This Master SaaS Agreement sets the terms under which Ballpark Labs Ltd provides the Customer with access to its cloud-based research platform, Ballpark. It governs licensing, service levels, data usage, fees, and other key terms related to the use and delivery of the Services, forming the legal framework for the ongoing relationship between the parties.

PARTIES

1. BALLPARK LABS LTD, a company incorporated and registered in England and Wales with company number 08625398, whose registered office is at Third Floor, 20 Old Bailey, London, EC4M 7AN, United Kingdom ('Supplier'); and

2. THE CUSTOMER whose name and particulars are set out in an Order Form or signed up to Ballpark ('Customer').

BACKGROUND

1. The Supplier operates 'Ballpark', a cloud-hosted software-as-a-service research platform that (amongst other things) enables users to capture feedback and gather insights via text, video and audio.

2. The Customer wishes to use the Supplier's 'Ballpark' software. 

3. This agreement is intended to operate as a framework to (amongst other things) enable the Customer to: (i) access and use the Supplier's 'Ballpark' software; and (ii) purchase additional services, features and functionality that are offered by the Supplier from time-to-time.

OPERATIVE PROVISIONS 

1. Definitions and interpretation
   
   

   1. The definitions and rules of interpretation set out in Schedule 1 shall apply to this Agreement.

   2. In this Agreement:

      1. each Order Form entered into by the Customer shall form part of these Master SaaS Terms together with the Data Protection Addendum and the Additional Paid-for Feature Terms ('Agreement'); and

      2. in the event of any conflict in respect of the provisions of this Agreement and/or the documents referred to therein the following order of priority shall prevail (in descending order of priority): (i) the Order Form; (ii) the Data Protection Addendum; (iii) the Additional Paid-for Feature Terms; and (iv) the Master SaaS Terms.
         
         

2. Order Forms 
   
   

   1. The Customer may order Services at any point using an Order Form.  Order Forms shall only be legally binding on Order Acceptance.  Any quotation given by the Supplier is not binding and shall not constitute an offer.

   2. If a Customer Affiliate enters into an Order Form:

      1. all references to the 'Customer' in this Agreement or in the Order Form shall refer to the Customer Affiliate; 

      2. the Customer Affiliate shall be deemed to have entered into a separate agreement with the Supplier under the same terms as this Agreement, which shall apply mutatis mutandis; and

      3. the contract between the Supplier and the Customer Affiliate shall be enforceable by the Supplier and the Customer Affiliate only, and the Supplier will have no liability towards the Customer in respect of such Order Form. 

   3. In the event that the parties wish to change an Order Form after it has been signed, the parties may either: (a) agree a new Order Form (which states that it supersedes and terminates the previous Order Form); or (b) agree to vary the Order Form in accordance with Clause 26 (Variation).
      
      

3. Services
   
   

   1. Subject to this Agreement and the Order Form, the Supplier:

      1. shall make available the Services in accordance with the provisions of the Order Form and this Agreement (in particular the service levels specified in Clause 6);

      2. grants the Customer a non-exclusive and non-transferable right to access and use Ballpark and the Supplier Provided Materials during the Term for the Permitted Purpose;

      3. may provide the Services (or any part of them) directly or indirectly via any of its Affiliates.  Where Services are provided via an Affiliate, the Supplier shall remain liable for the actions and omissions of its Affiliates and the Customer shall have no entitlement to make any claim against any person other than the Supplier; and 

      4. shall use reasonable endeavours to meet any performance dates specified in an Order Form, but any such dates shall be estimates only and (unless otherwise specified in an Order Form) time shall not be of the essence for performance of the Services.

   2. The Supplier may from time-to-time provide new versions or updates to Ballpark at no additional cost to the Customer (save that new additional services (such as Additional Paid-for Features) may incur additional fees) in order to: (a) fix bugs or update security; (b) improve general performance; (c) enhance the features and functionality of Ballpark; or (d) support new devices and operating systems. 

   3. In conjunction with the Services, the Customer may be permitted to use certain software and services (including related support, maintenance, documentation, and participant testers) developed, owned, or provided by third parties or their licensors.  Use of such software and/or services may be subject to third party terms and conditions, and the Supplier is not responsible or liable for the availability or accuracy of such software and services.

   4. The Services may be subject to delays, interruptions, errors or other problems resulting from use of the internet or public electronic communications networks used by the parties or third parties.  The Customer acknowledges that such risks are inherent in cloud services and that the Supplier shall have no liability for any such delays, interruptions, errors or other problems.
      
      

4. Account usage reporting
   
   

   1. The Customer acknowledges and agrees that the Supplier may access and use data relating to the Customer’s use of the Services (including but not limited to login activity, feature usage, study volumes, and metadata about project activity) solely for the following purposes:

      1. providing visibility into the Customer’s own usage of the Services (e.g. usage reports, study volumes, adoption trends);

      2. supporting onboarding, engagement, and customer success efforts;

      3. notifying the Customer of usage against subscription limits;

      4. and ensuring compliance with any applicable usage restrictions set out in the Order Form.

The Customer further acknowledges that access to Account Usage Data is essential for the Supplier to provide accurate usage reporting. Without this access, the Customer will not have visibility into how Ballpark is being used and the Supplier will be unable to provide usage insights, support, or success services.

For clarity, Account Usage Data does not include Personal Data and is not used by the Supplier for any purpose other than those listed above without the Customer’s express written consent.

5. Authorised Users
   
   

   1. The Customer shall ensure that only Authorised Users use Ballpark and Supplier Provided Materials, and that such use is at all times in accordance with this Agreement.  Authorised User accounts cannot be shared or used by more than one individual at the same time.

   2. The Customer shall be liable for the acts and omissions of the Authorised Users as if they were its own.

   3. The Customer warrants and undertakes that it, and all Authorised Users and all others acting on its or their behalf shall, keep confidential and not share with any third party (or with other individuals except those with administration rights at the Customer as necessary for use of the Service) their password or access details for Ballpark.
      
      

6. Support Services and service levels
   
   

   1. The Supplier shall, for the duration of the respective Service Period, provide the Customer with Support Services.  The Supplier will use reasonable endeavours to notify the Customer in advance of scheduled maintenance but the Customer acknowledges that it may receive no advance notification for downtime caused by Force Majeure or for other emergency maintenance.

   2. Unless otherwise specified in an Order Form, the Supplier warrants that the uptime of Ballpark shall be no less than 99.9% on the ‘Enterprise’ plan (measured over each calendar month) excluding Permitted Downtime. ’Permitted Downtime’ means scheduled maintenance (with ≥48 hours’ notice), emergency maintenance, or Force Majeure. Uptime is measured monthly.

   3. The Customer's sole and exclusive remedy for breaches of Clause 6.2 shall be service credits which will be applied to the Fees due in the following billing cycle in accordance with the table below. Service credits are only applicable to the ‘Enterprise’ plan. The Supplier shall not in any circumstances be obliged to pay any money or make any refund to the Customer in respect of any breach of Clause 6.2. If the Service availability drops below 93% for two consecutive months, the Customer shall have the right to terminate the affected Order Form for material breach, and receive a pro-rata refund of prepaid Fees for the remaining term. 

7. Additional Paid-for Features 

The Customer may purchase Additional Paid-for Features.  Upon Order Acceptance and subject to the terms of this Agreement, Supplier shall provide access to the Additional Paid-for Features in accordance with the information on Supplier's website from time-to-time, any relevant Order Form (including the timeframes and delivery dates), and Additional Paid-for Feature Terms. The Customer acknowledges that Additional Paid-for Features will incur additional fees and may be subject to Additional Paid-for Feature Terms.

8. Fees
   
   

   1. The Fees and any other charges (including expenses) expressly agreed between the parties in writing shall be paid by the Customer at the rates and in the manner described in the Order Form.

