Platform License Agreement USA

Unibuddy Platform License Agreement (USA)



Acceptable Use Policy: the Company’s acceptable use policy (as amended from time to time). 

Aggregate Data: means the anonymized usage data, which is derived from the Student Ambassadors’ and/or Prospective Students’ use of the Platform, including questions and answers derived from conversation history, and expressly excluding any Student Ambassadors’ and/or Prospective Students’ personal data.

API: the Company’s application programming interface that enables the Customer to integrate the Company’s cloud hosted communications platform with the Customer Website.

Company Trademarks: the Trademarks and trade names owned by and/or licensed to the Company from time to time. 

Claims: has the meaning given to it in clause 13.1.

Company Website:

Confidential Information: information that is proprietary or confidential and is: (a) clearly labelled as such; (b) otherwise identified as Confidential Information; or (c) information that would be regarded as confidential by a reasonable business person.

Customer Trademarks: the Trademarks and trade names owned by and/or licensed to the Customer from time to time.

Dashboard: the online portal which displays, among other things, data about the Prospective Student’s use of the platform, to which the Customer may login. Additional licensable features include a multi-Instance view which enables visibility of data across multiple dashboards.

End User: means any category of individual that has access to or engages with the Customer via the Unibuddy Platform including but not limited to Prospective Students, Student Ambassadors, administrators and other Customer employees.

Extended Term: has the meaning given to it in clause 16.1.

Feedback: has the meaning given to such term in clause 7.3.

Initial Term: has the meaning given to it in clause 16.1.

Instance: means a single licensed asset location of the Platform licensed to the Customer where usage statistics including Aggregate Data are displayed. 

Intellectual Property Rights: patents, rights to inventions, copyright and related rights, trademarks and service marks, business names and domain names, trade dress, rights in designs, database rights, concepts, designs, logos, names, techniques, technologies, processes, methods, inventions, products, works of authorship, discoveries, developments, source code, object code, technical information, other programming code, algorithms, innovations, improvements, and other proprietary property of a party of any kind, whether tangible or intangible, whether in written or other form, rights in know-hows and trade secrets and all other intellectual property rights, in each case whether registered or unregistered and including all applications renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world. 

Legislation: any law, rule, regulation, ordinance, statute, or any mandatory rules or guidance issued by any regulatory body having jurisdiction over the applicable party.

Order Form: means the document setting out the licensed subscription usage of the Customer including features subscribed to, license term, and additional terms.

Platform: the Company’s cloud hosted communications platform, including the API, the Dashboard, Unibuddy Live and Unibuddy Events, licensed to the Customer under the terms of this Agreement including future features which may be licensed subject to additional license fees.

Prospective Student(s): an individual who is interested in and/or applies for a place at the Customer.

Student Ambassadors: students who are already enrolled at the Customer as under-graduates, graduate students or post-graduate students and whom sign-up to use the Platform as a ‘buddy’.

Term: together the Initial Term and any Extended Term.

Unibuddy Events: a feature of the Platform that enables the hosting of multiple chat channels and sequential live streams in a conference configuration.

Unibuddy Live: a feature of the Platform that enables the Customer to stream video contact over the internet to recipients that have a Unibuddy account.


2.1 Subject to the terms and conditions of this Agreement, the Company hereby grants to the Customer:

  1. a) a non-exclusive, non-transferable, non-sublicensable, and limited right during the Term to use the API:
  2. i) to integrate the Platform into the Customer Website in order to provide access to End Users; 
  3. ii) to permit End Users to access and use the Platform, in accordance with this Agreement and the Acceptable Use Policy, as has been integrated into the Customer Website.
  4. b) a non-exclusive, non-transferable, non-sublicensable, and limited right during the Term to permit certain End Users to access the Dashboard.

2.2 The Customer shall describe the Platform (as integrated into the Customer Website) as “Powered by Unibuddy” but shall not represent itself as an agent of the Company for any purpose, give any condition or warranty or make any representation on the Company’s behalf or commit the Company to any contracts. Further, the Customer shall not without the Company’s prior written consent make any representations, warranties, guarantees or other commitments with respect to the specifications, features or capabilities of the Platform which are inconsistent with those specified by Company in writing or otherwise incur any liability on behalf of the Company whatsoever.

2.3 The parties acknowledge that the Platform will include Student Ambassador profiles, which will be accessible on the Customer Website and the Company Website. The University shall ensure that such Student Ambassadors have given their freely informed consent to the use of their profiles in this manner.

2.4 The Customer shall use all commercially reasonable efforts to prevent any unauthorized access to, or use of, the Dashboard and, in the event of any such unauthorized access or use, promptly notify the Company.

2.5 The rights provided under this clause 2 are granted to the Customer only and only for the Customer Website and shall not be considered granted to any other site, subsidiary or holding company of the Customer unless expressly agreed.


3.1 The Customer undertakes that it shall not, and shall procure that its employees, consultants, agents and subcontractors shall not:

  1. a) other than as expressly permitted by this Agreement, attempt to obtain, or assist third parties in obtaining, access to the Platform;
  2. b) attempt to decompile, disassemble, reverse engineer, make derivative works, or otherwise reduce to practice all or any part of the Platform; 
  3. c) use the Platform, other than as expressly permitted by this Agreement; 
  4. d) license, sell, rent, lease, transfer, assign, distribute, display, modify, copy, disclose, or otherwise commercially exploit, or otherwise make the Platform available to any third party; 
  5. e) interfere in any matter with the operations of the Platform, or any hardware, software, or network used to operate the Platform;

3.2 If the Customer becomes aware that any End User’s use of the Platform breaches the Acceptable Use Policy, the Customer shall immediately inform the Company.

