Master Service Agreement

This contract is entered into by Cloud Made Simple (a member of the Simple iD Pty Ltd ABN 20 126 532 385 group of companies) of (‘Cloud Made Simple’) and Customers receiving services from Cloud Made Simple (‘The Client’).

Key Provisions

Services

As per the services you have agreed to

Initial Term

As per the services you have agreed to

Commencement Date

As per the services you have agreed to

Pricing

As per the services you have agreed to

Contents

About this document 4

Contract 4

  1. DEFINITIONS AND INTERPRETATION
  2. DURATION
  3. MICROSOFT AGREEMENT
  4. CONFIDENTIALITY OBLIGATIONS
  5. IT SERVICE AND SUPPORT
  6. CLOUD MADE SIMPLE UNDERTAKINGS
  7. SERVICE FEE
  8. SUSPENSION or TERMINATION
  9. YOUR RESPONSIBILITIES
  10. LIMITATION AND EXCLUSION OF LIABILITY
  11. ENDING CONTRACT PREMATURELY
  12. NOTICE PROVISIONS
  13. ASSIGNMENT AND SUBCONTRACTING
  14. MISCELLANEOUS
  15. GST
  16. PERMISSIONS

APPENDIX A- PRICING SCHEDULE

APPENDIX B – SERVICE LEVELS

APPENDIX C – MANAGED SERVICES SUPPORT SCOPE AND LIMITATIONS

APPENDIX D – DATA PROTECTION POLICY

About this document

  1. This document sets out the terms and conditions on which Cloud Made Simple provides Services to clients. These are known as our Standard Terms and Conditions.
  2. Master Services Agreement identify the type and level of IT Support that Cloud Made Simple agrees to provide our clients for the services provided.

Contract

1. DEFINITIONS AND INTERPRETATION

1.1. In these terms and conditions:

“Additional Charge” means a charge levied to your account in relation to the supply of a service or product or goods of and incidental to the Agreement that is not included in the Agreement that is deemed by Cloud Made Simple to be reasonably necessary to give effect to the performance of the Term of the Agreement.

“Agreement” means this Managed Services Master Contract.

“Agreed increase” means the amount expressed as a percentage of the fixed annual fee by which the fee will rise on the anniversary of the Commencement Date, if applicable.

“Business Day” means a day not a Saturday, a Sunday or a gazetted public holiday in that State.

“Client” means the party that has entered into the agreement with Cloud Made Simple.

“Commencement Date” means the date of commencement of the Services as specified in the Key Provisions.

“Confidential Information” means:

  1. all pricing information, business and financial information, sales and supply details, marketing strategies, customer and supplier listings, staff information, business listings, information concerning the business or customers relating to the Client or the Services;
  2. all information related to people who are currently or have previously wished to find employment with the Client and or any third party introduced by the Client;

III. all processes, procedures, techniques, concepts, systems, manuals, license agreements, disclosure documents, documents, agreements, contracts, notes, file and data base structures and software relating to the Services;

  1. any information which, by its nature, places or potentially places the Client at an advantage over its present or future business competitors;
  2. any pricing information which, by its nature, places or potentially places the Client at a disadvantage with its present or future clients;
  3. any information that would otherwise at law be considered secret or confidential information; whether or not marked “Confidential” but does not include information which:
  4. at the time of first disclosure by a party is or is reasonably known to be or have been a part of the public domain;
  5. after disclosure by a party is or becomes part of the public domain otherwise than by disclosure in breach of the terms of the Agreement;
  6. was in the possession, knowledge, custody, power or control of Cloud Made Simple prior to disclosure.

VII. Any information relating to the Client, its members, customers, contributors or suppliers. “Corporations Act 2001”  means the Corporations Law and may be used interchangeably in the agreement. “Contract” means the Agreement and may be used interchangeably herein.

“Due Date” means the date payment is due and payable by the Client to Cloud Made Simple for the supply of the Services or other matters or things of and incidental to the Agreement.

“Emergency” means anything that is considered to be of an extreme or catastrophic nature touching or impinging upon human life, property, goods, anything material or intangible deemed necessary to give effect to the Agreement.

“Fees” means the Time and Materials hourly rate or those costs prescribed in Appendix A, as applicable.

“GST” means the same as defined in the GST Law; any other goods and services tax, or any tax applying to the agreement in a similar way; and any additional tax, penalty tax, fine, interest or other charge under a law of such a tax.

“GST Law” means the A New Tax System (Goods and Services Tax) Act 1999 (Cth).

“Initial term” means the term as set out in the Key Provisions.

“Insolvency Event” in respect of the Client means:

  1. The client becomes an externally-administered body corporate for the purposes of the Corporations Act 2001 (Cth) or an external insolvency administrator is appointed to any such party under the provisions of any companies or securities legislation of another jurisdiction;
  2. A controller (as that term is defined in the Corporations Act 2001 (Cth)) or mortgagee in possession is appointed to the assets of the Client, or any such appointment is reasonably likely;
  3. The Client fails to comply with a statutory demand in the manner specified in section 459F of the Corporations Act 2001 (Cth), and has not made an application to set aside such demand under section 459G of the Corporations Act 2001 (Cth);
  4. The Client is unable to pay its debts as and when they fall due.

“Key Provisions” means the key provisions as set out at the start of this Agreement.

“Out of Scope” means any work done or services provided that do not form a part of the Services as defined in this Agreement.

“Parties” means the parties to the Agreement, namely The Client and Cloud Made Simple.

“Penalty Rate” means those amounts prescribed in the Agreement, if any.

“Personal Information” has the same meaning as it has in sub-section 6(1) of the Privacy Act 1988 (Cth).

“Pricing Schedule” means the schedule of prices as set out in Appendix A of this Agreement.

“Related Bodies Corporate” has the meaning given to that term in the Corporations Act 2001.

”Response Time” means the maximum delay prior to Cloud Made Simple responding to a request for Services as set out in the Service Level Guarantees.

“Services” means those services as set out in Appendix C of this Agreement.

“Service Level Guarantees” means those Service Support Levels set out in Appendix B of this Agreement.

“Subsequent term” means the period of time the Client engages Cloud Made Simple following the conclusion of the Initial Term, if any.

“Tax Invoice” means a tax invoice within the meaning of the GST Law.

“Term” means the Initial Term and any Subsequent Term.

“Cloud Made Simple” means Cloud Made Simple Pty Ltd.

“We” or “Us” or “Our” means Cloud Made Simple.

“You” or “Your” or “It” means The Client.