   2. Unless otherwise specified in an Order Form, the Supplier shall be entitled to invoice the Customer on signature of the relevant Order Form and annually thereafter, and the invoices shall be paid within 30 calendar days of the date on the invoice.

   3. The Fees are exclusive of VAT which shall be payable by the Customer at the rate and in the manner prescribed by law.  If a payment due from the Customer under this Clause 8 is subject to tax (whether by way of direct assessment or withholding at its source), the Supplier shall be entitled to receive from the Customer such amounts as shall ensure that the net receipt, after tax, to the Supplier in respect of the payment is the same as it would have been were the payment not subject to tax.

   4. Fees payable to the Supplier under this Agreement shall be paid into the Supplier's bank account by electronic funds transfer unless otherwise notified by the Supplier to the Customer in writing in accordance with this Agreement.

   5. The Supplier shall have the right to charge interest on overdue invoices at the rate of 6% per year, calculated from the date when payment of the invoice becomes due for payment up to and including the date of actual payment whether before or after judgment.

   6. “The Supplier may increase Fees only on a Renewal Date, by no more than the lesser of (i) 6% per annum, or (ii) the Retail Prices Index (RPI) percentage change over the prior 12-month period.”

   7. To the extent this Agreement terminates or expires (other than due to termination by the Customer under Clauses 24.3 or 21.2) the Customer shall not be entitled to any refund or discount of Fees paid for any parts of any period during which the Services cease to be provided and the Customer will immediately pay any Fees that would otherwise have been payable (if applicable) for the duration of the Service Period.
      
      

9. Warranties
   
   

   1. Each party represents and warrants to the other that it has the right, power and authority to enter into this Agreement and grant to the other the rights (if any) contemplated in this Agreement and to perform its obligations under this Agreement.

   2. Subject to the remainder of this Clause 9, the Supplier warrants that:

      1. the Services shall operate materially in accordance with any relevant documentation provided to the Customer when used in accordance with this Agreement under normal use and normal circumstances during the relevant Service Period; and 

      2. it will provide the Services with reasonable care and skill and in accordance with applicable law.

   3. The Customer acknowledges that Clause 9.2 does not apply to Free or Trial Services or to Support Services provided in connection with the same.  Without prejudice to the Supplier's obligations under this Agreement in respect of Protected Data, Free or Trial Services and Support Services provided in connection with the same are provided 'as is' and without warranty to the maximum extent permitted by law.

   4. The warranties in Clause 9.2 are subject to the limitations set out in Clause 18 and shall not apply to the extent that any error in the Services relates to: (a) incorrect operation or use of the Services by the Customer or any Authorised User (including any failure to follow the Supplier's instructions); (b) use of any of the Services other than for the purposes for which it is intended; (c) use of any Services with third party software or services or on equipment with which it is incompatible; (d) any act by any third party (including hacking or the introduction of any virus or malicious code); (e) any modification of Services (other than that undertaken by the Supplier or at its direction); or (f) any breach of this Agreement by the Customer (or by any Authorised User).

   5. The Supplier may make Non-Supplier Materials available for the Customer's use in connection with the Services.  The Customer agrees that: (a) the Supplier has no responsibility for the use or consequences of use of any Non-Supplier Materials; and (b) the Customer's use of any Non-Supplier Materials may be governed by the applicable terms between the Customer and the owner or licensor of the relevant Non-Supplier Materials.

   6. Other than as set out in this Clause 9, and subject to Clause 18.6, all warranties, conditions, terms, undertakings or obligations whether express or implied and including any implied terms relating to quality, fitness for any particular purpose or ability to achieve a particular result are excluded to the fullest extent allowed by applicable law.
      
      

10. Customer's responsibilities
    
    

    1. The Customer shall (and shall ensure all Authorised Users shall) at all times comply with all applicable laws relating to the use or receipt of the Services, including laws relating to privacy, data protection and use of systems and communications.

    2. The Customer shall not (and shall ensure all Authorised Users shall not) use the Services: (a) in a way that abuses, interferes with, or disrupts the Supplier's networks, accounts, or Ballpark; (b) to engage in activity that is illegal, fraudulent, false, or misleading; (c) to transmit any material that may infringe the Intellectual Property Rights or other rights of third parties; (d) to communicate any message or material that is harassing, libelous, threatening, obscene, indecent, or is otherwise unlawful, that would give rise to civil liability, or that constitutes or encourages conduct that could constitute a criminal offense, under any applicable law or regulation; (e) to upload or transmit any software, content or code that does or is intended to harm, disable, destroy or adversely affect the performance of Ballpark in any way or which does or is intended to harm or extract information or data from other hardware, software or the Supplier's networks or other users of Ballpark; or (f) in violation of any of the Supplier's policies or in a manner that violates applicable law, including but not limited to anti-spam, export control, privacy, and anti-terrorism laws and regulations. 

    3. The Customer shall provide the Supplier with all information, assistance, and access as the Supplier may reasonably require, and the Customer acknowledges that the Supplier's ability to provide Services may be adversely affected, interrupted and/or delayed if the Customer does not provide such information, assistance or access.

    4. The Supplier shall have no liability for any delays, interruptions or other problems to the extent caused (in whole or in part) by the Customer's failure to comply with Clause 10.2.
       
       

11. Intellectual property
    
    

    1. All Intellectual Property Rights in and to the Services (including in all software and Supplier Provided Materials) belong to and shall remain vested in the Supplier or the relevant third party owner.  To the extent that the Customer, any of its Affiliates or any person acting on its or their behalf acquires any Intellectual Property Rights in the software, Supplier Provided Materials, or any other part of the Services, the Customer hereby assigns or procures the assignment of such Intellectual Property Rights with full title guarantee (including by way of present assignment of future Intellectual Property Rights) to the Supplier or such third party as the Supplier may elect.  The Customer shall execute all such documents and do such things as the Supplier may consider necessary to give effect to this Clause 11.1.

    2. All Intellectual Property Rights in and to the Project Reports, Customer Provided Materials and Customer Data belong to and shall remain vested in the Customer or the relevant third party owner.  The Customer and Authorised Users may store or transmit Customer Data using Ballpark and Ballpark may interact with Customer systems.  The Customer hereby grants a royalty-free, non-transferable, non-exclusive licence for the Supplier (and each of its direct and indirect sub-contractors) to use, copy and other otherwise utilise the Customer Data, Project Reports, Customer Provided Materials, and Customer systems to the extent necessary to perform or provide the Services or to exercise or perform the Supplier's rights, remedies and obligations under this Agreement.

    3. The Customer grants the Supplier a limited, non-exclusive licence to use anonymised and aggregated statistical data derived from Customer's use of the Services solely for the purpose of improving the Supplier's products and services, provided that:

       1. no Customer Data, Customer Confidential Information, or Protected Data is included;

       2. the data is aggregated with data from multiple customers such that no individual customer can be identified;

       3. such usage complies with all applicable data protection laws.

       4. The Supplier shall not use any Customer Data, Project Reports, or Customer Provided Materials for training artificial intelligence or machine learning models without the Customer's express prior written consent, which may be granted or withheld in the Customer's sole discretion. The Customer can disable AI features at any time by contacting customer support. Further information is contained within our AI Policy.

    4. To the extent Non-Supplier Materials are made available to, or used by or on behalf of the Customer or any Authorised User in connection with the use or provision of Ballpark, such use of Non-Supplier Materials (including all licence terms) shall be exclusively governed by applicable third party terms notified or made available by the Supplier or the third party and not by this Agreement.  The Supplier grants no Intellectual Property Rights or other rights in connection with any Non-Supplier Materials.

    5. The Supplier may use any feedback and suggestions for improvement relating to the Services provided by the Customer or any Authorised User without charge or limitation ('Feedback').  

