Master Services Agreement

In this Agreement, the following terms have the meanings set out below:

• "Services" means the IT managed services and support described in the applicable Statement of Work ("SOW").
• "Fees" means the charges payable by the Client in GBP, excluding VAT, as set out in the SOW or Supplier price list.
• "Applicable Data Protection Laws" means the UK Data Protection Act 2018 and the UK GDPR, and any other applicable privacy legislation.
• "Confidential Information" means information disclosed by one party to the other that is marked as confidential or that a reasonable party would consider confidential, excluding information already in the public domain.

Clause headings are for convenience only and shall not affect interpretation. References to statutes include all amendments. The word "including" means "including without limitation". References to the singular include the plural and vice versa.

The version of this Agreement in effect on the SOW acceptance date applies throughout the term of that SOW. Archived records are maintained and this Agreement is published at netix.digital/msa.

The Supplier shall perform the Services in accordance with the SOW using reasonable skill and care. Where there is a conflict between the SOW and this Agreement, the SOW shall prevail except where the SOW explicitly states otherwise. The Supplier shall comply with all applicable laws in the performance of the Services.

The Supplier shall ensure that personnel performing the Services are suitably qualified and experienced. Specific service levels and KPIs are set out in the applicable SOW or a separate SLA document. The Supplier may subcontract any part of the Services but shall remain fully responsible for performance.

The Client acknowledges that certain Services may incorporate or depend on third-party products, services, or software, and that third-party terms and conditions apply to such elements. Where the Supplier acts as a reseller, it passes through third-party warranties only and provides no additional warranty beyond those third-party terms.

The Client shall provide the Supplier with timely access to premises, equipment, systems, and personnel as reasonably required to perform the Services. The Client is responsible for the accuracy and completeness of information provided to the Supplier and shall be liable for any costs or delays arising from the Client's failure to provide such access or information.

The Client shall use the Services for lawful purposes only. The Client shall not use the Services for sending spam, conducting attacks, or engaging in any illegal activity. The Client is responsible for obtaining any software licences required for its own systems.

The Client must treat Supplier personnel with professional courtesy and respect at all times. Offensive, abusive, or threatening behaviour directed at Supplier employees, contractors, or representatives is strictly prohibited and may constitute a material breach of this Agreement.

Unless the SOW expressly includes management of Client hardware, software, or network security, the Client remains responsible for those elements. The Client should maintain its own backups and disaster recovery arrangements. The Supplier shall not be liable for data loss where the Client has failed to maintain adequate backups. Restoration of backups that falls outside the SOW scope is chargeable.

The Client shall comply with all applicable laws in connection with its obligations under this Agreement and its use of the Services. The Client warrants that it has the right to permit the Supplier access to all Client materials provided under this Agreement. The Client shall indemnify the Supplier against any claims arising from infringement of third-party intellectual property rights by Client-provided materials, except to the extent caused by the Supplier's breach.

Fees are as set out in the SOW or Supplier price list. Recurring Services are billed in advance on a monthly basis by default. One-time or project Services are billed in accordance with the applicable SOW terms. Invoices are issued electronically. All Fees exclude VAT, which will be added in accordance with UK law.

Payment is due within 14 days of the invoice date, unless the SOW specifies otherwise. Payment must be made in full without set-off or deduction. Time of payment is of the essence. Where a Client disputes a portion of an invoice, it must notify the Supplier before the due date and pay the undisputed amount. The Supplier may suspend Services after giving 7 days' notice where invoices remain overdue. Services will automatically suspend where two invoices are outstanding and overdue.

The Client is required to maintain a valid automated payment method (direct debit or credit/debit card via Stripe) at all times. The Client authorises the Supplier to charge recurring Fees to that payment method and is responsible for keeping payment details current. Failure to provide or maintain a valid payment method constitutes a material breach of this Agreement and may result in suspension of Services. Declined or refused charges also constitute a material breach.

Interest on overdue amounts shall accrue daily at the statutory rate applicable under the Late Payment of Commercial Debts (Interest) Act 1998 (currently 8% per annum above the Bank of England base rate). The Client shall reimburse the Supplier's reasonable costs of collection, including legal fees. The Supplier may suspend Services until all overdue amounts, including accrued interest, are paid in full.

