Subscription Agreement & Data Processing Agreement

1. Interpretation

1.1 Definitions

In this Agreement the following terms have the meanings set out below:

1.2 Interpretation

References to clauses and Schedules are to clauses and Schedules of this Agreement. Headings are for convenience only and shall not affect interpretation. The singular includes the plural and vice versa.

2. Licence Grant

2.1 Subject to payment of the Fees and compliance with this Agreement, the Provider grants the Tenant a non-exclusive, non-transferable, revocable licence to access and use the Platform during the Subscription Term solely for the Tenant’s internal business operations.

2.2 The licence is limited to the features and user limits of the Tenant’s chosen subscription tier. Use beyond those limits may incur additional charges.

2.3 The Tenant shall not:

• sub-license, resell, or make the Platform available to any third party except Tenant Users;
• copy, modify, adapt, translate, or create derivative works of the Platform;
• reverse-engineer, decompile, or disassemble the Platform or attempt to derive its source code;
• use the Platform for any unlawful purpose or in breach of applicable law or regulation;
• use the Platform to store or transmit content that infringes the intellectual property or privacy rights of any third party;
• attempt to gain unauthorised access to any part of the Platform or related systems;
• use the Platform in a manner that could damage, disable, or impair its operation.

3. Fees and Payment

3.1 The Tenant shall pay the Fees in accordance with the payment schedule set out in the Order Form or as otherwise agreed in writing.

3.2 All Fees are stated exclusive of VAT. Where VAT applies, the Tenant shall pay the applicable VAT in addition to the Fees.

3.3 Fees are non-refundable except as expressly set out in this Agreement or as required by applicable law.

3.4 The Provider may increase Fees at any time on giving not less than 30 days’ written notice to the Tenant. If the Tenant does not wish to accept the increase, it may terminate this Agreement in accordance with clause 9 without penalty, provided notice is given before the new pricing takes effect.

3.5 If the Tenant fails to pay any sum due under this Agreement by the due date, the Provider reserves the right to:

• suspend access to the Platform with 7 days’ written notice until outstanding amounts are paid;
• charge interest on overdue amounts at 8% per annum above the Bank of England base rate pursuant to the Late Payment of Commercial Debts (Interest) Act 1998;
• terminate this Agreement in accordance with clause 9.3.

3.6 No Fees shall be waived or reduced during any period of suspension for non-payment.

Chargebacks and Payment Disputes

3.7 If a payment is reversed through chargeback or bank dispute the Provider may suspend Platform access. The Tenant remains responsible for any bank charges or administrative costs arising from such a reversal.

4. Availability and Support

4.1 The Provider will use reasonable commercial endeavours to make the Platform available 24 hours a day, 7 days a week, except for:

• planned maintenance, of which the Provider will give reasonable advance notice where practicable;
• unplanned downtime caused by circumstances outside the Provider’s reasonable control.

4.2 The Provider does not guarantee any specific level of uptime.

4.3 The Provider will use reasonable endeavours to respond to support requests submitted to the designated support address within 2 business days. Support is provided during UK business hours (Monday to Friday, 9am to 5pm, excluding UK public holidays).

Platform Development

4.4 The Tenant acknowledges that ClassBase is an evolving software platform. The Provider may, as part of normal development, introduce new features, modify or remove existing features, or change user interfaces. The Provider will give reasonable notice of material changes where practicable.

Backup Responsibility

4.5 The Provider maintains system backups as part of its infrastructure. However, the Tenant remains responsible for maintaining its own copies of critical business data where appropriate. The Provider shall not be liable for loss of Customer Data arising from the Tenant’s failure to maintain adequate backups.

5. Intellectual Property

5.1 All intellectual property rights in and to the Platform remain the property of Azure Premium Ltd. Nothing in this Agreement transfers any ownership of the Platform or its underlying technology to the Tenant.

5.2 The Tenant retains all right, title, and interest in and to Customer Data. The Tenant grants the Provider a limited, non-exclusive licence to process Customer Data solely to the extent necessary to provide the Platform and fulfil obligations under this Agreement.

5.3 The Provider may use anonymised, aggregated, non-personally-identifiable data derived from Platform usage for the purpose of improving the Platform, provided that no such data identifies the Tenant or any individual.

5.4 The Tenant warrants that it has all necessary rights and consents to submit Customer Data to the Platform and that doing so will not infringe the rights of any third party.