3.3 The Company reserves the right, without liability or prejudice to its other rights, to disable the Customer’s and/or End Users’ access to the Platform if the Company reasonably believes there has been (or might be) a breach of the provisions of this clause 3.


4.1 The Company shall, during the Term:

  1. a) provide Platform access to the Customer, subject to the terms of this Agreement; and
  2. b) enable End Users who have agreed to abide by the Acceptable Use Policy to use the Platform..

4.2 The Company may, during the Term, provide such updates or new releases to the Platform as such updates or new releases become generally available, subject to any applicable license fee for substantial new features.

4.3 The Company shall use commercially reasonable endeavours to make the Platform available 24 hours a day, seven days a week, except for planned maintenance carried out during the maintenance window of 10.00 pm to 2.00 am UK time.


Usage limits will apply to certain elements of the Unibuddy Platform, in particular the use of video streaming as part of the Unibuddy Live and Unibuddy Events features if purchased. These usage limits will include:

5.1 A limit on the number of individuals able to view any  enabled video streaming at any given time (concurrent views). This will be set according to the size of the package the Customer has subscribed to, as described in the table below:

Package Tiny Small Medium Large X-Large
Limit 125 viewers 250 viewers 500 viewers 750 viewers 1,000 viewers

5.2 A fair use policy, which will be applied to all Customers. As a tailored solution for student recruitment and orientation, it is not expected that an individual Customer will use more than 300 hours of video streaming per year. This amount is ample to deliver a significant number of recruitment and orientation events, with multiple live streams across different departments and services. The Company reserves the right to limit the use of the video streaming for Customers that exceed this limit however higher usage limits can be provided on request.


6.1 The fees for the Platform shall be calculated in accordance with the Order Form above.

6.2 The Company will invoice the Customer annually in advance. The Customer shall pay the full amount invoiced to it by the Company in United States dollars within 30 days of the date of invoice.

6.3 All amounts due under this Agreement shall be paid by the Customer to the Company in full without any set-off, counterclaim, deduction or withholding (other than any deduction or withholding of tax as required by law). 

6.4 If the Customer fails to make any payment due to the Company under this Agreement by the due date for payment, then, without limiting the Company’s remedies, the Company shall be entitled to suspend access to the Platform without any liability. Any payment not received by Company within 60 days of the date of invoice will accrue interest at a rate of one (1.0%) percent per month, or the highest rate allowed by applicable law, whichever is lower.  In the event of non-payment, Company shall be entitled to take all reasonable collections actions, including the use of a collection agency or attorney, and Customer shall be liable to Company for all costs of collections.

6.5 Except for sales taxes which may be due and set forth on an applicable invoice, and as explicitly set forth in this Agreement, each party will be solely responsible for all taxes, charges, and assessments applicable to its own activities, including without limitation taxes on its net income, taxes relating to its employees, and taxes on any property it owns or leases.  If Customer is exempt from applicable taxes, Customer shall, upon execution of this Agreement, provide Company with the applicable exemption certificate(s).


7.1 All Intellectual Property Rights in the Platform belong, to the Company and/or its licensors.

7.2 The Customer shall not do or authorize any third party to do any act which would or might invalidate or be inconsistent with any Intellectual Property Rights of the Company and shall not omit or authorize any third party to omit to do any act which, by its omission, would have that effect or character.

7.3 The Customer acknowledges that the use of certain features of the Platform, including but not limited to Unibuddy Live and Unibuddy Events, may enable the Customer’s End Users to communicate content which may include the Intellectual Property Rights of third parties and shall ensure that such use of the Platform does not infringe such rights. 

7.4 Other than the licenses expressly granted under this Agreement, neither party grants any license of, right in or makes any assignment of any of its Intellectual Property Rights.  In particular, except as expressly provided in this Agreement, the Customer shall have no rights in respect of any trade names, Company Trademarks and/or Company Intellectual Property or the associated goodwill therein, and the Customer hereby acknowledges that all such rights and goodwill shall inure for the benefit of and are (and shall remain) vested in, the Company.  All suggestions, solutions, improvements, corrections and other contributions provided by Customer to Company regarding the Company Intellectual Property (“Feedback”), including any and all intellectual property rights and goodwill adhering thereto, shall be Company Intellectual Property.  Customer hereby agrees to assign any and all rights, title and interest to such Feedback to Company. Customer further agrees to execute any documents reasonably necessary to effect such assignment.   

7.5 All content created by the Customer, including its employees, in the course of its use of the Platform shall remain the Customer’s Intellectual Property Rights and such rights shall vest in the Customer.

7.6 The University hereby grants to the Company a non-exclusive, irrevocable, perpetual, non-transferable license to use the Intellectual Property Rights in such content for:

7.6.1 analytical purposes, including but not limited to providing year-on-year trend statistics to the Customer as part of the Platform features;

7.6.2 to improve security in the Platform, including but not limited to detection systems for bad actor Student Prospects and Student Ambassadors that breach the Acceptable Use Policy; and

7.6.3  to improve the performance and functionality of the Platform; 

For the avoidance of doubt, such content shall exclude any Personal Data (as defined in Schedule 1) and shall be limited to Aggregate Data only.

7.7 Any new or derivative works created from such Aggregate Data shall vest in the Company and remain the Company’s Intellectual Property Rights.