    6. Unless the Customer notifies the Supplier otherwise in writing, the Supplier may use the Customer’s name and logo to identify the Customer as a user of Ballpark on its website and in social media materials. 

    7. Except for the rights expressly granted in this Agreement, the Customer, any Authorised User, any Customer Affiliate and their direct and indirect sub-contractors, shall not acquire in any way any title, rights of ownership, or Intellectual Property Rights of whatever nature in the Services (or any part including the software) and no Intellectual Property Rights of either party are transferred or licensed as a result of this Agreement.

    8. The Customer shall not access all or any part of the software in order to build a product or service which competes with, or is intended to be used in place of, the software.

    9. This Clause 11 shall survive the termination or expiry of this Agreement.
       
       

12. Supplier indemnity 
    
    

    1. Subject to Clauses 12.2 and 12.5, the Supplier shall indemnify, keep indemnified and hold harmless the Customer (on the Customer's own behalf and on behalf of each of the Customer's Affiliates) from and against any losses, claims, damages, liability, costs (including legal and other professional fees) and expenses incurred by it (or any of its Affiliates) as a result of any third party alleging that the Customer's use of the Services infringes any Intellectual Property Right (an 'IP Claim'). 

       1. The Customer shall indemnify Supplier against any third-party claim arising from Customer Data or Customer Provided Materials, subject to the notice and cooperation provisions of Clause 12.2–12.3.

    2. The provisions of Clause 12.1 shall not apply unless the Customer:

       1. promptly (and in any event within 20 Business Days) notifies the Supplier upon becoming aware of any actual or threatened IP Claim and provides full written particulars;

       2. makes no comment or admission and takes no action that may adversely affect the Supplier's ability to defend or settle the IP Claim;

       3. provides all assistance reasonably required by the Supplier subject to the Supplier paying the Customer's reasonable costs; and

       4. gives the Supplier sole authority to defend or settle the IP Claim as the Supplier considers appropriate.

    3. The provisions of Clause 18 shall apply to any payment of costs and damages awarded or agreed in settlement or final judgment of an IP Claim under Clause 12.1.

    4. In the event of any IP Claim, the Supplier may elect to terminate this Agreement immediately by written notice and promptly refund to the Customer on a pro-rata basis for any unused proportion of Fees paid in advance.  This Clause 12.4 is without prejudice to the Customer's rights and remedies under Clauses 12.1.

    5. The Supplier shall have no liability or obligation under this Clause 12 in respect of any IP Claim to the extent that it arises from: (a) any modification of the Services (or any part) without the Supplier's express written approval; (b) any Non-Supplier Materials; (c) any Customer Provided Materials and/or Customer Data; (d) any breach of this Agreement by the Customer; (e) use of the Services (or any part) otherwise than in accordance with this Agreement; or (f) use of the Services (or any part) in combination with any software, hardware or data that has not been supplied or expressly authorised by the Supplier.

    6. Subject to Clause 18.6, the provisions of this Clause 12 set out the Customer's sole and exclusive remedy (howsoever arising, including in contract, tort, negligence or otherwise) for any IP Claim.
       
       

13. Customer indemnity
    
    

    1. Subject to Clauses 13.2 and 13.3, the Customer shall indemnify, keep indemnified and hold harmless the Supplier (on the Supplier's own behalf and on behalf of each of the Supplier's Affiliates) from and against any losses, claims, damages, liability, costs (including legal and other professional fees) and expenses incurred by it (or any of its Affiliates) as a result of any third party alleging that the Customer Provided Materials or Customer Data (without prejudice to the Supplier's obligations under the Data Protection Addendum) infringes the rights, including any Intellectual Property Rights, of a third party. 

    2. The provisions of Clause 13.1 shall not apply unless the Supplier:

       1. promptly (and in any event within 20 Business Days) notifies the Customer upon becoming aware of any actual or threatened claim and provides full written particulars;

       2. makes no comment or admission and takes no action that may adversely affect the Customer's ability to defend or settle the claim;

       3. provides all assistance reasonably required by the Customer subject to the Customer paying the Supplier's reasonable costs; and

       4. gives the Customer sole authority to defend or settle the claim as the Customer considers appropriate.

    3. The Customer shall have no liability or obligation under this Clause 13 in respect of any claim to the extent it arises from: (a) any breach of this Agreement by the Supplier; or (b) use of the Customer Provided Materials or Customer Data (or any part) otherwise than in accordance with the Customer's instructions.

    4. This Clause 13 shall survive termination or expiry of this Agreement.
       
       

14. Customer Data
    
    

    1. Customer Data shall at all times remain the property of the Customer or its licensors.

    2. Except to the extent the Supplier has direct obligations under data protection laws, the Customer acknowledges that the Supplier has no control over which Customer Data is hosted as part of the provision of the Services and may not actively monitor or have access to the content of the Customer Data.  The Customer shall ensure (and is exclusively responsible for) the accuracy, quality, integrity and legality of the Customer Data and that its use (including use in connection with the Service) complies with all applicable laws.

    3. If the Supplier becomes aware of any allegation that any Customer Data may not comply with this Agreement, the Supplier shall have the right to delete or otherwise remove or suspend access to any Customer Data which is suspected of being in breach of any of the foregoing from the Services and/or disclose Customer Data to law enforcement authorities (in each case without the need to consult the Customer).  Where reasonably practicable and lawful the Supplier shall notify the Customer before taking such action.

    4. Unless otherwise set out in the Order Form, or subsequently agreed by the parties in writing, the Customer hereby instructs that the Supplier shall within 30 days of the end of the provision of the Services (or any part) relating to the processing of the Customer Data securely dispose of such Customer Data processed in relation to the Services (or any part) which have ended (and all existing copies of it) except to the extent that any applicable law (as defined in the Data Protection Addendum) requires the Supplier to store such Customer Data.  The Supplier shall have no liability (howsoever arising, including in negligence) for any deletion or destruction of any such Customer Data undertaken in accordance with this Agreement.
       
       

15. Confidentiality and security of Customer Data
    
    

    1. The Supplier shall maintain the confidentiality of the Customer Data and shall not without the prior written consent of the Customer or in accordance with this Agreement, disclose or copy the Customer Data other than as necessary for the performance of the Services or its express rights and obligations under this Agreement.

    2. The Supplier:

       1. undertakes to disclose the Customer Data only to those of its officers, employees, Affiliates, agents, contractors and direct and indirect sub-contractors to whom, and to the extent to which, such disclosure is necessary for the purposes contemplated under this Agreement or as otherwise reasonably necessary for the provision or receipt of the Services; and

       2. shall be responsible to the Customer for any acts or omissions of any of the persons referred to in Clause 15.2(a) in respect of the confidentiality and security of the Customer Data as if they were the Supplier's own.

    3. The provisions of this Clause 15 shall not apply to information which: (a) is or comes into the public domain through no fault of the Supplier, its officers, employees, agents or contractors; (b) is lawfully received by the Supplier from a third party free of any obligation of confidence at the time of its disclosure; (c) is independently developed by the Supplier (or any of its Affiliates or any person acting on its or their behalf), without access to or use of such information; or (d) is required by law, by court or governmental or regulatory order to be disclosed, provided that Clauses 15.3(a) to 15.3(c) (inclusive) shall not apply to Protected Data.

    4. This Clause 15 shall survive the termination or expiry of this Agreement for a period of five years.

    5. To the extent any Customer Data is Protected Data, the Supplier shall ensure that such Customer Data may be disclosed or used only to the extent such disclosure or use does not conflict with any of the Supplier's obligations under the Data Protection Addendum.  Clauses 15.1 to 15.4 (inclusive) are subject to this Clause 15.5.

    6. In the event that a confidentiality agreement was entered into by the parties prior to the date of this Agreement, the confidentiality agreement is hereby terminated. 
       
