Terms and Conditions

Application and entire agreement

  1. These Terms and Conditions apply to the provision of the services detailed in our quotation, (Services) by Infosec Cloud Ltd. a company registered in England and Wales under number 06035236 whose registered office is Focus House, Ham Road, Shoreham-by-sea, BN43 6PA (we or us) to the person buying the services (you).
  2. You are deemed to have accepted these Terms and Conditions when you accept our quotation or from the date of any performance of the Services (whichever happens earlier) and these Terms and Conditions and our quotation (the Contract) are the entire agreement between us.
  3. These Conditions apply to the Contract to the exclusion of any other terms that you try to impose or incorporate, or which are implied by trade, custom, practice or course of dealing.


  1. A “business day” means any day other than a Saturday, Sunday or bank holiday in England and
  2. “Extended Term” a term equivalent to the Minimum Term
  3. The headings in these Terms and Conditions are for convenience only and do not affect their Words imparting the singular number shall include the plural and vice-versa.


  1. We warrant that we will use reasonable care and skill in our performance of the Services which will comply with the quotation, including any specification in all material respects. We can make any changes to the Services which are necessary to comply with any applicable law or safety requirement, and we will notify you if this is necessary.
  2. We will use our reasonable endeavours to complete the performance of the Services within the time agreed or as set out in the quotation; however, time shall not be of the essence in the performance of our obligations.
  3. All of these Terms and Conditions apply to the supply of any goods as well as Services unless we specify otherwise.
  4. The offer shall be accepted and the Contract shall be formed and come into existence at the point when Infosec Cloud receives the Order Form, either electronically or physically, duly signed (either electronically or physically) by or on behalf of the Customer at which point and on which date the Contract shall come into existence (subject where applicable to clause 30). If Infosec Cloud has not received the Order Form duly signed for or on behalf of the Customer within 12 months from the date on which it is sent to by Infosec Cloud, to the Customer, the offer to contract with the Customer shall be deemed to have been withdrawn unless otherwise agreed between Infosec Cloud and the Customer.

Your obligations

  1. You must obtain any permissions, consents, licences or otherwise that we need and must give us access to any and all relevant information, materials, properties and any other matters which we need to provide the Services.
    • In regards the provision of the SATT, GDPR and MPAS services, to ensure email delivery you must provide end users’ email addresses (user list request) and the whitelisting of our sending IPs (as set out in the whitelisting instructions sent to you following completion of the Contract).
  2. If you do not comply with clause 11, we can terminate the Services.
  3. We are not liable for any delay or failure to provide the Services if this is caused by your failure to comply with the provisions of this section (Your obligations).


  1. The fees (Fees) and the terms of payment for the Services are set out in the quotation.
  2. All services paid for monthly are subject to a 36-month contract term unless stated or quoted otherwise. Monthly Fees are to be paid by Direct Debit unless agreed otherwise.
15.1 All Fees for services subject to a 12-month term are payable upfront in line with agreed payment terms.
  1. In addition to the Fees, we can recover from you a) reasonable incidental expenses including, but not limited to, travelling expenses, hotel costs, subsistence and any associated expenses, if agreed in writing in advance.
  2. b) the cost of services provided by third parties and required by us for the performance of the Services, and c) the cost of any materials required for the provision of the Services.
  3. SATT, GDPR and MPAS do not incur incidental expenses (a) third party expenses (b) or additional materials expenses (c).
  4. You must pay us for any additional services provided by us that are not specified in the quotation in accordance with our then current, applicable daily rate in effect at the time of performance or such other rate as may be agreed in writing between us. The provisions of clause 14 also apply to these additional services.
17.1  The only additional services incurring a cost are for additional policies on the MPAS service and are clearly defined at the quotation stage. The Fees are exclusive of any applicable VAT and other taxes or levies which are imposed or charged by any  competent authority.  

Cancellation and amendment

  1. We can withdraw, cancel or amend a quotation if it has not been accepted by you, or if the Services have not started, within a period of 14 days from the date of the quotation, (unless the quotation has been withdrawn).
  2. Either we or you can cancel an order for any reason prior to your acceptance (or rejection) of the quotation or as per clause 10.
  3. If you want to amend any details of the Services, you must tell us in writing as soon as possible. We will use reasonable endeavours to make any required changes and additional costs will be included in the Fees and invoiced to you.
  4. If, due to circumstances beyond our control, including those set out in clause 42 below (Circumstances beyond a party’s control), we have to make any change in the Services or how they are provided, we will notify you immediately. We will use reasonable endeavours to keep any such changes to a minimum.


