Terms of Website Use

E-Caret Solutions Pty Ltd ACN 164 352 541 (Licensor) and the customer named in the schedule (Customer).

Background

The Licensor grants and the Customer takes a license to use the Software on the terms of this agreement.

Operative Provisions

Definitions and interpretation

Definitions

Authorised Users means a person authorised by the Customer to use the Software consistently with the terms of a Software Agreement.

Confidential Information all information (whether written or oral) disclosed by a party (Disclosing Party) to the other party (Receiving Party) which is either:

(a) identified as confidential by the Disclosing Party at the time of disclosure;

(b) of a nature which should reasonably be regarded by the Receiving Party as confidential, but does not include information which:
(c) was in the public domain when it was given to the Receiving Party;
(d) becomes, after being given to the Receiving Party, part of the public domain, except through disclosure contrary to this agreement;
(e) was in the Receiving Party's possession at the time of disclosure;

(f) the Receiving Party lawfully receives from a third party who has the right to disclose it to the Receiving Party.

Designated Computer Equipment means the UK cloud computing environment on which the Software is installed by the Licensor and any computers, devices or kiosks contemplated by the Software Agreement.

Intellectual Property Rights means all present and future rights conferred by statute, common law, or equity in or in relation to any copyright, trademarks, designs, patents, circuit layouts, business and domain names, inventions, and other results of intellectual activity in the industrial, commercial, scientific, literary or artistic fields.

License means the licence of Software granted pursuant to this agreement.

Moral right means:

(g) a right of attribution of authorship;
(h) a right not to have authorship falsely attributed;
(i) a right of integrity of authorship;

(j) a right of a similar nature,

which is conferred by statute, and which exists or comes to exist anywhere in the world in a deliverable form comprised within this agreement.

New Release means software which has been provided primarily to implement an extension, alteration, improvement or additional functionality to the Software.

Software means software and all enhancements of the software developed by the Licensor being a solution for the aged care industry including all server, application and other modules in each case, as modified from time to time by Updates and New Releases.

Term the period of currency of an agreement made between the Customer and the UK Distributor for the Supply of the Software on the terms of this Enterprise Licence Agreement.

Terminating Event means:

(a) the breach or threatened breach by either party of any of its material obligations under this agreement;
(b) the appointment of any type of insolvency administrator in respect of the property or affairs of either party;

Update means software which has been produced primarily to overcome defects in the licensed Software

Conditions of licence

(a) The Software must only be used on the Designated Customer Equipment.
(b) The Customer acknowledges that the Licensor may modify the Software by the implementation of Updates and New Releases from time to time. The Licensor will use its best endeavours to allow the Customer the opportunity to view each New Release in a non- production environment ahead of the New Release going live.

Implementation

This licence permits the use of the Software by the Customer’s Authorised Users on the Designated Equipment only and, where those Authorised Users are agents or employees of the Customer, only in the performance of those Authorised Users’ proper role in the Customer’s business.

No licensor assistance

The Licensor is not required to provide consultancy services, support or training in respect of the Software under this agreement. For the avoidance of doubt, the provision of those services may be the subject of the Software Agreement.

No improper use

The Customer must not, and must ensure that each of its Authorised Users do not:

(a) copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Software in any form or media or by any means, or attempt to do so, except as expressly permitted by part 3 division 4A of the Copyright Act 1968 (Cth);
(b) discover the source code, de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Software, or attempt to so so;
(c) allow the Software to be combined with, or to become incorporated or integrated in, any other programs, software or hardware except as specifically agreed by the Licensor;
(d) knowingly use the Software in any manner not specifically permitted by this agreement;
(e) use the Software in breach of any reasonable direction the Licensor may give from time to time;
(f) access all or any part of the Software in order to build a product or service which competes with the Software or the Licensor’s business;
(g) license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Software available for display to or access or use by any third party;
(h) introduce or permit the introduction of, any virus or a vulnerability into the Licensor’s network or information systems or any Designated Computer Equipment;
(i) do anything which could reasonably be expected to damage, disable, overburden, or materially impair the Designated Computer Equipment or any associated network or which is likely to interfere with any other person’s access or use of the Software;
(j) use the Software for any purpose which is immoral, illegal, offensive, threatening, abusive or otherwise harmful.

Security

The Customer will use its best endeavours to ensure that any access credentials of Authorised Users are not improperly used.

Directions for use

The Customer will ensure that its Authorised Users comply with any reasonable directions the Licensor publishes from time to time in respect of access and use of the Software.