       

16. Supplier's Confidential Information
    
    

    1. The Customer shall maintain the confidentiality of the Supplier's Confidential Information and shall not without the prior written consent of the Supplier, disclose, copy or modify the Supplier's Confidential Information (or permit others to do so) other than as necessary for the performance of its express rights and obligations under this Agreement.

    2. The Customer undertakes to:

       1. disclose the Supplier's Confidential Information only to those of its officers, employees, agents and contractors to whom, and to the extent to which, such disclosure is necessary for the purposes contemplated under this Agreement;

       2. procure that such persons are made aware of and agree in writing to observe the obligations in this Clause 16; and

       3. be responsible for the acts and omissions of those third parties referred to in this Clause 16.2 as if they were the Customer's own acts or omissions.

    3. The Customer shall give notice to the Supplier of any unauthorised use, disclosure, theft or loss of the Supplier's Confidential Information immediately upon becoming aware of the same.

    4. The provisions of this Clause 16 shall not apply to information which: (a) is or comes into the public domain through no fault of the Customer, its officers, employees, agents or contractors; (b) is lawfully received by the Customer from a third party free of any obligation of confidence at the time of its disclosure; (c) is independently developed by the Customer, without access to or use of such information; or (d) is required by law, by court or governmental or regulatory order to be disclosed provided that the Customer, where possible, notifies the Supplier at the earliest opportunity before making any disclosure.

    5. This Clause 16 shall survive the termination or expiry of this Agreement for a period of ten years.
       
       

17. Relief

To the maximum extent permitted by law, the Supplier shall not be liable (under any legal theory, including negligence) for any breach, delay or default in the performance of this Agreement to the extent the same (or the circumstances giving rise to the same) arises or was contributed to by any Relief Event.

18. Limitation of liability
    
    

    1. The extent of the party's liability under or in connection with this Agreement (regardless of whether such liability arises in tort, contract or in any other way and whether or not caused by negligence or misrepresentation or under any indemnity) shall be as set out in this Clause 18.

    2. Subject to Clauses 18.3 and 18.6, the Supplier's aggregate liability howsoever arising under or in connection with this Agreement (including all Order Forms) shall not exceed:

       1. a sum equal to the Fees actually paid by the Customer to the Supplier pursuant to this Agreement in respect of a total failure by the Supplier to provide all of the Services; 

       2. a sum equal to the relevant portion of the Fees (being the portion which relates to the Services not provided) actually paid by the Customer to the Supplier pursuant to this Agreement in respect of any failure by the Supplier to provide some (but not all) of the Services; 

       3. the remedies specified in Clause 6.3 in respect of a breach of Clause 6.2 (downtime);

       4. the remedies specified in Clause 12 (Supplier indemnity) in respect of any IP Claim; 

       5. £1,000,000 in respect of liability arising under Clauses 12 (Supplier indemnity), 15 (Confidentiality and security of Customer Data), and/or the Data Protection Addendum; 

       6. in respect of everything else (including any claim that the Services are substandard, or the Supplier has breached its obligations), the amounts paid to the Supplier by the Customer in the 12 month period preceding the event giving rise to the claim.

    3. Subject to Clauses 18.6, the Supplier's aggregate liability in respect of each individual Free or Trial Service (and all Support Services provided in connection with the same) (howsoever arising under or in connection with this Agreement) shall not exceed £100.

    4. Subject to Clause 18.6, the Supplier shall not be liable for consequential, indirect or special losses.

    5. Subject to Clause 18.6, the Supplier shall not be liable for any of the following (whether direct or indirect): loss of profit or revenue; loss or corruption of software or systems; loss of use; loss of production; loss of contract; loss of opportunity; loss of savings, discount or rebate (whether actual or anticipated); and/or harm to reputation or loss of goodwill.

    6. Notwithstanding any other provision of this Agreement, the Supplier's liability shall not be limited in any way in respect of the following: (a) death or personal injury caused by negligence; (b) fraud or fraudulent misrepresentation; or (c) any other losses which cannot be excluded or limited by applicable law.

    7. This Clause 18 shall survive the termination or expiry of this Agreement.
       
       

19. Suspension
    
    

    1. The Supplier may suspend access to the Services to all or some of the Authorised Users if:

       1. the Supplier reasonably suspects that there has been a serious misuse (e.g., security threat, unlawful content, abuse) of the Services; or

       2. the Customer fails to pay any sums due to the Supplier by the due date for payment and such amount remains unpaid within 15 Business Days after the Customer has received notification that the payment is overdue.

    2. Where the reason for the suspension is suspected misuse of the Services, without prejudice to its rights under Clause 21, the Supplier will take steps to investigate the issue and may restore or continue to suspend access at its discretion (acting reasonably).

    3. In relation to suspensions under Clause 19.1(b), access to the Services will be restored promptly after the Supplier receives payment in full and cleared funds.

    4. Fees shall remain payable during any period of suspension notwithstanding that the Customer or some or all of the Authorised Users may not have access to the Services.
       
       

20. Renewals and cancellation
    
    

    1. Unless the Order Form specifies that there shall be no automatic renewals and subject to Clause 20.2, on expiry of the Service Period indicated in the Order Form the Service Period shall continue and automatically renew for a further period equal to the Service Period ('first Renewal Date') and thereafter renew for a further period equal to the Service Period on each anniversary of the first Renewal Date (each of the first Renewal Date and each such anniversary being a 'Renewal Date').  This Clause 20.1 shall not apply in respect of Free or Trial Services (which shall not renew unless otherwise expressly stated in the Order Form).

    2. If either party wishes for the Service Period to expire on the next Renewal Date, it may cause the Service to expire on that Renewal Date by notice provided such notice is served:

       1. in respect of the 'Starter' or 'Business' plans, any time prior to the Renewal Date by going to the 'Account' page and following the instructions for cancellation. If the Customer cancels, the Customer will not be billed for any additional term and access to Ballpark will be disabled immediately. If the Customer cancels, the Customer will not receive a refund of amounts already paid (unless the Customer cancels in accordance with Clause 24.3); or

       2. in respect of the 'Enterprise' plan, at least 30 days prior to the Renewal Date. For ‘Enterprise’ plans, the Supplier shall contact the Customer no later than 60 days prior to the Renewal Date to initiate a renewal discussion, including any proposed changes to pricing, services, or terms. The Supplier shall make reasonable efforts to schedule a renewal review prior to automatic renewal.

    3. If notice is not served within the timeframes set out in Clause 20.2, the Service shall renew at the next Renewal Date in accordance with Clause 20.1.
       
       

21. Term and termination
    
    

    1. This Agreement shall come into force on the date of Order Acceptance and, unless terminated earlier in accordance with its terms, shall continue for the duration of the Term after which it shall automatically expire.

    2. Either party may terminate this Agreement immediately at any time by giving notice in writing to the other party if:

       1. the other party commits a material breach of this Agreement and such breach is not remediable;

       2. the other party commits a material breach of this Agreement which is not remedied within 20 Business Days of receiving written notice of such breach; or

       3. the other party has failed to pay any amount due under this Agreement on the due date and such amount remains unpaid within 20 Business Days after the other party has received notification that the payment is overdue; or

       4. it becomes unlawful for the Supplier to provide all or any part of the Services to the Customer under applicable law.

3. The Supplier may terminate or suspend the provision of Free or Trial Services (and all related Support Services) at any time with or without notice.

4. Any breach by the Customer of Clause 11 shall be deemed a material breach of this Agreement which is not remediable.

22. Consequences of termination
    
    

    1. Immediately on termination or expiry of this Agreement (for any reason), the rights granted by the Supplier under this Agreement shall terminate and the Customer shall (and shall procure that each Authorised User shall) stop using the Services.

