October People Subscription Terms

These October People Subscription Terms (“Terms”) govern the provision of the October People human resources information system and related services by October Health Limited (UK Co. No. 13365509) (“October”) to the customer identified in the applicable Order Form (“Customer”).

These Terms, together with the applicable Order Form, the Data Processing Addendum, and any schedules or addenda expressly incorporated by reference, form the Agreement between the parties.

1. Definitions and Agreement Structure

1.1 Agreement means the Order Form, these Terms, the Data Processing Addendum, and any schedules or addenda expressly incorporated by reference.

1.2 Authorised Users means the Customer’s employees, contractors, administrators, and other individuals whom the Customer authorises to access or use the Services on its behalf.

1.3 Customer Content means all data, records, documents, text, policies, files, branding, employee information, applicant information, and other materials submitted, uploaded, transmitted, or otherwise made available by or on behalf of the Customer in connection with the Services.

1.4 Order Form means the ordering document, purchase order, order summary, or other written commercial document entered into between the parties that sets out the commercial details of the Services.

1.5 Services means the October People software-as-a-service platform and any related services, functionality, modules, integrations, implementation, support, training, professional services, or other services purchased by the Customer under the applicable Order Form.

1.6 Subscription Term means the initial subscription term and any renewal term specified in the Order Form.

1.7 In the event of any conflict between the documents forming the Agreement, the order of precedence set out in the Order Form shall apply.

2. Services and Access Rights

2.1 Subject to the Agreement and payment of all applicable fees, October grants the Customer a limited, non-exclusive, non-transferable, non-sublicensable right during the Subscription Term to access and use the Services for the Customer’s internal business purposes.

2.2 The scope of the Services, including the specific modules, features, integrations, implementation services, support services, usage tiers, user or employee thresholds, and pricing metrics purchased by the Customer, shall be as specified in the applicable Order Form.

2.3 The Customer may permit Authorised Users to access and use the Services solely for the Customer’s internal business purposes and in accordance with the Agreement. The Customer is responsible for all use of the Services by its Authorised Users.

2.4 October may update, improve, modify, or refine the Services from time to time. October will not materially reduce the core functionality of the Services purchased by the Customer during a paid Subscription Term without prior notice. Core functionality shall be assessed with reference to the Services as a whole and not any individual feature.

2.5 Unless expressly stated otherwise in the applicable Order Form, no module, feature, integration, service level, implementation work, data migration service, or third-party service is included other than what is expressly identified in the Order Form.

3. Subscription Term, Renewal, and Fees

3.1 The Agreement begins on the Effective Date set out in the applicable Order Form and continues for the Subscription Term unless terminated earlier in accordance with the Agreement.

3.2 The initial term, any renewal term, renewal mechanics, billing frequency, and payment terms shall be as stated in the applicable Order Form.

3.3 Fees are as set out in the applicable Order Form and are payable in the currency specified therein.

3.4 All amounts payable under the Agreement are exclusive of VAT, sales tax, withholding tax, and any similar taxes, duties, or levies, which shall be payable by the Customer in addition where applicable, other than taxes based on October’s net income.

3.5 If the Customer fails to pay any undisputed amount when due, October may charge interest on overdue amounts at 2% per month or the maximum amount permitted by law, whichever is lower.

3.6 If any undisputed invoice remains unpaid after any applicable cure or notice period specified in the Order Form, or if none is specified, seven (7) days after written notice of non-payment, October may suspend access to the Services until payment is made in full. The Customer remains liable for all fees during any suspension period.

3.7 Unless otherwise expressly stated in the Order Form, all fees are non-cancellable and non-refundable.

3.8 To the extent the applicable Order Form provides for pricing based on employee count, user count, active jobs, candidate volume, usage thresholds, pricing bands, or other measurable criteria, the Customer acknowledges that additional fees, overage charges, or pricing tier adjustments may apply as set out in the Order Form.

