any right, title or interest in respect of such Aladdin IP. The School shall do and execute or arrange for the doing or execution of, each necessary act, document and thing that Aladdin may consider necessary or desirable to perfect the right, title and interest of Aladdin in any Aladdin IP.
- 8.3. School warrants and undertakes that it will not itself, or through
any parent, subsidiary, affiliate, vendor, agent, End User or other third party, except as may be allowed by
any applicable law which is incapable of exclusion by agreement between the parties, and except to the
extent expressly permitted under these Terms:
- 8.3.1. attempt to modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit copy or distribute all or any portion of the Aladdin IP in any form or media or by any other means;
- 8.3.2. decompile, disassemble or reverse engineer the Aladdin IP or otherwise reduce it to human-perceivable form in whole or in part;
- 8.3.3. access all or any part of the Aladdin IP in order to build a product or service which competes with the Services;
- 8.3.4. license, sell, assign, transfer, rent, loan, lease, sublicense or otherwise distribute or commercially exploit the Aladdin IP;
- 8.3.5. attempt to obtain, or assist third parties in obtaining, access to the Services;
- 8.3.6. make any use of the Services, the Services Webpage, logos or materials other than for their intended purpose; or
- 8.3.7. write or develop any derivative software or any other software program based upon the Aladdin IP or any confidential information of Aladdin.
- 9.1. Aladdin warrants that the Services will be performed with reasonable skill and care.
- 9.2. If the Services do not conform with the foregoing undertaking,
Aladdin will, at its expense and discretion, use all reasonable commercial endeavours to:
- 9.2.1. correct any such non-conformance promptly;
- 9.2.2. provide the School with an alternative means of accomplishing the desired performance; or
- 9.2.3. refund the Charges paid for the Services from the date when the non-conformity arose.
- Such correction, substitution or refund constitutes the School's sole and exclusive remedy for any breach of the undertaking set out in clause 9.1.
- 9.3. No warranty by Aladdin will extend to situations where the Services have been subjected to misuse, neglect, power failures or surges, lightning, fire, flood or accident.
- 9.4. Aladdin does not warrant that the operation of the Services will be continuous over any specified period of time or error- free.
- 9.5. Notwithstanding the foregoing:
- 9.5.1. Aladdin is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the School acknowledges that the Services may be subject to limitations, delays and other problems inherent in the use of such communications facilities;
- 9.5.2. it is the School’s responsibility to ensure that the facilities and functions of the Services meet the School and End User requirements; and
- 9.5.3. Aladdin makes no warranty that any particular device will be compatible with or function with the Services.
- 9.6. Although the Services are designed to be reasonably secure, Aladdin makes no express or implied warranty that the Services are immune from or can prevent fraudulent intrusion, unauthorised use or disclosure or loss of proprietary information. The School is solely responsible for undertaking or advising the End User to undertake all necessary back-up procedures to ensure that data integrity can be maintained in the event of loss of End User Data and other information for any reason.
- 9.7. The foregoing warranty is in lieu of and excludes all other express and implied warranties, including but not limited to warranties of merchantability, satisfactory quality and fitness for a particular purpose.
10. LIMITATION OF LIABILITY
- 10.1. Nothing in these Terms shall exclude, restrict (or prevent a claim
being brought in respect of) any liability of a party for:
- 10.1.1. death or personal injury caused by the negligence of that party;
- 10.1.2. any fraudulent pre-contractual misrepresentations on which the other party can be shown to have relied; or
- 10.1.3. any other liability which cannot be limited or excluded by law.
- 10.2. Aladdin shall not be liable to the School in contract, tort
(including negligence or breach of statutory duty) or otherwise for any of the following losses or damages,
even if such losses and/or damages were foreseen, foreseeable or known:
- 10.2.1. loss of revenues, profits, contracts, business or anticipated savings;
- 10.2.2. loss of, damage to, or corruption of data;
- 10.2.3 loss of, or damage to, or any other breach of, Personal Data or breach of applicable data protection law which is caused by an act, omission, breach or failure to act by the School;
- 10.2.4. any loss of opportunity, goodwill or reputation; or
- 10.2.5. any special or indirect or consequential loss or damage.