    2. Termination or expiry of this Agreement shall not affect any accrued rights and liabilities of either party at any time up to the date of termination or expiry and shall not affect any provision of this Agreement that is expressly or by implication intended to continue beyond termination.
       
       

23. Compliance 
    
    

    1. The Customer shall comply (and shall ensure all Authorised Users comply) with all applicable laws, rules, and regulations governing export that apply to the Services and the Customer Data (or any part), and shall not export or re-export, directly or indirectly, separately or as a part of a system, the Services or the Customer Data (or any part) to, or access or use the Services or the Customer Data (or any part) in, any country or territory for which an export licence or other approval is required under the laws of the United Kingdom, the United States, Switzerland, the European Union or any of its member states, without first obtaining such licence or other approval.  Without prejudice to the Supplier's obligations under the Data Protection Addendum, the Customer shall be solely responsible for ensuring its access, importation and use of the Services and the Customer Data complies with all export and other laws.

    2. The Customer shall take full responsibility and accepts all liability under all applicable laws in respect of the use it makes of the Services and the results it achieves from them, including complying with all applicable regulations concerning data protection and artificial intelligence.

    3. This Clause 23.1 shall survive termination or expiry of this Agreement.
       
       

24. Changes to services and terms
    
    

    1. In relation to Services, the Supplier may at its absolute discretion make, and notify the Customer of, updated versions of the Master SaaS Terms, Data Protection Addendum, and Additional Paid-for Feature Terms from time-to-time by notifying the Customer of such update by e-mail (together with a copy of the update or a link to a copy of the update) or by any other reasonable means which the Supplier elects ('Update Notification'). 

    2. The document(s) subject to such Update Notification shall replace the preceding version of the same document(s) for the purposes of this Agreement from the date 15 Business Days after Update Notification of such revised document(s) (the 'Update') (or at such later date as the Supplier may specify).

    3. In the event that the Customer reasonably believes that any Update or New Limits (as defined below) materially impacts it negatively in any manner, it may by notice elect to terminate this Agreement in respect of all impacted Services provided it exercises such right prior to such Update taking effect pursuant to Clause 24.2 and notifies the Supplier at the time of exercising such right.  In the event of such termination the Customer shall receive a refund of any pre-paid Fees in respect of such terminated Services.

    4. The Customer acknowledges that the Supplier shall be entitled to modify the features and functionality of Ballpark, provided that any such modification does not materially adversely affect the use of the Services by Authorised Users.

    5. The Supplier may, without limitation to the generality of Clause 24.4, establish new limits on Ballpark (or any part) ('New Limits'), including limiting the volume of data which may be used, stored or transmitted, remove or restrict application programming interfaces or make alterations to data retention periods, provided such changes are introduced by Update to the relevant impacted contractual documents.  The Supplier will comply with its related obligations in the Data Protection Addendum.
       
       

25. Usage-Based Pricing
    
    

    1. The Services may include usage-based components, including but not limited to the right to launch a limited number of studies on the Ballpark platform during the applicable Service Period. For the purposes of this Agreement, a “Launched Study” means any study created within the platform that has been made available to participants and has received at least one response. Each Launched Study shall consume one usage unit or “Study Allowance.”

    2. The number of Study Allowances included in the Fees shall be set out in the applicable Order Form. The Customer shall be entitled to launch up to the number of studies equal to the included Study Allowances during the Service Period. Any unused Study Allowances shall expire at the end of the relevant Service Period and shall not carry over to any renewal period, unless otherwise agreed in writing.

    3. The Supplier will monitor the Customer’s usage of Study Allowances and will use reasonable efforts to notify the Customer when usage approaches 80% and again at 100% of the included limit. If the Customer exceeds the number of included Study Allowances, the Supplier will always contact the Customer in advance of issuing any overage invoice to confirm whether the additional usage was intentional and to ensure the Customer is fully informed before any additional charges are applied.

    4. The Supplier’s internal systems will track and report usage, and the Customer may request usage summaries at any time or view them in the Account section. The Supplier will not invoice for overages without first giving the Customer a reasonable opportunity to review the usage and confirm whether the excess usage aligns with the Customer’s intended use.

    5. In addition to Study Allowances, the Customer may purchase recruitment credits (“Credits”) for the purpose of recruiting participants through the Supplier’s integrated participant panel. Credits are optional, transactional in nature, and may be purchased either (a) at the commencement of the Service Period, or (b) on an ad hoc basis during the Term.

    6. Credits are pre-paid and may be used at any time during the Term unless otherwise specified in the Order Form. Credits do not renew automatically, do not expire during the Term, and are not refundable except as expressly agreed in writing. The Customer may purchase Credits by credit card or by invoice, subject to the Supplier’s approval and applicable payment terms.

    7. The Supplier shall provide the Customer with visibility into the remaining balance of Credits via the platform and may notify the Customer when balances are low. The use of Credits shall be subject to the applicable pricing, targeting rules, and recruitment limits as set out in the Order Form or otherwise communicated by the Supplier.

    8. This Agreement constitutes the entire agreement between the parties and supersedes all previous agreements, understandings and arrangements between them in respect of its subject matter, whether in writing or oral.

    9. Each party acknowledges that it has not entered into this Agreement in reliance on, and shall have no remedies in respect of, any representation or warranty that is not expressly set out in this Agreement.

    10. Nothing in this Agreement shall limit or exclude any liability for fraud.
        
        

26. Variation
    
    

    1. No variation of this Agreement shall be valid or effective unless it is:

       1. an Update made in accordance with this Agreement; or

       2. made in writing, refers to this Agreement and is duly signed or executed by, or on behalf of, each party.
          
          

27. Assignment and subcontracting
    
    

    1. Except as expressly provided in this Agreement, the Supplier may at any time assign, sub-contract, sub-licence (including by multi-tier), transfer (by way of assignment or novation), mortgage, charge, declare a trust of or deal in any other manner with any or all of its rights or obligations under this Agreement (and Customer consents to any such transfer).

    2. Except as expressly permitted by this Agreement, the Customer shall not assign, transfer, sub-contract, sub-licence, mortgage, charge, declare a trust of or deal in any other manner with any or all of its rights or obligations under this Agreement (including the licence rights granted), in whole or in part, without the Supplier's prior written consent.
       
       

28. Set off

Each party shall pay all sums that it owes to the other party under this Agreement without any set-off, counterclaim, deduction or withholding of any kind, save as may be required by law.

30. No partnership or agency

The parties are independent and are not partners or principal and agent and this Agreement does not establish any joint venture, trust, fiduciary or other relationship between them, other than the contractual relationship expressly provided for in it.  Neither party shall have, nor shall represent that it has, any authority to make any commitments on the other party's behalf.

31. Severance
    
    

    1. If any provision of this Agreement (or part of any provision) is or becomes illegal, invalid or unenforceable, the legality, validity and enforceability of any other provision of this Agreement shall not be affected.

    2. If any provision of this Agreement (or part of any provision) is or becomes illegal, invalid or unenforceable but would be legal, valid and enforceable if some part of it was deleted or modified, the provision or part-provision in question shall apply with such deletions or modifications as may be necessary to make the provision legal, valid and enforceable.  In the event of such deletion or modification, the parties shall negotiate in good faith in order to agree the terms of a mutually acceptable alternative provision.
       
       

32. Waiver
    
    

    1. No failure, delay or omission by either party in exercising any right, power or remedy provided by law or under this Agreement shall operate as a waiver of that right, power or remedy, nor shall it preclude or restrict any future exercise of that or any other right, power or remedy.

    2. No single or partial exercise of any right, power or remedy provided by law or under this Agreement shall prevent any future exercise of it or the exercise of any other right, power or remedy.

