SentiGrow

Ad-Hoc IT Support Terms & Conditions

Please read these terms carefully before requesting services.

Effective date: 1st March 2026

Provider: SentiGrow Ltd of Martland Mill, Mart Lane Burscough, Ormskirk, L40 0SD (the “Provider”)

Customer: Any person or organisation requesting Services from the Provider (the “Customer”)

Support Hours: Business Days 09:00–17:00 (UK time) unless otherwise agreed in writing

1. Acceptance

1.1 By requesting Services, approving a quote, instructing the Provider to proceed, scheduling an appointment, or permitting work to start (including by granting remote access), the Customer agrees to be bound by these Terms & Conditions.

1.2 If the Customer does not agree, the Customer must not request Services and must not allow work to start.

2. Definitions

2.1 “Business Day” means Monday to Friday excluding public holidays in England.

2.2 “Customer Systems” means the Customer’s devices, servers, networks, cloud tenants, accounts, applications and any third-party services used by the Customer.

2.3 “Customer Data” means all data (including personal data) accessed, processed, stored, transmitted or otherwise handled in connection with the Services.

2.4 “Services” means ad-hoc IT support services provided on request, subject to Provider availability.

3. Scope of Services

3.1 The Provider may provide Services on an ad-hoc basis upon request, subject to Provider availability. The Provider is not obliged to accept any request.

3.2 Services are reactive and do not include proactive monitoring, patch management, backup management, security management, compliance services, or ongoing responsibility for system health unless expressly agreed in writing.

3.3 The Provider may refuse or pause work that is unsafe, unlawful, or would materially increase security, legal, or operational risk.

4. Customer Responsibilities

4.1 The Customer shall provide timely access to Customer Systems, premises (if relevant), administrative credentials, multi-factor authentication approvals, and relevant vendor accounts as required to deliver the Services.

4.2 The Customer is responsible for maintaining valid licences/subscriptions and for the security and lawful use of Customer Systems.

4.3 Unless expressly agreed in writing, the Customer is solely responsible for backups, retention, and restore testing.

4.4 The Provider is not liable for delays, failures, or loss caused or contributed to by the Customer’s failure to cooperate, provide access/approvals, or provide accurate information.

5. Fees, Charging and Payment

5.1 Fees for Services will be as quoted or otherwise agreed in writing before work starts. If not quoted in advance, fees will be charged at the Provider’s standard ad-hoc rates in force at the time.

5.2 Unless otherwise agreed in writing, time is billed in 30-minute increments with a minimum charge of 30 minutes.

5.3 The Provider may require advance payment for ad-hoc customers or where estimated fees exceed £250 + VAT.

5.4 Invoices are payable within 7 days of the invoice date. The Customer shall not withhold payment by set-off or counterclaim.

5.5 The Provider may charge statutory interest and recovery costs under the Late Payment of Commercial Debts (Interest) Act 1998.

6. Suspension

6.1 The Provider may suspend or refuse further work if any undisputed invoice remains unpaid for more than 7 days after the due date, or where the Provider reasonably believes continued work increases security, legal, or operational risk.

6.2 Suspension does not affect the Customer’s obligation to pay fees due.

7. Third-Party Services and Vendors

7.1 The Customer acknowledges that Customer Systems may depend on third-party services and suppliers that the Provider does not control (including but not limited to Microsoft, Google, ISPs, hosting providers, and hardware and software vendors).

7.2 The Provider is not responsible for outages, failures, changes, delays, account restrictions, or incidents caused by third parties.

7.3 The Provider may assist with vendor liaison as part of the Services, but does not guarantee outcomes.

8. Backups, Data and Security

8.1 Unless expressly agreed in writing, the Customer is solely responsible for backups, retention, and restore testing.

8.2 The Provider does not guarantee that Services will prevent incidents, outages, malware, phishing, ransomware, unauthorised access, or data breaches.

8.3 If the Provider reasonably suspects a security incident, the Customer authorises the Provider to take reasonable containment actions (including disabling accounts, isolating devices, blocking access, or forcing password resets) to reduce harm. The Provider is not liable for business interruption resulting from reasonable containment actions.

9. Confidentiality

9.1 Each party shall keep confidential all confidential information of the other party and shall not disclose it except as required to deliver Services or as required by law.

10. Data Protection

10.1 Where the Provider processes personal data on behalf of the Customer, the Data Processing Addendum in Schedule 1 applies.

10.2 The Customer is the controller of personal data in Customer Systems unless agreed otherwise in writing.

11. Limitation of Liability

11.1 Nothing limits liability for death or personal injury caused by negligence, fraud, or any liability that cannot be excluded under English law.

11.2 Subject to clause 11.1, the Provider shall not be liable for any loss of profit, revenue, business, goodwill, anticipated savings, business interruption, loss of use, or any indirect or consequential loss.

11.3 Subject to clauses 11.1 and 11.2, the Provider’s total aggregate liability arising out of or in connection with the Services shall not exceed the fees paid by the Customer to the Provider in the three months preceding the event giving rise to the claim.

12. General

12.1 These Terms & Conditions constitute the entire agreement between the parties for ad-hoc Services.

12.2 If any provision is held invalid or unenforceable, the remaining provisions shall remain in full force.

12.3 The Provider may update these Terms & Conditions from time to time. The version in force at the time the Customer requests Services will apply to those Services.

