Terms and Conditions for Beacon User U3As

1. Introduction

1.1. The Beacon System is an online management system designed to support the operation and administration of individual U3A organisations. The Beacon System supports multiple U3As. Each U3A can only administer and view its own data.

1.2. The Third Age Trust offers the Beacon System as a Service to U3As. It provides support for the System and its Users via staff members from the Trust, a group of volunteers known as the Beacon Team and where necessary by professional Contractors and other service providers.

1.3. This document explains the basis on which the System is provided by the Trust and states the Terms and Conditions which each U3A agrees to when it applies for a Licence to use the Beacon System.

1.4. Any part of this document may be changed to comply with changing circumstances, best practice recommendations or regulation. Applicant and User U3As will be given advance notice of any changes.

1.5. The effective date of this document is 31st March 2019.

2. Terminology used in this document

Administrator           The person within a U3A with responsibility for administering the U3A’s Beacon site.

Applicant U3A          A U3A which has applied to use the Beacon System but has not yet loaded its data.

Beacon Team           A Team of volunteers which delivers Beacon as a Service to U3As on behalf of the Trust.

Contractor   A commercial organisation contracted to maintain and support parts of the System under direction of the Beacon Team.

Controller      Has the meaning in the Data Protection Law.

Data Protection Law          All applicable laws and regulations, in each case pertaining to the security, confidentiality, protection or privacy of personal data, as amended or re-enacted from time to time, including the European General Data Protection Regulation (Regulation (EU) 2016/679) (the GDPR).

Data Subject            Has the meaning in the Data Protection Law.

Installation   The date on which a U3A’s Beacon site becomes ‘Live’.

Personal data          Has the meaning in the Data Protection Law.

Processor     Has the meaning in the Data Protection Law.

Processing/process           Has the meaning in the Data Protection Law.

System          The Beacon System comprising the operating system, data storage and support services and materials.

Trust  The Third Age Trust.

U3A     A University of the Third Age organisation for a locality, affiliated to the national Third Age Trust.

User U3A       A U3A which is using the Beacon System.

User U3A Member   A person who is, or has been, a member of a participating U3A, and whose personal details are held within the Beacon System.

User   A member who has been registered as an authorised User of the Beacon System and who has a password for access to the system. Users will be allocated access privileges by the Administrator depending on their role within their U3A.

You     The signatory for the User or Applicant U3A, usually the Chair of the executive committee.

3. Grant and Scope of the Licence

3.1. The Licence is the agreement to use the Beacon System.

3.2. In consideration of the payment of the Fee (defined below), the Trust grants to you a non-exclusive, non-transferable licence to use the System in the UK in accordance with the Terms of this Licence. By using the System, you agree to comply with these Terms.

3.3. We may terminate this Licence immediately by written notice to you or if you commit a material breach of this Licence (section 10) which you fail to correct within fourteen (14) days after sending you written notice requiring you to do so.

3.4. Upon termination, for any reason:

3.4.1. all rights granted to you to use the System under this Licence shall cease;

3.4.2. you must cease all activities authorised by this Licence; and

3.4.3. your access to the System will be disabled.

3.5. You acknowledge that:

3.5.1. the software developer retains all intellectual property rights to the software. The Trust has sole licence to use and provide the software to U3As;

3.5.2. the System is licensed (not sold) to you; and

3.5.3. neither you nor any of your Users shall have or acquire any intellectual property rights in, or to, the System other than the right to use the System in accordance with these Terms.

4. Charging Policy

4.1. The Beacon licence fee is currently £1.00 (including VAT) per current member per annum.

4.2. The initial invoice will be sent by the Trust and will be due on the 1st of the month following Installation. The fee will be calculated on a pro rata basis to the following 31st March.

4.3. Thereafter, annual licence renewal fees will be due on 1st April.

5. Our Data Protection and Data Security Responsibilities

5.1. The Beacon System stores personal data about members of the participating U3As within its database (the Personal Data). The Personal Data include the names, addresses, telephone numbers and email addresses of U3A members, and the System may store other data related to their activities within the U3A. The Trust acts as a processor of the Personal Data on behalf of the relevant participating U3A (as controller) in the performance of the Trust’s obligations under this agreement.

5.2 The Trust shall comply with its obligations under the Data Protection Laws.

5.3 The Trust shall only process the Personal Data for the purposes of performing its obligations under this agreement and in accordance with the written instructions given by you, unless the Trust is subject to an obligation under applicable law. The Trust shall notify you immediately if, in the Trust’s opinion, an instruction from you breaches a requirement of the Data Protection Law.

5.4 The Trust shall at all times process the Personal Data in a manner that ensures appropriate security for the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organizational measures. The Trust shall ensure that, at a minimum, the measures required under this clause: (i) meet the standard required by the Data Protection Law and (ii) include the security measures set out in The Trust’s Information Security Policies.