4. Customer Responsibilities

4.1 The Customer is responsible for:

(a) ensuring that all Customer Content is accurate, complete, lawful, and up to date;(b) obtaining and maintaining all lawful bases, notices, permissions, consents, and approvals required to provide Customer Content to October and to permit October to process it under the Agreement;(c) ensuring that it has the authority to enable and use platform communications, workflow notifications, reminders, announcements, recognition features, and integrations through channels such as email, SMS, Slack, Microsoft Teams, and similar workplace tools;(d) determining which communication features, integrations, audiences, and notification settings are enabled for its organisation and ensuring that such use complies with applicable law, internal policies, and employee notices;(e) designating appropriate administrators and maintaining the security and confidentiality of administrative credentials;(f) configuring and using the Services in accordance with applicable employment, labour, payroll, tax, data protection, and workplace laws;(g) independently reviewing and validating all outputs, reports, analytics, recommendations, and any AI-generated or automated outputs before relying on them; and(h) making and keeping any employment, payroll, disciplinary, promotion, benefits, or other workplace decisions independently of October.

4.2 The Customer shall not, and shall not permit any third party to:

(a) copy, modify, translate, or create derivative works of the Services except as expressly permitted under the Agreement;(b) reverse engineer, decompile, disassemble, or otherwise attempt to derive source code, object code, underlying structure, ideas, know-how, or algorithms of the Services except to the extent such restriction is prohibited by law;(c) use the Services to build, train, benchmark, fine-tune, or improve any competing product, service, or artificial intelligence or machine learning model;(d) use the Services in any unlawful, infringing, fraudulent, or abusive manner;(e) circumvent or interfere with the Services’ security, authentication, or access controls; or(f) resell, sublicense, lease, or commercially exploit the Services other than for the Customer’s internal business purposes unless expressly agreed in writing.

5. Data Protection, Confidentiality, Security, and Communications

5.1 Each party shall comply with applicable data protection and privacy laws in connection with the Agreement, including, where applicable, the UK GDPR, the Data Protection Act 2018, and the Protection of Personal Information Act 4 of 2013.

5.2 To the extent October processes Personal Data on behalf of the Customer, the Data Processing Addendum attached to or incorporated into the Agreement applies.

5.3 Each party may receive non-public or proprietary information from the other party in connection with the Agreement (“Confidential Information”). Confidential Information includes Customer Content, pricing, technical information, product documentation, security information, business plans, and all other information that is designated as confidential or that a reasonable person would understand to be confidential in the circumstances.

5.4 Confidential Information does not include information that the receiving party can demonstrate:

(a) is or becomes publicly available without breach of the Agreement;(b) was lawfully known to the receiving party before disclosure;(c) is independently developed without use of or reference to the Confidential Information; or(d) is lawfully obtained from a third party without restriction.

5.5 The receiving party shall:

(a) use the Confidential Information solely to exercise its rights and perform its obligations under the Agreement;(b) protect the Confidential Information using at least reasonable care; and(c) not disclose the Confidential Information to any third party except to its employees, contractors, professional advisers, and subprocessors who have a legitimate need to know and who are bound by confidentiality obligations no less protective than those in the Agreement.

5.6 If disclosure of Confidential Information is required by law, regulation, or court order, the receiving party shall, to the extent legally permitted, give prior notice to the disclosing party and disclose only the portion legally required.

5.7 October shall implement and maintain appropriate technical and organisational measures designed to protect Customer Content and Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration, or disclosure. Such measures shall include, as appropriate to the Services, encryption in transit and at rest, role-based access controls, secure cloud hosting infrastructure, logging and monitoring, and regular security testing.

5.8 October may appoint subprocessors to assist in providing the Services, provided that October remains responsible for their compliance with the data protection obligations applicable to October under the Agreement.

