Building digital capability

Digital experience insights

Terms and conditions

Acceptance of these Terms and Conditions will take place when Jisc receives a signed Order Form from the Customer, at which point a legally binding agreement will come into existence between Jisc and the Customer.

If you do not agree to these Terms and Conditions, please do not use this Service.

1. Definitions used in these Terms and Conditions

1.1. In these Terms and Conditions, various terms are defined in the Clauses in which they are used and in addition, the following terms have the meanings set out beside them below:

Admin User

An End User you have appointed who will have the ability to manage other End Users.

Agreement

Means the agreement between Jisc and you for the provision of the service.

Anti-slavery Policy

Jisc’s anti-slavery policy which can be found at https://www.jisc.ac.uk/about/corporate/slavery-and-human-trafficking-statement.

Applicable law

means all applicable laws, statutes, regulations, decree directives, legislative enactments, orders, binding decisions of a competent Court or Tribunal, rule, regulatory policies, guidelines, codes, other binding restriction, regulatory permits and licences applicable under law which are in force from time to time during the term of this Agreement to which a party and/or any Processing of Personal Data is subject from time to time.

Bribery legislation

means the Bribery Act 2010 and any subordinate legislation made under that Act from time to time together with any guidance or codes of practice issued by the relevant government department concerning the Bribery Legislation.

Business day

Means any day other than a Saturday, Sunday or bank or other public holiday in England.

Charges

Means the charges payable by the Customer to Jisc for the performance of the Service as set out in the Order Form and may be varied in accordance with Clause 4.

Commencement Date

Has the meaning set out in the Order Form.

Confidential information

means any and all confidential information (however recorded, preserved or disclosed) disclosed in connection with this Agreement, whether before or after the Commencement Date, where the information is: (a) clearly identified as “confidential” at the time of disclosure; or (b) ought reasonably to be considered confidential given the nature of the information or the circumstances of disclosure. Confidential Information includes any information in any form or medium concerning the business, affairs, technology, customers, suppliers, plans, strategy, pricing, products or services of a Party.

Controller, Processor and Data Subject

shall have the meaning given to those terms in the UK GDPR.

Data Protection Legislation

means (a) any law, statute, declaration, decree, directive, legislative enactment, order, ordinance, regulation, rule or other binding restriction which relates to the protection of individuals with regards to the Processing of Personal Data to which a Party is subject for the purposes of this Agreement, including the Data Protection Act 2018 and the General Data Protection Regulation 2016/679 (EU GDPR) as each is amended in accordance with the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (as amended by SI 2020 no. 1586) and incorporated into UK law under the UK European Union (Withdrawal) Act 2018, as amended to be referred to as DPA 2018 and the UK GDPR respectively; and (b) any code of practice or guidance published by the ICO or European Data Protection Board from time to time.

Data Protection Particulars

means, in relation to any Processing under this Agreement: (a) the subject matter and duration of the Processing; (b) the nature and purpose of the Processing (c) the type of Personal Data being Processed; and (d) the categories of Data Subjects.

Data Subject Request

means an actual or purported subject access request or notice or complaint from (or on behalf of) a Data Subject exercising his rights under the Data Protection Legislation.

Data Transfer

means transferring the Personal Data to, and / or accessing the Personal Data from and / or Processing the Personal Data within, a jurisdiction or territory that is not a Permitted Country.

End User

any individual employed by you participating in the Jisc Insights Survey who has a User Account.

First Expiry Date

Has the meaning set out in the Order Form.

Freedom of Information Laws

means the Freedom of Information Act 2000 (and any Scottish equivalent), the Environmental Information Regulations 2004 (and any Scottish equivalent) and any subordinate legislation made under such legislation from time to time together with any guidance and/or codes of practice issued by the UK Information Commissioner or relevant Government Department in relation to such legislation.

ICO

means the means the UK Information Commissioner (including any successor or replacement).

Initial Term

Has the meaning set out in Clause 2.

Insights Record Contact

means the individual notified to Jisc by you being the individual responsible in your organisation for issuing the Jisc Insights Survey or authorising other individuals to issue the Jisc Insights Survey.

Jisc

Jisc, the provider of Service. Also referred to in these terms and conditions as us, we and our.

Jisc Insights Survey

Means the Digital Experience Insights survey run each year by Jisc.