  1. We will invoice you for payment of the Fees in accordance with the terms of payment we have agreed on receipt of a Purchase Order or Purchase Confirmation.
  2. Infosec Cloud standard payment terms are that you must pay the Fees due within 21 days of the date of our invoice or otherwise in accordance with any credit terms agreed between us.
  3. Without limiting any other right or remedy we have for statutory interest, if you do not pay within the period set out above, we will charge you interest at the rate of 2% per annum above the base lending rate of the Bank of England from time to time on the amount outstanding until payment is received in full.
  4. All payments due under these Terms and Conditions must be made in full without any deduction or withholding except as required by law and neither of us can assert any credit, set- off or counterclaim against the other in order to justify withholding payment of any such amount in whole or in part.
  5. If you do not pay within the period set out above, we can suspend any further provision of the Services and cancel any future services which have been ordered by, or otherwise arranged with, you.
  6. Receipts for payment will be issued by us only at your request.
  7. All payments must be made in British Pounds unless otherwise agreed in writing between us.


  1. Subject to clause 10, the Supply of the Services detailed shall commence on the Commencement Date and shall continue for the Minimum Term and thereafter the Services Contract shall automatically extend for the Extended Term at the end of the Minimum Term and at the end of each Extended Term. A party may give notice in writing to the other party no later than 90 days before the end of the Minimum Term or the relevant Extended Term, to terminate the Services Contract at the end of the Minimum Term or the relevant Extended Term, as the case may be.

Sub-Contracting and assignment

  1. Subject to clause 54, we can at any time assign, transfer, charge, subcontract or deal in any other manner with all or any of our rights under these Terms and Conditions and can subcontract or delegate in any manner any or all of our obligations to any third party.
  2. In regards the service provision of SATT, GDPR and MPAS, this condition is void as it is not required.
  3. You must not, without our prior written consent, assign, transfer, charge, subcontract or deal in any other manner with all or any of your rights or obligations under these Terms and Conditions.
  4. In regards the service provision of SATT, GDPR and MPAS, this condition is void as it is not required.


  1. We can terminate the provision of the Services immediately if you:
  2. commit a material breach of your obligations under these Terms and Conditions; or
  3. fail to make pay any amount due under the Contract on the due date for payment;
  4. Either party can terminate the provision of the Services immediately if they:
  5. are or become or, in our reasonable opinion, are about to become, the subject of a bankruptcy order or take advantage of any other statutory provision for the relief of insolvent debtor; or
  6. enter into a voluntary arrangement under Part 1 of the Insolvency Act 1986, or any other scheme or arrangement is made with its creditors; or
  7. convene any meeting of a creditors, enter into voluntary or compulsory liquidation, have a receiver, manager, administrator or administrative receiver appointed in respect of the assets or undertakings or any part of them, any documents are filed with the court for the appointment of an administrator in respect of the individual or organisation, notice of intention to appoint an administrator is given by the organisation or any directors or by a qualifying floating charge holder (as defined in para. 14 of Schedule B1 of the Insolvency Act 1986), a resolution is passed, or petition presented to any court for the winding up or for the granting of an administration order in respect of the individual or organisation, or  any proceedings are commenced relating to the insolvency or possible insolvency.

Intellectual property

  1. We reserve all copyright and any other intellectual property rights which may subsist in any goods supplied in connection with the provision of the Services. We reserve the right to take any appropriate action to restrain or prevent the infringement of such intellectual property rights.
  2. All services, and content thereof, provided, if not tampered with, are the responsibility of Infosec Cloud and therefore solely our liability responsibility in the event of a 3rd party claim.

Liability and indemnity

  1. Our liability under these Terms and Conditions, and in breach of statutory duty, and in tort or misrepresentation or otherwise, shall be limited as set out in this clause.
  2. The total amount of our liability is limited to the total amount of Fees payable by you under the Contract.
  3. We are not liable (whether caused by our employees, agents or otherwise) in connection with our provision of the Services or the performance of any of our other obligations under these Terms and Conditions or the quotation for:
  4. any indirect, special or consequential loss, damage, costs, or expenses or;
  5. any loss of profits; loss of anticipated profits; loss of business; loss of data; loss of reputation or goodwill; business interruption; or, other third party claims; or
  6. any failure to perform any of our obligations if such delay or failure is due to any cause beyond our reasonable control; or
  7. any losses caused directly or indirectly by any failure or your breach in relation to your obligations; or
  8. any losses arising directly or indirectly from the choice of Services and how they will meet your requirements or your use of the Services or any goods supplied in connection with the Services.
  9. You must indemnify us against all damages, costs, claims and expenses suffered by us arising from any loss or damage to any equipment (including that belonging to third parties) caused by you or your agents or employees up to the amount of Fees paid by you in the contract year in which the right of indemnification accrues.
  10. In regards the service provision of SATT, GDPR and MPAS, this condition is void as equipment is not required.
  11. Nothing in these Terms and Conditions shall limit or exclude our liability for death or personal injury caused by our negligence, or for any fraudulent misrepresentation, or for any other matters for which it would be unlawful to exclude or limit liability.