6. Confidentiality

6.1 Each party (“receiving party”) shall keep confidential all information disclosed to it by the other party (“disclosing party”) that is designated as confidential or that ought reasonably to be regarded as confidential given its nature and the circumstances of disclosure. Customer Data constitutes Confidential Information of the Tenant.

6.2 The receiving party shall not disclose Confidential Information to any third party without the prior written consent of the disclosing party, except to its employees, contractors, or professional advisers who need to know it for the purposes of this Agreement and who are subject to equivalent confidentiality obligations.

6.3 The obligations in this clause 6 shall not apply to information that:

• is or becomes publicly known other than through breach of this Agreement;
• was in the receiving party’s lawful possession before the date of disclosure;
• is independently developed by the receiving party without use of the Confidential Information;
• is required to be disclosed by applicable law, regulation, or court order, provided the receiving party gives the disclosing party advance written notice where legally permissible.

6.4 Confidentiality obligations shall survive termination of this Agreement for a period of 5 years.

7. Limitation of Liability

7.1 Nothing in this Agreement limits or excludes either party’s liability for:

• death or personal injury caused by negligence;
• fraud or fraudulent misrepresentation;
• any liability that cannot be excluded or limited by applicable law.

7.2 Subject to clause 7.1, the Provider’s total aggregate liability to the Tenant under or in connection with this Agreement, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall not exceed the total Fees paid by the Tenant in the 12 months immediately preceding the event giving rise to the claim.

7.3 Subject to clause 7.1, neither party shall be liable to the other for:

• loss of profits, revenue, or business;
• loss of anticipated savings;
• loss of or corruption of data (except to the extent caused by the Provider’s wilful misconduct);
• loss of goodwill or damage to reputation;
• any indirect or consequential loss.

7.4 The Tenant acknowledges that the Platform is an administrative software tool and accepts that temporary unavailability or errors may occur. The Provider does not warrant that the Platform will be error-free or uninterrupted.

No Reliance

7.5 The Tenant remains responsible for verifying the accuracy of information processed through the Platform. The Provider does not guarantee the accuracy of information entered into the Platform by the Tenant or its users. The Platform is not a substitute for the Tenant’s own professional judgement.

8. Indemnity

8.1 The Tenant shall indemnify, defend, and hold harmless the Provider and its officers, employees, and contractors against any claims, losses, damages, costs (including reasonable legal costs), and liabilities arising from or in connection with:

• the Tenant’s use of the Platform in breach of this Agreement;
• any Customer Data that infringes the intellectual property rights or privacy rights of any third party;
• the Tenant’s failure to comply with applicable data protection law in respect of data for which the Tenant is the data controller;
• any claim by a Tenant User or the Tenant’s end customers arising from the Tenant’s own acts or omissions.

8.2 The Provider shall indemnify the Tenant against any third-party claim that the Platform itself infringes the intellectual property rights of that third party, subject to the Tenant: (a) promptly notifying the Provider of the claim; (b) giving the Provider sole conduct of the defence; and (c) not making any admission or settlement without the Provider’s prior written consent.

9. Term and Termination

9.1 This Agreement shall commence on the date the Tenant’s account is activated and shall continue for the Subscription Term set out in the Order Form, unless terminated earlier in accordance with this clause.

9.2 Either party may terminate this Agreement on not less than 30 days’ written notice to the other party, to take effect at the end of the then-current billing period.

9.3 The Provider may suspend or terminate this Agreement immediately on written notice if:

• the Tenant fails to pay any Fees due and such failure continues for 14 days after written notice of non-payment;
• the Tenant is in material breach of any provision of this Agreement and, where the breach is capable of remedy, fails to remedy it within 14 days of written notice specifying the breach;
• the Tenant becomes insolvent, enters administration, receivership, or liquidation, or makes any arrangement with its creditors;
• the Tenant is wound up or a petition is presented for its winding up;
• the Tenant uses the Platform for any unlawful or harmful purpose.

9.4 On termination or expiry of this Agreement:

• all licences granted under this Agreement shall immediately cease;
• the Provider will make Customer Data available for export by the Tenant for a period of 30 days, after which the Provider may permanently delete Customer Data in accordance with clause 18;
• accrued rights and liabilities of either party shall not be affected.

9.5 The Tenant is responsible for exporting Customer Data before the 30-day export window expires. The Provider shall not be liable for loss of data following that period.