7.8 The Customer shall promptly give notice in writing to the Company in the event that it becomes aware of:

  1. a) any infringement or suspected infringement of the Intellectual Property Rights in or relating to the Platform; or 
  2. b) any claim that Platform infringes the rights of any third party.


8.1 Subject to the terms and conditions of this Agreement, the Company hereby grants to the Customer a non-exclusive, revocable, non-transferable license to use the Company name on the Customer Website, unless otherwise agreed to in writing.

8.2 Subject to the terms and conditions of this Agreement, the Customer hereby grants to the Company a non-exclusive, revocable, non-transferable license to use the Customer marks and refer to this Agreement on the Company Website and in the Company’s marketing materials. 

8.3 The Customer shall ensure that each reference to, and use of, any of the Company Trademarks by the Customer is in a manner approved from time to time by the Company and accompanied by an acknowledgement in a form approved by the Company that the same is a trademark (or registered trademark) of the Company.


9.1 Each party may have access to Confidential Information of the other party under this Agreement. Confidential Information means the confidential and proprietary information of the disclosing party that (i) is marked or identified as “confidential” or “proprietary” at the time of disclosure, or (ii) should be reasonably understood to be confidential given the nature of the information and the circumstances surrounding its disclosure.  A party’s Confidential Information shall explicitly include, but is not limited to, the subscription cost and the terms and conditions of this Agreement and the other party’s Intellectual Property. 

9.2 A party’s Confidential Information shall not include information that:

  1. a) is or becomes publicly known through no act or omission of the receiving party; or 
  2. b) was in the receiving party’s lawful possession prior to the disclosure; or 
  3. c) lawfully disclosed to the receiving party by a third party without restriction on disclosure; or
  4. d) is independently developed by the receiving party, which independent development can be shown by written evidence; or
  5. e) is required to be disclosed by law, by any court of competent jurisdiction or by any regulatory or administrative body. 

9.3 Each party shall hold the other party’s Confidential Information in confidence and, unless required by law, not make the other’s Confidential Information available to any third party or use the other’s Confidential Information for any purpose other than the implementation of this Agreement.

9.4 Each party agrees to take all reasonable steps to ensure that the other’s Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of this Agreement. Notwithstanding the foregoing, each party may provide a copy of this Agreement to its financial, legal, or professional advisors, or potential financing sources, in connection with a bona fide due diligence request for a potential financing, acquisition, or similar transaction. These restrictions will not prevent either party from complying with any law, regulation, court order or other legal requirement that compels disclosure of any Confidential Information provided that the receiving party will promptly notify the disclosing party upon learning of any such legal requirement, and cooperate with the disclosing party in the exercise of its right to protect the confidentiality of the Confidential Information.

9.5 The obligations of confidentiality contained in this clause 9 shall persist or the duration of this agreement and three (3) years post-termination.


10.1 Each party shall process Personal Data in accordance with the Data Processing Addendum attached at Schedule 1 (as defined).

10.2 To the extent that Company receives or otherwise has access to “personally identifiable information” from “education records” of Customer, as such terms are defined in the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g; 34 CFR Part 99) (“FERPA”), or creates education records while acting for Customer, Company agrees to comply with the requirements of FERPA. Company acknowledges that Customer has designated Company a “school official” pursuant to 34 CFR § 99.31(1)(i)(B) and agrees that it is (i) under the direct control of Customer with respect to the use and maintenance of Customer’s education records and (ii) subject to the requirements of 34 CFR § 99.33(a) governing the use and disclosure of personally identifiable information from such education records.


11.1 The Company shall make all reasonable efforts to ensure that the API, as embedded into the Customer Website, will be accessible to individuals with disabilities as measured by conformance with the W3C’s Web Content Accessibility Guidelines (WCAG) 2.0 Level AA, with the exception of audio description. Upon request, Company will provide information about conformance of such content and functionality with applicable accessibility standards via the Voluntary Product Accessibility Template (VPAT).  


12.1 Each party represents warrants and undertakes that:

  1. a) it has full capacity and authority and all necessary consents to enter into and to perform this Agreement and to grant the rights and licenses referred to in this Agreement and that this Agreement is executed by its duly authorized representative and represents a binding commitment on it; and
  2. b) it shall comply with all applicable Legislation in the performance of its obligations under this Agreement .

12.2 The Company warrants to the Customer that the Platform licensed by it under this Agreement will operate substantially in accordance with, and perform, the material functions and features as set out in the applicable part(s) of the Specification, if requested. Notwithstanding the foregoing, the Company:

  1. a) does not warrant that the Services will be uninterrupted or error-free; or that the Services, Documentation and/or Services will meet the Customer’s or any Prospective Student’s requirements; and
  2. b) is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the Services and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities.



13.1 Customer hereby agrees to indemnify, defend and hold harmless Company and its officers, directors, employees and agents from and against all third party claims, actions liabilities, losses, expenses, damages and costs (including, without limitation, reasonable attorneys’ fees) (“Claims”) arising from, or related to: 

  1. a) a breach of the confidentiality provisions set forth herein, 
  2. b) the collection or use of Personal Data as authorized by the Customer is a breach of applicable laws; or 
  3. c) a claim alleging that the Customer’s use of the Platform or any Customer Intellectual property or Trademark infringes a third party’s intellectual property rights.  

13.2 Company shall have the right to participate in the defence of any Claim and be represented by counsel at its expense.  