5.5 The Personal Data are accessible to four groups:

5.5.1. Authorised Users of participating U3As, allowed to process it by their U3A’s management. They are only able to access data relating to their own U3A.

5.5.2. Beacon Team members who are authorised by the Trust and who process the data during uploading and may be able to view it while investigating system problems. Beacon Team members who assist U3As with migrating data to the System have access to data during Installation.

5.5.3. Contractors and their employees, authorised by the Trust, who may be able to view it while investigating system problems.

5.5.4. The Trust will also have access should the need arise in the event of a combination of system and/or support failure.

5.6 The Trust shall ensure that all personnel authorised by the Trust to have access to the Personal Data are subject to a contractual duty of confidence to hold the Personal Data in strict confidence and only process the Personal Data in the manner permitted by this agreement and in accordance with the Beacon Team’s data handling procedures and detailed data protection and privacy policies. The data protection and privacy policies are available on the website.

5.7. The Beacon System uses some commercial service providers as sub-processors to store or transmit data. These are: Fasthosts (storage of encrypted data), DigitalOcean (storage of encrypted data), and SendGrid (email transmission) (each an Approved Sub-processor). The Terms of each sub-processor are reviewed regularly, and they have been judged to comply with requirements of the Data Protection Law. You authorise the subcontracting of the processing of Personal Data to each Approved Sub-processor.

5.8. If online payment of membership fees is enabled at a U3A’s request, PayPal is used for fee collection and transfer to the U3A’s bank account. PayPal is not a Beacon sub-processor. Beacon does not have access to any members’ financial credit card/ debit card details.

5.9 The Trust shall assist you: (i) in responding to, and complying with, all data subject rights relating to the Personal Data (each a Request), including by providing such assistance as is contemplated by Article 28(3)(e) of the GDPR; and (ii) in ensuring compliance with the obligations in Articles 32 to 36 of the GDPR (and any equivalent requirements of the Data Protection Law). The Trust shall promptly notify you of each Request it receives and shall not respond to the Request, except as instructed by you.

5.10 The Trust shall promptly notify you in writing of each personal data breach (as defined by the GDPR) of which it becomes aware. The Trust shall (to the extent feasible) ensure that such initial notification contains the information required under Article 33(3) of the GDPR. The Trust shall take such steps and provide such assistance and information to you as may be reasonably required to deal with and respond to the personal data breach.

6. Your Data Protection and Data Security Responsibilities

6.1. The executive committee of each User U3A is responsible for deciding its own Data Protection Policy, and how this should be applied to the Beacon System by the committee member appointed as the Administrator.

6.1.1. You confirm that you have a Data Protection Policy which complies with the Data Protection Laws and which includes your legal basis for processing, what personal data will be collected, how that data will be used and who can access it, including: authorised Users, authorised National Office staff, Beacon Team members and Contractor-authorised employees (as described in 5.1).

6.1.2. You confirm that your Members have access to your Data Protection Policy.

6.1.3. You confirm that your executive committee is responsible for ensuring that its Users understand your U3A’s Data Protection Policy and adhere to it.

6.2. You confirm that when using the System, you will always process any personal data collected in compliance with all applicable laws including, but not limited to, the Data Protection Law.

6.3. You confirm that when using the System, you will take appropriate technical and organisational measures against the unauthorised or unlawful access and processing of personal data and against the accidental loss or destruction of, or damage to, personal data and as required by the Data Protection Law.

6.3.1. Access to data within a U3A site is controlled by the Administrator. User names, passwords and the privileges associated with each User role are allocated by the Administrator.

6.3.2. Each User ensures that their password is kept securely and secret from others.

6.3.3. The Administrator ensures that any person granted specific access provides written assurances that adequate security measures have been taken to keep their computer free of viruses and other malware which might enable unauthorised access to Beacon.

6.3.4. The Administrator ensures that any User granted specific access provides written assurances confirming that they will not allow any other person to use or to have access to their Beacon account. In particular, a shared computer must not be used to access a Beacon account unless the User has a personal logon for the shared computer.

6.3.5. Access to the System via a public computer, e.g. in a public library, is strictly prohibited.

6.4. You will promptly notify the Trust in writing of each personal data breach (as defined by the GDPR) of which you become aware.

7. System Availability

7.1. The Beacon System is designed to be available at all times and it is anticipated that disruption of service will be rare. However, the Trust cannot guarantee that the System or any content on it will always be available, be uninterrupted or free from errors or omissions. The Trust will not be liable to you if, for any reason, the System is unavailable at any time or for any period.

7.2. You acknowledge that the System has been developed and is being maintained and delivered mainly by the Beacon Team of volunteers.

7.3. The Beacon Team will use reasonable efforts to assist you if you have any problems using the System or if there are any failures or disruptions on the System, but the Trust cannot guarantee how long it might take to respond to your queries or to address and fix any failures or disruptions.

7.4. Planned periods of unavailability will be posted on the System home page and on the Beacon website in advance. Any additional downtime will be notified to Administrators by email with as much notice as can be provided.