The Client must raise any invoice disputes within 14 days of the invoice date. The Supplier will investigate and, if the dispute is valid, issue a credit note. Invoices not disputed within 14 days are deemed accepted.

All payments shall be made without set-off, counterclaim, or deduction except where required by law. The Supplier may set off any amounts it is owed by the Client against any amounts it owes to the Client.

Quantities are adjustable as required. Any signed quote represents a minimum quantity. By way of example, adding users will increase the invoiced quantity proportionally.

This Agreement commences on the Effective Date, being the date of last signature or the SOW acceptance date. Each SOW has an initial term as stated therein (for example, 12 months). Each SOW automatically renews for successive equal-length periods unless either party gives 30 days' written notice of non-renewal before the end of the then-current term. Month-to-month SOWs continue until terminated. Termination of this Agreement terminates all active SOWs, unless the parties agree otherwise.

Either party may terminate this Agreement immediately on written notice if:

• The other party commits a material breach that is incapable of remedy, or that is capable of remedy and is not remedied within 30 days of written notice;
• The other party becomes insolvent, enters liquidation, administration, bankruptcy, or receivership, or any analogous event occurs; or
• The other party suspends or ceases substantial business operations.

Non-payment by the Client is deemed a material breach. The Supplier may also immediately terminate for Client misconduct, including offensive, abusive, or threatening behaviour directed at the Supplier's brand, employees, or contractors, at the Supplier Directors' discretion and without prejudice to any other remedy.

After expiry of the minimum term, either party may terminate a SOW by giving 30 days' written notice (or such notice period as specified in the SOW). Termination of one SOW does not automatically terminate other active SOWs. Month-to-month Services require 30 days' notice to terminate.

Upon termination of this Agreement or any SOW:

1. The Client shall immediately pay all outstanding invoices and accrued interest; the Supplier shall submit a final invoice for all uninvoiced Services;
2. Each party shall return or destroy the other's materials as directed; the Supplier shall return Client materials;
3. All software and IP licences granted to the Client cease immediately; and
4. Each party shall cease use of and permanently delete the other party's Confidential Information, except for archival copies retained for legal compliance purposes.

Termination does not affect either party's accrued rights or remedies. The following provisions survive termination: Fees, Confidentiality, Intellectual Property, Data Protection, Warranties, Limitation of Liability, Non-Solicitation, Governing Law, and all indemnities.

Where the Supplier terminates for cause, it shall invoice for all work performed and committed costs through the termination date. Prepaid Fees are non-refundable. All unpaid Fees for the committed term become immediately due and payable as a genuine pre-estimate of the Supplier's losses, and not as a penalty.

The Supplier may suspend Services in whole or in part as an alternative to termination where the Client is in breach (including non-payment or misconduct). Suspension does not constitute a waiver of the Supplier's right to terminate. The Client remains liable for all Fees during any period of suspension where Services remain available. Services will automatically suspend where two invoices are outstanding and overdue.

Upon renewal, Fees will be adjusted to the Supplier's then-current rates unless the SOW states otherwise. The Supplier will provide written notice of any Fee changes at least 45 days before the renewal date. The Client may prevent renewal by giving written notice in accordance with clause 5.1. Failure to provide non-renewal notice constitutes automatic renewal on the revised rates.

Unless the SOW expressly states otherwise, all software, configurations, scripts, documentation, reports, methodologies, and other materials developed by the Supplier in connection with the Services ("Deliverables"), and all Intellectual Property Rights therein, remain the sole property of the Supplier. Intellectual Property Rights includes patents, inventions, copyright, database rights, trade secrets, know-how, and trademarks, whether registered or unregistered, worldwide.

Upon the Client's full payment of applicable Fees, the Supplier grants the Client a non-exclusive, non-transferable, royalty-free licence to use the Deliverables for the Client's internal business purposes only, strictly in connection with the Services. The Client may not sell, sublicence, or distribute Deliverables without the Supplier's prior written consent. Supplier Materials (including templates, tools, and proprietary software) remain the Supplier's property. Use of any components incorporating Supplier or third-party materials is subject to the relevant licence terms.