13.3 Company hereby agrees to indemnify, defend and hold harmless Customer and its officers, directors, employees and agents from and against all Claims arising from or related to: 

  1. a) a breach by Company of the representations and warranties set forth in this Agreement,
  2. b) a breach by Company of the confidentiality provisions set forth herein, and 
  3. c) a claim made by a third party against Customer that the Company Intellectual Property infringe any third party’s existing intellectual property rights.  

13.4 If Customer’s use is enjoined by reason of an infringement claim, Company may, at its sole option and expense, either (i) procure for Customer the right to continue to use of the Platform; (ii) modify or replace the infringing services so that they become non-infringing or (iii) if neither of the options set forth in (i) and (ii) above is reasonably available then Company may terminate this Agreement and provide a pro-rata refund to the Customer from the time the Customer’s use of the Platform is enjoined to the end of the Term. 

13.5 The indemnified party shall provide the indemnitor with 

  1. a) prompt written notification of any Claims; 
  2. b) sole control and authority over the defence or settlement of the Claims; and 
  3. c) all available information and reasonable assistance necessary to settle and/or defend any such Claims, provided that if any settlement requires any action or admission of liability by the indemnified party, then the settlement will require the indemnified party’s written consent.  

13.6 The indemnified party may have its own counsel present at all proceedings or negotiations in an advisory capacity to the indemnitor’s counsel relating to a Claim, at the indemnified party’s own expense.


14.1 The following provisions set out the entire financial liability of each party (including any liability for the acts or omissions of its employees, agents and sub-contractors) to the other party in respect of:

  1. a) any breach of this Agreement howsoever arising; and
  2. b) any representation, misrepresentation (whether innocent or negligent) statement or tortious act or omission (including without limitation negligence) arising under or in connection with this Agreement.

14.3 Nothing in this Agreement excludes the liability of either party:

  1. a) for death or personal injury caused by its negligence; or
  2. b) for fraud or fraudulent misrepresentation. 

14.4 Subject to clause 14.3, neither party shall in any circumstances be liable, whether in tort (including for negligence or breach of statutory duty howsoever arising), contract, misrepresentation (whether innocent or negligent) or otherwise for:

  1. a) loss of profits; or
  2. b) loss of business; or
  3. c) depletion of goodwill or similar losses; or
  4. d) loss of anticipated savings; or
  5. e) loss of goods; or
  6. f) loss of use; or
  7. g) loss or corruption of data or information; or
  8. h) any special, incidental, consequential or other indirect loss, costs, damages, charges or expenses.

14.5 Each party’s total aggregate liability in contract, tort (including without limitation negligence or breach of statutory duty howsoever arising), misrepresentation (whether innocent or negligent), restitution or otherwise, arising in connection with the performance or contemplated performance of this Agreement shall in all circumstances be limited to the equivalent amount of fees actually paid under this Agreement in the 12 months preceding the date on which the claim arose. In the event that the Customer has not yet paid amounts payable under this Agreement, its total aggregate liability shall be limited to the equivalent amount of fees payable under the Order Form. For the avoidance of doubt, any unpaid fees owed to the Company under this Agreement shall be in addition to the Customer’s total aggregate liability. 


15.1 The Company will procure and maintain during the term of this Agreement the following insurance coverage:

  1. a) Commercial General Liability with limits no less than $2,000,000 per occurrence and $4,000,000 in the aggregate, including bodily injury and property damage and products and completed operations and advertising liability;
  2. b) Cyber Liability Insurance with limits no less than $2,000,000 in the aggregate for all claims each policy year; and
  3. c) Commercial Automobile Liability with limits no less than $1,000,000, each occurrence combined single limit of liability for bodily injury, death, and property damage, including non-owned and hired automobile coverages, as applicable.


16.1 This agreement shall commence on the Effective Date. Unless terminated earlier in accordance with clause 16.3 or 16.4, this agreement shall continue until the Renewal Date specified within the Order Form (“Initial Term”) and shall automatically extend at the prevailing subscription rate for 12-monthly periods (“Extended Term”) at the end of the Initial Term and at the end of each Extended Term unless written notice is provided by either party to terminate this Agreement at least thirty (30) days prior to the end of each Term.

16.2 The Company will confirm the prevailing subscription rate for renewal not later than 60 days before the end of each term.

16.4 Without affecting any other right or remedy available to it, either party may terminate this Agreement with immediate effect by giving written notice to the other party if the other party commits a material breach of any term of this Agreement and fails to remedy that breach within a period of 14 days after being notified in writing to do so.


17.1 Upon termination or expiry of this Agreement for any reason the accrued rights of the parties as at termination or the continuation after termination of any provision expressly stated to survive or implicitly surviving termination shall not be affected or prejudiced.

17.2 Subject to the foregoing provisions of clause 17.1, all rights and licenses granted under this Agreement shall terminate. 

17.3 The termination of this Agreement shall not of itself give rise to any liability on the part of the Company to pay any compensation to the Customer for loss of profits or goodwill, to reimburse the Customer for any costs relating to or resulting from such termination, or for any other loss or damage.




19.1 No failure or delay by a party to exercise any right or remedy provided under this Agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.

19.2 If any provision or part-provision of this Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of this Agreement.

19.3 This Agreement, together with the Order Form, Schedules and incorporated documents, constitutes the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter. In the event of a conflict of terms the documents shall take the following order of precedence: the Order Form, the Master License Terms (if applicable), any terms incorporated by reference, and the Platform License Agreement.

19.4 Each party acknowledges that in entering into this Agreement it does not rely on, and shall have no remedies in respect of, any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in this Agreement.