Data Export

9.6 The Provider shall make Customer Data available in a standard exportable format on request during the export window.

10. Acceptable Use

10.1 The Tenant shall ensure that Tenant Users comply with this Agreement and shall be responsible for all acts and omissions of Tenant Users.

10.2 The Platform must not be used to:

• distribute malware, viruses, or other malicious code;
• send unsolicited bulk communications or spam;
• store or transmit unlawful content, including defamatory, obscene, or discriminatory material;
• conduct any activity that could damage the reputation of the Provider or the Platform;
• violate any applicable law or regulation including data protection and consumer protection legislation.

Fair Use

10.3 The Tenant shall not use the Platform in a manner that places unreasonable or disproportionate load on the Provider’s infrastructure. The Provider may temporarily restrict activity to protect platform stability, providing reasonable notice where practicable.

Communications

10.4 The Tenant is responsible for all communications sent using the Platform, including emails, SMS messages, and notifications. The Tenant shall ensure that all such communications comply with applicable law, including rules on marketing and direct communications under the Privacy and Electronic Communications Regulations 2003.

Operational Responsibility

10.5 The Provider supplies administrative software tools only. The Tenant remains solely responsible for:

• safeguarding compliance and child protection policies;
• instructor supervision, qualifications, and certification;
• health and safety procedures;
• the safe operation of classes, activities, or pool facilities.

10.6 The Provider does not verify instructor qualifications, safeguarding policies, or the Tenant’s compliance with sector-specific regulatory requirements.

Customer Relationship

10.7 The contractual relationship for services provided to end customers, including students, swimmers, or participants, exists solely between the Tenant and those customers. The Provider is not a party to those arrangements and accepts no liability in relation to them.

11. General

11.1 Variation

The Provider may update this Agreement from time to time. The Tenant will be given not less than 30 days’ written notice of any material changes. Continued use of the Platform after that notice period constitutes acceptance of the revised Agreement. If the Tenant does not accept the revised Agreement, it may terminate in accordance with clause 9.2 during the notice period without penalty.

11.2 Notices

All notices under this Agreement shall be in writing and sent by email (with delivery confirmation or acknowledgement) or by recorded delivery post to the addresses set out in the Order Form or as otherwise notified. Notices are deemed received: (a) by email, on the next business day after sending; (b) by post, two business days after the date of posting.

11.3 Assignment

The Tenant may not assign or transfer this Agreement or any of its rights or obligations without the prior written consent of the Provider. The Provider may assign this Agreement to any successor entity in connection with the sale, transfer, or restructuring of the ClassBase platform without the Tenant’s consent, provided it gives the Tenant reasonable written notice.

11.4 Waiver

A failure or delay by either party to exercise any right or remedy under this Agreement shall not constitute a waiver of that right or remedy. A waiver of any breach shall not be construed as a waiver of any subsequent breach.

11.5 Severability

If any provision of this Agreement is found to be unlawful, void, or unenforceable, that provision shall be deemed severable and shall not affect the validity and enforceability of the remaining provisions.

11.6 Entire Agreement

This Agreement, together with the Order Form, the DPA, and any Schedules, constitutes the entire agreement between the parties relating to its subject matter and supersedes all prior agreements, representations, and understandings. Each party confirms it has not relied on any representation not set out in this Agreement.

11.7 Third-Party Rights

Nothing in this Agreement confers any right on any third party to enforce any of its terms pursuant to the Contracts (Rights of Third Parties) Act 1999. This clause does not affect any right or remedy that a third party may have other than under that Act.

11.8 Force Majeure

Neither party shall be in breach of this Agreement or liable for any delay or failure to perform any of its obligations if such delay or failure results from events, circumstances, or causes beyond its reasonable control, including acts of God, pandemic, strikes, or failure of third-party infrastructure providers. The affected party shall give prompt written notice to the other and use reasonable endeavours to mitigate the effect.

11.9 Third-Party Infrastructure

The Platform is hosted using third-party infrastructure providers, principally Microsoft Azure. The Provider shall not be liable for failures caused directly by those third-party providers, provided the Provider has used reasonable endeavours to select and monitor reputable providers and to maintain appropriate contingency arrangements.

11.10 Governing Law and Jurisdiction

This Agreement is governed by and construed in accordance with the laws of England and Wales. Each party irrevocably submits to the exclusive jurisdiction of the courts of England and Wales to settle any dispute or claim arising out of or in connection with this Agreement.