- 10.3. Subject to clause 10.1 and clause 10.2, the liability of each
party, whether arising under contract, tort (including negligence)or otherwise is as follows:
- 10.3.1. in respect of the indemnities given by the School at clause 11 is unlimited; and
- 10.3.2. if liability is in connection with breach of these Terms, the liability of each party shall not exceed, for any and all events, the amount of the Charges under these Terms in the twelve (12) months immediately preceding the claim.
- 10.4. In certain situations, Aladdin may make available certain templates and documents for use by the School as part of the Services for information/reference purposes only. The information included in such documents is provided “as is” and is general in nature and is not intended to constitute a definitive or complete statement of the law on any subject. The receipt or use of the Services and such documents should not be construed or relied on as advertising or soliciting to provide any legal services, creating any solicitor-client relationship or providing any legal representation, advice or opinion. The School should seek legal advice before relying on the documents and templates provided by Aladdin and Aladdin accepts no liability arising from the Schools use of them.
- 11.1. Aladdin shall defend and indemnify School against all costs,
including reasonable legal fees arising from a claim that the software (forming part of the Services) used
pursuant to these Terms infringes the copyright of a third party provided that:
- 11.1.1. the School notifies Aladdin in writing within thirty (30) days of the claim;
- 11.1.2. the School makes no admissions without Aladdin's prior written consent;
- 11.1.3. Aladdin is given immediate and sole control of the defence of such claim and all related settlement negotiations; and
- 11.1.4. the School provides Aladdin with all reasonable assistance, information, and authority necessary to perform the above.
- 11.2. Aladdin shall have no liability for any claim of infringement or otherwise resulting from a Non Software Failure.
- 11.3. In the event that the software, forming part of the Services, is
finally held by a court of competent jurisdiction or is believed by the School to infringe as provided in
clause 11.1, Aladdin shall have the option, at its own expense and in its sole discretion, to:
- 11.3.1. modify or amend the Services or the infringing part of the Services in order to avoid any infringement;
- 11.3.2. procure for the School the right to continue using the Services or infringing part of the Services; or
- 11.3.3. substitute the Services or infringing part of the Services with other software reasonably suitable.
- 11.4. This clause 11 states Aladdin’s entire liability arising from any infringement of copyright of any third party.
- 11.5. The School shall defend, indemnify and hold harmless each of
Aladdin and its affiliates, and the directors, officers, employees, customers, licensors, and contractors of
Aladdin and such affiliates, and the successors and assigns of any of the foregoing (the "Beneficiary"),
from and against any and all liabilities, damages, settlements, claims, actions, suits, proceedings,
penalties, fines, costs and expenses (including, without limitation, reasonable attorneys' fees and other
expenses of litigation) incurred by any Beneficiary based upon:
- 11.5.1. the infringement or misappropriation of any IP Rights including Aladdin IP; or
- 11.5.2. any claim from a third party, including the End User or Guardian resulting from the School’s use of the Services; or
- 11.5.3. any breach of personal data or breach of applicable data protection law resulting from any act, omission, breach or failure to act by the School.
- 12.1. Each of the parties shall keep confidential and shall not disclose
to any person any information, whether in written or any other form, disclosed to it (the "Receiving Party")
by or on behalf of the other party (the "Disclosing Party") in the course of the discussions leading up to
or the entering into or performance of these Terms and which is identified as confidential or is clearly by
its nature confidential including, but not limited to, information relating to the Services and the Charges
relating thereto ("Confidential Information") except insofar as the Confidential Information:
- 12.1.1. is required by a person employed or engaged by the Receiving Party in connection with the proper performance of these Terms; or
- 12.1.2. is required to be disclosed by law or by regulation, provided that the Disclosing Party shall notify the Receiving Party of the information to be disclosed and of the circumstances in which the disclosure is alleged to be required as early as reasonably possible before such disclosure must be made and shall take all reasonable action to avoid and limit such disclosure.