Mutual indemnities

Each party indemnifies the other in respect of any loss that the other suffers or incurs, as a result of:

(a) any breach of this agreement by the party;
(b) any breach of any law or any negligent act or omission or willful misconduct by the party, its employees or agents in connection with this agreement;

(c) any fine or penalty imposed by a regulatory agency in connection with any failure by the party to comply with any law in connection with this agreement

except to the extent that the loss was caused or contributed to by the other party.

Warranties

(a) The Licensor agrees that the consumer guarantees provided under Consumer Law apply in respect of the provision of services by the Licensor to the Customer.
(b) To the fullest extent consistent with the previous clause the Customer acknowledges that the Software is licensed to the Customer “as is” and at the Customer’s risk and the Licensor does not warrant or guarantee that the Subscription Service will be:
- (i) be suitable for the Customer’s intended use;
- (ii) error-free or that errors will be corrected;
- (iii) available, timely or reliable;
- (iv) entirely secure or virus-free.
(c) Subject to any non-excludable statutory liability, the liability of the Licensor for damages in respect of any act or omission of the Licensor in connection with its obligations under this agreement will not exceed $100,000.00.

Data

(a) The Customer agrees that the Licensor:
- (i) uses data provided to it by the Customer (“Customer Data”);
- (ii) makes no warranties or representations as to the accuracy of the Customer Data as provided by the Customer; and is released from any claim whatsoever arising in connection with any incorrect, false or misleading Customer Data.
(b) The Licensor warrants that
- (i) all Customer Data will be hosted in the UK;
- (ii) Customer shall retain all right, title and interest in and to the Customer Data provided to Licensor. Licensor hereby acknowledges and agrees that except as set forth herein, Licensor has no right, title or interest in or to the Customer Data provided to Licensor by Customer.
(c) The Licensor acknowledges that all Customer Data is subject to GDPR legislation.
(d) The Licensor acknowledges that the Customer has record-retention obligations under legislation and agrees that Customer Data will not be deleted by the Licensor without the Customer’s prior written consent.
(e) The Licensor agrees:
- (i) to only collect, use or disclose personal information (information regarding any identifiable individual) in connection with this agreement for the performance of its obligations under this agreement;
- (ii) not to use or disclose personal information for the purpose of direct marketing;
- (iii) to maintain reasonable safeguards against loss, unauthorised access, use, modification or disclosure, and other misuse of Personal Information held in connection with this Agreement;
- (iv) to comply and to ensure that all employees and agents of the Licensor comply with, and at all times act in a manner that is consistent with Australian legislation including Australian legislation relating to privacy;

Privacy incidents

If a party becomes aware that a Data Breach as defined by the Privacy Act 1988 has or may have occurred in respect of any Customer Data the party must immediately notify the other party and each party must do all things reasonably required by the other in relation to that breach or suspected breach and each party must meet all notification obligations under law.

Intellectual property rights

(a) The Customer acknowledges that all rights in the Software are licensed (not sold) to the Customer, and that the Customer has no rights in or to the Software other than the right to use the Software in accordance with the terms of this Licence.
(b) All copyright, database rights, trademarks and other Intellectual Property Rights in any external data sources or embedded third party services used in the Software are the intellectual property of the relevant third-party provider.
(c) The Licensor warrants that it has the right to grant the Licence to the Customer.
(d) Subject to clause 13(e), the Licensor will indemnify and hold harmless the Customer against any claim made against the Customer by a third party alleging that the Software infringes the Intellectual Property Rights of that third party.
- (i) The Licensor will not be liable to the Customer under clause 13(a) or 13(d) if: the Customer does not notify the Licensor of the other person's claim or of infringement of Intellectual Property Rights within seven days after becoming aware of the claim;
- (ii) the Licensor's ability to defend the claim has been prejudiced by the Customer's non-compliance with any of its obligations under this agreement;
- (iii) the Customer does not give the Licensor reasonable assistance in defending the claim;
- (iv) the claim has arisen because of the use of the Software in combination with equipment, materials or computer programs not supplied or approved by the Licensor;
- (v) the Customer does not permit the Licensor to have control of the defense of the claim and all related settlement negotiations.