1.2. In these terms and conditions, except where the context otherwise requires:

  1. the singular includes the plural and vice versa, and a gender includes other genders;
  2. a reference to a definition that is capitalised may also be a reference to such definition in lower case;
  3. a reference to a clause, paragraph, schedule or annexure is to a clause or paragraph of, or schedule or annexure to, the agreement, and a reference to the agreement includes any schedule or annexure;
  4. a reference to a document or instrument includes the document or instrument as novated, altered, supplemented or replaced from time to time;
  5. a reference to A$, $A, dollar or $ is to Australian currency;
  6. a reference to time is to the time in Victoria, Australia;
  7. a reference to a party is to a party to the agreement;
  8. a reference to a person includes a natural person, partnership, body corporate, association, governmental or local authority or agency or other entity;
  9. a reference to a statute, ordinance, code or other law includes regulations and other instruments under it and consolidations, amendments, re-enactments or replacements of any of them;
  10. the meaning of general words is not limited by specific examples introduced by including, for example or similar expressions;
  11. headings are for ease of reference only and do not affect interpretation;
  12. any agreement, representation, warranty or indemnity in favour of two or more parties (including where two or more persons are included in the same defined term) is for the benefit of them jointly and severally;
  13. a rule of construction does not apply to the disadvantage of a party because the party was responsible for the preparation of the agreement or these terms and conditions or any part of them; and
  14. if a day on or by which an obligation must be performed or an event must occur is not a Business Day, the obligation must be performed or the event must occur on or by the next Business Day.

2. DURATION

2.1         The Agreement commences on the Commencement Date and continues for the Term unless otherwise stipulated or terminated in accordance with the terms and conditions herein.

3. MICROSOFT AGREEMENT

3.1         In the event Cloud Made Simple provides Microsoft licenses and or other Microsoft services, by signing this agreement, you also abide by the terms and conditions of the Microsoft Customer Agreement. This agreement can be viewed here www.cloudmadesimple.com.au/terms

4. CONFIDENTIALITY OBLIGATIONS

4.1.        Cloud Made Simple must not use the Confidential Information other than for the purpose of fulfilling the requirements of and to give effect to the performance of the Agreement.

4.2.        Cloud Made Simple must maintain strict confidentiality in relation to the Confidential Information and must not divulge all or any aspect of the Confidential Information to any person not in its employ or engagement in relation to fulfilling its obligations under the Agreement.

4.3.        If Cloud Made Simple wishes to disclose any of the Confidential Information to its accountant, business, financial or legal adviser (“Professional Advisors”), it may do so upon advising the Client and obtaining the prior written consent of the Client that shall not be unreasonably withheld.

4.4.        If Cloud Made Simple is uncertain whether any information comprises part of the Confidential Information then it must seek direction from the Client before divulging the information to any third party.

4.5.     The obligations on the Parties under this Clause 4 shall not be taken to have been breached to the extent that the Confidential Information:

  1. is disclosed by Cloud Made Simple to its Professional Advisers, officers, employees, agents or subcontractors solely and to the extent necessary in order to comply with obligations or to exercise rights under the Agreement;
  2. is disclosed by Cloud Made Simple to its internal management personnel, solely to enable effective management or auditing of related activities of and incidental to fulfilling its obligation to the Client under the Agreement;
  3. is authorised or required by law or by order of any regulatory authority, stock exchange, judicial or parliamentary body or governmental agency to be disclosed.

4.6.     Where Cloud Made Simple discloses Confidential Information to another person pursuant to sub-paragraphs 4.5(a) and 4.5(b), Cloud Made Simple must:

  1. notify the receiving person that the information is Confidential Information; and
  2. not provide the information unless the receiving person agrees in writing to keep the information confidential.

4.7.     If Cloud Made Simple is required to make a disclosure as described in sub-paragraph A, Cloud Made Simple will disclose only the Confidential Information required to comply with the applicable law or order.

4.8.     The Client agrees that all information relating to the business practices or clientele of Cloud Made Simple         that is disclosed to it in confidence, and any report prepared by Cloud Made Simple for use by the Client, are Confidential Information and the same confidentiality obligations as set out above for Cloud Made Simple will also apply to the Client in respect of that information.

4.9.     The Parties’ obligations of confidentiality shall not merge or be released upon the expiry or termination of the Agreement, and will continue thereafter.

5. IT SERVICE AND SUPPORT

5.1. Cloud Made Simple must provide the Services to the Client in accordance with the Service Level Guarantees and otherwise on the terms and conditions of the Agreement, throughout the Term.

5.2. The method of delivering the Services will be determined at the sole discretion of Cloud Made Simple and can be delivered via telephone, remotely or by onsite attendance, however Cloud Made Simple must act reasonably in exercising such discretion.

5.3. Cloud Made Simple must provide and carry out the Services in an efficient and professional manner and in accordance with standards generally observed in the IT industry for similar services.

5.4. The Client shall:

  1. provide all reasonable assistance requested by the personnel of Cloud Made Simple in the diagnosis of any problem within the IT infrastructure and follow any reasonable direction of Cloud Made Simple in the course of doing so;
  2. make available free of charge and within a reasonable time all information, facilities and services reasonably required to enable Cloud Made Simple to provide the Services;
  3. provide reasonable access to its premises thereby granting a non-exclusive license to Cloud Made Simple to give effect to the matters described in sub- clauses 5.4 (A) and (B) herein;
  4. provide such telecommunication facilities as reasonably required by Cloud Made Simple for testing and diagnostic purposes.

5.5. Cloud Made Simple will use best endeavours to supply the Services without warranting that supply will be interruption or error free. Despite anything else within the Agreement the Client acknowledges and accepts that the Services may not be available in all circumstances due to circumstances beyond the reasonable control of Cloud Made Simple. The Client hereby agrees release Cloud Made Simple from any claim for damages arising in contract for default or failure to perform its obligations under the Agreement (including Service Level Guarantees) resulting from circumstances reasonably beyond its control including, but not limited to, weather conditions, power failure, telecommunications failure, technical failure, third party maintenance requirements, our inability to access your premises, your acts or omissions or those of any third parties. Cloud Made Simple shall rely upon this clause 5.5 to the full extent permitted by law.

5.6. Where a serious issue arises relating to the age, configuration or implementation of any supported equipment that has been identified and brought to the attention of the Client by Cloud Made Simple in writing and in the opinion of Cloud Made Simple that equipment requires support beyond the scope of the obligations of Cloud Made Simple under the Agreement due to its age, configuration or implementation, Cloud Made Simple reserves the right in its sole discretion to cease support of that item of equipment under the Managed Services Agreement or provide support on a time and materials basis as agreed with the Client until such time as the said equipment is brought up to an acceptable standard in the reasonable opinion of Cloud Made Simple. Cloud Made Simple will work with the Client to proactively identify appropriate replacement solution options and to assist the Client to procure such solution. The Client hereby expressly agrees to indemnify, release and hold harmless and blameless Cloud Made Simple for any consequential, economic, business or opportunity, direct or indirect loss or damage or harm of any type whatsoever (including negligence and in contract or tort) arising out of or incidental to any interruption to service, support or maintenance of the Clients operating network howsoever arising by Cloud Made Simple having ceased support of the said equipment in compliance with this clause. Cloud Made Simple shall rely upon this clause 5.6 to the full extent permitted by law.