- 12.2. Any disclosure of Confidential Information permitted under clause 12.1 shall be in confidence, shall only be to the extent that any persons to whom the information is disclosed needs to know the same for the performance of their duties and the Receiving Party shall be obliged to procure that all such persons are aware of the obligation of confidentiality in these Terms and undertake to comply with it.
- 12.3. The Receiving Party hereby undertakes to the Disclosing Party to use the Confidential Information disclosed to it by the Receiving Party solely in connection with the performance of these Terms and not otherwise for its own benefit or the benefit of any third party.
- 12.4. Confidential Information does not include information which:
- 12.4.1. is or becomes generally available to the public otherwise than as a direct or indirect result of disclosure by the Receiving Party or a person employed or engaged by the Receiving Party contrary to their respective obligations of confidentiality; or
- 12.4.2. is or was made available or becomes available to the Receiving Party otherwise than pursuant to these Terms and free of any restrictions as to its use or disclosure.
- 12.5. The Disclosing Party warrants that, so far as it is aware, it has the right to disclose the Confidential Information to the Receiving Party and the right to authorise the Receiving Party to use the same in accordance with the terms of these Terms.
13. TERM AND TERMINATION
- 13.1. These Terms shall, subject to early termination in accordance with these Terms, commence on the Commencement Date and shall continue for the Initial Term and, thereafter, these Terms shall be automatically renewed for successive periods of 12 months (each a “Renewal Period”), unless either party notifies the other party of termination, in writing, at least sixty (60) days before the end of the Initial Term or any Renewal Period.
- 13.2. Aladdin may grant access to the Services on a trial basis under these Terms at its discretion. Such access may be terminated by Aladdin at any time.
- 13.3. Without prejudice to any other rights or remedies to which the
parties may be entitled, either party may terminate these Terms without liability to the other if:
- 13.3.1. the other party is in material or persistent breach of any of its obligations under these Terms and either that breach is incapable of remedy, or the other party has failed to remedy that breach within twenty (20) days after receiving written notice requiring it to remedy that breach; or
- 13.3.2. the other party is unable to pay its debts or becomes insolvent or an order is made or a resolution passed for the administration, winding-up or dissolution (otherwise than for the purposes of a solvent amalgamation or reconstruction) or an administrative or other receiver, manager, liquidator, administrator, trustee or similar officer is appointed over all or any substantial part of the assets of the other or the other enters into or proposes any composition or arrangement with its creditors generally or anything analogous to the foregoing occurs in any applicable jurisdiction.
- 13.4. Aladdin reserves the right at any time, in its sole discretion and with thirty (30) days’ notice to the School, to suspend, change, permanently withdraw or cancel any or all of the Services. In the event that such termination is through no fault of the School, Aladdin will provide a refund for any unused full calendar months whether part of the Initial Term or any Renewal Period. This clause 13.4 sets out Aladdin’s sole responsibility and liability in the event of termination for convenience by Aladdin.
- 13.5. On termination of these Terms for any reason:
- 13.5.1. the licenses granted under these Terms shall immediately terminate;
- 13.5.2. each party shall make no further use of any Confidential Information (and all copies of them) belonging to the other party;
- 13.5.3. the School shall have thirty (30) days to export the School Data to a .csv file or equivalent using the export function provided through the Services. Following this period Aladdin may destroy the School Data in its possession; and
- 13.5.4. the accrued rights of the parties as at termination, or the continuation after termination of any provision expressly stated to survive or implicitly surviving termination, shall not be affected or prejudiced.
14. FORCE MAJEURE
- If either party is prevented or delayed in the performance of any of its obligations under these Terms by Force Majeure, that party shall forthwith and in any event within one (1) business day serve notice in writing on the other party specifying the nature and extent of the circumstances giving rise to Force Majeure, and shall, subject to service of such notice, have no liability in respect of any delay in performance or any non-performance of any obligation under these Terms (and the time for performance shall be extended accordingly) if and to the extent that the delay or non-performance is due to Force Majeure.