Termination

(a) This agreement may be terminated immediately on the happening of a Terminating Event at the option of the other party.
(b) If the Terminating Event is the breach or threatened breach by a party of any of its material obligations under this agreement the other party must give to the party notice of the happening of that event and require the breach to be remedied or a written undertaking to be given that the breach will not occur, as the case may be. If the breach is not remedied or the undertaking not given (as the case may be) within fourteen (14) days, the affected party may exercise its right under clause 14(a) or agree to waive its rights under this clause if satisfied that the happening of the Terminating Event has not in any way prejudiced its position under this agreement.
(c) Neither party will be liable for the consequences of an occurrence of any event beyond its reasonable control.
(d) The Customer will, immediately on termination by the Licensor pursuant to clause 14(a), delete all copies of the Software and notify all Authorised Users that they must cease using the Software immediately and delete all copies of the Software in their possession or control.
(e) Any termination of the Licence will not affect any accrued rights or liabilities of either party, nor will it affect any provision of this agreement which is expressly or by implication intended to continue in force after such termination.

Confidentiality

(a) For the purposes of this agreement, Confidential Information means all information (whether written or oral) disclosed by a party (Disclosing Party) to the other party (Receiving Party) which is either:
- (i) identified as confidential by the Disclosing Party at the time of disclosure;
- (ii) of a nature which should reasonably be regarded by the Receiving Party as confidential, but does not include information which:
- (iii) was in the public domain when it was given to the Receiving Party;
- (iv) becomes, after being given to the Receiving Party, part of the public domain, except through disclosure contrary to this agreement; was in the Receiving Party's possession at the time of disclosure;
- (v) the Receiving Party lawfully receives from a third party who has the right to disclose it to the Receiving Party.
(b) A party will not, without the prior written approval of the other party, disclose the other party's Confidential Information.
(c) A party will not be in breach of clause 15(a) in circumstances where it is legally compelled to disclose the other party's Confidential Information.
(d) Each party will take all reasonable steps to ensure that its employees and agents, and any sub-contractors engaged for the purposes of this agreement, do not make public or disclose the other party's Confidential Information.
(e) Despite any other provision of this clause, a party may disclose the terms of this agreement (other than Confidential Information of a technical nature) to its related companies, solicitors, auditors, insurers, and accountants.
(f) This clause will survive the termination of this agreement.

General

Entire agreement

This agreement supersedes all prior agreements, arrangements, and undertakings between the parties and constitutes the entire agreement between the parties relating to the Software. No addition to or modification of any provision of this agreement will be binding upon the parties unless made by written instrument signed by a duly authorised representative of the party.

Notices

All notices which are required to be given under this agreement may be given in writing to the recipient at an email address generally used by the recipient for receipt of such notices. Any such notice will be deemed to have been served when the electronic communication becomes capable of being retrieved by the addressee. Unless agreed otherwise, an electronic communication is assumed to be capable of being retrieved by the addressee when it reaches the addressee's mail server without being rejected.

Assignment

The Licensor may assign, whether in whole or part, the benefit of this agreement or any rights or obligations under this agreement, without the prior written consent of the Customer.

CENTRIM LIFE LTD – PRIVACY POLICY (UK)

Company Number: 16529540

Registered Office: Victory House, 400 Pavilion Drive, Northampton Business Park, Northampton, NN4 7PA

Centrim Life Ltd ("Centrim Life", "we", "us", "our") is committed to protecting the privacy and security of personal data processed through:

The Centrim Life SaaS platform
The Centrim Life mobile and web applications
The Centrim Life corporate website (centrimlife.co.uk)

This Privacy Policy explains how we collect, use, store, and secure your personal data.

1. WHO WE ARE (DATA CONTROLLER / DATA PROCESSOR)

Depending on how our platform is used:

1.1 When we are the Data Processor

For all personal data entered into the Centrim Life SaaS platform by care homes, retirement villages, or staff users, Centrim Life acts as a Data Processor under UK GDPR.

The organisation using Centrim Life (the care provider) is the Data Controller.

1.2 When we are the Data Controller

We act as the Data Controller when:

Collecting data through our website (contact forms, cookies, analytics, marketing forms)
Collecting data from prospective customers
Managing our own sales, billing, and support operations
Managing support tickets submitted via Gleap
Managing error logs via Flare App

2. PERSONAL DATA WE COLLECT

2.1 Data collected through the Centrim Life application (Processor)

Data is entered by the care provider and may include:

I. Resident Data (determined by the care provider)

Name, room/unit
Dietary needs, allergies
IDDSI texture requirements
Feedback or incident records
Any notes or operational details added by staff

(Special Category Data may be included depending on customer configuration)

II. Staff & User Data

Name, role, email, phone (if provided)
Login credentials (hashed passwords), permissions
Activity logs

III. Visitor Data

Name, contact information
Visit logs
Sign-in/sign-out timestamps

IV. Operational Data

Maintenance jobs
Housekeeping workflows
Dining orders
Lifestyle activities
Facility records

Centrim Life only processes this data under the customer's instructions.