12.4 These Terms & Conditions are governed by the laws of England and Wales and the courts of England and Wales shall have exclusive jurisdiction.

Schedule 1 - Data Processing Addendum (UK GDPR)

1. Definitions

1.1 In this Schedule, the following terms have the meanings given to them in UK GDPR and the Data Protection Act 2018: “personal data”, “processing”, “controller”, “processor”, “data subject”, “personal data breach”, and “supervisory authority”.

1.2 “UK GDPR” means the UK General Data Protection Regulation as incorporated into UK law.

1.3 The Customer is the controller of personal data processed under these Terms unless the parties agree otherwise in writing. The Provider is the processor of such personal data.

1.4 “Sub-processor” means any processor engaged by the Provider to assist in fulfilling its obligations with respect to processing personal data under these Terms.

2. Scope and Instructions

2.1 The Provider shall process personal data only on documented instructions from the Customer, unless required to do so by UK law. Where UK law requires processing, the Provider shall inform the Customer before processing unless prohibited by law.

2.2 The Customer instructs the Provider to process personal data only for the purpose of providing the Services and in accordance with Annex 1 (Details of Processing).

2.3 The Provider shall promptly inform the Customer if, in the Provider’s opinion, an instruction infringes UK GDPR or other applicable data protection laws.

3. Provider Personnel and Confidentiality

3.1 The Provider shall ensure that persons authorised to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

4. Security of Processing

4.1 The Provider shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including as appropriate the measures set out in Annex 2 (Security Measures).

5. Sub-processors

5.1 The Customer provides a general authorisation for the Provider to engage Sub-processors, subject to the conditions in this clause.

5.2 The Provider shall notify the Customer of any intended changes concerning the addition or replacement of Sub-processors, giving the Customer the opportunity to object on reasonable grounds related to data protection.

5.3 The Provider shall impose on Sub-processors obligations no less protective than those in this Schedule and remains responsible for their performance.

6. International Transfers

6.1 The Provider shall not transfer personal data outside the UK unless permitted under UK GDPR using an appropriate transfer mechanism (including UK adequacy regulations, the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU SCCs, or another lawful mechanism).

7. Assistance to the Customer

7.1 The Provider shall provide reasonable assistance to enable the Customer to respond to data subject requests and to comply with its obligations regarding security, breach notification, DPIAs and prior consultation, taking into account the nature of the processing and the information available to the Provider.

7.2 The Customer shall reimburse the Provider at the Provider’s then-current rates for assistance beyond what is reasonably necessary to provide the Services, unless otherwise agreed in writing.

8. Personal Data Breaches

8.1 The Provider shall notify the Customer without undue delay after becoming aware of a personal data breach affecting personal data processed on behalf of the Customer.

8.2 The Provider shall provide reasonable information and assistance to enable the Customer to comply with breach notification obligations.

9. Deletion or Return

9.1 On termination of Services, at the Customer’s written request, the Provider shall delete or return personal data processed on behalf of the Customer and delete copies unless UK law requires storage.

10. Audit and Information

10.1 The Provider shall make available information reasonably necessary to demonstrate compliance with this Schedule.

10.2 The Customer may audit no more than once per calendar year on 30 days’ written notice, during business hours, subject to confidentiality and security requirements and without unreasonable disruption. The Customer shall reimburse reasonable Provider time at standard rates unless a material breach is identified.

11. Priority

11.1 If there is any conflict between this Schedule and these Terms in relation to processing of personal data, this Schedule shall prevail. Limitations of liability apply to this Schedule.

Annex 1 - Details of Processing

  • Subject matter and duration: Processing for the duration of the Services and any reasonable offboarding period, plus retention required by law.
  • Nature and purpose: Provision of IT support, troubleshooting, configuration changes, user and access management, and related vendor liaison as requested by the Customer.
  • Types of personal data: May include names, email addresses, usernames, phone numbers, job titles, device identifiers, IP addresses, audit logs, and content in email or cloud files where required for support.
  • Categories of data subjects: Customer employees, contractors and authorised users; and where applicable Customer’s clients/suppliers whose details are stored in Customer Systems.
  • Special categories: Not intended to be processed; may be incidentally accessed only as necessary to provide the Services.
  • Processing operations: Access, viewing, retrieval, storage (where necessary for record-keeping), alteration/configuration, deletion and restoration actions as required to provide the Services.

Annex 2 - Security Measures

The Provider implements measures appropriate to the risk, which may include:

  • Multi-factor authentication on Provider administrative accounts where available
  • Secure credential handling and password management practices for credentials under Provider control
  • Least-privilege access where feasible
  • Secure remote access methods and encryption in transit where supported by tools
  • Security on Provider-controlled devices (e.g., disk encryption, screen lock, anti-malware)
  • Regular patching of Provider-controlled systems used to deliver the Services
  • Logging of support actions where appropriate (e.g., ticket notes, administrative logs where available)

Annex 3 - Sub-processors

Sub-processors may include ticketing/email systems used to receive and track requests, remote access tools used to connect to Customer Systems, and any cloud infrastructure providers used to support service delivery. A current list of named Sub-processors may be provided on request.