5.9 The Customer acknowledges and agrees that, in order to provide the Services, October may send or facilitate service-related communications to Authorised Users and other relevant personnel through the Platform and through communication channels enabled or approved by the Customer, including email, in-app notifications, SMS, Slack, Microsoft Teams, and similar workplace tools. Such communications may include account activation messages, authentication messages, workflow alerts, leave and approval notifications, policy acknowledgements, onboarding tasks, reminder notices, employee recognition messages, birthday and anniversary notifications, organisational announcements, and other communications reasonably related to the operation of the Services.

5.10 Except where separately agreed in writing, October shall not send direct marketing communications to the Customer’s employees or personnel in its own name using Customer-provided employee contact details, and any electronic direct marketing communications must comply with applicable law.

6. AI Features and Use of Data

6.1 Certain features of the Services may include AI-enabled functionality, automation, or generative assistance.

6.2 AI-generated or automated outputs are provided for assistive and informational purposes only and may contain inaccuracies, incomplete information, or biased or unexpected results.

6.3 The Customer acknowledges and agrees that:

(a) AI outputs require human review, judgment, and validation;(b) the Services are not designed for solely automated decision-making with legal or similarly significant effects in relation to employees or applicants; and(c) the Customer shall not rely on AI outputs as the sole basis for any employment, disciplinary, hiring, promotion, compensation, performance, or other material workplace decision.

6.4 October implements commercially reasonable human oversight, quality controls, and risk-mitigation processes in relation to AI-enabled features.

6.5 October does not use identifiable Customer Confidential Information or Personal Data provided by the Customer to train publicly available third-party foundational AI models.

6.6 October may use anonymised, aggregated, and de-identified data derived from use of the Services to operate, support, secure, improve, and develop the Services and October’s internal tools, models, analytics, and methodologies, provided that such data does not identify the Customer or any individual.

6.7 The Customer is responsible for informing its employees and users, where legally required, that AI-enabled functionality forms part of the Services.

7. Intellectual Property

7.1 As between the parties, October and its licensors retain all right, title, and interest in and to the Services, including all software, technology, system architecture, APIs, interfaces, workflows, designs, know-how, documentation, analytics methodologies, AI agents, prompt libraries, models, algorithms, improvements, derivative works, and all related intellectual property rights.

7.2 Except for the limited access and use rights expressly granted in the Agreement, no rights are granted to the Customer by implication, estoppel, or otherwise.

7.3 As between the parties, the Customer retains all right, title, and interest in and to Customer Content.

7.4 The Customer grants October a non-exclusive, worldwide, royalty-free licence during the Subscription Term to host, store, copy, transmit, process, display, and otherwise use Customer Content solely to:

(a) provide, maintain, support, and improve the Services;(b) perform October’s obligations under the Agreement;(c) comply with applicable law; and(d) enforce the Agreement.

7.5 To the extent the Customer provides suggestions, comments, ideas, or other feedback relating to the Services, the Customer grants October a perpetual, irrevocable, worldwide, royalty-free licence to use and incorporate that feedback without restriction or obligation.

8. Warranties and Disclaimers

8.1 Each party warrants that:

(a) it has the full corporate power and authority to enter into and perform the Agreement; and(b) the Agreement is validly executed and binding on it.

8.2 October warrants that it will provide the Services in a professional and workmanlike manner using commercially reasonable skill and care.

8.3 October warrants that it shall use commercially reasonable efforts to maintain the availability of the Services, excluding scheduled maintenance, emergency maintenance, force majeure events, failures of third-party networks or infrastructure outside October’s reasonable control, and downtime caused by the Customer or the Customer’s systems.

8.4 Except as expressly stated in the Agreement, the Services are provided on an “as is” and “as available” basis. To the maximum extent permitted by law, October disclaims all implied warranties, conditions, and representations, including any implied warranties of merchantability, fitness for a particular purpose, non-infringement, uninterrupted availability, or error-free operation.