Jisc Online Surveys

Means the online surveys tool used for creating online surveys that is provided by Jisc and used by the Service.

Modern Slavery Legislation

the Modern Slavery Act 2015 and any subordinate legislation made under that Act from time to time together with all applicable anti-slavery and human trafficking laws, statutes, regulations, guidance or codes of practice issued by the relevant government department.

Order Form

Means the order form to which these Terms and Conditions are appended.

Party

means a party to this Agreement and "Parties" shall be construed accordingly.

Permitted Country

means a country, territory or jurisdiction that is either: (a) within the UK or the European Economic Area; or (b) outside of the UK or European Economic Area but which is the subject of an adequacy determination by the UK Secretary of State or the European Commission (as applicable).

Permitted Purpose

Means the purpose of the Processing as specified in the Data Processing Particulars.

Personal Data

has the meaning given to it in the UK GDPR and for the purposes of this Agreement includes Sensitive Personal Data.

Personal Data Breach

has the meaning given to it in the UK GDPR (where the Personal Data directly affected by the breach of security is that described in the Data Protection Particulars) and, for the avoidance of doubt, includes a breach of Clause 3.1.3 of Schedule 2.

Personnel

means all persons engaged or employed from time to time by Jisc in connection with this Agreement, including employees, consultants, contractors and permitted agents.

Primary Contact

The Insights Record Contact.

Processing

has the meaning given to it in the UK GDPR (and "Process" and "Processed" shall be construed accordingly).

Regulator

means the ICO and any other independent public authority which has jurisdiction over a Party, including any regulator or supervisory authority which is responsible for the monitoring and application of the Data Protection Legislation.

Regulator Correspondence

means any correspondence or communication (whether written or verbal) from the Regulator in relation to the Processing of the Personal Data under or in connection with this Agreement.

Renewal Term

Has the meaning set out in Clause 2.

Security Requirements

means the requirements regarding the security of the Personal Data, as set out in the Data Protection Legislation (including, in particular, the seventh data protection principle of the DPA and/ or the measures set out in Article 32(1) of the UK GDPR (taking due account of the matters described in Article 32(2) of the UK GDPR)) as applicable.

Sensitive Personal Data

means Personal Data that reveals such categories of data as are listed in Article 9(1) of the UK GDPR and Personal Data relating to criminal convictions and offences.

Service

Means the Digital Experience Insights service provided by Jisc that allows you to run a Jisc-developed tracker-style survey tool amongst a consenting group of your own students and staff in order to track their digital experience during their studies.

Service Website

Means the Service blogs, features, service levels and support pages which are available from https://digitalinsights.jisc.ac.uk.

Schedule

Means this schedule which forms part of the Agreement.

Third Party Request

Means a written request from any third party for disclosure of Personal Data where compliance with such request is required or purported to be required by law or regulation; and;

User Account

An account granted by Jisc, to an End User.

2. Commencement and duration

2.1. These are the terms and conditions on which Jisc provides the Service to the Customer. These Terms will apply to any agreement between Jisc and the Customer in relation to access and use of the Service to the exclusion of all other terms and conditions.

2.2. In consideration of payment by you of the agreed Charges and you agreeing to abide by these Terms and Conditions, we hereby grant to you a non-exclusive, non-transferrable right to use the Service under these Terms and Conditions from the Commencement Date until the First Expiry Date (the Initial Term), subject to early termination in accordance with this Agreement.

2.3. During the Initial Term the Customer may terminate this Agreement by giving not less than three (3) months' written notice of termination to Jisc, such termination to take effect only on the expiry of the Initial Term.

2.4. Following expiry of the Initial Term this Agreement will, subject to earlier termination in accordance with this Agreement, automatically renew for successive 12 month periods (each a Renewal Term) unless and until terminated by either Party giving not less than three (3) months' written notice of termination to the other, such termination to take effect only on expiry of the then current Renewal Term.

3. Responsibilities and restrictions

3.1 Except as expressly set out in these Terms and Conditions or as permitted by any local law, you undertake:

(a) not to divulge your User Account password to any other person or share a User Account with any other person.