19.5 No amendment of this Agreement shall be effective unless it is in writing and signed by the parties (or their authorized representatives).

19.6 Nothing in this Agreement is intended to, or shall be deemed to, establish any partnership or joint venture between any of the parties, constitute any party the agent of another party, nor authorise any party to make or enter into any commitments for or on behalf of any other party. Each party confirms it is acting on its own behalf and not for the benefit of any other person.

19.7 Neither Party shall assign this Agreement, in whole or in part, to any entity without the other party’s prior written consent. Any attempt to assign this Agreement, in whole or part, in contravention of this section, shall be void, except that, either party may assign this Agreement and such party’s rights and delegate its duties hereunder pursuant to a transfer of all or substantially all of its business, whether by merger (statutory or otherwise), sale of assets or stock or otherwise. This Agreement shall be binding upon and shall inure to the benefit of the parties hereto and their successors and permitted assigns. 

19.8 This Agreement may be executed in one or more counterparts, each of which will be deemed an original, and taken together will be deemed one and the same instrument.  A facsimile or electronic copy of this Agreement may be accepted as an original, and facsimile or electronic copies of the Parties’ signatures may be treated as originals and admissible evidence of this Agreement.


20.1 In the event that Customer is a public and/or state-owned entity, this Agreement and all matters arising out of or relating to this Agreement will be governed by and construed in accordance with the laws of the state where the Customer’s primary entity is located and the parties agree to submit to the jurisdiction of the courts of the Customer’s district and/or county, which shall have non-exclusive jurisdiction over any dispute between them.

20.2 Unless clause 20.1 applies, this Agreement and all matters arising out of or relating to this Agreement will be governed by and construed in accordance with the laws of the State of New York, without regard to principles relating to conflicts of law. The courts of the State of New York in New York County and the United States District Court for the Southern District of New York will have exclusive jurisdiction over the parties with respect to any dispute, controversy, or claim between them arising out of or relating to this Agreement and, by execution and delivery of this Agreement, the parties to this Agreement submit to the jurisdiction of those courts.


21.1 Each party’s obligations under this Agreement which by their nature (irrespective of whether the provisions specifically states that it will survive the termination or expiration of this Agreement) are intended to survive termination or expiration of this agreement will so survive.

Schedule 1 – Data Processing Agreement


The following definitions are used in this addendum:

Data Controller: shall mean the entity which alone or jointly with others determines the purposes and means of the Processing of Personal Data and herein shall refer to the Customer. For the purposes of the CCPA, Data Processor shall be construed as “Business”.

Data Processor: shall mean the entity which Processes Personal Data on behalf of the Data Controller and herein shall refer to the Company. For the purposes of the CCPA, Data Processor shall be construed as a “Service Provider”.

Data Discloser: shall mean Unibuddy Limited.

Data Receiver: shall mean the Customer.

End User:  means any category of individual that has access to or engages with the Unibuddy Platform including but not limited to Prospective Students, Students, Student Ambassadors, administrators and other Customer employees.

Personal Data: shall mean all information related to an identified or identifiable natural person (each, a “Data Subject”) created, collected or received pursuant to the services performed under this Agreement. For the purposes of the CCPA and FERPA, Personal Data may be construed as Personal Information or Education Records and Data Subject shall be construed as a “Consumer” where applicable;

Processing: shall mean any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

Privacy Laws: means any applicable law, regulation, or other legal requirement governing the relationship between the Customer and the Company and the services provided under the Agreement including but not limited to, the Regulation (EU) 2016/679 (General Data Protection Regulation), the California Consumer Privacy Act 2018 (“CCPA”), the Family Educational and Privacy Rights Act (“FERPA”) and/or any applicable local implementation. 

Controller, Joint Controllers, Processor, Data Subject, Personal Data, Processing, Supervisory Authority and appropriate technical and organisational measures: shall have the meanings given to them in the Data Protection Legislation.


2.1 The Customer shall be the Data Controller and the Company shall be the Data Processor for the purposes of data processing in accordance with this Agreement, in the circumstances where End Users are using Unibuddy’s Platform on behalf of the Customer. 

2.2 The Customer and the Company shall act as Joint-Data controllers, where the Customer has requested the Company to collect additional Personal Data from the End User. 

2.3 Both the Customer and the Company shall comply with their obligations under the Privacy Laws in relation to any Personal Data made available by the Customer which the Company Processes under or for the purposes of this Agreement and in relation to any Personal Data, that both the Customer and the Company jointly control.

2.4 Where the parties have determined that they are Joint- Data Controllers in relation to the shared Personal Data, this Agreement sets out the arrangements between them for the purposes of Article 26 of the GDPR.

2.5 The Data Discloser agrees to share the Personal Data with the Data Receiver in the European Economic Area (EEA), or outside the EEA, on terms set out in the Agreement.

2.6 The Data Receiver agrees to use the Personal Data within the EEA, or outside the EEA, on the terms set out in this Agreement.

2.7 The purpose of this schedule is to define the conditions under which the Company (as Data Processor) will process data on behalf of the Customer (as Data Controller) and the conditions under which the Customer and the Company will act as Joint-Data Controllers. In particular the nature and purpose of the processing, the categories of data subject and type of personal data, and the obligations of the Processor and the Joint-Data Controllers. 