8.5 The Customer acknowledges that the Services do not constitute legal, employment, tax, payroll, accounting, or regulatory advice. The Customer remains solely responsible for validating that its use of the Services and any outputs generated through the Services are appropriate for its own circumstances and compliant with applicable law.

9. Indemnities

9.1 The Customer shall defend, indemnify, and hold harmless October, its affiliates, and their respective directors, officers, employees, and contractors from and against any third-party claims, losses, damages, liabilities, costs, and expenses (including reasonable legal fees) arising out of or relating to:

(a) Customer Content;(b) the Customer’s breach of the Agreement;(c) the Customer’s unlawful, improper, or unauthorised use of the Services;(d) the Customer’s failure to obtain required lawful bases, notices, permissions, or consents; or(e) the Customer’s violation of applicable law.

9.2 October shall defend the Customer against any third-party claim that the Services, as provided by October and used by the Customer in accordance with the Agreement, directly infringe a third party’s registered patent, copyright, or trademark, and October shall indemnify the Customer for damages finally awarded by a court of competent jurisdiction or agreed in settlement by October, provided that:

(a) the Customer promptly notifies October in writing of the claim;(b) October has sole control of the defence and settlement of the claim; and(c) the Customer provides reasonable cooperation at October’s expense.

9.3 If the Services become, or in October’s opinion are likely to become, subject to an infringement claim, October may, at its option:

(a) procure the right for the Customer to continue using the affected Services;(b) modify or replace the affected Services so that they become non-infringing without materially reducing core functionality; or(c) terminate the affected Services and refund any prepaid, unused subscription fees for the terminated portion of the Subscription Term.

9.4 October shall have no liability under Section 9.2 to the extent a claim arises from:

(a) Customer Content;(b) modifications not made by October;(c) use of the Services other than in accordance with the Agreement;(d) combination of the Services with third-party systems, data, software, or materials not provided or approved by October, where the claim would not have arisen but for such combination; or(e) any output, content, or functionality generated by a third-party AI model where the claim relates to that third-party model’s underlying training data or general model behaviour rather than October’s proprietary materials.

9.5 This Section 9 states the Customer’s sole and exclusive remedy, and October’s entire liability, for any third-party intellectual property infringement claim relating to the Services.

10. Limitation of Liability

10.1 Nothing in the Agreement excludes or limits either party’s liability for:

(a) death or personal injury caused by negligence;(b) fraud or fraudulent misrepresentation;(c) wilful misconduct; or(d) any liability that cannot lawfully be excluded or limited.

10.2 Subject to Section 10.1, October’s total aggregate liability arising out of or in connection with the Agreement, whether in contract, delict, tort (including negligence), misrepresentation, restitution, or otherwise, shall not exceed the total fees paid or payable by the Customer under the Agreement in the 12 months preceding the event giving rise to the claim.

10.3 Subject to Section 10.1, neither party shall be liable to the other for any indirect, incidental, consequential, special, punitive, or exemplary damages, or for any loss of profits, revenue, goodwill, anticipated savings, or business opportunity.

10.4 Subject to Section 10.1, October shall not be liable for any loss, liability, claim, or damage arising from:

(a) the Customer’s employment, payroll, tax, benefits, or disciplinary decisions;(b) inaccuracies in Customer Content or third-party data;(c) delays, failures, or errors caused by third-party systems or integrations not controlled by October;(d) the Customer’s failure to review, validate, or act appropriately on outputs, analytics, or AI-generated recommendations; or(e) use of the Services contrary to the Agreement or October’s instructions.

11. Suspension and Termination

11.1 October may suspend access to all or part of the Services on written notice if:

(a) the Customer fails to pay undisputed fees when due and remains in default after any applicable notice period;(b) the Customer’s use of the Services poses a security risk, may adversely impact the Services or other customers, or may expose October to liability; or(c) suspension is required by law or a governmental authority.

11.2 Either party may terminate the Agreement for cause by written notice if the other party materially breaches the Agreement and fails to cure that breach within 30 days after receiving written notice requiring it to do so.