- 15.1. The School shall not, without the prior written consent of the School, assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under these Terms.
- 15.2. Aladdin may at any time assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under these Terms.
- 16.1. If any provision of these Terms shall be found by any court or administrative body of competent jurisdiction to be invalid or unenforceable, such invalidity or unenforceability shall not affect the other provisions of these Terms which shall remain in full force and effect.
- 16.2. If any provision of these Terms is so found to be invalid or unenforceable but would be valid or enforceable if some part of the provision were deleted, the provision in question shall apply with such modification(s) as may be necessary to make it valid.
- 17.1. Except insofar as these Terms expressly provides that a third party may in his own right enforce a term of these Terms, a person who is not a party to these Terms has no right to rely upon or enforce any term of these Terms.
- 17.2. These Terms may be executed in any number of counterparts and by the parties to it on separate counterparts, each of which shall be an original, but all of which together shall constitute one and the same instrument. These Terms is not effective until each party has executed at least one counterpart.
- 17.3. In no event will any delay, failure or omission (in whole or in part) in enforcing, exercising or pursuing any right, power, privilege, claim or remedy conferred by or arising under these Terms or by law, be deemed to be or construed as a waiver of that or any other right, power, privilege, claim or remedy in respect of the circumstances in question, or operate so as to bar the enforcement of that, or any other right, power, privilege, claim or remedy, in any other instance at any time or times subsequently.
- 17.4. Any notice or other document to be served under these Terms shall be in writing and may be delivered or sent by post or facsimile process to the party to be served at the address set out in the introductory paragraphs of these Terms, provided that copies of such notice may also be sent by email.
- 17.5. No modification or variation of these Terms shall be valid unless it is in writing and signed by or on behalf of each of the parties to these Terms.
- 17.6. The School agrees that Aladdin may publicise the existence of this working relationship as a statement of fact. The extent of such publicity can include the development and distribution of a press release, a posting on the Aladdin website and social media and inclusion in Aladdin collateral materials. Aladdin agrees to apply industry standard practices to all publicity to ensure the highest levels of accuracy and editorial quality.
- 17.7. These Terms and the documents referred to in it, constitute the entire agreement and understanding of the parties and supersede any previous agreement between the parties relating to the subject matter of these Terms.
- 17.8. Each of the parties acknowledges and agrees that in entering into these Terms, and the documents referred to in it, it does not rely on, and shall have no remedy in respect of, any statement, representation, warranty, understanding, promise or assurance (whether negligently or innocently made) of any person (whether party to these Terms or not) other than as expressly set out in these Terms. Nothing in this clause shall operate to limit or exclude any liability for fraud.
- 17.9. The validity, construction and performance of these Terms shall be governed by and construed in accordance with the laws of the Republic of Ireland.
- 17.10. Each party irrevocably agrees to submit to the exclusive jurisdiction of courts in the Republic of Ireland over any claim, dispute or matter arising under or in connection with these Terms or the legal relationships established by these Terms.
Aladdin Data Processing Terms
- 1. These Data Processing Terms govern the relationship between CLOUDWARE LIMITED T/A Aladdin Schools, the Data Processor and the School, for the purposes of the Data Processor providing You with the Services, in compliance with Data Protection Law.
- 2. All defined terms used in this Schedule are as set out in the Terms, unless otherwise specified.
- 3. The terms of this Schedule are to apply to all data processing carried out for the Data Controller by the Data Processor and to all Personal Data processed by the Data Processor in relation to all such processing.
- 4. This Schedule sets out various obligations in relation to the processing of Personal Data under the Terms.
- 5. The Data Processor is to process Personal Data received from the Data Controller only on the written instructions of designated contacts at the Data Controller (which may be specific instructions or instructions of a general nature as set out in the Terms or as otherwise notified by the Data Controller to the Data Processor during the term of the Terms).
- 6. The Data Processor accepts the obligations in this Schedule in consideration of the Data Controller continuing to use its Services.