    3. A waiver of any term, provision, condition or breach of this Agreement shall only be effective if given in writing and signed by the waiving party, and then only in the instance and for the purpose for which it is given.
       
       

33. Third party rights

A person who is not a party to this Agreement shall not have any rights to enforce any of its provisions.

34. Governing law and jurisdiction
    
    

    1. In the event of any dispute, claim, question, or disagreement arising from or relating to the Agreement or the breach thereof, the parties shall use their best efforts to settle the dispute, claim, question, or disagreement.  To this effect, they shall consult and negotiate with each other in good faith and, recognising their mutual interests, attempt to reach a just and equitable solution satisfactory to both parties. 

    2. This Agreement and any dispute or claim arising out of, or in connection with it, its subject matter or formation (including non-contractual disputes or claims) shall be governed by the laws of: 

       1. England and Wales, if the Customer is located outside of North America or the European Union, and, to the fullest extent permitted by law, the courts of England and Wales shall have the exclusive jurisdiction over any dispute or claim relating to the Agreement.
          
          

35. Updates
    
    

    1. These Terms will apply to all new Customers from the Effective Date. For existing Customers with a signed Master SaaS Agreement or previous Terms and Conditions with special carve outs regarding term changes, those terms shall remain in effect until the earlier of (a) renewal of the Subscription Term, or (b) mutual agreement to adopt these Terms earlier. Upon renewal, these Terms shall automatically apply unless expressly agreed otherwise in writing.

Schedule 1

Definitions and interpretations

In this Agreement:

2. In this Agreement, unless otherwise stated:
   
   

   1. the table of contents, recitals section and the clause, paragraph, schedule or other headings in this Agreement are included for convenience only and shall have no effect on interpretation;

   2. the Supplier and the Customer are together the 'parties' and each a 'party', and a reference to a 'party' includes that party's successors and permitted assigns;

   3. words in the singular include the plural and vice versa;

   4. any words that follow 'include', 'includes', 'including', 'in particular' or any similar words and expressions shall be construed as illustrative only and shall not limit the sense of any word, phrase, term, definition or description preceding those words;

   5. a reference to 'writing' or 'written' includes any method of reproducing words in a legible and non-transitory form (including email); and

   6. a reference to specific legislation is a reference to that legislation as amended, extended, re-enacted or consolidated from time to time and a reference to legislation includes all subordinate legislation made as at the date of this Agreement under that legislation.

   
   

Data Protection Addendum

1. Definitions
   
   

   1. In this Data Protection Addendum defined terms shall have the same meaning, and the same rules of interpretation shall apply as in the remainder of the Agreement.  In addition, in this Data Protection Addendum the following definitions have the meanings given below:

2. Processor and Controller
   
   

   1. The parties agree that:

      1. for the Protected Data, the Customer shall be the Controller and the Supplier shall be the Processor.  Nothing in this Agreement relieves the Customer of any responsibilities or liabilities under any Data Protection Laws; 

      2. for the Personal Data of Authorised Users processed in relation to set-up account, logins, and customer support purposes related to this Agreement and such other purposes as set out in the Supplier's privacy notices, the Supplier shall be the sole Controller; 

      3. for the Business Contact Information, each party shall be the Controller of the other party's Business Contact Information and may use the other party's Business Contact Information for contract management, payment processing, service offering, and business development purposes related to this Agreement and such other purposes as set out in the using party's privacy policy (copies of which shall be made available upon request); and 

      4. for the Tester Data, the Customer shall be the Controller (or joint Controller along with the applicable third party provider that gives access to Testers) and the Supplier shall be the Processor.

   2. To the extent the Customer is not sole Controller of any Protected Data or Tester Data it warrants that it has full authority and authorisation of all relevant Controllers to instruct the Supplier to process the Protected Data in accordance with the Agreement.

   3. The Supplier shall process Protected Data and Tester Data in compliance with: (a) the obligations of Processors under Data Protection Laws in respect of the performance of its and their obligations under the Agreement; and (b) the terms of the Agreement.
      
      

3. Fair processing notices 

In connection with the processing of Protected Data and Tester Data, the Customer shall be fully responsible for: (a) the form and content of all fair processing and other information notices required by Data Protection Laws; (b) ensuring all Data Subjects understand the Customer's fair processing notice; (c) disclosing in its fair processing notice that the Customer will share Protected Data and Tester Data with the Supplier; (d) the collection and maintenance of all necessary consents required by Data Protection Laws from such Data Subjects; and (e) ensuring that the processing of Protected Data and Tester Data is lawful, fair and transparent and that lawful grounds exist for all processing activities in respect of the Protected Data and Tester Data which may be undertaken by the Supplier and its Sub-Processors in accordance with the Agreement.

4. Instructions and details of processing
   
   

   1. Insofar as the Supplier processes Protected Data and/or Tester Data on behalf of the Customer, the Supplier:

      1. unless required to do otherwise by applicable law, shall (and shall take steps to ensure each person acting under its authority shall) process the Protected Data and/or Tester Data only on and in accordance with the Customer's documented instructions as set out in this paragraph 4.1 and paragraphs 4.2 and 4.3 (including when making a transfer of Protected Data and/or Tester Data to any International Recipient), as Updated from time to time ('Processing Instructions');

      2. if applicable law requires it to process Protected Data and/or Tester Data other than in accordance with the Processing Instructions, shall notify the Customer of any such requirement before processing the Protected Data and/or Tester Data (unless applicable law prohibits such information on important grounds of public interest); and

      3. shall promptly inform the Customer if the Supplier becomes aware of a Processing Instruction that, in the Supplier's opinion, infringes Data Protection Laws, provided that to the maximum extent permitted by mandatory law, the Supplier shall have no liability howsoever arising (whether in contract, tort (including negligence) or otherwise) for any losses, costs, expenses or liabilities (including any Data Protection Losses) arising from or in connection with any processing in accordance with the Customer's Processing Instructions following the Customer's receipt of that information.

   2. The Customer acknowledges and agrees that the execution of any computer command to process (including deletion of) any Protected Data and/or Tester Data made in the use of any of the Services by an Authorised User will be a Processing Instruction (other than to the extent such command is not fulfilled due to technical, operational or other reasons).  The Customer shall ensure that Authorised Users do not execute any such command unless authorised by the Customer (and by all other relevant Controller(s)).

   3. Subject to the Order Form, the processing of the Protected Data and/or Tester Data by the Supplier under the Agreement shall be for the subject-matter, duration, nature and purposes and involve the types of Personal Data and categories of Data Subjects set out in Appendix 1.
      
      

5. Technical and organisational measures

Taking into account the nature of the processing, the Supplier shall implement and maintain, at its cost and expense, the technical and organisational measures: (a) in relation to the processing of Protected Data and/or Tester Data by the Supplier; and (b) to assist the Customer insofar as is possible in the fulfilment of the Customer's obligations to respond to Data Subject Requests relating to Protected Data and/or Tester Data, in each case at the Customer's cost on a time and materials basis in accordance with the Supplier's then standard pricing.

6. Using staff and other processors
   
   

   1. The Supplier shall not engage any Sub-Processor for carrying out any processing activities in respect of the Protected Data and/or Tester Data except in accordance with the Agreement without the Customer's written authorisation of that specific Sub-Processor (such authorisation not to be unreasonably withheld, conditioned or delayed).

   2. The Customer authorises the appointment of each of the Sub-Processors identified on the List of Sub-Processors as Updated from time to time.

   3. The Supplier shall: 

      1. prior to the relevant Sub-Processor carrying out any processing activities in respect of the Protected Data and/or Tester Data, appoint each Sub-Processor under a written contract containing materially the same obligations as under paragraphs 2 to 14 (inclusive) that is enforceable by the Supplier (including those relating to sufficient guarantees to implement appropriate technical and organisational measures);

      2. ensure each such Sub-Processor complies with all such obligations; and

      3. remain fully liable for all the acts and omissions of each Sub-Processor as if they were its own.