Unibuddy as a Processor

3.1 The Company shall process the data in order to provide the following services as part of the Platform:

  1. a) Enable direct communications between prospective students/applicants and current student ambassadors and university staff.
  2. b) Provide an administration dashboard for the platform to the Customer, to include analytics and monitoring of activity on the platform.
  3. c) Enable the collection of supplementary information and feedback on the use of the platform by users.
  4. d) The Platform and communications will be available via a web API, the website, a mobile app, and other online communications mechanisms, and will include email and sms notifications.
  5. e) Personal Data, including supplementary data and conversational data will be collected via web-based sign-up forms, and via the chat facility, embedded within the platform on the web API and the mobile app.

Joint-Data Controllers

3.2 The Company and the Customer have set out the framework for the purposes of sharing of Personal Data when one Joint Controller (the Data Discloser) discloses Personal Data to the other (the Data Receiver). 

3.3 The parties consider this data sharing initiative is necessary to provide the Customer with additional necessary information they require from their users. The aim of the data sharing initiative is to provide improved service to the Customer and provide the Customer with the requested data.

3.4 The parties agree to only process Shared Personal Data, as described in Clause  4.2 and Clause 4.3, for the following purposes and by the following means:

(a) Collect additional End User specific data, such as phone numbers, field of preferred study and anything else requested by the Customer;

(b)Provide an administration dashboard for the platform to the Customer, to include analytics and monitoring of activity on the platform;

(c) Personal Data, including supplementary data and conversational data will be collected via web-based sign-up forms, and via the chat facility, embedded within the platform on the web API and the mobile app.

3.5 The parties shall not process Shared Personal Data in a way that is incompatible with the purposes described in this clause (Agreed Purposes and Means).

3.6 When and to the extent that the parties determine in respect of any Processing of Personal Data that the relationship between them is not one of Joint Controllers because it is between Controllers and Processors, then they will cooperate in agreeing and documenting appropriate arrangements for that other relationship or those other relationships.

3.7 Each party shall appoint a single point of contact (SPoC) for Data Subjects and also who will work together to reach an agreement with regards to any issues arising from the data sharing and to actively improve the effectiveness of the data sharing initiative. The point of contact for Unibuddy is Head of Legal, [email protected] and the point of contact for the other party shall be as specified in an executed Order Form. 


4.1 Personal Data will be collected from and processed for:

  1. a) Prospective students (enquirers) and applicants of the Customer;
  2. b) Current student ambassadors;
  3. c) Staff of the Customer;
  4. d) If applicable, the Staff, student ambassadors and prospective students of affiliated universities.

4.2 Additional Personal Data will be collected from and shared between the parties for:

  1. a) Prospective students (enquirers) and applicants of the Customer.

Such additional information includes, but is not limited to phone numbers, degree subject/level of interest, etc.

Special categories of personal data will not be shared between the parties.

4.3 Personal Data collected from the data subjects identified above will include:

Prospective students: essential data – first name, last name, email address, encrypted password, country; additional data –  the degree subject/level of interest (undergraduate/postgraduate), phone number, whether they have already applied to the university, and chat conversations and interactions with student ambassadors.

Student Ambassadors: first name, last name, photo, phone number, email address, encrypted password, country/city/location, languages spoken, academic history (and previous high school; degree/university degree; degree level (undergraduate/postgraduate); university year (1st, 2nd etc.), an ‘about me’ free text selection and chat conversations and interactions with prospective students.

End Users/Staff: first name, last name, email address, encrypted password.

4.4 Personal Data collected about the data subjects in respect of all users includes:

  1. a) device-specific information, such as their hardware model, operating system version, unique device identifiers, and mobile network information;
  2. b) technical information about their computer or mobile device, including where available, their IP address, operating system and browser type, for system administration and analytical purposes; and
  3. c) details of their visits to our Website, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website (including date and time), length of visits to certain pages, and page interaction information (such as scrolling, clicks, and mouse-overs), details of whether you are using the Website or the Unibuddy widget.

4.5 Personal Data will be processed or controlled only for the time necessary to enable the service to be provided and in accordance with the Privacy Agreements of Unibuddy and the Customer. Staff and student ambassador data will be deleted or irreversibly anonymised within 14 days of an instruction by the Customer.

4.6 The default setting for the retention of Personal Data will be two years after the last interaction by the Data Subject. Variation of this setting will require a written instruction from the Customer and may be subject to the technical limitations of the platform at the time of request.

4.7 The Unibuddy Platform is under continual development, and new features may include additional data subjects (such as Alumni) and additional data collected (such as further details about administrative and academic staff using the platform). The Customer will be asked for written consent to add such additional features, and any such additional data processing will be accompanied by revised user Privacy Agreement detailing the types and uses of the data.


