Thank you for choosing Influence as your recruitment software solution. Our products and services are owned by and provided through Influence Limited, an English company (no. 4426851) based at Riverbridge House, Guildford Road, Fetcham, Leatherhead, Surrey KT22 9AD. References throughout these terms to words such as ‘our’, ‘we’ or ‘us’ should be read as references to Influence Limited and ‘you’ refers to your organisation.
2 Influence Recruitment Software (“IRS”)
2.1 IRS includes all software and documentation related to the software which is developed and owned by us. You can access IRS by choosing to subscribe to at least one of the services described below. Subject to your compliance with these terms and your payment of our fees, we grant you a limited, non-exclusive, non-transferable, non-sublicensable licence to access and make use of IRS and where applicable to install copies of IRS on your own computers or mobile devices.
2.2 You acknowledge and agree that we own all intellectual property rights in IRS. All rights not expressly granted to you in these terms are reserved and retained by us or our licensors, suppliers, publishers, rights holders or other content providers.
3 Influence Cloud Desktop (“IC Desktop”)
3.1 IC Desktop is a remotely accessed user desktop which provides a full working environment for each user in your organisation, including access to IRS and various other applications. You can read more about what is included with IC Desktop and the additional options available here.
3.2 You will not be required to install any of our software on your computer or mobile device, although you may need to install a Microsoft remote desktop client in order to access IC Desktop from your computer or mobile device.
3.3 IC Desktop is billed monthly on a per user basis. We will create and configure a separate desktop for each user, for which an additional setup fee will apply per user.
4 Influence Cloud Direct (“IC Direct”)
4.1 IC Direct provides online access to IRS for each user in your organisation. You can read more about what is included with IC Direct and the additional options available here.
4.2 You will be required to install a copy of our IRS client on each computer which needs access to IC Direct. The IRS client is currently compatible with machines running Windows 7+ with a screen resolution of at least 1024x768.
4.3 IC Direct is billed monthly on a per user basis. We will create a separate login for each user in your organisation and assist with configuration of the IRS client on each computer which needs access to IC Direct, for which an additional setup fee will apply per user.
5 Influence On-Site
5.1 Influence On-Site is a solution which allows you to install the IRS server and client software on your own machines for local hosting, which is not dependant on an active broadband connection to operate. You can read more about what is included with an Influence On-Site subscription and the additional options available here.
5.2 Influence On-Site is billed on either a monthly or annual basis and includes delivery, installation and ongoing support for as long as your subscription is active. Influence On-Site requires a minimum subscription period of 12 months.
6 Services to be provided
7 Training and support
7.1 We can provide remote or on-site training upon request. A fee may apply for this service. Please contact our support team for more details.
7.2 We provide telephone and email support for IRS products and services to active subscribers. You can reach us on 01372 365716 between 9am and 5.30pm Monday to Friday or firstname.lastname@example.org. We are closed on weekends and bank holidays.
8 Fees, payment and termination
8.1 The applicable fees for your chosen service will be shown in your quotation, proposal or online. Fees are handled as follows:
(a) You agree to make payments monthly and in advance, based on the number of user accounts your organisation requires and the type of service you have chosen. Your first month’s fee may be higher to take account of any additional setup fees which are applicable.
(b) Your subscription will automatically renew each month and payment will be taken from your chosen payment method unless you notify us otherwise before the renewal date.
(c) If you add or remove users or services, your fees will be pro-rated accordingly and payment will be taken immediately from your chosen payment method. If you require any ad-hoc services, e.g. training or customisation, these will be billed upon order and automatically charged to your chosen payment method unless you notify us otherwise before placing your order.
(d) You may only use your chosen service and will only have access to support for so long as you have an active subscription. We may terminate or suspend access to your service if your account is in arrears.
(e) We are unable to offer refunds for payments which have already been processed.
8.2 Our preferred methods of payment are by credit/debit card or direct debit. If you wish to make payment through another method please contact us first.
8.3 If there is a change in our fees, you will be notified at least 30 days before your renewal date and you will be given the option to cancel your subscription.
8.4 If you wish to cancel your subscription, we require at least 30 days’ notice. Either party may terminate the subscription by immediate notice if the other is in serious breach of these terms and has failed to rectify the breach within 14 days of being notified of it. Upon termination, you must immediately cease use of all of our services and any documentation you have been provided.
9 User account security and responsibility
You acknowledge, agree and undertake that:
9.1 Each user account you are provided with is restricted to a single login from a single IP address at any one time and you will not attempt to circumvent this limit in any way.
9.2 You are responsible for maintaining the confidentiality of each account and password you are supplied with and restricting access to the computers or other devices used to access those accounts and our services.