(b) to notify Jisc if you become aware of any unauthorised use of the Service;

(c) not to disassemble, decompile, reverse-engineer or create derivative works based on the whole or any part of the Service, nor attempt to do any such thing except to the extent that (by virtue of section 296A of the Copyright, Designs and Patents Act 1988) such actions cannot be prohibited because they are essential for the purpose of achieving inter-operability of the Service with another software program, and provided that the information obtained by you during such activities:

  1. is used only for the purpose of achieving inter-operability of the Service with another software program with our prior written consent; and
  2. is not unnecessarily disclosed or communicated to any third party without our prior written consent; and
  3. is not used to create any software which is substantially similar to the Service without our prior written consent;

(d) to ensure you provide up-to-date contact details to Jisc;

(e) that you will not engage in any activity that interferes with or disrupts the Service (or the servers and networks which are connected to the Service);

(f) not to use the Service in a manner that uses a disproportionate share of the Service’s resources. Jisc will notify you if you are using a disproportionate share of the Service’s resources and affecting the experience of other users. Jisc reserves the right to suspend your surveying should you not to take steps that Jisc recommends to address your usage.

(g) not to access and use the Service via programmatic, scripted or any other automated means without our prior written consent;

(h) not to use the Service in a manner that is likely to harm the reputation of Jisc;

(i) not to provide, or otherwise make available, access to the Service, including through any form of re-sale of licencing in whole or in part, in any form to any person or organisation for their own separate business purposes without prior written consent from Jisc.

(j) to ensure that the Primary Contact is responsible for the use of the Service within your organisation including timely deletion of user accounts and data and to manage other requests on behalf of your organisation.

4. Charges and payment

4.1. You shall pay the Charges to us in accordance with the payment timetable specified in the Order Form. All Charges are stated exclusive of value added tax (and any other taxes), which if applicable will be added by us to our invoices at the prevailing rate as at the date of the applicable invoice and will be paid by you accordingly. Payment shall be made by the Customer to the bank account notified on the invoice to the Customer.

4.2. We will deliver invoices to you in accordance with the payment timetable set out in the Order Form. Subject to Clause 4.3, all due and valid invoices will be paid by you within 30 days of receipt.

4.3. Should you wish to dispute an invoice you will notify us in writing of the nature and details of the dispute within 30 days of receipt of the invoice, provided that nothing in this clause will excuse you from your payment obligations in respect of any undisputed part of the invoice.

4.4. If the Customer fails to pay any undisputed Charges by the due date, Jisc may, in its absolute discretion,:

(a) charge the Customer interest on late payment from the due date up to the date of actual payment, after as well as before judgment, at the rate of 2% above the base lending rate of HSBC Bank plc then in force. Such interest will be payable by the Customer on demand and will accrue on a daily basis; and / or

(b) suspend the Service in respect of which the unpaid Charges relate until payment is received by Jisc.

4.5. The Customer shall pay all sums that it owes under this Agreement without any set‐off, counterclaim and deduction or withholding of any kind, save as may be required by law.

4.6. Following expiry of the Initial Term, Jisc reserves the right to amend the Charges from time to time. Jisc will give a minimum of 3 months' notice of any amendment. If you then wish to terminate this Agreement you may do so by giving written notice of termination to us within 2 months' of receiving our notice of amendment. Termination will then come into effect from the date on which the amended Charges would otherwise apply.

5. Intellectual property rights

5.1. You acknowledge that all intellectual property rights in the Service belong to Jisc, that rights to use the Service are licenced (not sold) to you, and that you have no rights in, or to, the Service or any information therein other than the right to use them in accordance with these Terms and Conditions.

5.2. Any intellectual property rights in material generated by you in using the Service shall be your property.

5.3. By agreeing to use the Service under these Terms and Conditions you agree to provide Jisc with a non-exclusive, royalty-free licence to use, reproduce, distribute and modify your content solely for the purposes of providing the Service, including the use of your content to produce anonymised and aggregated benchmarking reports which allows institutions to compare survey results against those of a group of peers.

5.4. The Service must not be used a manner which infringes any copyright, patent, trade mark, design or other intellectual property right. You must ensure you have the right to use any files/images that you upload or embed into a survey. Any queries from third parties (or arising from our own audits) regarding copyright, or other intellectual property right, infringement in relation to any such uploaded content will be passed on to you. We reserve the right to temporarily disable your Jisc Insights Survey and/or User Account while any claim of infringement is investigated. If it is subsequently discovered that the survey included content without permission we reserve the right to close your account and terminate this Agreement.