5.1 The Company shall, and shall procure that its sub-contractors shall: 

  1. a) act only on instructions from the Customer when processing personal data provided to it under this agreement, and keep records of all such processing;
  2. b) comply with the Customer’s instructions in relation to the processing of personal data as such instructions are given and varied from time to time by the other party;
  3. c) not access or use such Personal Data except as necessary to provide the Services, and shall only Process such Personal Data in accordance with this Agreement and only on the Customer’s written instructions;
  4. d) implement appropriate technical and organisational measures to protect any personal data against unauthorised or unlawful processing and accidental loss, disclosure, access or damage; 
  5. e) comply with its privacy policy;
  6. f) assist the Customer to meet its obligations as Data Controller to enable data subjects to exercise their rights, such as subject access requests, requests for rectification or erasure, or making objections to processing;
  7. g) assist the Customer in its obligation to carry our data protection impact assessments (DPIAs) and in consulting with the relevant authority if the DPIA indicates an unmitigated high risk to processing;
  8. h) notify the Customer immediately if it believes it has been given an instruction that doesn’t comply with the relevant data protection law;
  9. i) delete and/or return to the Customer all such Personal Data upon request or on termination or expiry of this Agreement, unless otherwise required under applicable laws; 
  10. j) ensure that persons authorised to access such Personal Data are subject to confidentiality obligations, whether by contract or statute;
  11. k) as soon as reasonably practicable, within the next 24 hours and no later than 72 hours, notify the Customer in writing of any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, such Personal Data. The notice will specify (i) the categories and number of individuals concerned, (ii) the categories and number of records involved, (iii) the likely consequences of the breach and (iv) any steps taken to mitigate and address the breach;
  12. l) not transfer personal data to any country outside of the EEA (except for transfers to and from: (i) the United Kingdom; (ii) any country which has a valid adequacy decision from the European Commission; or (iii) any organisation which ensures an adequate level of protection in accordance with the Privacy Laws) without prior written consent from the Customer;
  13. m) not subcontract any Processing of such Personal Data under less protective terms and security standards than those secured under this agreement. The Company is hereby authorised to use cloud service providers and hosting services, including but not limited to, those detailed in Unibuddy’s privacy policy which the Customer acknowledges and accepts are used by the Company to host Personal Data. 

5.2 The Customer shall ensure that it informs any Data Subjects whose Personal Data is disclosed to the Company and processed pursuant to this Agreement, that the Customer may use and disclose their Personal Data to the Company in accordance with this Agreement, and that the relevant Data Subjects have, where necessary, consented to such Processing and disclosure. The Customer shall be responsible for ensuring the Personal Data provided by the Customer to be processed by the Company pursuant to and in accordance with this Agreement is Processed on lawful grounds.  

5.3 The Customer shall be solely responsible for any automated decision making it makes through use of the Services and shall ensure it implements suitable measures to safeguard the Data Subjects’ rights and freedoms.

5.4 The Customer must promptly notify the Company in the event of any withdrawal of any relevant consent by any Data Subject whose Personal Data is Processed pursuant to this Agreement, giving sufficient details of the withdrawal to enable the Company to comply with its obligations under the Privacy Laws.

5.5 Each party must immediately notify the other if it becomes aware of a complaint or allegation of breach of the Privacy Laws by any person or an investigation or enforcement action by a regulatory authority, in connection with this Agreement.

5.6 Subject to reasonable notice, the Company shall permit the Customer to monitor, inspect, interview and audit the staff, facilities, data, documentation, systems, records, internal policies and controls and materials of the Company for the purpose of reviewing the Company’s compliance and ability to comply with the Privacy Laws and promptly give all access, copies of records, information and explanations to the Customer to undertake any such monitoring, inspection, interviews or audits. If an audit requires the equivalent of more than one business day of time expended by one or more of the Company’s employees (or other personnel), the Customer agrees to reimburse Company for any additional time expended at Company’s then current professional services rates.


6.1 Each party shall ensure that it processes the Shared Personal Data fairly and lawfully in accordance with this Agreement.

6.2 Each party shall ensure that it has legitimate grounds under the Data Protection Legislation for the processing of Shared Personal Data and where the legitimate ground relied on is consent, the data subject  has consented.

6.3 Each party shall comply with its obligations under Article 26 of the GDPR and:

(a) shall make available to Data Subjects the essence of the arrangements contemplated by this Agreement as is required by Article 26(2) of the GDPR;

(b) acknowledges that Data Subjects may exercise their rights under the GDPR in respect of and against each party in accordance with Article 26(3) of the GDPR; and

(c) agrees to provide to each other party such cooperation as may reasonably be required to assist that other party in compliance with its obligations under Article 26 of the GDPR.

6.4 Where the parties act as Joint Controllers, each party shall be responsible for its adherence to the Privacy Laws and its obligations to data subjects. Each party is severally liable for its own compliance with the Privacy Laws and neither party shall be liable to the other for any breach or failure to comply with the Privacy laws. Neither party shall be liable to the other party for any claims brought by a data subject as a result of any breach or unauthorised access to personal data.


7.1 For the purposes of this clause, transfers of Personal Data shall mean any sharing of Shared Personal Data by the Data Receiver with a third party, and shall include, but is not limited to, the following:

  1. subcontracting the processing of Shared Personal Data; and
  2. granting a third party controller access to the Shared Personal Data.

7.2 The Data Receiver will consult with the Data Discloser before any transfer of Personal Data and if the Data Receiver appoints a third party processor to process the Shared Personal Data it shall comply with Article 28 and Article 30 of the GDPR and shall remain liable to the Data Discloser for the acts and/or omissions of the processor.

7.3 The Data Receiver may not make a transfer of Personal Data to a third party located outside the EEA unless it:

(a) complies with the provisions of Articles 26 of the GDPR (in the event the third party is also a joint controller); and

(b) ensures that (i) the transfer is to a country approved by the European Commission as providing adequate protection pursuant to Article 45 of the GDPR; (ii) there are appropriate safeguards in place pursuant to Article 46 of the GDPR; or (iii) one of the derogations for specific situations in Article 49 of the GDPR applies to the transfer.


8.1 For the purposes of the CCPA, the Company does not sell Personal Data.

8.2 The Company discloses its third party service providers (referred to as sub-processors), on its Website.

8.3 For the purposes of FERPA, the Company only processes minimal Educational Records such as current degree for current Student Ambassadors and study areas of interest for Prospective Students.