This Data Processing Agreement forms part of the Agreement and sets out the terms on which the Provider processes Personal Data on behalf of the Tenant in connection with the Platform. This DPA is intended to comply with the requirements of Article 28 of the UK GDPR.

12. Roles and Responsibilities

12.1 The parties agree that in respect of Personal Data relating to the Tenant’s end customers (including parents, guardians, and participants) submitted to the Platform:

• the Tenant is the Data Controller, responsible for determining the purposes and means of processing; and
• the Provider is the Data Processor, processing Personal Data only on the documented instructions of the Tenant.

12.2 The Tenant warrants that it has a lawful basis for processing Personal Data and that its instructions to the Provider comply with all applicable data protection law, including the UK GDPR and the Data Protection Act 2018.

12.3 Where the Provider processes Personal Data for its own purposes (for example, in relation to Tenant billing or account management), it does so as a Data Controller in its own right.

13. Provider Obligations

The Provider shall, in relation to any Personal Data processed on behalf of the Tenant in connection with the Platform:

• process Personal Data only on the documented instructions of the Tenant, unless otherwise required by applicable law, in which case the Provider will notify the Tenant before processing where legally permissible;
• ensure that all persons authorised to process Personal Data are subject to appropriate confidentiality obligations;
• implement and maintain appropriate technical and organisational security measures in accordance with clause 15;
• notify the Tenant without undue delay on becoming aware of a Personal Data breach affecting Customer Data, in accordance with clause 17;
• assist the Tenant in fulfilling its obligations under applicable data protection law, including in relation to data subject rights (clause 16), security, breach notification, data protection impact assessments, and prior consultation;
• not transfer Personal Data outside the United Kingdom without the prior written consent of the Tenant, except where permitted by applicable adequacy decisions or appropriate safeguards under the UK GDPR;
• at the choice of the Tenant, delete or return all Personal Data on termination of the Agreement in accordance with clause 18, and delete existing copies unless retention is required by applicable law;
• make available to the Tenant on reasonable written request all information necessary to demonstrate compliance with this DPA, and allow for and contribute to audits or inspections by the Tenant or a mandated auditor, subject to reasonable advance notice and confidentiality obligations.

14. Sub-Processors

14.1 The Tenant provides general written authorisation for the Provider to engage only those sub-processors listed in Schedule 1 to this DPA. The Provider shall not engage any sub-processor not listed in Schedule 1 without the prior written consent of the Tenant or without following the process in clause 14.2.

14.2 The Provider shall notify the Tenant in writing of any intended addition to or replacement of sub-processors at least 14 days before the change takes effect. The Tenant may object to such a change within 14 days of receiving notice on reasonable grounds relating to data protection. If the Tenant objects and the parties cannot resolve the issue, the Tenant may terminate the Agreement without penalty on 30 days’ written notice.

14.3 Where the Provider engages sub-processors, it shall impose data protection obligations on those sub-processors by way of a written contract that is equivalent in substance to those set out in this DPA, in particular providing sufficient guarantees to implement appropriate technical and organisational measures.

14.4 The Provider shall remain fully liable to the Tenant for the performance of any sub-processor’s obligations under this DPA.

15. Security

15.1 Taking into account the state of the art, costs of implementation, and the nature, scope, context, and purposes of processing, together with the risks to the rights and freedoms of individuals, the Provider shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including as appropriate:

• encryption of Personal Data in transit and at rest;
• access controls, authentication mechanisms, and role-based permissions to restrict access to Personal Data;
• regular testing, assessment, and evaluation of the effectiveness of security measures;
• monitoring and incident response procedures;
• procedures for restoring access to Personal Data in a timely manner following a physical or technical incident (disaster recovery).

15.2 ClassBase is hosted on Microsoft Azure infrastructure within the United Kingdom.

15.3 The Provider shall ensure that access to Personal Data is limited to those employees, contractors, and sub-processors who require access for the purposes of this Agreement.

16. Data Subject Rights

16.1 The Provider shall, using appropriate technical and organisational measures, assist the Tenant to respond to requests from data subjects exercising their rights under the UK GDPR, including rights of: access; rectification; erasure; restriction of processing; data portability; and objection.