9.3 You will not access, store, distribute or transmit any viruses/malware or any other material during the course of your use of our services that is:
- unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;
- facilitates illegal activity;
- depicts sexually explicit images;
- promotes unlawful violence;
- is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability; or
- is in a manner that is otherwise illegal or causes damage or injury to any person or property
and we reserve the right to disable any infringing user account that breaches these terms.
9.4 Except as expressly licenced in these terms or otherwise agreed by us in writing, you may not attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit or distribute all or any portion of IRS or any documentation we give you in any form or media or by any means, or attempt to reverse compile, disassemble, reverse engineer any part of our software.
9.5 You will defend, indemnify and hold us harmless against any claims, actions, proceedings, losses, damages, expenses and costs (including without limitation court costs and legal fees) arising out of or in connection with your use of our services, products or documentation.
10 Service availability
10.1 We will use commercially reasonable endeavours to keep our services operational 24/7, 365 days a year. We aim for 99.9% uptime during office hours and 95% outside of office hours. If we are unable to achieve these figures, this is likely to be due to a ‘service outage’.
10.2 If you are having trouble accessing our services and believe you are experiencing a service outage, please contact our support team in the first instance.
10.3 At our absolute discretion, if we agree that you are experiencing a service outage, we may offer to refund you or credit your account pro-rated charges for the affected services. We will determine whether an event will be considered a service outage based on our records and data. Please contact us if you think you are entitled to a refund or credit.
10.4 The following downtime events will not be considered service outages:
(a) Regularly scheduled maintenance which you will be notified of in advance.
(b) Unavailability of the service due to user misuse, configuration errors or application errors.
(c) Service suspensions due to a breach of these terms.
(d) Loss of service arising from the failure of your internet service provider or local network.
(e) Loss of service while a backup is restored.
(f) Unavailability of any third-party software available through IC Desktop through no fault of our own.
Please note that this is a non-exhaustive list and that we, in our sole discretion, will decide whether an event is considered a service outage and whether any refund or credit is due.
10.5 We reserve the right to modify our services temporarily or permanent from time to time. You acknowledge that we may discontinue our service at the conclusion of your most recent renewal term with no further liability to you or any third party.
11 Customer data
11.1 You will own all right, title and interest in and to all data inputted by you for the purposes of using our services, other than in respect of any Personal Data.
12.1 Our systems are backed up nightly and held for 30 days. System restoration will be started within 2 hours of your request to restore a backup. We cannot guarantee how long it may take to restore such data.
12.2 In the unlikely event of hardware failure of the server on which your system is stored, we will restore the most recent available backup of the system to a comparable server, in a comparable facility, if necessary.
12.3 If you are an Influence On-Site subscriber, you acknowledge that we will not be keeping backups of your IRS client, server or databases and that you are fully responsible for keeping and restoring your own backups.
13 No warranties and limitation of liability
13.1 You acknowledge that you are responsible to ensure that the services you choose to subscribe to are appropriate for your requirements. We offer no warranty, condition, undertaking or term, express or implied, statutory or otherwise as to the satisfactory quality, fitness for purpose or ability to achieve a particular result of any service or product provided by us. Our services are provided to you on an ‘as-is’ basis.
13.2 In no event will we be liable for any damages resulting from loss of data or use, lost profits, loss of anticipated savings, nor for any damages that are an indirect or secondary consequence of any act or omission by us whether such damages were reasonably foreseeable or actually foreseen.
13.3 Your statutory rights as a consumer (if any) are not affected. All liability that is not expressly assumed in these terms is excluded. These limitations will apply regardless of the form of action, whether under statute, in contract or tort including negligence or any other form of action. For the purposes of this clause, we include our employees, sub-contractors and suppliers who shall all have the benefit of the limits and exclusions of liability set out above in terms of the Contracts (Rights of Third Parties) Act 1999. Nothing in these terms shall exclude or limit liability for fraudulent misrepresentation, personal injury or death.
13.4 Our aggregate maximum liability in contract, tort or otherwise, however arising, under or in connection with these terms shall be limited to the total subscription fees paid to us by you during the six months immediately preceding the date on which your claim arises, always provided that where any sums are refunded to you pursuant to clause 10.3, our aggregate maximum liability will be reduced by the amount of such refund.
14 Non-poaching of our staff
For so long as you have an active subscription and for at least 6 months after your subscription ends, you agree and covenant not to directly or indirectly entice away or attempt to entice away from us any person who has during the previous twelve months been employed by us.