5.7. To the extent necessary, clause 5.5 and 5.6 hereof may be read together to interpret the application or operation of them individually or collectively in part or in whole and in the event there is found to be any inconsistency between the clauses such provision or part thereof shall be severed without affecting the remaining provision that shall be enforced and interpreted as if the severed provision had never existed.

5.8. Unless specified in the Agreement all services and or requirements that the Client may require in connection with or of and incidental to its IT infrastructure other than the Services set out in Appendix C will not to be covered by the Agreement and if provided by  Cloud Made Simple shall be charged in accordance with a time and materials “Out of Scope” hourly rate agreed between the Parties. This includes but is not limited to:

  1. Travel time to and from and support of equipment at remote locations such as staff homes not listed in a “Supported Site Location” list;
  2. Installation of new or additional devices or provision of service which is not specifically mentioned in the Agreement or covered by its scope; and
  3. The relocation of equipment in the event you move location.

6. CLOUD MADE SIMPLE UNDERTAKINGS

6.1. Cloud Made Simple undertakes that it:

  1. Will abide by all Australian Government Data Security legislation and its own Data Protection Policy, a copy of which is attached as Appendix D to this Agreement;
  2. Has and will complete thorough background checking of any existing or new employees who have access to the Client’s software, hardware or data;
  3. Has in place best practice internal policies and procedures that ensure system and data security and its ability to provide the agreed Services;
  4. Has in place safeguards to prevent any one CMS employee (or employees in collusion) from causing irreparable damage to the Client or the Client’s data;
  5. Does not and will not gain any Intellectual Property or other rights to the Client’s data;
  6. Will ensure that the Client data at all times remains stored exclusively on servers located in Australia; and
  7. Will only use Australian based employees, staff and contractors to deliver the Services;

7. SERVICE FEE

7.1. The Fees for the Services as detailed in Pricing Schedule will be payable calendar monthly and shall be due and payable within 14 days of the date of a Tax Invoice supplied (Due Date). Fees which do not appear on a Tax Invoice for a particular period may appear on future Tax Invoices.

7.2. You will pay all Tax Invoices by the Due Date or, if you are paying by credit card or by direct debit, we will debit your credit card or nominated direct debit account for the amount of the Tax Invoice and any other Fees by the Due Date.

7.3. If you are paying by credit card a credit card fee of 1.5% for Visa and Mastercard payments, and 3% for American Express payments. This fee will be added to your invoice amount and will appear as a separate line item.

7.4         On account payment terms to customers who have a valid support agreement with us. If you do not have a support agreement, you will need to pay by credit card or direct debit at the time of service.

7.5.        If you do not pay an invoice by the Due Date you agree you will charged a late payment fee of 2% of the invoice amount or $25.00 ex GST, whichever is greater, for accounts that are over 30 days in arrears. This fee will be added to your next invoice and will accrue interest at the same rate until paid.

(b) If you do not pay by the due date any discounts offered will be forfeited.

7.6.        Unless a credit application has been completed by the Client and approved by Cloud Made Simple, we may require the Client to pay a negotiated security deposit on Fees before entering into the Agreement with You. The security deposit shall be held in escrow and You are deemed hereby to have provided your express consent for Us to deduct any amounts you owe under the Agreement from the security deposit.

7.7.        You will be liable for all reasonable and necessary collection costs (including legal fees charged on a solicitor/client basis and indemnify Cloud Made Simple for such costs) we incur to collect an amount outstanding.

7.8.        If you in good faith dispute an amount in an invoice, you must notify us in writing within 7 days of the date of the invoice, setting out reasons for the dispute and the amount in dispute (Disputed Amount). We will within 7 days of the date of receipt of your notice in writing in good faith review the invoice for the purposes of resolving such dispute. In the event a Fee is disputed, you are not entitled to withhold payment of the undisputed amount of the invoice.

7.9.        Our records are prima facie evidence of the Fees payable by you under the Agreement except to the extent they are proved to be substantially incorrect.

7.10.      Subject to due performance by Cloud Made Simple of its obligations under this Agreement and to the terms of this Agreement, except where an interruption, unavailability or impaired quality of the Service has been caused or contributed to by us, you remain liable for all Fees.

7.11.      We may pay a commission to retailers/dealers who introduced you to us (or any other person).

7.12.      Block Hours purchased on an ad hoc basis must remain in credit at all times.

7.13.      Accounts remaining in debit 14 days past the Due Date will be placed on credit hold without notice.

7.14.      Fees will be adjusted on the anniversary of the Commencement Date and each subsequent anniversary of the Commencement Date by the Agreed increase (if any).

8.         SUSPENSION or TERMINATION

8.1.        Without limiting our rights under the Agreement we may suspend the supply of Services with notice (which may be written or verbal) to you if:

  1. it is an Emergency;
  2. directed/required to do under the law; or
  3. you fail to pay an amount due and payable that is 45 days past the Due Date which is not the subject of a good faith dispute, and for which a valid Tax Invoice has been issued.

8.2.        Without limiting clause 8.1, we may suspend Services by providing 14 days written notice if:

  1. a resolution is passed or an application is made to, or an order is made by, a court of competent jurisdiction for the winding up of the Client (except pursuant to internal amalgamation or reconstruction);
  2. an administrator or a receiver or a receiver and manager or an external controller is appointed to any of the assets or undertaking;
  3. you or your guarantors (if applicable) makes an arrangement for the benefit of or enters into an arrangement or composition with its creditors; you have an official manager or inspector appointed pursuant to the provisions of the Corporations Act; or
  4. if you or your guarantors (if applicable ) commit an act of insolvent trading and or are likely to be unable to pay debts as and when they fall due and payable within the meaning of the Corporations Act2001.
  5. a director is convicted of a criminal offence or is subject to regulatory action resulting in a civil penalty declaration or administrative banning order or adverse finding, including Enforceable Undertaking.

8.3.        After the expiration of the Term, Cloud Made Simple may terminate at its sole discretion the supply of a particular Service at any time by providing the Client 30 days prior written notice.

8.4.        Cloud Made Simple may terminate the agreement immediately if:

  1. the Client breaches a material provision of this agreement; and
  2. Cloud Made Simple gives the Client 30 days written notice:
  3. specifying the nature of the Client’s breach or default;
  4. telling the Client what is required to be done to remedy the breach or default; and

iii.          advising the Client that Cloud Made Simple intends to terminate this agreement if the Client fails to remedy the breach or the default within the given notice period; and

  1. the Client fails to remedy the breach or default within the given notice period.