5.5. We may access your survey data and survey metadata for the purposes of operating and enhancing the Service, for example, to test backward compatibility of new Service features. We may publish anonymous summary statistics of the Service’s survey data and survey metadata, for example, response rates and average number of questions. We will not publish identifiable survey data or survey metadata.

6. Limited warranty

6.1. Each Party hereby warrants and undertakes to the other Party that this Agreement is executed by a duly authorised representative of that Party; it has, and will have for the duration of this Agreement, full capacity and authority required to enter into this Agreement and perform its obligations as set out in this Agreement; and it has obtained and will for the duration of this Agreement, maintain all licences, rights, permits, permissions, certificates, qualifications, consents and regulatory approvals required lawfully and properly to perform its obligations, and grant the rights granted by it, under this Agreement.

6.2. Jisc does not warrant that your use of the Service will be uninterrupted or error free but we warrant that the Service, when properly used, shall perform substantially in accordance with the functions set out on the Service Website.

6.3. If, within the term of the Agreement to use the Service, you notify Jisc in writing of any defect or fault in the Service that results in its failure to perform substantially in accordance with the service levels set out at Schedule 1 of these terms and Conditions and on the Service Website we will remedy the fault, provided that you make available all the information that may be necessary to help us remedy the defect or fault, including sufficient information to enable us to recreate the defect or fault. The warranty does not apply if the defect or fault results from you having used the Service in contravention of these Terms and Conditions.

6.4. Jisc offers no support or warranty for surveys other than the Jisc Insights Survey.

6.5. Jisc warrants that in relation to this Agreement and its subject matter, neither it nor any of its employees, sub-contractors or agents or others performing services on its behalf has done (or agreed to do) or will do (or agree to do) anything which constitutes a breach of any Bribery Legislation;

6.6. Jisc warrants that it shall, at all times during the term of this Agreement comply with Modern Slavery Legislation and Anti-Slavery Policy and require that each of its sub-contractors shall comply with the Modern Slavery Legislation and Anti-Slavery Policy;

6.7. Jisc warrants it has in place, and will at all times during the Term continue to have in place, adequate procedures designed to prevent any person associated with it from committing an offence under the Bribery Legislation and as a minimum such procedures comply, and will at all times during the term of this Agreement comply, with the most recent guidance issued from time to time by the Secretary of State pursuant to the Bribery Act 2010 and it will comply with, monitor and enforce the procedures referred to in this Clause 6.7.

7. Limitations of liability

7.1. We shall not, under any circumstances whatever, be liable to you, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, arising under or in connection with these Terms and Conditions, for:

(a) loss of profits, sales, business or revenue;

(b) business interruption;

(c) loss of anticipated savings;

(d) loss or corruption of data or information;

(e) loss of business opportunity, goodwill or reputation; or

(f) any indirect or consequential loss or damage.

7.2. Other than the losses set out in Clause 7.1 (for which we are not liable), our maximum aggregate liability under or in connection with the Agreement, whether in contract, tort (including negligence) or otherwise shall, in all circumstances, be limited to a sum equal to the annual Charges to use the Service. This maximum cap does not apply to Clause 7.5.

7.3. These Terms and Conditions set out the full extent of our obligations and liabilities in respect of the supply of the Service. Except as expressly stated in these Terms and Conditions, there are no conditions, warranties, representations or other terms, express or implied, that are binding on Jisc. Any condition, warranty, representation or other term concerning the supply of the Service which might otherwise be implied into, or incorporated in, these Terms and Conditions whether by statute, common law or otherwise, is excluded to the fullest extent permitted by law.

7.4. We are only responsible for loss or damage you suffer that is a foreseeable result of our breach of these Terms and Conditions or our negligence up to the amount specified in Clause 7.2, but we are not responsible for any loss or damage that is not foreseeable. Loss or damage is foreseeable if it was an obvious consequence of our breach or if it was contemplated by you and Jisc at the time we granted you the use of the Service under these Terms and Conditions.

7.5. Nothing in these Terms and Conditions shall limit or exclude our liability for:

(a) death or personal injury resulting from our negligence;

(b) fraud or fraudulent misrepresentation; or

(c) any other liability that cannot be excluded or limited by English law.