15 Data protection
15.1 In this clause 15:
(a) Controller, Data Subject, Personal Data, Processor, and Processing shall have the respective meanings given to them in applicable Data Protection Laws from time to time (and related expressions, including process, processed, processing and processes shall be construed accordingly) and international organisation and Personal Data Breach shall have the respective meanings given to them in the GDPR.
(b) Data Protection Laws means, as binding on either party or your chosen services:
(i) the Directive 95/46/EC (Data Protection Directive) and/or Data Protection Act 1998 or the GDPR
(ii) any laws which implement any such laws, and
(iii) any laws that replace, extend, re-enact, consolidate or amend any of the above.
(c) Data Protection Losses means all liabilities, including all:
(i) costs (including legal costs), claims, demands, actions, settlements, interest, charges, procedures, expenses, losses and damages (including relating to material or non-material damage), and
(ii) to the extent permitted by applicable law, any administrative fines, penalties, sanctions, liabilities or other remedies imposed by a supervisory authority responsible for administering Data Protection Laws, or any compensation ordered by such a supervisory authority to be paid to a Data Subject, and the reasonable costs of compliance with investigations by any such supervisory authority.
(d) Data Protection Schedule means the data protection schedule attached to these terms.
(e) GDPR means the General Data Protection Regulation (EU) 2016/679.
(f) Protected Data means Personal Data received from or on behalf of you in connection with the performance of our obligations under this agreement.
(g) Sub-Processor means any agent, subcontractor or other third party (excluding its employees) engaged by us for carrying out any processing activities on your behalf in respect of the Protected Data.
Compliance with Data Protection Laws
15.2 In our capacity as a Controller we shall collect the following information from you on the basis that such data is required by us in order to fulfil our contractual obligations to you from time to time and in order to provide you with newsletters and other communications relating solely to the services we provide from time to time:
- a first and last name for the relevant your business contact and that person’s email address, telephone number or other contact details provided to us, and
- any cookies stored on any machine used to access our services as well as any related technical information including IP address, browser data, screen resolution and size.
We do not share any such information with any third party, nor do we transfer any such information outside of the EU.
15.3 You agree that you are a Controller and that we are a Processor for the purposes of processing Protected Data pursuant to this agreement. You shall at all times comply with all Data Protection Laws in connection with the processing of Protected Data. You shall ensure all instructions given by you to us in respect of any Protected Data is at all times in accordance with Data Protection Laws.
15.4 We shall process Protected Data in compliance with the obligations placed on us under Data Protection Laws and the terms of this Agreement.
15.5 We shall:
(a) only process (and shall ensure our personnel only process) the Protected Data in accordance with Part A of the Data Protection Schedule and this agreement (and not otherwise unless alternative processing instructions are agreed between us and you) except where otherwise required by applicable law (and we shall inform you of that legal requirement before processing, unless applicable law prevents us from doing so on important grounds of public interest), and
(b) if we believe that any instruction received by us from you is likely to infringe any Data Protection Laws we shall promptly inform you of this and be entitled to cease to provide the relevant services until you and we have agreed appropriate amended instructions which we are not infringing.
15.6 Taking into account the state of technical development of IRS, IC Desktop, IC Direct and any other products we may offer from time to time, and the nature of the related processing, we shall implement and maintain the technical and organisational measures set out in Part B of the Data Protection Schedule to protect the Protected Data against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access.
Sub-processing and personnel
15.7 We shall:
(a) not permit any processing of Protected Data by any agent, subcontractor or other third party (except our or our Sub-Processors’ own employees in the course of their employment that are subject to an enforceable obligation of confidence in relation to the Protected Data) without your written authorisation
(b) prior to the relevant Sub-Processor carrying out any processing activities in respect of the Protected Data, appoint each Sub-Processor under a written contract containing materially the same obligations as under this clause 15 that is enforceable by us and ensure that each Sub-Processor complies with all such obligations
(c) remain fully liable to you under this agreement for all acts and omissions of each Sub-Processor, as if they were our own, and
(d) ensure that all persons authorised by us or any Sub-Process to process Protected Data is subject to a binding written contractual obligation to keep the Protected Data confidential.
15.8 We shall (at your cost):
(a) assist you in ensuring compliance with your obligations pursuant to Articles 32 to 36 of the GDPR (and any similar obligations under applicable Data Protection Laws) taking in account the nature of the processing and the information available to you, and
(b) taking into account the nature of the processing, assist you (by taking appropriate technical and organisational measures), insofar as this is possible, for the fulfilment of your obligations to respond to requests for exercising the Data Subjects’ rights under the GDPR (and any similar obligations under applicable Data Protection Laws) in respect of any Protected Data.