The Client retains ownership of all data, information, software, and materials it provides to the Supplier ("Client Materials"). The Client grants the Supplier a non-exclusive licence to use, copy, modify, and store Client Materials solely as necessary for the performance of the Services. Upon termination, the Supplier shall return or delete Client Materials in accordance with clause 5.4 and applicable data protection obligations. The Client warrants that it holds the necessary rights in all Client Materials.

The Supplier shall defend and indemnify the Client against third-party claims in the UK that any Deliverable infringes third-party intellectual property rights, provided that:

1. The Client promptly notifies the Supplier of any such claim;
2. The Supplier has sole control of the defence and any settlement; and
3. The Client provides reasonable cooperation and assistance.

This indemnity does not apply to infringement arising from Client Materials, combinations of Deliverables with non-Supplier products, or modifications made by parties other than the Supplier. Where infringement is found or reasonably anticipated, the Supplier shall, at its option:

1. Procure the Client's right to continue using the affected Deliverable;
2. Replace or modify the Deliverable to make it non-infringing with substantially similar functionality; or
3. If options (a) and (b) are not commercially reasonable, terminate the affected Services and refund any prepaid Fees for the unused period.

This clause 6.4 sets out the Supplier's entire liability in respect of intellectual property infringement.

Each party (the "Receiving Party") shall keep the other party's ("Disclosing Party") Confidential Information strictly confidential. The Receiving Party shall not use Confidential Information outside the scope of this Agreement, and shall not disclose it to any person except employees, officers, agents, contractors, or professional advisors who need to know and are bound by equivalent confidentiality obligations. The Receiving Party is responsible for any unauthorised use or disclosure by such recipients.

Disclosure of Confidential Information is permitted with the Disclosing Party's prior written consent, or where required by law, court order, or regulatory authority. Where legally required to disclose, the Receiving Party shall provide prompt written notice (to the extent legally permitted) so that the Disclosing Party may seek a protective order. Only the minimum necessary information shall be disclosed.

Confidentiality obligations do not apply to information that:

1. Is or becomes publicly available other than through breach of this Agreement;
2. Was lawfully in the Receiving Party's possession before disclosure on a non-confidential basis;
3. Is lawfully obtained from a third party not bound by confidentiality obligations; or
4. Is independently developed by the Receiving Party without reference to the Disclosing Party's Confidential Information.

Confidentiality obligations commence on the Effective Date and continue throughout the term and for 3 years after termination of this Agreement. Trade secrets and other expressly identified highly sensitive information are protected indefinitely, or until such information enters the public domain through no fault of the Receiving Party.

Upon request, the Receiving Party shall promptly return or destroy all materials containing the Disclosing Party's Confidential Information. The Receiving Party may retain one archival copy for the purpose of demonstrating compliance with legal obligations, subject to ongoing confidentiality.

The parties acknowledge that a breach of this clause may cause irreparable harm for which monetary damages would be an inadequate remedy, and that the non-breaching party shall be entitled to seek injunctive or other equitable relief without the need to post bond or prove actual damages.

Both parties shall comply with all Applicable Data Protection Laws, including the UK GDPR and the Data Protection Act 2018, in connection with the performance of this Agreement.

For the purposes of this Agreement, the Client is the data controller and the Supplier is the data processor in respect of any personal data processed by the Supplier on the Client's behalf. The scope, nature, purpose, duration, and categories of personal data processed are as necessary to deliver the Services under the SOW. Both parties shall fulfil their obligations under Article 28 of the UK GDPR and any equivalent provisions.

The Supplier undertakes to:

• Process under instructions: Process personal data only on the Client's documented instructions for the purpose of delivering the Services, and not for any other purpose except as required by law. The Supplier shall inform the Client of any legal requirement to process personal data before doing so, unless the law prohibits such notification.
• Confidentiality of personnel: Ensure that all employees and subcontractors who process personal data are subject to a contractual or statutory duty of confidentiality.
• Security measures: Implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and accidental loss, destruction, damage, alteration, or disclosure, appropriate to the risk - including encryption, access controls, and regular security assessments in accordance with industry practice.
• Sub-processors: Not engage sub-processors without the Client's general authorisation. The Client hereby provides general authorisation for the Supplier to engage affiliated companies and necessary third-party providers (including data centre operators, cloud providers, and helpdesk software providers), provided the Supplier enters into written agreements imposing equivalent data protection obligations. The Supplier remains liable for sub-processor acts and omissions. The Supplier maintains a current sub-processor list and gives the Client at least 14 days' notice of any intended sub-processor addition or replacement, during which the Client may object on data protection grounds. Where objection cannot be resolved, the Client may terminate the affected Services without penalty.
• Assistance to Client: Assist the Client (at the Client's cost) in responding to data subject rights requests and in meeting its obligations regarding security, breach notifications, data protection impact assessments, and supervisory authority consultations.
• Data breaches: Notify the Client without undue delay upon discovering a personal data breach affecting Client data, providing sufficient information to enable the Client to meet its reporting obligations, and cooperate fully in investigation, mitigation, and remediation.
• Data transfers: Not transfer personal data outside the UK (or UK/EEA as applicable) unless compliance with Applicable Data Protection Laws is assured, including through adequacy determinations or appropriate safeguards such as standard contractual clauses.
• Return or deletion: Upon termination, at the Client's election, either return all personal data and delete existing copies (unless retention is legally required), or securely delete or destroy all personal data in the Supplier's possession. The Supplier may retain personal data only as required by law and for the required period.
• Information and audit: Make available information reasonably necessary to demonstrate compliance with this Section 8, and allow audits by the Client or the Client's mandated auditor (not a competitor, and subject to appropriate confidentiality). The Client shall give reasonable notice and conduct audits during normal business hours, with a maximum of once yearly except for audits following a breach or significant event. Each party bears its own costs, except where an audit reveals the Supplier's material breach, in which case the Supplier shall bear the Client's reasonable audit costs.

The Client warrants that it has the legal right to disclose to the Supplier all personal data provided, and authorises the Supplier's processing of that data for the purpose of delivering the Services. The Client is responsible for obtaining all required data subject consents and providing required notices. The Client shall not instruct the Supplier to process sensitive or special category data unless this is explicitly agreed in the SOW or a data processing addendum. The Client shall indemnify the Supplier against any losses, fines, or claims arising from the Client's breach of this clause 8.3 or from the Client's processing instructions.

The foregoing provisions are intended to satisfy the requirements for a valid controller-processor agreement under Applicable Data Protection Laws. The parties may execute a separate detailed Data Processing Addendum ("DPA") or incorporate additional terms (such as international transfer standard contractual clauses) that supplement or vary this Section 8. Where there is a conflict between a DPA and this Section 8, the DPA shall prevail.

All personal data processed by the Supplier shall be treated as the Client's Confidential Information and shall be subject to the obligations set out in Section 7. Where there is a conflict between Section 7 and Section 8, the stricter obligation or protection shall apply.

The Supplier maintains a written information security policy and compliance programme appropriate to the nature of the Services and the types of data processed. Upon reasonable request, the Supplier will summarise its policies and respond to questions. The Client acknowledges the shared nature of security responsibility and agrees to follow the Supplier's reasonable instructions and guidelines, and to take reasonable measures to secure its own IT environment.

The Supplier warrants that:

1. It has full power and authority to enter into and perform this Agreement;
2. The Services will be performed with reasonable skill, care, and diligence by appropriately trained and qualified personnel in accordance with the descriptions and standards set out in the SOW; and
3. To the best of the Supplier's knowledge, the Deliverables do not infringe any third-party intellectual property rights.

Where the Supplier is in breach of warranty (b), its sole obligation is to re-perform the deficient Services at no additional charge, or, if re-performance is impracticable, to refund the portion of Fees attributable to the deficient Services. Warranty (b) does not apply where the deficiency is caused by the Client's acts or omissions, Force Majeure, or a permitted suspension under this Agreement.

The Client warrants that:

1. It has full authority to enter into and perform its obligations under this Agreement;
2. It holds all necessary rights, licences, consents, and permissions required to provide the materials, information, software, and access the Supplier needs to perform the Services; and
3. It will use the Services in accordance with this Agreement and all applicable laws.

Except as expressly provided in this Agreement, all conditions, warranties, and terms otherwise implied by statute or common law are excluded to the fullest extent permitted by law. The Services and Deliverables are provided "as is" to the extent permitted. The Supplier does not warrant that the Services will be uninterrupted or error-free, that all defects will be corrected, or that the Services will meet the Client's specific requirements unless expressly agreed. To the maximum extent permitted by law, the Supplier disclaims all implied warranties and conditions of satisfactory quality, fitness for a particular purpose, and non-infringement in respect of the Services and Deliverables.