2.2 Data collected through the website and marketing activities (Controller)

I. Contact & Communication Forms

Name
Email
Phone number
Organisation details
Message contents

II. Marketing communications

Email address
Preferences & consent logs

III. Website analytics & cookies

IP address
Device/browser information
Pages visited
Session duration
Referrer URL

We may use Google Analytics, server-level logs, and security logs.

IV. Support Tickets (Gleap)

User email (optional)
Screenshots
Diagnostic logs
Steps leading to the issue

V. Error Logging (Flare App)

Error details
Request URL
User ID (if present in context)
Technical device/browser metadata

3. HOW WE USE PERSONAL DATA

3.1 As a Data Processor

We process data strictly to:

Provide the SaaS application
Support operational workflows
Maintain system security
Provide technical support

We do not use customer data for marketing, profiling, analytics, or any unrelated purpose.

3.2 As a Data Controller (for website & sales operations)

We process data to:

Respond to enquiries
Provide product demos
Send requested information
Improve the website
Maintain security and prevent misuse
Manage billing and customer account administration
Provide support services

3.3 Legal Bases

Depending on context:

Legitimate interests — responding to enquiries, securing systems
Performance of a contract — providing our services
Legal obligations — recordkeeping, finance
Consent — when subscribing to marketing emails

4. DATA SHARING & SUB-PROCESSORS

Centrim Life uses carefully selected sub-processors:

Sub-Processor	Purpose	Location
AWS UK (London Region)	Hosting, infrastructure, storage	United Kingdom
Postmark (EU/UK)	Transactional email delivery	EU/UK
Gleap (EU)	In-app bug reporting & diagnostics	EU
Flare App (EU)	Error logging & crash reporting	EU
E-Caret Solutions (UK-bound access only)	Technical support & development assistance	Access only to UK systems

We do not sell or share personal data with advertisers.
We do not transfer application or resident data outside the UK.

5. INTERNATIONAL TRANSFERS

All application data is stored exclusively within the United Kingdom.
Sub-processor services run in UK or EU data centres (GDPR adequate).
E-Caret Solutions staff access only UK-hosted systems and no data is stored offshore.
No international transfers occur under Chapter V UK GDPR.

6. DATA RETENTION

6.1 Application data (Processor)

Retention is determined by the Customer (Data Controller).

After termination:

Live data deleted within 30 days
Backups deleted within 30–60 days
Destruction certificate issued

6.2 Website, sales & support data (Controller)

Contact form enquiries: 24 months
Marketing email lists: until unsubscribe
Website analytics: 26 months
Support tickets: 12 months
Error logs: 30–90 days

7. SECURITY MEASURES

Centrim Life enforces:

UK-only hosting (AWS London)
Encryption at rest (AES-256)
Encryption in transit (TLS 1.2+)
Access control with MFA & SSO
Role-based access control (RBAC)
Network-level firewalls & WAF
Vulnerability scanning & pen testing
Audit logging and monitoring
Strict least-privilege access
Disaster recovery with RTO 1 hour, RPO 4 hours.

8. YOUR RIGHTS

Under UK GDPR you have rights to:

Access your data
Correct inaccurate data
Request erasure
Restrict processing
Object to processing
Data portability
Withdraw consent (marketing emails)

To exercise rights, contact: privacy@centrimlife.co.uk

Requests relating to data inside customer systems must be directed to the care provider who acts as Data Controller.

9. COOKIES

We use cookies for:

Essential website functionality
Analytics (Google Analytics / server logs)
Security and fraud prevention
Performance optimisation

Users can manage cookies via browser settings.

A full cookie policy can be generated separately.

10. CHILDREN'S DATA

Centrim Life does not target or market to children.
Resident data is entered by the care provider in compliance with safeguarding and lawful basis requirements.

11. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically.
Changes will be posted on our website with the updated effective date.

12. CONTACT US

For privacy requests or concerns:

Data Protection Officer
Centrim Life Ltd
Victory House
400 Pavilion Drive
Northampton Business Park
Northampton, NN4 7PA

Email: privacy@centrimlife.co.uk

Phone: +44 (0) 1604 279636