11.3 Either party may terminate the Agreement immediately on written notice if the other party:

(a) ceases to carry on business;(b) becomes insolvent or unable to pay its debts as they fall due;(c) enters into liquidation, business rescue, administration, examinership, or any analogous process other than for a solvent restructuring; or(d) has a receiver, trustee, administrator, curator, or similar officer appointed over a material part of its assets.

11.4 Unless otherwise stated in the Order Form, the Customer may not terminate the Agreement for convenience during the Subscription Term.

11.5 On expiry or termination of the Agreement:

(a) the Customer’s rights to access and use the Services shall cease;(b) each party shall, on request, return or destroy the other party’s Confidential Information, subject to legal retention obligations;(c) all amounts accrued and payable up to the effective date of termination shall become immediately due and payable; and(d) Sections intended by their nature to survive shall survive, including provisions relating to fees owed, confidentiality, intellectual property, indemnities, data protection, liability, and dispute resolution.

11.6 Upon written request made within 30 days after the effective date of expiry or termination, October shall make Customer Content available for export in a commercially reasonable format. After that period, October may delete or anonymise Customer Content and Personal Data, subject to applicable law and the Data Processing Addendum.

11.7 Any transition assistance requested by the Customer beyond standard data export may be provided by October at its then-current professional services rates.

12. Publicity

12.1 Unless otherwise agreed in writing, October may identify the Customer as a customer of the Services in customer lists and sales materials using the Customer’s name and logo, provided that October does not imply endorsement and complies with any reasonable brand guidelines notified by the Customer. If the Customer requests in writing that October cease such use, October shall do so within a reasonable period.

13. General

13.1 Notices. Notices under the Agreement must be in writing and sent by email to the contact details stated in the Order Form or to any replacement contact notified in writing. Notices shall be deemed received at the time of transmission unless a delivery failure notice is received.

13.2 Assignment. The Customer may not assign, transfer, novate, or otherwise dispose of the Agreement without October’s prior written consent, not to be unreasonably withheld or delayed. October may assign or transfer the Agreement without consent in connection with a merger, acquisition, group restructuring, financing, or sale of all or substantially all of its business or assets relating to the Services.

13.3 Force Majeure. Neither party shall be liable for any delay or failure to perform its obligations under the Agreement, other than payment obligations, where such delay or failure results from events beyond its reasonable control.

13.4 Entire Agreement. The Agreement constitutes the entire agreement between the parties in relation to its subject matter and supersedes all prior discussions, proposals, and understandings relating to that subject matter.

13.5 Amendments. No amendment to the Agreement shall be effective unless in writing and signed by authorised representatives of both parties, except that October may update policies, subprocessors lists, or technical descriptions referenced in the Agreement where such update does not materially reduce the Services or materially increase the Customer’s obligations during the current Subscription Term.

13.6 Severability. If any provision of the Agreement is held invalid, unlawful, or unenforceable, that provision shall be deemed modified to the minimum extent necessary to make it enforceable, or if that is not possible, severed, and the remainder of the Agreement shall continue in full force and effect.

13.7 Waiver. No failure or delay by either party in exercising any right under the Agreement shall constitute a waiver of that right.

13.8 Third-Party Rights. A person who is not a party to the Agreement shall have no right to enforce any term of the Agreement, except as expressly stated otherwise.

13.9 Governing Law and Dispute Resolution. The Agreement is governed by the laws of England and Wales. Any dispute, controversy, or claim arising out of or in connection with the Agreement shall be finally resolved by arbitration under the Rules of the London Court of International Arbitration. The seat of arbitration shall be London, England. The language of the arbitration shall be English. Nothing in this clause prevents either party from seeking urgent interim or injunctive relief from a court of competent jurisdiction.