The warranties set out in this Section 9 are void if failure is caused by:

1. Combination of the Services or Deliverables with hardware, software, or services not supplied by the Supplier;
2. Modification of the Services or Deliverables by parties other than the Supplier;
3. Use of the Services or Deliverables in breach of the Supplier's documentation or instructions; or
4. The Client's breach of its obligations under this Agreement.

The Services are not designed or intended for use in high-risk activities, including nuclear facilities, air traffic control, life support systems, or any application where failure could result in death or serious bodily injury. The Supplier expressly disclaims any warranty for such use and shall have no liability in connection with any such use by the Client.

Nothing in this Agreement limits or excludes either party's liability for:

1. Death or personal injury caused by that party's negligence or the negligence of its employees or agents;
2. Fraud or fraudulent misrepresentation;
3. Wilful misconduct or gross negligence; or
4. Any liability that cannot lawfully be excluded or limited, including under section 2 of the Misrepresentation Act 1967 or Part I of the Consumer Protection Act 1987.

The Client is responsible for any losses arising from malware, phishing, or other cyber incidents unless they are directly attributable to the Supplier's breach of this Agreement.

Subject to clause 10.1, neither party shall be liable under or in connection with this Agreement for:

• Loss of profit, revenue, business, or anticipated savings;
• Loss or damage to goodwill or reputation;
• Loss of contracts or business opportunities;
• Loss or corruption of data or systems; or
• Any indirect or consequential loss or damage,

even if that party has been advised of the possibility of such losses. These exclusions apply regardless of whether such losses are characterised as direct, indirect, or consequential, to the fullest extent permissible by law. Each category above is distinct and severable.

Subject to clause 10.1, each party's total aggregate liability for all claims, losses, and damages arising under or in connection with this Agreement or any SOW is limited to the total Fees paid or payable by the Client in the 12 months immediately preceding the event giving rise to liability. Where the Services have been in place for less than 12 months, the cap is calculated on the Fees payable for the elapsed period. This cap applies in aggregate to all events and series of connected events and to all types of liability (except those unlimited under clause 10.1), and not separately per claim or type of claim.

Notwithstanding clause 10.3 and without prejudice to clause 10.1, the Supplier's total aggregate liability arising from or in connection with Section 8 (Data Protection) or clause 6.4 (IP Indemnity) is capped at £250,000 (two hundred and fifty thousand pounds) in aggregate. This specific cap replaces (and is not in addition to) the cap in clause 10.3 for these categories of claim, to the extent a court deems the clause 10.3 cap unenforceable or insufficient.

The parties acknowledge that the limitations of liability and exclusions of damage types set out in this Section 10 have been negotiated and are reflected in the Fees and other terms of this Agreement. Each party has a duty to mitigate its losses. The Client is advised to consider taking out insurance to cover risks that fall outside the Supplier's liability under this Agreement.

The limitations and exclusions in this Section 10 apply to the fullest extent permitted by applicable law. Any term found to be invalid shall be deemed modified to the minimum extent necessary to make it enforceable; all remaining provisions continue in full force.

The Client shall not, without the Supplier's prior written consent, directly or indirectly solicit or entice away (or attempt to do so) any employee of the Supplier who was involved in the performance of the Services, during the term of this Agreement or within 12 months after termination. This restriction applies to employees with whom the Client had material contact. General public recruitment that does not involve targeted solicitation is not a breach of this clause.

Where the Client breaches this clause, the Supplier shall be entitled to recover liquidated damages equal to 50% of the relevant employee's annual gross salary at the time of breach, or £25,000, whichever is the greater. The parties acknowledge that this is a fair and reasonable estimate of the Supplier's replacement costs, training losses, and other damage, and is not a penalty.

The Client shall not, and shall ensure that its personnel do not, at any time during the term or thereafter, disparage or negatively portray the Supplier's business, services, or reputation, whether orally, in writing, or online. This clause does not restrict truthful statements made as required by law, statements made in the course of legal proceedings, or the raising of genuine concerns through appropriate channels. Breach of this clause may, at the Supplier's discretion, be deemed a material breach of this Agreement.