8. Backup

8.1. All System data is automatically backed up daily and kept for 30 days. A separate daily data backup is automatically stored on a separate host.

8.1.1. Backup data can be restored following any major server failure.

8.1.2. In the event of a failure, User U3As should be aware that they would lose data changed since the previous backup, so it is advisable to keep the original data sources (e.g. membership forms) for 24 hours before disposal.

8.1.3. Data backups are intended to protect against major system faults. They cannot be used to recover from mistakes affecting a single U3A.

8.1.4. User U3As may use the data download facility to make a copy of its own data, particularly before making large-scale data changes. There is no facility to reload data to the System from a local download.

9. User Support

9.1. The Beacon Team provides various levels of support to both Applicant and User U3As. These include but are not limited to:

9.1.1. User Documentation including a User Guide available on the System home page and other ‘How-to’ guides.

9.1.2. An online User Forum. The Forum provides a facility for the System User community to ask questions and post answers in the best tradition of mutual help. The Beacon Team monitors the Forum and responds if no community answer is forthcoming or if the issue is technical.

9.1.3. A website providing information about the System and links to key documentation and other support.

9.2. The provision of Support to Users by the Beacon Team is very much dependent on its pool of suitably experienced volunteers. Generally, a response from the Beacon Team should be expected, but cannot be guaranteed within 72 hours.

10. Suspension or Termination of the Licence

10.1. The Trust reserves the right to suspend, disable, edit or terminate any User U3A’s Licence if they don’t abide by the following conditions:

10.1.1. In the Trust’s reasonable opinion you or your Users are using Beacon inappropriately or incompetently, or in a way that might bring the Trust into disrepute, or

10.1.2. You or your Users fail in your responsibilities to protect the System and its data, or

10.1.3. You or your Users breach these Terms in a way that cannot be corrected, or

10.1.4. You or your users fail to correct a breach within a reasonable time period if the Trust asks you to do so, or

10.1.5. There is, in the Trust’s reasonable opinion, a similar very serious reason that requires your access to Beacon to be terminated, or

10.1.6. You fail to pay the appropriate licence fee.

11. Warranties

11.1. The Trust will do its best to ensure that Beacon performs well, but the Trust does not and cannot guarantee:

11.1.1. that the information the Trust provides, or that is provided through the Beacon Team, or on Beacon is accurate, complete, up-to-date, reliable or correct;

11.1.2. that Beacon will meet your requirements;

11.1.3. that Beacon will be available at any particular time or location;

11.1.4. that Beacon will function in an un-interrupted manner or be secure;

11.1.5. that any defects or errors will be corrected;

11.1.6. and/or that Beacon is at all times secure, free of viruses or other harmful components.

11.2. Any subject matter downloaded or otherwise obtained through Beacon is done so at your own risk and you will be solely responsible for any damage to your property or loss of data that results from such download or use of any such material.

11.3. Beacon is provided to you on an “as is” and “as available” basis.

11.4. To the maximum extent permitted by law, the Trust expressly disclaims any and all guarantees and conditions of any kind, whether express, implied or statutory, including without limitation any implied warranties of satisfactory quality, fitness for a particular purpose and non-infringement.

12. Liabilities

12.1. In compliance with any current legislation:

12.1.1. The Trust shall not in any circumstances have any liability for any losses or damages which may be suffered by you (or any Users), whether: the losses or damages are suffered directly or indirectly, the losses or damages are immediate or consequential, and whether the losses or damages that arise in contract, tort (including negligence) or otherwise which fall within any of the following categories: special damages even if the Trust were aware of the circumstances in which such special damage could arise: loss of profits; loss of anticipated savings; loss of business opportunity; loss of goodwill; loss or corruption of data.

13. General Terms

13.1. The Trust shall have no liability to you under these Terms if the Trust is prevented from or delayed in performing its obligations under these Terms, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control.

13.2. If any provision (or part of a provision) of these Terms is found by any court to be invalid, unenforceable or illegal, the other provisions shall remain in force.

13.3. These Terms are the whole agreement between the parties and replace any previous understanding or agreement between the Trust and the participating U3A.

13.4. The Trust may, at any time, and at its sole discretion, modify these Terms, and will seek to give you advance notice of any such modifications.

13.5. Your continued use of Beacon following any such modification constitutes your acceptance of these modified Terms.

13.6. You may not assign, transfer, charge, or sub-license any of your rights or obligations under these Terms to any other person.

13.7. The Trust may at any time assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under these Terms.

13.8. Nothing in these Terms is intended to or shall operate to create a partnership between the parties or authorise either party to act as agent for the other, and neither party shall have the authority to act in the name or on behalf of or otherwise to bind the other in any way.

13.9. These Terms do not confer any rights on any person or party (other than the parties and, where applicable, their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.

13.10. These Terms and any dispute or claim arising out of or in connection with these Terms (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales and the courts of England and Wales shall have exclusive jurisdiction.