   4. The Supplier shall ensure that all persons authorised by it (or by any Sub-Processor) to process Protected Data and/or Tester Data are subject to a binding written contractual obligation to keep the Protected Data and/or Tester Data confidential (except where disclosure is required in accordance with applicable law, in which case the Supplier shall, where practicable and not prohibited by applicable law, notify the Customer of any such requirement before such disclosure).
      
      

7. Assistance with compliance and Data Subject rights
   
   

   1. The Supplier shall refer all Data Subject Requests it receives to the Customer without undue delay.  The Customer shall pay the Supplier for all work, time, costs and expenses incurred in connection with such activity, calculated on a time and materials basis at the Supplier's rates set out in the Supplier's then standard pricing.

   2. The Supplier shall provide such reasonable assistance as the Customer reasonably requires (taking into account the nature of processing and the information available to the Supplier) to the Customer in ensuring compliance with the Customer's obligations under Data Protection Laws with respect to: (a) security of processing; (b) data protection impact assessments (as such term is defined in Data Protection Laws); (c) prior consultation with a Supervisory Authority regarding high risk processing; and (d) notifications to the Supervisory Authority and/or communications to Data Subjects by the Customer in response to any Personal Data Breach, provided the Customer shall pay the Supplier for all work, time, costs and expenses incurred in connection with providing the assistance in this paragraph 7.2, calculated on a time and materials basis at the Supplier's rates set out in the Supplier's then standard pricing.
      
      

8. International data transfers
   
   

   1. Subject to paragraph 8.2, the Supplier shall not transfer, or otherwise directly or indirectly disclose, any Protected Data and/or Tester Data to any International Recipient without the prior written consent of the Customer except where the Supplier is required to transfer the Protected Data and/or Tester Data by applicable law (and shall inform the Customer of that legal requirement before the transfer, unless those laws prevent it doing so).

   2. The Customer agrees that the Supplier may transfer any Protected Data and/or Tester Data for the purposes referred to in paragraph 4.3 to any International Recipient, provided all transfers by the Supplier of Protected Data and/or Tester Data to an International Recipient (and any onward transfer) shall (to the extent required under Data Protection Laws) be effected by way of Appropriate Safeguards and in accordance with Data Protection Laws. The provisions of the Agreement shall constitute the Customer's instructions with respect to transfers in accordance with paragraph 4.1(a).

   3. The Customer acknowledges that due to the nature of cloud services, the Protected Data and/or Tester Data may also be transferred to other geographical locations in connection with use of the Service further to access and/or computerised instructions initiated by Authorised Users.  The Customer acknowledges that the Supplier does not control such processing and the Customer shall ensure that Authorised Users (and all others acting on its behalf) only initiate the transfer of Protected Data and/or Tester Data to other geographical locations if Appropriate Safeguards are in place and that such transfer is in compliance with all applicable laws.

   4. To the extent the Supplier processes Protected Data subject to the GDPR and any transfer to an International Recipient occurs that is not covered by an adequacy decision under Article 45 GDPR, the Parties hereby incorporate by reference and agree to be bound by the EU SCCs (Commission Implementing Decision (EU) 2021/914, 4 June 2021) as follows:

      1. Module Two (Controller-to-Processor) applies to transfers from the Customer (data exporter) to the Supplier (data importer).

      2. Module Three (Processor-to-Processor) applies to onward transfers from the Supplier (data exporter/processor) to Sub-Processors (data importers), with the Customer as third-party beneficiary to the extent provided by the EU SCCs.

      3. Clause 7 (Docking clause) applies.

      4. Clause 9(a) (Use of sub-processors): Option 2 (general authorisation) applies, and the time period for prior notice of new/replacement Sub-Processors is 15 Business Days; the Customer may object on reasonable grounds relating to data protection.

      5. Clause 11 (Redress) – the optional language is not used

      6. Clause 17 (Governing law) – the law of the EU Member State where the Customer is established; if the Customer is not established in the EU, the law of Ireland applies.

         1. Clause 18 (Forum and jurisdiction) – the courts of the EU Member State identified in Clause 17.

         2. The Parties complete Annex I–III to the EU SCCs as set out in Appendix 2 (SCC Annexes) to this Data Protection Addendum.

         3. Paragraph 8.3(a) constitutes the Appropriate Safeguards referenced in paragraph 8.2 and is without prejudice to paragraph 8 generally.

   5. Where the transfer is subject to the UK GDPR, the Parties agree the UK Addendum (Version B1.0, in force 21 March 2022) is hereby incorporated by reference into and varies the EU SCCs in accordance with its terms.

   6. The UK Addendum Tables are completed as follows:

      1. Table 1 (Parties): Exporter = Customer; Importer = Supplier (and, where applicable, relevant Sub-Processors for Module Three).

      2. Table 2 (Selected SCCs): EU SCCs as selected in paragraph 8.3(a) (Module Two and, where applicable, Module Three).

      3. Table 3 (Appendix Information): as set out in Appendix 2 (SCC Annexes).

      4. Table 4 (Mandatory Clauses): the mandatory clauses apply unamended.

      5. The Supplier will implement supplementary measures and support transfer risk assessments as reasonably required to ensure an essentially equivalent level of protection, consistent with EDPB Recommendations 01/2020.
         
         

9. Information and audit
   
   

   1. The Supplier shall maintain, in accordance with Data Protection Laws binding on the Supplier, written records of all categories of processing activities carried out on behalf of the Customer.

   2. The Customer may by written notice to the Supplier request information regarding the Supplier's compliance with the obligations placed on it under this Data Protection Addendum.  On receipt of such request the Supplier shall provide the Customer (or auditors mandated by the Customer) with a copy of the latest third party certifications and audits to the extent made generally available to its customers.  Such copies are confidential to the Supplier and shall be Supplier's Confidential Information for the purposes of the Agreement. 

   3. The Supplier shall, on request by the Customer, in accordance with Data Protection Laws, make available to the Customer such information as is reasonably necessary to demonstrate the Supplier's compliance with its obligations under this Data Protection Addendum and Article 28 of the GDPR (and under any Data Protection Laws equivalent to that Article 28), and allow for and contribute to audits, including inspections, by the Customer (or another auditor mandated by the Customer) for this purpose provided:

      1. such audit, inspection or information request is reasonable, limited to information in the Supplier's (or any Sub-Processor's) possession or control and is subject to the Customer giving the Supplier reasonable prior notice of such audit, inspection or information request;

      2. the parties (each acting reasonably and consent not to be unreasonably withheld or delayed) shall agree the timing, scope and duration of the audit, inspection or information release together with any specific policies or other steps with which the Customer or third party auditor shall comply (including to protect the security and confidentiality of other customers, to ensure the Supplier is not placed in breach of any other arrangement with any other customer and so as to comply with the remainder of this paragraph 9.3); 

      3. all costs of such audit or inspection or responding to such information request shall be borne by the Customer, and the Supplier's costs, expenses, work and time incurred in connection with such audit or inspection shall be reimbursed by the Customer on a time and materials basis in accordance with the Supplier's then standard pricing;

      4. the Customer's rights under this paragraph 9.3 may only be exercised once in any consecutive 12 month period, unless otherwise required by a Supervisory Authority or if the Customer (acting reasonably) believes the Supplier is in breach of this Data Protection Addendum;

      5. the Customer shall promptly (and in any event within three Business Days) report any non-compliance identified by the audit, inspection or release of information to the Supplier;

      6. the Customer shall ensure that all information obtained or generated by the Customer or its auditor(s) in connection with such information requests, inspections and audits is kept strictly confidential (save for disclosure required by applicable law);

      7. the Customer shall ensure that any such audit or inspection is undertaken during normal business hours, with minimal disruption to the businesses of the Supplier and each Sub-Processor; and

      8. the Customer shall ensure that each person acting on its behalf in connection with such audit or inspection (including the personnel of any third party auditor) shall not by any act or omission cause or contribute to any damage, destruction, loss or corruption of or to any systems, equipment or data in the control or possession of the Supplier or any Sub-Processor whilst conducting any such audit or inspection.
         