15.9 We shall not process and/or transfer, or otherwise directly or indirectly disclose, any Protected Data in or to countries outside the United Kingdom or to any international organisation with your prior written consent.
Audits and processing
15.10 We shall, in accordance with Data Protection Laws:
(a) maintain written records of all categories of processing activities carried out on your behalf, and
(b) make available to you such information that is in our possession or control as is necessary to demonstrate your compliance with the obligations placed on you under this clause 15 and to demonstrate compliance with the obligations on you and on us, imposed by Article 28 of the GDPR (and any equivalent Data Protection Laws equivalent to that Article), and allow for and contribute to audits, including inspections, by you (or another auditor mandated by you) for this purpose, subject always to a maximum of one audit request in any 12 month period.
15.11 We shall notify you as soon as is reasonably practicable on becoming aware of any Personal Data Breach in respect of any Protected Data.
15.12 On the end of the provision of services by us relating to the processing of any Protected Data, at your cost and option we shall either return all of the Protected Data to you or securely dispose of it and delete all copies of it, except to the extent that any applicable law requires us to store such Protected Data.
Liability, indemnities and compensation claims
15.13 You shall indemnify and keep us indemnified in respect of all Data Protection Losses suffered or incurred by, awarded against or agreed to be paid by us and any Sub-Processor arising from or in connection with any non-compliance by you with the Data Protection Laws, any processing carried out by us or any Sub-Processor pursuant to any instructions from you to us that infringe any Data Protection Law, or breach by you of any of your obligations under this clause 15.
15.14 We shall be liable for Data Protection Losses (howsoever arising, whether in contract, tort (including negligence) or otherwise, under or in connection with this agreement only to the extent caused by the processing of Protected Data under this agreement and directly resulting from our breach of any provision of clause 15, and in no circumstances to the extent that any Data Protection Losses (or the circumstances giving rise to them) are contributed to or caused by any breach of this agreement by you.
15.15 If either you or us receive a compensation claim from a person relating to the processing of Protected Data, you or we shall promptly provide the other party with notice and full details of such claim. The party with conduct of the action shall make no admission of liability nor agree to any settlement or compromise of the relevant claim without the other party’s prior written consent (which shall not be delayed or withheld unreasonably) and consult fully with the other party in relation to any such action.
15.16 You agree that you shall not be entitled to claim back from us any part of any compensation paid by you in respect of such damage to the extent that you are liable to indemnify us in accordance with clause 15.12.
15.17 Clauses 15.12 to 15.16 (inclusive) are intended to apply the allocation of liability for Data Protection Losses as between you and us, including with respect to compensation to Data Subjects, notwithstanding any provisions under Data Protection Laws to the contract, except to the extent not permitted by any applicable law, and that it does not affect the liability of either party to any Data Subject.
16.1 Any failure by us to insist upon or enforce any provision of these terms shall not be construed as a waiver of any of our rights. If any one of these terms is declared invalid by a court, this will not affect the validity of the remaining terms. In these terms, the singular includes the plural and vice versa.
16.2 Clause 15 shall survive termination or expiry of this agreement.
16.3 We shall have no liability to you under these terms if we are prevented from or delayed in performing our obligations under this agreement, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes (whether involving the workforce of the Supplier or any other party), failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or sub-contractors, provided that you are notified of such an event and its expected duration.
16.4 These terms are governed by English law and you agree to submit to the exclusive jurisdiction of the English courts in the event of any dispute.
DATA PROCESSING SCHEDULE
Data processing details
Processing of the Protected Data by us under these terms and conditions shall be for the subject-matter, duration, nature and purposes and involve the types of personal data and categories of Data Subjects set out in this Part A.
1 Subject-matter of processing:
Influence’s provision of services and related technical support to Customer
2 Duration of the processing:
For the applicable term of the agreement plus the period from expiry until all customer data has been deleted by Influence in accordance with its terms.
3 Nature and purpose of the processing:
4 Types of Personal Data:
Personal data submitted, stored, sent or received by Customer, its Affiliates or End Users via IRS may include the following types of data: user records, candidate records, organisation records, contact records, vacancy records, location information, social network information, bank account details, personnel information, booking records, communications records, documents, images, calendar entries, tasks and other data.
5 Categories of Data Subjects :
Personal data submitted, stored, sent or received via IRS may concern the following categories of data subjects: End Users including Customer’s employees and contractors; the personnel of Customer’s customers, suppliers and subcontractors; the Customer’s candidates and other person who transmits data via the Services, including individuals collaborating and communicating with End Users.