8.5.        Without limiting clause 2.2, the Client may immediately terminate the Agreement, by sending Cloud Made Simple a written notice of that fact if:

  1. Cloud Made Simple repudiates a material or fundamental term of the Agreement; or
  2. Cloud Made Simple fails to remedy, to your reasonable satisfaction, a significant deficiency in the delivery of the Services on three separate occasions within 30 days after the date on which the Client issued Cloud Made Simple a written notice requiring Cloud Made Simple to remedy those deficiencies.

8.6.        Any termination or expiry of the Agreement will not prejudice any equitable or legal right of action or remedy which may have accrued or manifest to either party prior to or after termination of the Agreement.

8.7.        Cloud Made Simple may in its absolute discretion release the Client from its obligations under the Agreement before expiration of the Term and shall be entitled to claim damages in accordance with clause 11 herein.

8.8.        Termination of the Services in accordance with the Agreement does not affect the application of the provisions of these terms and conditions relating to limitation of liability or indemnity.

9.         YOUR RESPONSIBILITIES

9.1.        You must:

  1. comply promptly with our reasonable directions in relation to the provision of the Services to the Agreement;
  2. provide promptly all information, decisions, facilities and assistance we reasonably require to supply the Services;
  3. comply with all laws and guidelines concerning your use of the Services; and
  4. provide us safe access to and egress from the premises to which the Services are supplied and obtain the consent of the owner (where required) for us to install, inspect, repair, maintain or remove equipment connected with the provision of the Services.
  5. notify Cloud Made Simple of your inability to comply with our reasonable requests in line with points A, B, C & D outlining why you cannot comply and providing alternate options so that Cloud Made Simple may continue to meet its obligations under the contract.

9.2.        Unless otherwise permitted under the Agreement, you must not use or permit any other person to use any of the Services for any unauthorised purpose.

10.       LIMITATION AND EXCLUSION OF LIABILITY

10.1.      Subject to Clause 10.6, Cloud Made Simple shall not be liable to the Client for any loss or damage whatsoever or howsoever caused arising directly or indirectly in connection with the agreement, except to the extent that such liability may not lawfully be limited or excluded. For the avoidance of doubt this extends to any employees, contractors, agents, representatives, licensees or permitted assigns of Cloud Made Simple.

10.2.      Notwithstanding the generality of clause 10.1, Cloud Made Simple expressly excludes liability for consequential loss or damage which may arise in respect of the Services or for loss of loss of data, loss of, or claim for, revenue, profits, actual or potential business opportunities or anticipated savings or profit, whether direct, indirect, economic, consequential howsoever arising by way of act or omission in contract or in tort. You hereby agree to release and indemnify Cloud Made Simple to that extent.

10.3.      Where we cannot by law exclude such liability, our liability to you will be limited, at our choice, to, if the breach relates to goods, the replacement or repair the goods or, if the breach relates to services, the supply of those services or the payment of the cost of those services supplied again. This clause applies despite anything else contained herein or incidental to the Agreement and to the fullest extent permitted by law.

10.4.      To the fullest extent permitted by law, we exclude all warranties implied by law except as expressly set out in the Agreement.

10.5.      Any unreasonable and material interference by the Client or its agents, servants, employees, sub-contractors or other third party with the consent of the Client with equipment, network or configuration relevant to or of and incidental to the Agreement will void any guaranteed response time or quality of service commitments, remove any liability to the Client for the quality of the Service the subject of such interference and may also incur fees to cover costs of rectification as the rectification will be considered as an excluded item of the Agreement.

10.6.      Notwithstanding anything else set out in this clause 10, the exclusions and limitations of liability provided in Clause 10 do not apply to any liability arising as a result of, or in connection with:

  1. fraud or wilful misconduct by Cloud Made Simple;
  2. breach of confidentiality by Cloud Made Simple;
  3. breach of privacy by Cloud Made Simple;
  4. failure by Cloud Made Simple to provide the Services in a professional manner and in accordance with standards generally observed in the IT industry or profession for similar services;
  5. negligence in the course of Cloud Made Simple’s provision of the Services; or
  6. infringement of a third party’s Intellectual Property Rights by Cloud Made Simple.

For the purposes of this Clause 10.6 the term “Cloud Made Simple” shall mean and include Cloud Made Simple, its officers, employees, sub-contractors, suppliers and agents, whether individually or collectively.

11.       ENDING CONTRACT PREMATURELY

11.1.      Without prejudice to any other rights under the Agreement or at law, if we terminate the Agreement in accordance with clause 7 or the Agreement prematurely ends because you are in breach of your obligations under the Agreement:

  1. our rights in respect of your breaches and unfulfilled obligations under the Agreement at that time continue;
  2. you must pay us all outstanding Fees at that time together with an amount equal to the Managed Service Fee which would have been payable if the Agreement had continued for the full Term.

12.       NOTICE PROVISIONS

12.1.      Any notice, consent or other communications given or made to a party under the Agreement must be in writing and delivered or sent by email, pre-paid ordinary post or facsimile transmission to the address or facsimile number of the party as last or reasonably known to either party or to such other address or facsimile number as the party may from time to time notify for the purpose of this clause.

12.2.      Proof of posting by pre-paid or ordinary post shall be deemed receipt within 2 Business Days after posting.

12.3.      Proof of dispatch by facsimile is proof of receipt upon production of a facsimile report by the machine from which the facsimile is sent except where the sender machine indicates a malfunction in transmission or the recipient immediately notifies the sender of an incomplete transmission, in which case the transmission shall be deemed not to have been given or served.

12.4.      Proof of delivery by email is proof of receipt upon production of a delivery confirmation report appearing on the sender’s computer except where the sender’s computer indicates delivery has not been affected in which case delivery shall be deemed not to have been effected.

13.       ASSIGNMENT AND SUBCONTRACTING

13.1.      You must not assign or otherwise transfer your rights or obligations under the Agreement without the prior written consent of Cloud Made Simple, which shall not be unreasonably withheld. For the avoidance of doubt, a change in the control of a party is a deemed assignment.

13.2       We may subcontract our Service obligations under the Agreement provided that by subcontracting we are:

  1. not relieved from any of our obligations under the Agreement; and
  2. liable for any breach of the Agreement committed, caused or contributed to by our subcontractors.

14.       MISCELLANEOUS

14.1.      (Waiver) The waiver by either party of any breach of the Agreement shall not license the other party to repeat or continue any such breach nor operate as a waiver of any subsequent breach whether of the nature or not. The failure of either party to exercise any right which it may have in the event of a breach of the Agreement shall not be deemed to be an abandonment or waiver of any right for damages injunction or otherwise.

14.2.      (Entire Agreement) The terms and conditions herein and the Agreement set forth the entire Agreement and understanding for provision of Managed Services between the parties and merges all prior discussion between them and none shall be bound by any conditions, warranties or representations with respect to the subject of the Agreement other than as expressly provided therein or any instrument subsequent to the Commencement Date of the Agreement in writing and signed by the party to be bound thereby.