- 7. The Data Controller warrants that at all times it shall comply with Data Protection Law and shall not perform its obligations under this Schedule (or the Terms) in such way as to cause the Data Processor to breach any of its applicable obligations under Data Protection Law. The Data Controller warrants that it has a valid lawful basis to transfer the relevant Personal Data to the Data Processor in accordance with the terms of this Schedule. The Data Controller shall indemnify the Data Processor against all costs, claims, damages, expenses, losses and liabilities incurred by the Data Processor arising out of or in connection with any breach of the foregoing warranties.
- 8. The Data Processor warrants that at all times it shall comply with Data Protection Law and shall not perform its obligations under this Schedule (or the Terms) in such way as to cause the Data Controller to breach any of its applicable obligations under Data Protection Law.
- 9. All Personal Data provided to the Data Processor by the Data Controller or obtained by the Data Processor in the course of its work with the Data Controller is strictly confidential and may not be copied, disclosed or processed in any way without the express authority of the Data Controller. The Data Processor shall ensure that all of its employees, agents, contractors and/or affiliates that have access to the Personal Data (i) are informed of the confidential nature of the Personal Data and are subject to an appropriate statutory obligation of confidentiality or have committed themselves to a binding duty of confidentiality in respect of such Personal Data; (ii) have undertaken training in the laws relating to handling Personal Data; and (iii) are aware both of the Processor’s duties and their personal duties and obligations under Data Protection Law and this Schedule.
- 10. All copyright, database right and other IP Rights in any Personal Data processed under this Schedule (including but not limited to any updates, amendments or adaptations to the Personal Data by either the Data Controller or the Data Processor) shall belong to the Data Controller. The Data Processor is licensed to use such data only for the term of and in accordance with this Schedule.
- 11. The Data Processor agrees to comply with any reasonable measures required by the Data Controller to ensure that its obligations under this Schedule are satisfactorily performed in accordance with all applicable legislation from time to time in force and any best practice guidance issued by the DPC.
- 12. Where the Data Processor processes Personal Data on behalf of the Data Controller it
shall in accordance with its obligations under Data Protection Law:
- 12.1 process the Personal Data only to the extent, and in such manner, as is necessary in order to comply with its obligations under the Terms, or as is required by law or any regulatory body including but not limited to the DPC;
- 12.2 implement appropriate technical and organisational measures necessary to protect the Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure, and that, having regard to the state of technological development and the cost of implementing any measures (and the nature, scope, context and purposes of processing, as well as the risk to Data Subjects), such measures shall ensure a level of security appropriate to the harm that might result from unauthorised or unlawful processing or accidental loss, alteration, disclosure, destruction or damage and to the nature of the Personal Data to be protected.
- 12.3 if so requested by the Data Controller (and within the timescales required by the Data Controller) supply details of the technical and organisational systems in place to safeguard the security of the Personal Data held and to prevent unauthorised access;
- 12.4 at the request and cost, of the Data Controller taking into account the nature of the processing of the Personal Data and the information available, provide the Data Controller with such information and such assistance as it may reasonably require, and within the timescales reasonably specified by the Data Controller, to allow the Data Controller to comply with its obligations under Data Protection Law, including but not limited to assisting the Data Controller to (i) comply with its own security obligations with respect to the Personal Data; (ii) discharge its obligations to respond to requests for exercising Data Subjects’ rights with respect to the Personal Data; (iii) comply with its obligations to inform Data Subjects about serious Personal Data Breaches; (iv) carry out data protection impact assessments and audit data protection impact assessment compliance with respect to the Personal Data; and (v) consult with the DPC following a data protection impact assessment, where a data protection impact assessment indicates that the processing of the Personal Data would result in a high risk to Data Subjects.
- 12.5 not process Personal Data outside the European Economic Area without ensuring there is an adequate level of protection to any Personal Data that is transferred and in particular, complying with the guidance of any relevant Supervisory Authority on such transfers with regard to the use of Standard Contractual Clauses and any additional or supplementary measures required to be taken in the context of any such transfers, including but not limited to the requirement to carry out risk assessments and to adopt mitigating measures to ensure essentially equivalent protection for Data Subjects in the jurisdiction of the data importer.