16.2 If the Provider receives any request, complaint, or correspondence from a data subject in relation to Customer Data, the Provider shall:

• notify the Tenant without undue delay;
• not respond to the data subject directly, except to acknowledge receipt and confirm that the request has been forwarded to the Tenant; and
• not respond substantively to any data subject request without the Tenant’s prior written authorisation.

16.3 The Tenant is solely responsible for determining whether and how to respond to data subject requests in accordance with applicable data protection law.

17. Data Breach Notification

17.1 The Provider shall notify the Tenant without undue delay and, where feasible, within 72 hours of becoming aware of a Personal Data breach affecting Customer Data.

17.2 The notification shall include, to the extent then known, and shall be supplemented as further information becomes available:

• a description of the nature of the breach, including where possible the categories and approximate number of data subjects and records affected;
• the name and contact details of the Provider’s data protection contact;
• a description of the likely consequences of the breach;
• a description of the measures taken or proposed to address the breach and, where applicable, to mitigate its possible adverse effects.

17.3 The Tenant is solely responsible for determining whether notification to the Information Commissioner’s Office (ICO) or to affected data subjects is required under applicable law, and for making such notifications.

17.4 The Provider shall cooperate with the Tenant and take such reasonable steps as the Tenant may direct to assist in the investigation, mitigation, and remediation of any Personal Data breach.

18. Data Retention and Deletion

18.1 The Provider shall retain Customer Data only for as long as necessary to provide the Platform and fulfil obligations under this Agreement.

18.2 On termination of the Agreement, the Provider shall, at the Tenant’s election:

• provide the Tenant with an export of all Customer Data in a standard machine-readable format within 30 days of termination; and/or
• securely delete or destroy Customer Data within 60 days of the end of the 30-day export window, subject to any legal obligation to retain data for a longer period.

18.3 The Provider shall provide written confirmation of deletion of the Tenant on request.

18.4 The Provider may retain anonymised, aggregated data that does not identify the Tenant or any individual after termination, solely for Platform improvement and analytics.

19. International Transfers

19.1 The Provider shall not transfer Personal Data outside the United Kingdom without the Tenant’s prior written consent, except where such transfer is to a country that has been granted adequacy status by the UK Secretary of State, or is subject to appropriate safeguards pursuant to Article 46 UK GDPR.

19.2 Where sub-processors are located outside the United Kingdom, the Provider shall ensure that appropriate transfer mechanisms are in place and shall document these in Schedule 1.

20. Data Processing Details (Article 28(3) UK GDPR)

In accordance with Article 28(3) of the UK GDPR the following particulars apply to this DPA:

Subject matter of processing: Provision of the ClassBase class management software platform, enabling the Tenant to manage class schedules, customer records, enrolments, invoicing, staff, and related communications.

Duration of processing: The Subscription Term and, following termination, the data export and deletion period set out in clause 18.

Nature and purpose of processing: Storage, retrieval, display, organisation, and transmission of data entered by the Tenant for the purposes of administering sports classes, managing customer and participant relationships, processing payments, and sending communications.

Types of Personal Data processed:

• Names of parents, guardians, and participants;
• Contact details (email address, telephone number, postal address);
• Date of birth;
• Payment and billing information (processed via third-party payment providers; the Provider does not store full payment card data);
• Health and medical information submitted voluntarily by the Tenant (for example, medical conditions relevant to swimming);
• Skill level and class progression data;
• Emergency contact details;
• Correspondence and communications history.

Categories of data subjects: The Tenant’s customers (including parents and guardians of minor participants), minor participants (swimmers and class attendees), adult participants, and employees or staff of the Tenant.

Note: Where Personal Data relates to children (persons under 18), the Tenant is responsible for ensuring it has appropriate lawful bases and that its privacy notices address child data in accordance with UK GDPR and ICO guidance.

21. Liability under the DPA

21.1 Where either party is responsible for a breach of data protection law that causes damage to a data subject, that party shall bear the portion of liability that reflects its responsibility for the damage suffered, as between the parties.

21.2 If one party has paid full compensation to a data subject in respect of damage suffered, it may seek contribution from the other party to the extent that the other party was responsible.

21.3 The Provider’s liability under this DPA is subject to the limitations set out in clause 7 of Part 1, except where such limitations are prohibited by applicable data protection law or are otherwise unenforceable.

The following sub-processors are approved under clause 14 of this DPA. The Provider will notify the Tenant of any proposed changes in accordance with clause 14.2.