8. Termination

8.1. Either Party may terminate this Agreement immediately by written notice to you if the other Party commits a material or persistent breach of these Terms and Conditions which it fails to remedy (if remediable) within 14 days after the service of written notice requiring you to do so.

8.2. In the event of non-renewal of the Agreement your access to the Service will be suspended and (subject to Clause 5.3) all User Accounts and survey data will be deleted 35 days after the date of suspension. Your data will be held in backups for a minimum of three months after your data is deleted and will not be accessed for business as usual purposes without your consent. The data will be expunged in accordance with the standard Jisc data management lifecycle.

8.3. Upon termination for any reason:

(a) all rights granted to you for your use of Service under these Terms and Conditions shall cease; and

(b) you must immediately cease all activities authorised by these Terms and Conditions.

9. Communications between us

9.1. The Primary Contact will act as the main point of contact between you and Jisc. Should other defined points of contact fail (e.g. Billing Contact or Admin User), the Primary Contact will be ultimately responsible.

9.2. If you wish to contact us in writing, or if any condition in these Terms and Conditions requires you to give us notice in writing, you can send this by email or pre-paid post to:

(a) For notices regarding the functioning of the Service or renewal of the Agreement please email: help@jisc.ac.uk

We will confirm receipt of this by contacting you in writing, usually by e-mail.

(b) For legal notices: legal@jisc.ac.uk

9.3. If we have to contact you or give you notice in writing, we will do so by e-mail or by pre-paid post to the address you have provided in the Order Form.

9.4. Any notice given by you to us, or by us to you, will be deemed received and properly served immediately when posted on our website, 24 hours after an e-mail is sent, or three days after the date of posting of any letter. In proving the service of any notice, it will be sufficient to prove, in the case of a letter, that such letter was properly addressed, stamped and placed in the post and, in the case of an e-mail that such e-mail was sent to the specified e-mail address of the addressee.

10. Events outside our control

10.1. We will not be liable or responsible for any failure to perform, or delay in performance of, any of our obligations under these Terms and Conditions that is caused by an Event Outside Our Control. An Event Outside Our Control is defined below in Clause 10.2.

10.2. An Event Outside Our Control means any act or event beyond our reasonable control including, without limitation, failure of public or private telecommunications networks.

10.3. If an Event Outside Our Control takes place that affects the performance of our obligations under these Terms and Conditions:

(a) our obligations under these Terms and Conditions will be suspended and the time for performance of our obligations will be extended for the duration of the Event Outside Our Control;

(b) we will use reasonable endeavours to find a solution by which our obligations under the Agreement may be performed despite the Event Outside Our Control.

11. Data protection requirements

11.1 The parties shall comply with the provisions of Schedule 2, Data Protection.

11.2 In the event of any conflict between Schedule 2 and any other provision of these Terms and Conditions, the relevant provision of Schedule 2 shall take precedence.

12. Confidentiality

12.1. Each Party undertakes that for the term of this Agreement and thereafter it will keep confidential and (except for the purposes of this Agreement) will not use or (without the prior written consent of the other Party or except where permitted under Clause 12.2) disclose to any third party any Confidential Information of the other Party which may become known to it as a result of negotiations leading up to or the performance of this Agreement.

12.2. Each Party may disclose the other Party's Confidential Information to those of its Affiliates and those of its or its Affiliates' employees, officers, advisers, agents, sub-contractors, contractors or representatives who need to know the other Party's Confidential Information in order to perform the disclosing Party's rights and obligations under this Agreement provided that the disclosing Party shall ensure that each of its and its Affiliates' employees, officers, advisers, agents, sub-contractors, contractors or representatives to whom Confidential Information is disclosed is aware of its confidential nature and complies with this Clause 12 as if it were a Party.

12.3. The obligations in Clause 12.1 shall not apply in relation to:

(a) information which is or becomes public knowledge other than as a result of a breach of Clause 12.1;

(b) information which the Party using or disclosing the information either knew prior to the other Party's first disclosure to it or received from a third party entitled to disclose the same; or

(c) information which a Party is required to disclose by law, any Court of competent jurisdiction, any Government agency or regulatory body lawfully requesting the same or by the regulations of any stock exchange provided that (to the extent not prohibited by law or order of court, government agency or regulatory body or stock exchange regulation) the disclosing Party promptly notifies and consults with the other Party in advance in relation to the timing and content of such disclosure.