- 12.6 not transfer any Personal Data provided to it by the Data Controller to any third party without the prior approval of the Data Controller, such prior approval having been provided for through the Data Controller’s acceptance of the Terms.
- 12.7 ensure that any third party to which it sub-contracts any processing has entered into a written contract with the Data Processor which contains all the obligations that are contained in this Schedule and which permits both the Data Processor and the Data Controller to enforce those obligations.
- 13. The Data Processor shall, at the Data Controller’s cost, notify the Data Controller as
soon as reasonably practicable if the Data Processor receives:
- (i) a request from a Data Subject for access to that person’s Personal Data;
- (ii) any communication from a Data Subject seeking to exercise rights conferred on the Data Subject by Data Protection Law in respect of Personal Data; or
- (iii) any complaint or any claim for compensation arising from or relating to the processing of such Personal Data. The Data Processor shall not disclose the Personal Data to any Data Subject or to a third party other than at the request of the Data Controller, as provided for in this Schedule, or as required by law in which case. The Data Processor shall to the extent permitted by law inform the Data Controller of that legal requirement before the Data Processor discloses the Personal Data to any Data Subject or third party and shall not respond to any request from a Data Subject, except on the documented instructions of the Data Controller or as required by law, in which case the Data Processor shall to the extent permitted by law inform the Data Controller of that legal requirement before it responds to the request.
- 14. The Data Processor shall promptly inform the Data Controller if any of the Personal Data is lost or destroyed or becomes damaged, corrupted, or unusable, or if there is any accidental, unauthorised or unlawful disclosure of or access to any of the Personal Data. In such case, the Data Processor will use its reasonable endeavours to restore the Personal Data at the expense of the Data Controller (save where the incident was caused by the Data Processor’s negligent act or omission, in which case it will be at the Data Processor’s expense), and the Data Processor will comply with all of its obligations under Data Protection Law in this regard.
- 15. The Data Processor must inform the Data Controller of any Personal Data Breaches, or any complaint, notice or communication in relation to a Personal Data Breach, without undue delay. Taking into account the nature of the Data Controller’s processing of the Personal Data and the information available to the Data Processor and at the Data Controller’s cost, the Data Processor will provide sufficient information and assist the Data Controller in ensuring compliance with its obligations in relation to notification of Personal Data Breaches (including the obligation to notify Personal Data Breaches to the DPC within seventy two (72) hours), and communication of Personal Data Breaches to Data Subjects where the breach is likely to result in a high risk to the rights of such Data Subjects. Taking into account the nature of the Data Processor’s processing of the Personal Data and the information available to the Data Processor and at the Data Controller’s cost, the Data Processor shall co-operate with the Data Controller and take such reasonable commercial steps as are directed by the Data Controller to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
- 16. The Data Processor shall transfer all Personal Data to the Data Controller in compliance with the requirements notified in writing by the Data Controller to the Data Processor from time to time subject to any overriding legal/regulatory obligations to retain copies of such Personal Data.
- 17. The Data Controller acknowledges and agrees that the Data Processor may use sub-processors in the course of its business and to fulfil the services provided for under this Schedule. The Data Processor may continue to use such sub-processors already engaged by the Data Controller and a list of its current sub-processors is available on request. The Data Processor will continue to update this list when required to do so. The Data Controller hereby provides a general authorisation to the Data Processor to appoint future sub-processors for the processing of Personal Data by the Data Processor, so long as the Data Processor carries out due diligence on all potential sub-processors and complies with the requirements under the Data Protection Law and Clause 14.
- 18. Where the Data Processor appoints a sub-processor, it shall ensure that the arrangement between it and the sub-processor is governed by a written contract including terms which offer at least the same level of protection for the Personal Data as those set out in this Schedule, and which meets the requirements of Data Protection Law, specifically Article 28 (4) of the GDPR. The Data Processor will remain fully liable to the Data Controller in respect of any failure by the sub-processor to fulfil its data protection obligations in this regard.