14.3.      (Force Majeure) The non-performance or delay in performance by a party of any obligation under the Agreement is excused during the time and to the extent that such performance is prevented by a circumstance or event beyond its reasonable control (Force Majeure Event), provided that the party affected by the Force Majeure Event uses its best endeavors to perform as soon as possible its obligations under the Agreement (including by the use of reasonable workarounds and interim measures). If a Force Majeure Event continues for more than 30 days, either party may terminate the Agreement immediately by notice in writing to the other party.

14.4.      (Governing Law) The Agreement shall be deemed to have been made in the State of Victoria and construction, validity and performance of the Agreement shall be governed by the laws (as amended) of that State. The parties unconditionally submit to the jurisdiction of the Courts of that State or any superior Court of the Commonwealth having relevant jurisdiction.

14.5.      (Reading down and severance) Each clause of the Agreement and each part of each clause must be read as a separate and severable provision. If any provision is found to be void or unenforceable, that provision may be severed and the remainder of the agreement must be interpreted as if the severed provision had never existed.

14.6.      (Non merger) All obligations of the parties which expressly or by their nature survive the expiration or termination of the Agreement shall continue in full force and effect notwithstanding such expiration or termination.

14.7.      (Non solicitation) You must not solicit or attempt directly or indirectly to solicit any of our employees, either directly as an employee, as a contractor or as a subcontractor for employment or separate engagement as a contractor during the term of the Agreement and for 12 months after the date of expiration of the Agreement. Should you breach this clause you agree to pay Cloud Made Simple a fee equal to the solicited/engaged employee’s last annual Cloud Made Simple gross taxable remuneration package as compensation.

14.8.      (Testing) From time to time we may carry out various security checks on the Services, these checks may include, but are not limited to, port scans, simulated Denial Of Service (“DOS”) attacks, simulated Distributed DOS attacks. Cloud Made Simple will provide the Client with 7 days’ notice of such test however under some circumstances this may not be possible such as when a suspected breach of security has been identified.

14.9.      (Counterparts) This agreement may consist of a number of counterparts and, if so, the counterparts taken together constitute one agreement.

15.       GST

15.1.      Any consideration to be paid or provided for a supply made under or in connection with the Agreement, unless specifically described in the Agreement as ‘GST Inclusive’, does not include an amount on account of GST (‘GST Exclusive Consideration’).

15.2.      If any supply made or to be made by a party (‘Supplier’) under or in connection with the Agreement is a taxable supply the Supplier may, in addition to the GST Exclusive Consideration, recover from the recipient of that supply (‘Recipient’) an amount on account of GST to be calculated by multiplying the GST exclusive consideration for the supply by the GST rate prevailing at the time that the supply is made.

15.3.      Any additional amount on account of GST recoverable from the Recipient under clause 13.2, is payable on provision by the Supplier of a Tax Invoice.

15.4.      In this clause 14 words or expressions that are defined in the A New Tax System (Goods and Services Tax) Act 1999 (Cth) have the meaning given to them by that Act.

16.       PERMISSIONS

16.1.      Permission will be sought in writing and not unreasonably withheld to provide us requested information relevant to our assessment of your credit rating before we enter into the Agreement with you.

16.2.      Permission will be sought in writing prior to and not reasonably withheld for us to disclose information or documents about our mutual business particulars and affairs (including credit worthiness, credit history and credit capacity) from or to credit providers and credit reporting agencies and all purposes permitted by the Privacy Act 1988 (Cth); law enforcement agencies; debt collection agencies for purposes connected with supply of the Services, billing for the Services or collecting amounts invoiced for the Services.

16.3.      You permit us to set a limit on the credit we extend to you in relation to your use of the Services (“credit limit”) if applicable. We will advise you of any credit limit we set. We may revise the credit limit from time to time by notice to you if we consider there has been any change in your capacity to pay.

APPENDIX A- PRICING SCHEDULE (Ex.Gst)

As per the services you have agreed to.

APPENDIX B – SERVICE SUPPORT LEVELS

Support Contacts

 License Only – Ticket or self-service portal only
Methods of ContactClients with Support Agreement – Phone, ticket, chat or self-service portal

Only Applicable to clients with Support Agreement

RemoteWeekdaysWeekends/Public Holidays
 Low PriorityMedium PriorityHigh PriorityLow PriorityMedium PriorityHigh Priority
Response Time (hours)631N/AN/A1
Resolution Time (hours)842N/AN/A3

Definitions:

  • Low Priority – Incidents that affect one or multiple users but do not halt the business process.
  • Medium Priority – Incidents that affect multiple users from performing minor tasks.
  • High Priority-Incidents that halt the business from performing critical tasks.

Hardware replacement or procurement is dependent on supplier stock availability as well as warranty purchased.

Cloud Made Simple reserves the right to change the priority of an incident if the priority reported by you does not match the definitions listed. On rare occasion, Cloud Made Simple may not be able to achieve the listed response and/or resolution times due to natural disasters, network outages, electrical outages, client network speed, client hardware capability, and third-party interference. In these instances, Cloud Made Simple will endeavor to achieve the best possible result.

APPENDIX C – MANAGED SERVICES SUPPORT SCOPE AND LIMITATIONS

Only Applicable to Full Managed Service Clients

Infrastructure and network

Responsible for the design, installation, set-up, updating, configuration, optimisation, testing, administration, license management, making of requested or required changes, preventative maintenance, monitoring and remedial action of all IT infrastructure and software including:

  • network structure between all endpoints (including wireless network and routers)
  • physical and virtual servers including storage, CPU and other specifications and associated equipment
  • desktop equipment including PC’s, laptops and associated equipment and replacement parts
  • physical and virtual desktop environment, VPN and LOB applications
  • peripheral equipment including UPS’s and printers
  • software including operating systems, utilities, infrastructure software, Windows and Microsoft 365
  • company-owned mobile and tablet devices

The above services include, but are not limited to:

  • completing special operating instructions and change request authorisations
  • implementing best practice Azure. In other words set up Azure for the most efficient way that suits your business.
  • performing system patching including security and anti-malware updates
  • performing server start-ups and shutdowns
  • executing utilities in accordance with application guidelines where applicable
  • performing directory administration and management functions
  • logging and tracking progress of hardware failures with vendor including warranty claims
  • diagnosing equipment performance issues
  • Windows server role management
  • SQL server management
  • managing all scheduled activities
  • performing third party software updates and ‘best effort’ third-party applications
  • developing configuration profiles, standard software and other specifications for management of desktop software, and related processes for delivery
  • establishing and delivering a data retention policy
  • network systems and servers are configured to “deny” as a default and least-privilege concepts are in place
  • maintenance of system, application and network logs

End user support

Responsible for providing unlimited onsite and report operational support for end users including:

  • full hardware and installed software support
  • peripheral equipment set up and support

