Product Description – RA001LF

Responsiv Cloud Automation Platform is an enterprise grade cloud hosted platform that delivers three process automation runtime environments to support development, test, and production operations. Organisations can use the platform to blend information, process, and users to provide a 360-degree view of work. In addition to process automation, Responsiv Cloud Automation Platform uses advanced analytics, business rules, and collaboration to drive more successful, optimised business outcomes.

This product is subject to the terms in the RL0002O Terms and Conditions for Responsiv Cloud.

Product description for purchases of entitlements after August 2020

Product Number

RA001LF

Product Name

Responsiv Cloud Automation Platform

Product Summary

Responsiv Cloud Automation Platform is a single instance, located in a single UK cloud location and includes a dedicated development, test, and production environments with the following characteristics:

- Production.

Enterprise grade production environment consisting of two independent nodes clustered to provide a highly available installation. Traffic is load balanced across the two nodes.

- Test.

Consists of a single node for non-production use without any form of high availability. Intended to allow you to perform end to end and system integration testing. Performance testing can also be performed but the results should be carefully considered.

- Development.

Consists of a single node for non-production use without any form of high availability. Intended for development of new assets, processes and unit testing.

Platform

Each environment is configured to support the purchased user or process capacity. Additional capacity can be purchased as needed (Optional Services).

Automated monitoring of each environment reports service status to assure that connectivity, processes, and other platform components are healthy. The service is configured to recover failed components and to report problems to the Responsiv ServiceDesk. Our responsibility is for the platform and does not include your deployed data or processes, which remain your responsibility.

Optional Services

1) Additional Non-production Environment

The Service provides a purchase option for additional test environments for non-production use. Each test environment does not provide high availability. Capacity for this environment is matched to the size of the Production Environment.

2) Additional Production Environment

The Service provides a purchase option for additional process runtime environments for production or non-production use. Each additional Production environment provides high availability. Capacity for this environment is matched to the size of the Production Environment.

3) Additional Storage

The Service provides a purchase option for additional storage for cases where the requirements go beyond the capacity provided. The quantity of storage (1TB increments) can be applied to a single environment or across multiple environments within the Cloud Service instance.

4) Additional Compute and Memory

The Service provides a purchase option for an additional core and 8GB memory for cases where the demands of the solution go beyond the computing capacity provided, for example, deploying multiple applications.

Acceleration Services

None

Entitlement Type

Term Subscription based on duration and capacity (UAAS-Instance-Years)

Data Processing and Protection

The Responsiv Data Processing Addendum, Responsiv Data Security and Privacy Principles at https://responsiv.co.uk/legal/ and the Data Processing Specific Sections (below), together referred to as DPA, provide additional data protection information for the Services and its options regarding the types of Content that may be processed, the processing activities involved, the data protection features, and specifics on retention and return of Content. The DPA applies to personal data contained in Content, if and to the extent i) the European General Data Protection Regulation (EU/2016/679) (GDPR); or ii) other data protection laws as identified from time to time apply.

Cloud Hosting Service Levels

Responsiv Cloud Platform Support Product Description at https://responsiv.co.uk/responsiv-cloud-platform-support/ defines support available for the platform including support hours of availability, response times, severity level, Service Down definition, the claim process and other support information. Responsiv provides the Customer with the following availability service level agreement (SLA). Responsiv will apply the highest applicable compensation based on the cumulative availability of the Cloud Service as shown in the table below (see pdf).

* The subscription fee is the contracted price for the month that is subject to the claim.

Technical Support

Technical support for the Cloud Service can be accessed at https://responsiv.co.uk/support/

Charge Metrics

The charge metric(s) for the Cloud Service are specified in the Transaction Document. The following charge metrics apply to this Cloud Service:

● Authorized User is a unique user authorized to access to the Cloud Services in any manner directly or indirectly (for example, through a multiplexing program, device or application server) through any means.

● Concurrent User is the number of users simultaneously accessing the Cloud Service in any manner directly or indirectly (for example, through a multiplexing program, device, or application server) at any particular point in time. A person who is simultaneously accessing the Cloud Service multiple times counts only as a single Concurrent User ● Terabyte is 2 to the 40th power bytes processed by, used, stored, or configured in the Cloud Service.

● Gigabyte is 2 to the 30th power bytes of data processed by, analysed, used, stored, or configured in the Cloud Services.

● Connection is a link or association of a database, application, server, or any other type of device which have been or are made available to the Cloud Service.