13. Freedom of Information obligations

13.1 We are not subject to the requirements of the Freedom of Information Laws and so are not obliged to respond to requests for information under the Freedom of Information Laws (Request for Information). Without prejudice to the foregoing, and subject to your compliance with Clause 13.2 , we will endeavour to inform you within two (2) Business Days and endeavour to respond to any Request for Information in the spirit of the Freedom of Information Laws where reasonably able to do so.

13.2 We acknowledge that you may be obliged to respond to any Request for Information where you are subject to the requirements of the Freedom of Information Laws. If this is the case you shall be responsible for determining in your absolute discretion and, notwithstanding any other provision in these Terms and Conditions or any other agreement, whether any information is exempt from disclosure in accordance with the provisions of the Freedom of Information Laws. Without prejudice to the foregoing, if you receive a Request for Information and such request includes commercially sensitive information or confidential information of ours under the Freedom of Information laws, you shall, as soon as reasonably practicable, notify us of such request and shall consult with us and consider any representations which we may make in relation to the requested disclosure prior to deciding whether to comply with or to refuse the request (in whole or in part).

14. Other important terms

14.1. We may transfer our rights and obligations under these Terms and Conditions to another organisation, but this will not affect your rights or obligations under these Terms and Conditions.

14.2. You may only transfer your obligations under these Terms and Conditions to another person if we agree in writing.

14.3. These Terms and Conditions constitute the entire agreement between you and us. You acknowledge that you have not relied on any statement, promise or representation made or given by, or on behalf of, us which is not set out in these Terms and Conditions or any document expressly referred to in it.

14.4. If we fail to insist you perform any of your obligations under these Terms and Conditions, or if we do not enforce our rights against you, or if we delay in doing so, that will not mean that we have waived our rights against you and will not mean that you do not have to comply with those obligations. If we do waive a default by you, we will only do so in writing, and that will not mean that we will automatically waive any later default by you.

14.5. We may be required to review content to determine if it is appropriate or if it is violating any terms of service such as our receipt of a report of unlawful content, however we have no obligation to monitor or review content.

14.6. Each of the conditions of these Terms and Conditions operates separately. If any court or competent authority decides that any of them are unlawful or unenforceable, the remaining conditions will remain in full force and effect.

14.7. In order to continuously improve our operations, we may from time to time revise these Terms & Conditions (including any of the documents referenced herein). Revisions are intended to clarify or improve your rights or benefits rather than reducing them.

14.8. You will be notified in writing of the changes to the Terms and Conditions and the notification will state if the changes reduce any of your rights or benefits under the Agreement. The revised Terms and Conditions will be automatically effective sixty days after notification and will be published on the Service Website.

14.9. If you (acting reasonably) cannot accept any revision you may terminate the Agreement by giving Jisc written notice not less than thirty days prior to the date when the revision would become effective. In such case you will be entitled to a pro-rata rebate of fees already paid for the Service that would have been supplied subsequent to the date of termination.

14.10. Please note that these Terms and Conditions, their subject matter and their formation are governed by English law. You and we both agree that the courts of England and Wales will have exclusive jurisdiction.

Schedule 1. Insights Service Levels

1.Introduction

1.1 This Service Level Agreement sets out the levels of availability and support the you can expect from us.

2. Helpdesk

2.1 Support materials are available for all users at https://digitalinsights.jisc.ac.uk

2.2 Email support is available from help@jisc.ac.uk

3. Support hours

3.1 Support hours are 09:00 – 17:00 UTC, Monday to Friday, excluding and public holidays in England and Wales.

4. Scheduled maintenance

4.1 Any scheduled maintenance will be publicised prior to being carried out. Jisc will do everything possible to minimize and avoid downtime during such maintenance.

Schedule 2. Data Protection

1.Arrangement Between the Parties

1.1. The Parties shall each Process the Personal Data in accordance with the terms of this Schedule. The Parties acknowledge that the factual arrangement between them dictates the classification of each Party in respect of the Data Protection Legislation.

1.2. Where a Party acts as a Controller in respect of any Personal Data Processed under or in connection with this Agreement, it shall comply with its respective obligations under the Data Protection Legislation and shall only use such Personal Data for the purposes of performing its obligations under this Agreement.