System security

Responsible for the selection, design, set-up, installation, updating, configuration, optimisation, testing, administration, licence management, requested or required changes, preventative maintenance, monitoring and remedial action all system security measures to align with at least the ACSC (Australian Cyber Security Centre) principles including the Essential Eight level, including:

  • malware protection software
  • firewall rules
  • anti-virus software
  • threat and breach detection tools
  • password policies
  • security breach identification and management
  • encryption for data in transit and data at rest
  • multi-factor authentication applied where available

Disaster Recovery

Responsible for the selection, design, set-up, installation, configuration, optimisation, testing, administration, license management, requested or required changes, preventative maintenance, monitoring and remedial action of disaster recovery measures including:

  • establishing and maintaining a Disaster Recovery Plan (DRP) that supports the business continuity plan
  • executing the DRP upon an authorised request
  • actioning changes to the DRP to address any shortcomings found during testing

Reporting

Responsible for providing reports on:

  • monthly report of scheduled out-of-business-hours operating system and infrastructure software maintenance including system patching
  • annual report of all installed software and any licensing issues
  • the results and provide recommendations from testing and reviews within two weeks of completion

Testing and review

Responsible for:

  • testing UPS’s every six months
  • testing the suitability of all desktop software for compatibility with the IT infrastructure and services prior to deployment
  • reviewing implemented security measures
  • testing the Disaster Recovery Plan (DRP) at least every six-months
  • auditing all installed software every six months
  • developing forecasts of server and disk storage growth and other changes in response to projected business needs at least annually

Inventory management

Responsible for:

  • maintaining an inventory of server equipment and software, including locations, configuration and release levels
  • maintaining an inventory of desktop equipment and replacement parts, including locations, configuration and release levels
  • maintain an inventory of all desktop and server software
  • provide recommendations on the replacement any equipment or software according to an agreed refreshment cycle

and providing ready-access to this information.

Services not included

  • configuration of third-party software and services (ERP, website, CRM etc)
  • end-user training
  • programming and software development
  • third party video surveillance systems

APPENDIX D – DATA PROTECTION POLICY

INTRODUCTION

Cloud Made Simple holds Personal Data about our users, employees, clients, suppliers and other individuals for a variety of business purposes.

This policy sets out how we seek to protect Personal Data and ensure that staff understand the rules governing their use of Personal Data to which they have access in the course of their work in particular, this policy requires staff to ensure that the Managing Director be consulted before any significant new data processing activity is initiated to ensure that relevant compliance steps are addressed.

Cloud Made Simple operates in several jurisdictions, including Australia, the United Kingdom, New Zealand, and the United States. This policy describes principles and procedures which ensure Cloud Made Simple complies with the various regulations across all the regions in which we operate.

The procedures described in this policy must be followed at all times by Cloud Made Simple, its employees, agents, contractors, or other parties working on behalf of Cloud Made Simple.

Cloud Made Simple is committed not only to the letter of the law but also to the spirit of the law and places a high premium on the correct, lawful and fair handling of all Personal Data, respecting the legal rights, privacy and trust of all individuals with  whom it deals.

SCOPE

This policy applies to all staff. You must be familiar with this policy and comply with its terms. This policy supplements our other policies relating to internet and email use. We may supplement or amend this policy by additional policies and guidelines from time to time. Any new or modified policy will be circulated to staff before being adopted.

As Managing Director, Gavin Keane has overall responsibility for the day-to-day implementation of this policy.

TRAINING

All staff will receive training on this policy. New staff will receive training as part of the induction process. Further training will be provided at least every year or whenever there is a substantial change in the law or our policy and procedure.

Training is provided through in-house seminars and online training on an annual basis, and covers the applicable laws relating to data protection, and Cloud Made Simple’ data protection and related policies and procedures. Completion of training is compulsory.

If you have any questions or concerns about anything in this policy, do not hesitate to contact the Managing Director.

PERSONAL DATA

Cloud Made Simple defines Personal Data as the broader of the definitions contained in the PDPA, DPA, and GDPR.

Cloud Made Simple defines Sensitive Personal Data as the broader of the definitions contained in the PDPA, DPA, and GDPR. Any use of sensitive Personal Data is to be strictly controlled in accordance with this policy.

While some data will always relate to an individual, other data may not, on its own, relate to an individual. Such data would not constitute Personal Data unless it is associated with, or made to relate to, a particular individual.

Generic information that does not relate to a particular individual may also form part of an individual’s Personal Data when combined with Personal Data or other information to enable an individual to be identified.

Aggregated data is not Personal Data.

Cloud Made Simple gathers Personal Data for two purposes: for providing IT Services, and for internal operations.

Personal Data for IT Services relates to identifiable individual users and may include:

user profile information such as Full name, Photograph, Date of Birth, Mobile telephone number, and Personal email address; Personal Data we gather for internal operational purposes relates to identifiable individuals such as job applicants, current and former employees, contract and other staff, clients, suppliers, and marketing contacts, and the data gathered may include individuals’ contact details, educational background, financial and pay details, details of certificates and diplomas, education and skills, marital status, nationality, job title, and CV.

PRINCIPLES

Cloud Made Simple collects and processes Personal Data in compliance with the following data protection principles:

Consent

The user (data subject) must give their explicit, active consent to the collection and processing of their Personal Data. This consent can be revoked at any time.

Notification

Cloud Made Simple notifies all users about the intended purpose of any collected data prior to collection.

Purpose Limitation

Personal Data can be used only for the purposes explained to the user, and for which they have explicitly given consent. The data collected must be necessary for the performance of the purpose, and not excessive with respect to the purposes for which it was collected.

Right to Access and Correction

Users should be able to access their personal, wearable, and messaging data, and to correct said data where applicable.

Accuracy

Cloud Made Simple should take all reasonable steps to ensure users’ data is accurate

and up to date.

Protection

Cloud Made Simple should take all reasonable steps to ensure user data is secured and protected against unauthorised or unlawful processing, accidental loss, destruction, or damage.

Retention Limitation

Cloud Made Simple should not keep personal user data for any longer than necessary to fulfil the purposes for which the user gave their consent.

Data Portability

Upon request, a user should have the right to receive a copy of their data in a structured format. These requests should be processed within one month, provided there is no undue burden and it does not compromise the privacy of other individuals.

Right to be Forgotten

A data subject may request that any information held on them is deleted or removed, and any third parties who process or use that data must also comply with the request. An erasure request can only be refused if an exemption applies.

Privacy by Design and Default

Privacy by Design is an approach to projects that promote privacy and data protection compliance from the start. The MANAGING DIRECTOR will be responsible for conducting Privacy Impact Assessments and ensuring that all IT projects commence with a privacy plan.

When relevant, and when it does not have a negative impact on the data subject, privacy settings will be set to the most private by default.

International Data Transfers

Specific consent from the user must be obtained prior to transferring their data outside their source region.