- 19. The Data Processor agrees that in the event that it is notified by the Data Controller that it is not required to provide any further services to the Data Controller under this Schedule, the Data Processor shall transfer all requested information (including Personal Data) held by it in relation to this Schedule to the Data Controller, and/or, at the Data Controller’s request, destroy (except to the extent that any such information or a copy thereof is required to be retained subject to any legal/regulatory obligations), all such information using a secure method which ensures that it cannot be accessed by any third party and shall issue the Data Controller with a written confirmation of secure disposal.
- 20. The Data Controller shall have the right to examine and review the use by the Data Processor of the relevant Personal Data processed under this Schedule only for the purpose of ascertaining that such Personal Data has been used and processed in accordance with the terms of this Schedule. An audit under this Clause 20 shall be carried out on the following basis: (i) the Data Controller must first contact the Data Processor by email asking for evidence of compliance with the Data Processor’s obligations under this Schedule, and the Data Processor shall respond to such email within thirty (30) Business Days; (ii) if the Data Processor has not responded to the Data Controller’s email with a response which is reasonably satisfactory to the Data Controller within such thirty (30) Business Day period then, no more than once in any twelve (12) month period and during Normal Business Hours during the course of one Business Day, the Data Controller may audit the Data Processer’s processing of the relevant Personal Data at a location agreed by the Data Processor. The Data Controller shall bear the reasonable expenses incurred by the Data Processor in respect of any such audit and any such audit shall not interfere with the normal and efficient operation of the Data Processor’s business. The Data Processor may require, as a condition of granting such access, that the Data Controller (and representatives of the Data Controller) enter into reasonable confidentiality undertakings with the Data Processor.
- 21. The Data Processor shall keep at its normal place of business records (including in electronic form) relating to all categories of processing activities carried out on behalf of the Data Controller, containing: (i) the general description of the security measures taken in respect of the Personal Data, including details of any appropriate technical and organisational measures; (ii) the name and contact details of the Data Processor; any sub-supplier; and where applicable the Data Processor’s representatives; and where applicable any Data Protection Officer appointed by the Data Processor; (iii) the categories of Processing by the Data Processor on behalf of the Data Controller; and (iv) details of any non-EEA Personal Data transfers, and the safeguards in place in respect of such transfers.
- 22. The scope of any examination and review by the Data Controller of the use by the Data Processor of the relevant Personal Data shall be agreed in writing prior to the commencement of any such examination and review. In the event that the audit process determines that the Data Processor is materially non-compliant with its obligations under this Schedule, the Data Controller may, by notice in writing, deny further access to the relevant Personal Data.
- 23. To the extent permitted under Data Protection Law, the Data Processor may demonstrate its and, if applicable, its sub-processors’, compliance with their obligations under this Schedule through compliance with a certification scheme or code of conduct approved under Data Protection Law.
Details of Data Processing
- School Staff
PURPOSES OF THE TRANSFER(S)
- To perform the Services in accordance with the Terms
CATEGORIES OF PERSONAL DATA
- Personal Data and Sensitive Personal Data, including without limitation:
- Students: Names, addresses, dates of birth, PPS numbers, health information, information relating to family
- Parents: Names, contact details
- School Staff: Names, work email addresses.:
The Personal Data transferred may be disclosed only to the following recipients or categories of recipients in all cases, subject to the necessary data processing and/or data sharing agreements being in place:
- Those Aladdin staff who require access to the Personal Data to fulfil the terms of the Terms.
- Third party service providers engaged by Aladdin in the provision of the Services generally.
- Third party service providers such as Wonde engaged by the Schools as sub-processors.
ADDITIONAL USEFUL INFORMATION:
Data will only be retained by Aladdin for as long as is required by law, or as long as is necessary to fulfil the terms of the Terms, whichever is longer.
CONTACT POINTS FOR DATA PROTECTION ENQUIRIES:
Data Protection Manager