9.1 Each party shall comply with its obligation to report a Personal Data Breach to the appropriate Supervisory Authority and (where applicable) data subjects under Article 33 of the GDPR and shall each inform the other party of any Personal Data Breach irrespective of whether there is a requirement to notify any Supervisory Authority or data subject(s).

9.2 The parties agree to provide reasonable assistance as is necessary to each other to facilitate the handling of any Personal Data Breach in an expeditious and compliant manner.

Schedule 2 – Service Level Agreement


The Company shall achieve Quarterly Platform Availability Level of at least 99.5%.

Downtime: means the time in which any service listed below is not capable of being accessed or used by the Customer, as monitored by the Company.

Quarterly Platform Availability Level: means the total number of minutes in a quarter minus the number of minutes of Downtime suffered in a quarter, divided by the total number of minutes in a quarter.

Platform Availability: refers to the core components of the Unibuddy chat platform, specifically:

  • the availability of the main Unibuddy widget to prospective students,
  • the Ambassador Dashboard used by the student ambassadors,
  • the Admin Dashboard used by the university administrators, and
  • refers to an access point on the backbone network of the Platform and not the portion of the circuit that does not transit the backbone network, as the Customer is responsible for its own internet access.

Exclusion from Downtime: The following are not counted as Downtime for the purpose of calculating Quarterly Platform Availability Level:

  • Service unavailability caused by scheduled maintenance (Maintenance Events) of the platform used to provide the applicable service (the Company will provide seven days’ advance notice of service-affecting scheduled maintenance); or
  • Service unavailability caused by events outside of the direct control of the Company or its subcontractor(s), including any force majeure event, the failure or unavailability of Customer’s systems, the Internet, and the failure of any other technology or equipment used to connect to or access the service.


Where the Platform fails to meet the service availability criteria set out in paragraph 1 above, the Company shall use its reasonable endeavours to achieve the response outlined in the table below. In this table the following terms are used:

Response time: means the time period commencing from when the Company has accepted the notification of the incident and agreed that the incident is genuine and requires investigation and resolution (“real”)

Resolution time: means the time period commencing from the Response time until the incident has been diagnosed, any underlying problem identified and, if possible, rectified, and the interruption to use minimised.

Category Description Response time Resolution time
For an incident logged outside of Normal Business Hours:
Priority 1 Showstopper, significant business or user impact 1 hour within next Business Day 4 hours in next Business Day
Priority 2 High priority, impacting effective use of the Platform for a significant number of users 1 hour in next Business Day 1 Business Day
For an incident logged in Normal Business Hours:
Priority 1 Showstopper, significant business or user impact 1 Normal Business Hour 4 Normal Business Hours
Priority 2 High priority, impacting effective use of the Platform for a significant number of users 1 Normal Business Hour 1 Business Day
Priority 3 Low priority, Platform not functioning as expected, but not significantly affecting use 2 Normal Business Hours 5 Business Days


Where the failure has resulted in a loss of data, the Company shall restore the Data to the latest 6 hour incremental back-up available before the data was lost. The recovery time objective shall be as per the resolution time set out above depending upon the priority of the incident.


Maintenance of the Company’s equipment, facilities, the Platform or other aspects of the services that may require interruption of the platform (“Maintenance Events”) shall be performed during the hours of 10.00pm to 2.00am local UK time and at least seven days notice will be given.

The Company may also interrupt the Services to perform emergency maintenance during the daily window of 10.00 pm to 2.00 am local UK time, provided at least three days notice is given (also “Maintenance Events”).

Any Maintenance Events which occur outside of these hours and which were not requested or caused by the Customer, shall be considered downtime for the purpose of service availability measurement. The Company shall at all times endeavour to keep any service interruptions to a minimum.


The Company shall provide regular maintenance services to the Platform. Maintenance includes all regularly scheduled error corrections, software updates and upgrades.

The Company shall maintain and update the Platform. Should the Customer determine that the Platform includes a defect, the Customer may at any time file error reports. During Maintenance Events, the Company may, at its discretion, upgrade versions, install error corrections and apply patches to the Platform. The Company shall use all reasonable endeavours to avoid unscheduled downtime for Platform maintenance.

Before the Company or the Customer makes changes to integration interfaces between the API and the Customer’s internal data stores or systems, the Company or the Customer shall provide notice to the other in order to ensure the continued operation of any integration interfaces affected by such changes. Each party shall provide the other party with at least 60 days’ advance notice of such changes. Such notice shall include at least the new interface specifications and a technical contact to answer questions on these changes. The Company or the Customer (as applicable) shall also provide up to 5 days of integration testing availability to ensure smooth transition from the previous interfaces to the new interfaces.

In the event that the Company wishes to deprecate any API they will provide the Customer with six months prior written notice.


Service desk support is available for admin users and ambassadors via the Chat facility available from within the Admin dashboard, the Ambassador dashboard or the website.

Any member of staff with a Unibuddy administrator account, or any Ambassador with an ambassador account is able to contact the help service via the Chat facility during US business hours (9.00am – 6.00pm EST). Outside these hours it is possible to leave a message. Initial responses will typically be within a few minutes during business hours, and in any case within one business day.


Universities are encouraged to provide both formal and informal feedback on the platform and suggest ideas and areas for development. The platform is developed on a continuous basis. Decisions and priorities for development are made on the basis of feedback from customers (Customer) and users (students and student ambassadors), as well as the commercial and non-commercial imperatives of Unibuddy. Developments will be announced on an ongoing basis via regular email newsletters and occasional client events.