Cloud Made Simple must not transfer data to another geographic region unless Cloud Made Simple can ensure an adequate level of protection of the rights and freedoms of users in relation to the processing of their Personal Data within the destination region.

PURPOSES

The purposes for which Personal Data may be used by us include:

  • Providing IT related services to our users
  • The ability to bill clients
  • Research and Development of AI and chat technology in support of our IT services
  • Compliance with our legal, regulatory, and corporate governance obligations and good practice
  • Gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests ensuring business policies are adhered to (such as policies covering email and internet use)
  • Operational reasons, such as recording transactions, training and quality control, ensuring the confidentiality of commercially sensitive information, and security vetting
  • Investigating complaints
  • Checking references, ensuring safe working practices, monitoring and managing staff access to systems and facilities and staff absences, administration, and assessments
  • Monitoring staff conduct & disciplinary matters
  • Marketing our business
  • Improving our services
  • Risk modelling for our health and life insurance partners

RESPONSIBILITIES

Responsibilities of the Data Protection Officer (Managing Director)

The Data Protection Officer’s responsibilities include:

  • Overseeing the implementation of, and compliance with this Policy, working in conjunction with the relevant employees, managers and/or department heads, agents, contractors and other parties working on behalf of Cloud Made Simple;
  • Reviewing all data protection procedures and policies on an annual basis
  • Arranging data protection training and advice for all staff members and those included in this policy
  • Answering data protection queries or complaints from users, clients, staff, board members, and other stakeholders
  • Responding to individuals such as clients and employees who wish to know which data is being held on them by Cloud Made Simple
  • Checking and approving with third parties that handle Cloud Made Simple’s data
  • Any contracts or agreement regarding data processing

Responsibilities of the Infrastructure Manager

The Infrastructure Manager’s responsibilities include:

  • Ensuring all systems, services, software, and equipment meet acceptable security standards;
  • Researching and reviewing third-party services Cloud Made Simple uses to store or process data (such as cloud computing services) on a regular basis; and
  • Managing authentication and authorisation for engineering staff to access Cloud Made Simple’ infrastructure, including cloud services, databases, and application
  • Responsibilities of the Marketing Manager
  • The Marketing Manager’s responsibilities include:
  • Approving data protection statements attached to emails and other marketing copy; and
  • Coordinating with the Managing Director to ensure all marketing initiatives adhere to data protection laws and Cloud Made Simple’s Data Protection

ORGANISATIONAL MEASURES

Cloud Made Simple shall ensure that the following measures are taken with respect to the collection, holding, and processing of personal data:

  • All employees, agents, contractors, or other parties working on behalf of Cloud Made Simple are made fully aware of both their individual responsibilities and Cloud Made Simple’s responsibilities under this Policy, and shall be provided with a copy of this Policy;
  • Only employees, agents, sub-contractors, or other parties working on behalf of Cloud Made Simple that need access to and use of personal data in order to carry out their assigned duties correctly shall have access to personal data held by Cloud Made Simple;
  • All employees, agents, contractors, or other parties working on behalf of Cloud Made Simple handling personal data will be appropriately trained to do so;
  • All employees, agents, contractors, or other parties working on behalf of Cloud Made Simple handling personal data will be appropriately supervised;
  • Methods of collecting, holding and processing personal data shall be regularly evaluated and reviewed;
  • The performance of those employees, agents, contractors, or other parties working on behalf of Cloud Made Simple handling personal data shall be regularly evaluated and reviewed;
  • All employees, agents, contractors, or other parties working on behalf of Cloud Made Simple handling personal data will be bound to do so in accordance with the principles of this Policy by contract;
  • All agents, contractors, or other parties working on behalf of Cloud Made Simple handling personal data must ensure that any and all of their employees who are involved in the processing of personal data are held to the same conditions as those relevant employees of Cloud Made Simple arising out of this Policy;
  • Where any agent, contractor or other party working on behalf of Cloud Made Simple handling personal data fails in their obligations under this Policy that party shall indemnify and hold harmless Cloud Made Simple against any costs, liability, damages, loss, claims or proceedings which may arise out of that

OUR PROCEDURES

Consent

Cloud Made Simple ensures consent is given by making informed, explicit, active consent  a requirement of the mobile app’s registration process, including a clear identification of what the relevant data is, why it is being processed, and to whom it will be disclosed.

Notification

Cloud Made Simple ensures Consent is informed by notifying users in plain language about the intended Purpose of any data prior to collection, and by requiring users to give their consent to that Purpose as part of the mobile app registration process.

Fair and lawful processing

We must process Personal Data fairly and lawfully in accordance with individuals’ rights. This generally means that we should not process Personal Data unless the individual whose details we are processing has consented to this happening.

The processing of all data must be:

Necessary to deliver our services in our legitimate interests and not unduly prejudice the individual’s privacy, in most cases this provision will apply to routine business data processing activities.

Purpose Limitation

Cloud Made Simple staff must not use Personal Data for any Purpose other than that consented to by the user. In the general case, this means that it must be for the purpose of delivering a health coaching application and or supporting activities.

Cloud Made Simple staff should not access Personal Data except where required to do so in the course of their work.

Right to Access, Correction, and Accuracy

Users can use the Cloud Made Simple mobile app to access their personal, wearable, and messaging data, and to correct their profile data at any time.

Cloud Made Simple should take all reasonable steps to ensure users’ data is accurate

and up to date.

Cloud Made Simple assumes that Personal Data collected directly from the user will be accurate and complete.

We will ensure that any Personal Data we process is accurate, adequate, relevant, and not excessive, given the purpose for which it was obtained. We will not process Personal Data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this or would otherwise reasonably expect this.

Individuals may ask that we correct inaccurate Personal Data relating to them. If you believe that information is inaccurate you should record the fact that the accuracy of the information is disputed and inform the Managing Director.

Protection

Cloud Made Simple should take all reasonable steps to ensure user data is secured and protected against unauthorised or unlawful processing, accidental loss, destruction, or damage.

In cases when data is stored on printed paper, it should be kept in a secure place where unauthorised personnel cannot access it. Printed data should be shredded when it is no longer needed.

Sensitive Personal Data should never be saved directly to local devices such as workstations, laptops, or smartphones – it should be kept secured on remote storage provided by Cloud Made Simple’ selected cloud storage provider.

All digital services used by Cloud Made Simple should be protected on a per-user basis, by strong passwords, with role-based permissions.

We encourage all staff to use a password manager to create and store their passwords.

Personal Data should not be stored on local storage media such as CDs, DVDs, or memory sticks.

The Managing Director and Infrastructure Manager must approve any cloud service used to store data.

Data should be regularly backed up in line with Cloud Made Simple’s backup procedures.

All servers or services containing sensitive data must be protected by security software and firewalls.

All data should be transmitted over secure networks only. Transmission over unsecured networks is not permitted in any circumstances, including via email.