Technical and organisational security measures
1 We shall implement and maintain the following technical and organisational security measures to protect the Protected Data:
1.1 In accordance with the Data Protection Laws, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of the Protected Data to be carried out under or in connection with this agreement, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons and the risks that are presented by the processing, especially from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Protected Data transmitted, stored or otherwise processed, we shall implement appropriate technical and organisational security measures appropriate to the risk, including as appropriate those matters mentioned in Articles 32(a) to 32(d) (inclusive) of the GDPR.
1.2 Network Security
1.2.1 IC Desktop and IC Direct: Sub processors maintain security to Tier III level facilities, power, cooling, connectivity and all equipment providing the service.
1.2.2 Monitoring technologies offering live information and alerting is in place to monitor all tiers of the service availability.
1.2.3 Capacity planning and delivery technologies allow for huge increases of traffic in event of attack scenarios.
1.2.4 Technologies in use on IC Desktop and IC Direct services include:
(a) Perimeter Security: Gateway Antivirus, Access Rules, Intrusion Protection, Log Monitoring, Geolocation Protection, BotNet Protection, Reputation Defence, DDOS attack protection, Denial of Service protection.
(b) Email Security: Email services provided by Influence as part of your IC Desktop subscription are protected with Antivirus and Antispam.
(c) Hosted Desktop Security: IC Desktop uses Group Policy to enforce consistency across the Windows Infrastructure. Service Account password change policies are in place. Active Directory is used, limiting users access to only relevant applications, servers, services and data. Shared platform sniffing is employed to stop installation or running of malware. Proxy servers and web filtering are used to deny access to malicious sites and file type.
1.3 Logs and Monitoring
1.3.1 Influence and our sub processors employ various monitoring and logging options to alter us to security issues within the IC Desktop and IC Direct services. These include (but are not limited to): Back checking intrusion attempts, monitoring failed login attempts, spot check analysis on failed attempts to access services and live information and alerting for all tiers of service availability.
1.4.1 IC Desktop is provided over a secure encrypted hosted desktop account.
1.4.2 Influence provides secure SSL connection for IC Direct. These connections are available over TLS 1.2 SSL with AES 128,GMC,SHA 156, 128 Bit keys.
1.5.1 Data Storage, Isolation and Authentication on IC Direct and IC Desktop
(a) Influence and our sub processors store data in a multi-tenant environment on servers maintained by our sub-processors.
(b) Influence and our sub processors isolate data on a per client basis, and logically separate each client’s data from another client’s data. Data for an authenticated client will not be displayed to another client.
(c) A two-stage authentication process is used for access to IC Direct and for the connection to your Influence database inside your IC Desktop session.
1.5.2 Data Retention
(a) Sub processors are required to have processes in place to remove customer data for individuals and companies who no longer require access to their infrastructure including mailboxes, file data, servers and backup retention.
(b) Your IC Desktop and IC Direct services, data and end user accounts are retained up for 30 days following deletion. Email services provided by Influence as part of your IC Desktop subscription are retained for 30 days. It is your responsibility to ensure that any data is backed up prior to service or end user cancellation.
(c) Requests for restoration following a cancellation request must be given within 14 days of the closure of service or the closure of an end user subscription.
1.6 Personnel Security
1.6.1 Influence personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards.
1.6.2 Influence Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, Influence’s Information Security Management System (ISMS). All Influence Personnel are provided with security training. Influence’s personnel will not process Customer Data without authorization.
1.7 Sub processor Security
1.7.1 Influence conducts an audit of security and privacy practices of sub processors to ensure that sub processors provide a level of security and privacy appropriate to the scope of the service they are engaged to provide. The sub processor is required to enter into appropriate security, confidentiality and privacy contract terms.
1.7.2 Sub processors hosting IC Desktop and IC Direct are required to maintain ISO27001 security certification.
Influence uses the following sub processors to provide our services:
On Direct Business Services Limited, The Tramshed, Walcot Street, Bath, BA1 5BB
Company Registration: 04631034
Certifications: ISO 27001:2013, ISO 20000, Microsoft Gold Partner, Investors in People Gold.
Services Provided: IC Desktop network infrastructure, Remote desktop environment, Application server hosting and maintenance. Microsoft Office365 email, Cobweb hosted Exchange Email.
Virtual Tin Limited, Unit 1, The Granary, Globlands Business Centre, Court Lane, Hadlow, Kent
Company Registration: 7042386
Certifications: ISO 27001:2013
Services Provided: IC Direct network infrastructure, IC Direct application server hosting and maintenance. Windows and Linux server hosting. IC Desktop network infrastructure, Remote Desktop environment, Application Server hosting and maintenance.