1.3. Notwithstanding the foregoing, the Parties anticipate and agree that Jisc shall be a Processor where it is Processing the Personal Data in relation to the Permitted Purpose in connection with the performance of its obligations to provide the Service under these Terms and Conditions.

1.4. Each of the Parties acknowledges and agrees that the following table sets out an accurate description of the Data Protection Particulars:

The subject matter and duration of the Processing: Jisc Digital Experience Insights allows the Customer to run Jisc-developed surveys amongst a consenting group of its own students and/or staff. The surveys include a set of questions developed by Jisc and the option for the Customer to add further questions that together capture a range of information about the Data Subject (which may include Personal Data) in order to track the students’ digital experience during their studies and the use of technology by their staff. The duration of the Processing will be for the term of the Agreement between the Customer and Jisc.

The nature and purpose of the Processing: The Personal Data will be Processed in order to provide the Service ordered by the Customer.

The type of Personal Data being Processed: The questions developed by Jisc do not require the Data Subject to provide any Personal Data, however Customers have the ability to add questions that can capture any type of Personal Data, this may include (but is not limited to) users first name, last name, email address, phone number, date of birth and university ID.

The categories of Data Subjects: Individuals responding to the Jisc Insights Survey run by the Customer.

2. Controller Obligations

2.1. Where a Party acts as Controller in respect of the Processing of the Personal Data, that Party shall ensure that:

2.1.1 it is not subject to any prohibition or restriction which would prevent or restrict it from disclosing or transferring the Personal Data to Jisc in accordance with the terms of this Schedule; and

2.1.2 all fair processing notices have been given (and/ or, as applicable, consents obtained) and are sufficient in scope to allow the Controller to disclose the Personal Data (including any Sensitive Personal Data) to Jisc for the delivery of the Service in accordance with the Data Protection Legislation.

3. Processor Obligations

3.1 Jisc (as a Processor in relation to any Personal Data Processed by (or on behalf of) the Customer pursuant to the Agreement) undertakes to the Customer that it shall:

3.1.1 Process the Personal Data for and on behalf of the Customer in connection with the performance of the Service only and for no other purpose in accordance with the terms of this Agreement and any instructions from the Customer;

3.1.2 unless prohibited by law, promptly notify the Customer (and in any event within forty-eight (48) hours of becoming aware of the same) if it considers, in its opinion (acting reasonably) that it is required by Applicable Law to act other than in accordance with the instructions of the Customer, including where it believes that any of the Customer's instructions under Clause 3.1.1 infringes any of the Data Protection Legislation;

3.1.3 implement and maintain appropriate technical and organisational security measures to comply with at least the obligations imposed on a Controller by the Security Requirements. If requested by the Customer, Jisc will provide a description of the technical and organisational security measures that Jisc will implement and maintain;

3.1.4 take all reasonable steps to ensure the reliability and integrity of any of the Personnel who shall have access to the Personal Data, and ensure that each member of Personnel shall have entered into appropriate contractually-binding confidentiality undertakings;

3.1.5 notify the Customer promptly, and in any event within forty-eight (48) hours, upon becoming aware of any actual or suspected, threatened or ‘near miss’ Personal Data Breach, and:

(a) implement any measures necessary to restore the security of compromised Personal Data;

(b) assist the Customer to make any notifications to the Regulator and affected Data Subjects;

3.1.6 notify the Customer promptly (and in any event within ninety-six (96) hours) following its receipt of any Data Subject Request or Regulator Correspondence and shall:

(a) not disclose any Personal Data in response to any Data Subject Request or Regulator Correspondence without the Customer's prior written consent; and

(b) provide the Customer with all reasonable co-operation and assistance required by the Customer in relation to any such Data Subject Request or Regulator Correspondence;

3.1.7 not disclose Personal Data to a third party in any circumstances without the Customer's prior written consent, other than:

(a) in relation to Third Party Requests where Jisc is required by law to make such a disclosure, in which case it shall use reasonable endeavours to advise the Customer in advance of such disclosure and in any event as soon as practicable thereafter, unless prohibited by law or regulation from notifying the Customer;

(b) to Jisc's employees, officers, representatives and advisers who need to know such information for the purposes of Jisc performing its obligations under this Agreement and in this respect Jisc shall ensure that its employees, officers, representatives and advisers to whom it discloses the Personal Data are made aware of their obligations with regard to the use and security of Personal Data under this Agreement; and

(c) to a sub-contractor appointed in accordance with Clause 4.