No personal data may be shared informally. If an employee, agent, sub-contractor, or other party working on behalf of Cloud Made Simple requires access to any personal   data that they do not already have access to, such access should be formally   requested from their relevant manager.

If Personal Data is being viewed on a computer screen and the computer in question is to be left unattended for any period of time, the user must lock the computer and screen before leaving it.

Under no circumstances should any personal passwords be written down or shared between any employees, agents, contractors, or other parties working on behalf of Cloud Made Simple, irrespective of seniority or department.

Retention Limitation

Cloud Made Simple should not keep personal user data for any longer than necessary to fulfil the purposes for which the user gave their consent.

Cloud Made Simple keeps personal user data for a maximum period of 48 months after the user’s has terminated their service unless the user requests that their account be deleted earlier.

Cloud Made Simple will (soft) delete the user’s account within 5 working days of

confirmation of the request by the user.

Data Portability

Upon request, a user should have the right to receive a copy of their data in a structured format. These requests should be processed within one month, provided there is no undue burden and it does not compromise the privacy of other individuals.

Right to be Forgotten / Erasure

A user may request that any information held on them is deleted, and any third parties who process or use that data must also comply with the request. An erasure request can only be refused if an exemption applies.

Privacy by Design and Default

Privacy by Design is an approach to projects that promote privacy and data protection compliance from the start. The Managing Director will be responsible for conducting Privacy Impact Assessments and ensuring that all IT projects commence with a privacy plan.

When relevant, and when it does not have a negative impact on the data subject, privacy settings will be set to the most private by default.

Transferring Data Internationally

No data may be transferred outside of the Cloud Made Simple’ Australian (Azure) data centres without prior approval from the Managing Director Specific consent from the user must be obtained prior to transferring their data outside their source region.

You must not transfer Personal Data to another geographic region unless 1) Cloud Made Simple can ensure an adequate level of protection of the rights and freedoms of users in relation to the processing of their Personal Data within the destination region, and 2) you have been given permission to do so by the Managing Director.

Data Audit and Register

The Managing Director will conduct regular data audits to manage and mitigate risks, and record the data held by Cloud Made Simple.

User Access Requests

Individuals are entitled, subject to certain exceptions, to request access to information held about them.

Processing data in accordance with the individual’s rights

Do not send direct marketing material to someone electronically (e.g. via email) unless you have an existing business relationship with them in relation to the services being marketed.

Please contact the Managing Director for advice on direct marketing before starting any new direct marketing activity.

PDPA & GDPR PROVISIONS FOR USERS

Privacy Notice – Transparency of Data Protection

Being transparent and providing accessible information to individuals about how we will use their Personal Data is important for our organisation.

The following are details on how we collect data and what we will do with it:

What information is being collected?

Cloud Made Simple collects Personal Data about users including, but not limited to:

Full name

Mobile telephone number

Personal email address

Work email address

Billing Information

Credit Card details

How is it collected?

Cloud Made Simple collects data using via application forms which maybe in paper or electronic form.

Cloud Made Simple specifically asks the individual for permission to collect their data for the purpose of providing IT Services.

Cloud Made Simple also requires explicit consent to collect Personal Data for any additional purposes required by our clients.

Cloud Made Simple only collects data from third parties once the user has provided their permission. (User permission is explicitly required to enable the retrieval of any data from third parties.)

Why is it being collected?

Cloud Made Simple collects Personal Data for the purpose of providing IT Services.

Personal Data is accessed by Cloud Made Simple staff only where necessary to perform the tasks of their job.

All user data is stored in:

Remotely in databases secured & hosted on Microsoft Azure in their Australian data centres.

In the following cloud based applications: WHMCS (Billing System), SharePoint (Microsoft Data Centre’s) Fresh Desk (Ticket System) and Ninja ( Remote Monitoring Tool)

Cloud Made Simple users do not extract, copy, or use local copies of user data unless it has been anonymised or aggregated.

Database access by Cloud Made Simple staff is authorized on a IP-whitelisted, per-user basis according to the requirements of their job, and authenticated using strong passwords.

Cloud Made Simple does not print or save to local storage any Personal Data.

Cloud Made Simple does not transfer Personal Data to any third parties excepting our clients on whose behalf we are the data intermediary.

Cloud Made Simple transmits Personal Data only:

Between servers on our platform,

To and from a user’s authenticated installation of the Cloud Made Simple app, and

To our clients, on whose behalf we are the data intermediary.

Details of transfers to third countries and safeguards

Cloud Made Simple stores data on the Azure hosting platform in two data centres in Australia.

Cloud Made Simple keeps all data secured in accordance with the standards required by relevant UK, EU, NZ and USA legislation.

Cloud Made Simple keeps all data encrypted both in transmission and at rest.

Identity and contact details of any data controllers?

Cloud Made Simple’ designated Data Protection Officer is:

Gavin Keane, Managing Director. gavink@cloudmadesimple.com.au

REPORTING BREACHES

All members of staff have an obligation to report actual or potential data protection compliance failures. This allows us to:

  • Investigate the failure and take remedial steps if necessary
  • Maintain a register of compliance failures
  • Notify the Supervisory Authority of any compliance failures that are material either in their own right or as part of a pattern of failures

Under the GDPR, the Managing Director is legally obliged to notify the Supervisory Authority within 72 hours of the data breach (Article 33). Individuals have to be notified if adverse impact is determined (Article 34). In addition, Cloud Made Simple must notify any affected clients without undue delay after becoming aware of a personal data breach (Article 33).

However, Cloud Made Simple does not have to notify the data subjects if anonymized data is breached. Specifically, the notice to data subjects is not required if the data controller has implemented pseudonymisation techniques like encryption along with adequate technical and organizational protection measures to the personal data affected by the data breach (Article 34).

MONITORING

Everyone must observe this policy.

The Managing Director has overall responsibility for this policy.

The Managing Director will monitor this policy regularly to make sure it is being adhered to.

Data Protection Complaints

Data Protection Complaints can be received via:

  • Cloud Made Simple website/ticket system
  • Email or Phone Call to Managing Director

The Complaint Process is:

  • Within 1 working day: Managing Director will respond to the complaint to notify the complainant that the complaint is being investigated
  • Managing Director to conduct investigation, escalating to client as required
  • Managing Director to investigate & resolve complaints within 5 working days where possible
  • Managing Director to regularly update complainant at least weekly on progress of investigation & expected time to resolution
  • Upon completion of investigation, MANAGING DIRECTOR to provide written report to complainant containing the investigation findings and steps to resolution
  • Managing Director to carry out steps to resolution
  • Managing Director to confirm with user that complaint has been satisfactorily resolved

Consequences of Failing to Comply

We take compliance with this policy very seriously. Failure to comply puts both you and the organisation at risk.

The importance of this policy means that failure to comply with any requirement may lead to disciplinary action under our procedures which may result in dismissal.