         

10. Breach notification

In respect of any Personal Data Breach involving Protected Data and/or Tester Data, the Supplier shall, without undue delay: (a) notify the Customer of the Personal Data Breach; and (b) provide the Customer with details of the Personal Data Breach.

11. Deletion of Protected Data and copies

Following the end of the provision of the Services (or part) relating to the processing of Protected Data and/or Tester Data the Supplier shall dispose of Protected Data and/or Tester Data in accordance with its obligations under this Agreement.  The Supplier shall have no liability (howsoever arising, including in negligence) for any deletion or destruction of any such Protected Data and/or Tester Data undertaken in accordance with the Agreement.

12. Compensation and claims
    
    

    1. Subject to Clause 18.2 of the Master SaaS Terms, the Supplier shall be liable for Data Protection Losses (howsoever arising, whether in contract, tort (including negligence) or otherwise) under or in connection with the Agreement:

       1. only to the extent caused by the processing of Protected Data and/or Tester Data under the Agreement and directly resulting from the Supplier's breach of the Agreement; and

       2. in no circumstances to the extent that any Data Protection Losses (or the circumstances giving rise to them) are contributed to or caused by any breach of the Agreement by the Customer (including in accordance with paragraph 4.1(c)).

    2. If a party receives a compensation claim from a person relating to processing of Protected Data and/or Tester Data in connection with the Agreement or the Services, it shall promptly provide the other party with notice and full details of such claim.  The party with conduct of the action shall:

       1. make no admission of liability nor agree to any settlement or compromise of the relevant claim without the prior written consent of the other party (which shall not be unreasonably withheld or delayed); and

       2. consult fully with the other party in relation to any such action but the terms of any settlement or compromise of the claim will be exclusively the decision of the party that is responsible under the Agreement for paying the compensation.

    3. The parties agree that the Customer shall not be entitled to claim back from the Supplier any part of any compensation paid by the Customer in respect of such damage to the extent that the Customer is liable to indemnify or otherwise compensate the Supplier in accordance with the Agreement.

    4. This paragraph 12 is intended to apply to the allocation of liability for Data Protection Losses as between the parties, including with respect to compensation to Data Subjects, notwithstanding any provisions under Data Protection Laws to the contrary, except: (a) to the extent not permitted by applicable law (including Data Protection Laws); and (b) that it does not affect the liability of either party to any Data Subject.
       
       

13. Customer obligations 
    
    

    1. The Customer shall ensure that it, its Affiliates and each Authorised User shall at all times comply with: (a) all Data Protection Laws in connection with the processing of Protected Data and/or Tester Data, the use of the Services (and each part) and the exercise and performance of its respective rights and obligations under the Agreement, including maintaining all relevant regulatory registrations and notifications as required under Data Protection Laws; and (b) the terms of the Agreement.

    2. The Customer warrants, represents and undertakes, that at all times: (a) all Protected Data and/or Tester Data (if processed in accordance with the Agreement) shall comply in all respects, including in terms of its collection, storage and processing, with Data Protection Laws; (b) the Protected Data and/or Tester Data is accurate and up to date; (c) it shall establish and maintain adequate security measures to safeguard Protected Data in its possession or control from unauthorised access and copying and maintain complete and accurate backups of all Protected Data and/or Tester Data provided to the Supplier (or anyone acting on its behalf) so as to be able to immediately recover and reconstitute such Protected Data and/or Tester Data in the event of loss, damage or corruption of such Protected Data and/or Tester Data by the Supplier or any other person; and (d) all instructions given by it to the Supplier in respect of Personal Data shall at all times be in accordance with Data Protection Laws.
       
       

14. Survival

This Data Protection Addendum (as Updated from time to time) shall survive termination (for any reason) or expiry of the Agreement and continue until no Protected Data and/or Tester Data remains in the possession or control of the Supplier or any Sub-Processor, except that paragraphs 11 to 14 (inclusive) shall continue indefinitely.

Data processing details

Subject-matter of processing:

• Performance of respective rights and obligations under the Agreement and delivery and receipt of the Services under the Agreement.

Duration of the processing:

• Until the earlier of final termination or final expiry of the Agreement, except as otherwise expressly stated in the Agreement.

Nature and purpose of the processing:

• Processing in accordance with the rights and obligations of the parties under the Agreement;

• Processing as reasonably required to provide the Services; and/or

• Processing as initiated, requested or instructed by Authorised Users in connection with their use of the Services, or by the Customer, in each case in a manner consistent with the Agreement.

Type of Personal Data:

• As provided by the Customer (e.g. data concerning Testers) 

Categories of Data Subjects:

• As provided by the Customer (e.g. Testers) 

Special categories of Personal Data:

• None.

Schedule 2

Appendix 2 - SCC Annexes

Annex I – A. List of Parties

Data exporter: the Customer identified in the Order Form / agreement (role: controller) — contact: Customer’s legal/privacy contact as notified.

Data importer: Ballpark Labs Ltd, Third Floor, 20 Old Bailey, London, EC4M 7AN, United Kingdom (role: processor). Contact: privacy@ballparkhq.com (or as notified).

Annex I – B. Description of Transfer

• Categories of data subjects: Customer’s authorised users; project participants/testers; other individuals whose data is included in Customer Data.

• Categories of personal data: names, business contact details, account identifiers, usage metadata; user-generated content including text, audio and video recordings, screen recordings, and tester data (e.g., email, demographic info such as location/age/gender) as chosen by the Customer.

• Sensitive data: only if provided by Customer in breach of restrictions or with explicit instructions and appropriate safeguards (not anticipated by default).

• Frequency of transfer: continuous and on demand during the Term.

• Nature and purpose of processing: hosting, storage, retrieval, display, transmission, analysis and support necessary to provide the Services; security, incident response; support; sub-processor provisioning.

• Duration: Term of the agreement plus deletion period.

• Subject to onward transfers: yes, to authorised Sub-Processors for infrastructure/ancillary services.

Annex I – C. Competent Supervisory Authority

The supervisory authority of the EU Member State where the Customer is established; if not established in the EU, the Member State where the Customer’s EU representative is located; otherwise as determined under Clause 13 of the EU SCCs. 

Annex II – Technical and Organisational Measures (summary)

The Supplier maintains measures appropriate to the risk, including:

• governance & access control: role-based access, least privilege, MFA for privileged access; joiner-mover-leaver controls; regular access reviews;

• data security: TLS in transit; encryption at rest; key management; segregation of environments; data minimisation; secure deletion on deprovisioning;

• application & infra security: secure SDLC; code review; dependency management; vulnerability scanning and remediation; change management;

• business continuity: backups; tested restore; resilience/availability procedures;

• logging & monitoring: centralised logging, anomaly detection, security event monitoring;

• incident response: documented IR plan; breach triage/notification consistent with DPA obligations;

• personnel: confidentiality undertakings; security and privacy training;

• vendor management: due diligence, written terms mirroring Article 28 and SCC obligations;

• customer controls: admin features enabling Customer to manage users, roles and data retention;

• data subject rights support: processes and tooling to locate, correct, export and delete data.

Annex III – List of Sub-Processors

The sub-processors listed on the Supplier’s List of Sub-Processors as Updated from time to time, including their functions and locations; engagement is on the basis of written terms imposing data protection obligations no less protective than those set out in the SCCs and this DPA.