3.1.8 not make (nor instruct or permit a third party to make) a Data Transfer without putting in place measures to ensure the Customer's compliance with Data Protection Legislation;

3.1.9 on the written request of the Customer, and with reasonable notice, allow representatives of the Customer to audit Jisc in order to ascertain compliance with the terms of this Clause 3 and/ or to provide the Customer with reasonable information to demonstrate compliance with the requirements of this Clause 3, provided that:

(a) the Customer shall only be permitted to exercise its rights under this Clause 3.1.9 no more frequently than once per year (other than where an audit is being undertaken by a Customer in connection with an actual or 'near miss' Personal Data Breach, in which case, an additional audit may be undertaken each year by the Customer within thirty (30) days of the Customer having been notified of actual or 'near miss' Personal Data Breach);

(b) each such audit shall be performed at the sole expense of the Customer;

(c) the Customer shall not, in its performance of each such audit, unreasonably disrupt the business operations of Jisc;

(d) the Customer shall comply with Jisc's health and safety, security, conduct and other rules, procedures and requirements in relation to Jisc's property and systems which have been notified by Jisc to the Customer in advance; and

(e) in no case shall the Customer be permitted to access any data, information or records relating to any other customer of Jisc.

3.1.10 except to the extent required by Applicable Law, on the earlier of:

(a) the date of termination or expiry of the Agreement (as applicable); and/or

(b) the date on which the Personal Data is no longer relevant to, or necessary for, the performance of the Service,

cease Processing any of the Personal Data and, within sixty (60) days of the date being applicable under this Clause 3.1.10, return or destroy (as directed, in writing, by the Customer) the Personal Data belonging to, or under the control of, the Customer and ensure that all such data is securely and permanently deleted from its systems, provided that Jisc shall be entitled to retain copies of the Personal Data for evidential purposes and to comply with legal and/or regulatory requirements;

3.1.11 comply with the obligations imposed upon a Processor under the Data Protection Legislation; and

3.1.12 assist the Customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the UK GDPR taking into account the nature of Processing and the information available to Jisc, provided that Jisc shall be entitled to charge a fee to the Customer (on a time and materials basis and at such rate notified by Jisc to the Customer from time to time) in respect of providing any such assistance to the Customer.

3.2 Notwithstanding anything in this Agreement to the contrary, this Clause 3 shall continue in full force and effect for so long as Jisc Processes any Personal Data on behalf of the Customer.

4. Sub-Contractors

4.1 Jisc may from time to time use sub-contractors to perform all or any part of its obligations under this schedule. Jisc shall notify the Customer prior to appointing a sub-contractor. The Customer may object to the appointment of any sub-contractor and Jisc shall reasonably take into account the views of the Customer in appointing any such sub-contractor, but for the avoidance of doubt the appointment of any sub-contractor shall be at Jisc's absolute discretion and Jisc shall have no obligation to act in accordance with any objection raised by the Customer. Information regarding the sub-contractors Jisc uses from time to time in connection with the performance of the Service can be found on the Service Website.

4.2 Jisc may from time to time disclose Personal Data to its sub-contractors (or allow its sub-contractors to access Personal Data) for Processing solely in connection with the fulfilment of the Permitted Purpose.

4.3 Where Jisc uses a sub-contractor to Process Personal Data for or on its behalf, it will ensure that the sub-contractor contract (as it relates to the Processing of Personal Data) is on terms which are substantially the same as, and in any case no less onerous than, the terms set out in Clause 3 of this schedule.

4.4 Jisc shall remain liable to the Customer for the acts, errors and omissions of any of its sub-contractors to whom it discloses Personal Data, and shall be responsible to the Customer for the acts, errors and omissions of such sub-contractor as if they were Jisc’s own acts, errors and omissions to the extent that Jisc would be liable to the Customer under this Agreement for those acts and omissions.

Terms and Conditions last updated: 17 February 2022

We use cookies to give you the best experience and to help improve our website, more about how we use cookies