Circumstances beyond a party’s control

  1. Neither of is liable for any failure or delay in performing our obligations where such failure or delay results from any cause that is beyond the reasonable control of that party. Such causes include, but are not limited to: power failure, Internet Service Provider failure, industrial action, civil unrest, fire, flood, storms, earthquakes, acts of terrorism, acts of war, governmental action or any other event that is beyond the control of the party in question. If the delay continues for a period of 90 days, either of us may terminate or cancel the Services to be carried out under these Terms and Conditions.


  1. We shall automatically apply an annual increase in the Fees based on the Consumer Price Index (CPI) plus 3.9%. We use the CPI figure published by the Office for National Statistics ( in January and will apply the change in April each year. In the event that the rate of CPI is negative, we will only increase the Fees by 3.9% in the relevant year. For example, a previous monthly charge of £100 + VAT would become £109.30 + VAT assuming a January CPI of 5.4%.
  2. Subject to applicable regulations, we shall increase our Fees for any Services (including without limitation by revising any tariff) as a result of any increase in charges made to us by third party providers by a sum equal to any such increase. In such circumstances you shall not have the right to cancel the Contract.
  3. Where we propose to increase our Fees for any Services (including by revising without limitation any Tariff) as a consequence of a regulatory change and that the increase is no greater than the additional cost to us caused by the regulatory change, we will give you written notice of any such increase not less than 30 days before the proposed date of the increase. In such circumstances you shall not have the right to cancel the Contract.

Data Protection

  1. When supplying the Services to the Customer, the Service Provider may gain access to and/or acquire the ability to transfer, store or process personal data of employees of the Customer.
  2. The parties agree that where such processing of personal data takes place, the Customer shall be the ‘data controller’ and the Service Provider shall be the ‘data processor’ as defined in the General Data Protection Regulation (GDPR) as may be amended, extended and/or re- enacted from time to time.
  3. In regards the service provision of SATT, GDPR and MPAS, Infosec Cloud only require the e-mail addresses of the Customer. These are used to communicate our training, education and/or compliance services and data is stored in our Tier 3 Hosting Centre in the UK.
  4. For the avoidance of doubt, ‘Personal Data’, ‘Processing’, ‘Data Controller’, ‘Data Processor’ and ‘Data Subject’ shall have the same meaning as in the GDPR.
  5. The Service Provider shall only Process Personal Data to the extent reasonably required to enable it to supply the Services as mentioned in these terms and conditions or as requested by and agreed with the Customer, shall not retain any Personal Data longer than necessary for the Processing and refrain from Processing any Personal Data for its own or for any third party’s purposes.
  6. The Service Provider shall not disclose Personal Data to any third parties other than employees, directors, agents, sub-contractors or advisors on a strict need-to-know basis and only under the same (or more extensive) conditions as set out in these terms and conditions or to the extent required by applicable legislation and/or regulations.
  7. Prior to sub-contracting the processing of any personal data, the Service Provider shall seek approval from the Customer.
  8. The Service Provider shall implement and maintain technical and organisational security measures as are required to protect Personal Data Processed by the Service Provider on behalf of the Customer.
  9. Further information about the Service Provider’s approach to data protection are specified in its Data Protection Policy, which can be found For any enquiries or complaints regarding data privacy, you can contact our Data Protection Officer at the following e-mail address: [email protected].


  1. All notices under these Terms and Conditions must be in writing and signed by, or on behalf of, the party giving notice (or a duly authorised officer of that party).
  2. Notices shall be deemed to have been duly given:
  3. when delivered, if delivered by courier or other messenger (including registered mail) during the normal business hours of the recipient;
  4. when sent, if transmitted by fax or email and a successful transmission report or return receipt is generated;
  5. on the fifth business day following mailing, if mailed by national ordinary mail; or
  6. on the tenth business day following mailing, if mailed by airmail.
  7. All notices under these Terms and Conditions must be addressed to the most recent address, email address or fax number notified to the other party.

No waiver

  1. No delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy nor stop further exercise of any other right, or remedy.


  1. If one or more of these Terms and Conditions is found to be unlawful, invalid or otherwise unenforceable, that / those provisions will be deemed severed from the remainder of these Terms and Conditions (which will remain valid and enforceable).

Compliance with Laws

  1. The parties agree that during their dealings they will comply with all relevant laws and regulations, including the Modern Slavery Act 2015 and the Bribery Act 2010.

Law and jurisdiction

  1. This Agreement shall be governed by and interpreted according to the law of England and Wales and all disputes arising under the Agreement (including non-contractual disputes or claims) shall be subject to the exclusive jurisdiction of the English and Welsh courts.