Neither party shall be liable for any failure or delay in performing its obligations (other than payment obligations) under this Agreement that is caused by circumstances beyond that party's reasonable control ("Force Majeure Events"). Force Majeure Events include: acts of God (including fire, flood, earthquake, and natural disaster), war, terrorism, civil unrest, epidemic or pandemic, strikes or labour disputes (excluding strikes by the affected party's own staff), governmental actions, interruption or failure of utility or telecommunications services, failures by suppliers or subcontractors despite the exercise of reasonable diligence, and widespread third-party vendor outages (including Microsoft 365, Azure, AWS, and telecommunications providers) beyond the Supplier's reasonable control.

The affected party shall notify the other party as soon as reasonably practicable of the event and its anticipated impact on performance. The time for performance shall be extended by the period of prevention. If a Force Majeure Event continues for more than 60 consecutive days, either party may immediately terminate this Agreement or the affected SOW without liability, except for amounts due up to the date of termination. Both parties shall use reasonable endeavours to mitigate the effects of the event and to resume normal performance as soon as possible.

The Supplier may assign, transfer, or subcontract its rights or obligations under this Agreement to an affiliate or as part of a merger or business sale, provided that such assignment does not reduce the performance guarantees given to the Client. The Client may not assign or transfer its rights or obligations without the Supplier's prior written consent, which shall not be unreasonably withheld. Any purported assignment in breach of this clause is void.

This Agreement (including all SOWs, attachments, schedules, and addenda) constitutes the entire agreement between the parties in respect of its subject matter and supersedes all prior and contemporaneous agreements, proposals, negotiations, understandings, and communications (whether written or oral). Neither party has relied on any representation, warranty, or undertaking that is not expressly stated in this Agreement. Nothing in this clause limits liability for fraud or fraudulent misrepresentation.

No amendment or modification to this Agreement is effective unless made in writing and signed (or expressly accepted electronically) by both parties. The requirement for a written variation cannot itself be waived by oral agreement. The Supplier may update the terms of this Agreement on its website or upon Services renewal; material changes will be communicated to the Client. The Client may terminate by giving written notice within 30 days of receiving notice of a change; failure to do so means the updated terms apply from the specified effective date. Changes required for legal or regulatory compliance may take effect immediately.

A waiver of any right or remedy under this Agreement is only effective if given in writing and shall not be deemed to be a waiver of any subsequent breach or default. No failure or delay by a party in exercising any right, power, or privilege constitutes a waiver of that right; a single or partial exercise does not preclude any further exercise of that right.

If any provision of this Agreement is found to be invalid, illegal, or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal, and enforceable. If modification is not possible, the relevant provision (or the offending part of it) shall be deemed deleted. Any modification or deletion shall not affect the validity or enforceability of the rest of this Agreement. The parties shall negotiate in good faith an agreed valid provision that most closely achieves the original intent.

A person who is not a party to this Agreement has no right under the Contracts (Rights of Third Parties) Act 1999 to enforce any of its terms, except that any Supplier-affiliated entity referred to in this Agreement as providing Services may enforce the limitations on and protections of liability as if it were the Supplier. The parties' rights to terminate, rescind, or vary or waive any term of this Agreement are not subject to the consent of any third party.

The parties are independent contractors. This Agreement does not create a partnership, joint venture, agency, or fiduciary relationship. Neither party is an agent of the other, and neither is authorised to make any commitment on the other's behalf. Each party is responsible for its own employees and contractors.

Any formal notice or communication required under this Agreement must be in writing and delivered by hand, pre-paid first-class post, recorded delivery, internationally recognised courier, or email (with delivery confirmation), to the address specified in the SOW or the latest contact details provided by the relevant party.

Notices are deemed received: on the date of delivery if delivered by hand or courier (or the next business day if delivered outside business hours); on the second business day after posting for pre-paid post within the UK (or the fifth business day if sent internationally); and on the day of transmission for email (or the next business day if sent after 5:00 pm in the recipient's local time), absent a delivery failure notification. Either party may update its notice details by providing written notice to the other.

This Agreement and any SOW may be executed in multiple counterparts, each of which when executed and delivered constitutes an original, and all of which together constitute the same instrument. A signed copy delivered by email or other electronic means, including via an electronic signature platform, shall have the same legal effect as an original signed copy.