Annexure A: Data Processing Addendum

This Data Processing Addendum (“DPA”) forms part of the Agreement between October Health Limited (“Processor”) and the Customer identified in the applicable Order Form (“Controller”).

1. Subject Matter and Duration

1.1 This DPA applies to the extent that October processes Personal Data on behalf of the Customer in connection with the Services.

1.2 This DPA shall remain in force for the duration of the Agreement and for so long thereafter as October processes Personal Data on behalf of the Customer.

2. Nature and Purpose of Processing

2.1 October processes Personal Data solely for the purpose of providing, securing, supporting, maintaining, and improving the Services, performing implementation and support services, enabling authorised access, generating reports and analytics, and complying with applicable law.

3. Categories of Data Subjects

3.1 Data subjects may include:

(a) the Customer’s employees, workers, contractors, consultants, directors, officers, and candidates;(b) dependants or beneficiaries where such data is provided by the Customer in connection with the Services; and(c) the Customer’s administrators, HR personnel, managers, and authorised representatives.

4. Categories of Personal Data

4.1 Personal Data processed under this DPA may include:

(a) identification and contact data, including names, job titles, work email addresses, telephone numbers, employee numbers, dates of birth, and national identification numbers;(b) employment and HR data, including department, manager, start date, end date, role history, compensation data, leave records, performance records, disciplinary records, training records, benefits data, emergency contact details, and employee documents;(c) system and usage data, including login details, audit logs, device information, IP addresses, and support interactions; and(d) any other Personal Data that the Customer chooses to upload to or process through the Services.

5. Controller Obligations

5.1 The Customer warrants and undertakes that:

(a) it has all necessary authority and lawful bases to instruct October to process Personal Data in accordance with the Agreement; and(b) its instructions to October shall comply with applicable data protection laws.

6. Processor Obligations

6.1 October shall:

(a) process Personal Data only on the documented instructions of the Customer, unless otherwise required by law;(b) ensure that persons authorised to process Personal Data are subject to confidentiality obligations;(c) implement appropriate technical and organisational measures to protect Personal Data;(d) notify the Customer without undue delay after becoming aware of a Personal Data Breach affecting Personal Data processed under this DPA;(e) provide reasonable assistance to the Customer with data subject rights requests, security obligations, data protection impact assessments, and regulator consultations, taking into account the nature of the processing and the information available to October; and(f) at the Customer’s choice, delete or return Personal Data on termination of the Services, unless retention is required by law.

7. Subprocessors

7.1 The Customer authorises October to appoint subprocessors as reasonably necessary to provide the Services.

7.2 October shall ensure that any subprocessor engaged by it is bound by written terms that impose data protection obligations no less protective in all material respects than those imposed on October under this DPA.

7.3 October shall remain responsible for the acts and omissions of its subprocessors to the extent required by applicable law.

8. International Transfers

8.1 Where October transfers Personal Data outside the United Kingdom, EEA, or any other jurisdiction requiring appropriate safeguards, October shall ensure that such transfer is subject to a lawful transfer mechanism under applicable data protection law.

9. Audits and Information Rights

9.1 October shall make available to the Customer such information as is reasonably necessary to demonstrate compliance with this DPA.

9.2 Any audit rights exercised by the Customer shall be limited to no more than once annually, on reasonable prior written notice, during normal business hours, and subject to appropriate confidentiality, security, and non-disruption obligations.

9.3 October may satisfy audit requests through the provision of up-to-date audit reports, certifications, summaries, or other reasonable compliance documentation where appropriate.

10. Deletion and Return

10.1 Upon expiry or termination of the Agreement, October shall, at the Customer’s written election, delete or return Personal Data, unless retention is required by law.

10.2 Where the Customer does not make an election within 30 days after expiry or termination, October may delete or anonymise the Personal Data in accordance with its standard retention processes, subject to applicable law.

11. Liability

11.1 This DPA is subject to the exclusions and limitations of liability set out in the Agreement, to the extent permitted by applicable law.