● Instance Activation is a count of every instantiation of an asset (e.g. process instance, API call, integration call, rule)

● Instance is each access to specific configuration of the Cloud Services.

● Gigabyte Transmitted Outbound is each GB (2 to the 30th power bytes) of data transmitted from the Cloud Services.

● Virtual Processor Core is a standard capacity, virtualized processor that is available to or managed by the Cloud Services.

Additional Terms

Charges, Taxes and Payment

1) If Responsiv has committed to pricing as specified in a TD, Responsiv will not change such pricing during the specified term. If there is not a specified commitment, then Responsiv may change pricing on thirty days' notice.

2) Responsiv will invoice: (i) recurring charges at the beginning of the billing frequency term; (ii) overage and usage charges in arrears; and onetime charges upon Responsiv’s acceptance of an order.

Term and Termination of a Cloud Service

1) The term begins on the date Responsiv notifies Customer that They can access the Cloud Services. The ordering TD will specify whether the Cloud Services renew automatically, proceed on a continuous use basis, or terminate at the end of the term. For automatic renewal, unless Customer provides written notice of non-renewal to Responsiv or the Responsiv Business Partner involved in the Cloud Services at least 30 days prior to the term expiration date, the Cloud Service will automatically renew for the specified term. For continuous use, the Cloud Services will continue to be available on a month-to-month basis until Customer provides 30 days written termination notice to Responsiv or the Responsiv Business Partner involved in the Cloud Service. The Cloud Services will remain available until the end of the calendar month after such 30-day period.

Enabling Software - Definition

Enabling Software is software made available from the Responsiv Asset Distribution Gateway (ADG) https://responsiv.co.uk/downloads/ that Customer downloads to Customer systems to facilitate use of a Cloud Service and will be identified in a TD. Enabling Software is not part of the Cloud Service and Customer may use Enabling Software only in connection with use of the Cloud Service in accordance with any licensing terms specified in a TD. The licensing terms will specify applicable warranties, if any. Otherwise, Enabling Software is provided as-is, without warranties of any kind.

Enabling Software

None

Miscellaneous

Links to Third Party Websites - Responsiv may offer third party Cloud Services, or a Responsiv Cloud Service may enable access to third party Cloud Services (non-Responsiv services). A TD will identify any applicable third party terms that govern Customer’s use of non-Responsiv services. Use of non-Responsiv services constitutes Customer's agreement with the third party terms. Responsiv is not a party to any third party agreements and is not responsible for non-Responsiv Cloud Services.

Separately Licensed Code - Terms of Use

Responsiv may from time-to-time release “Extenders” for this product. Each extender will add a new feature or function and is licenced separately from this product. In such cases the capacity of entitlement for the separately licenced code must be calculated using the same metric as this product and must be sufficient to match the capacity of this product.

For example, if this Program were licensed on a core basis and the original purchase was a 4-core entitlement then the Customer would be required to obtain 4-core entitlements to the separately licenced code, “Extender” if they wished to benefit from this code.

Product Release Schedule

Responsiv Solutions does not commit to future development or support beyond our contractual obligations.

Responsiv Unity software is our strategic platform and as such it is continually developed and maintained. Our release schedule for planning purposes is:

Major Releases

We expect to release a new major version of the product annually. This will roll-up any patches released since the last major release.

Patches

Patches are released as they are identified and developed. Patches are required to be applied in order. Patches are not intended to add to the features or capabilities of the platform/product. Patches are categorised into:

• Security – Patch specifically or including for a security flaw or weakness.

• Critical – Patch that will be requested by support to be applied before attempting to resolve a problem.

• Optional – Nice to have fixes.

Extenders

Extenders are released as they become available. They extend the function or capability of an existing Responsiv Unity module and are optional. Extenders may be rolled into future releases at our sole discretion.

Toolkits

Toolkits are provided to help you write code for Responsiv Unity Modules that can take better advantage of the platform. They are “developer time” assets and provided as-is. Not all Responsiv Unity products have toolkits.

Data Processing Specific to this Product

Categories of Data Subjects

Data Subjects of any Customer Personal Data that generally can be processed in this Cloud Service may include Customer's and its affiliates' employees, contractors, business partners, or customers, and to the extent required by law any other legal entities whose personal data is processed by the Cloud Service.

Responsiv Solutions will process Personal Data of all Data Subjects listed above in accordance with the Agreement. Given the nature of the Services, Customer acknowledges that Responsiv Solutions is not able to verify or maintain the above list of Categories of Data Subjects. Therefore, if the Customer does not use this Cloud Service with all the Data Subjects as set out above, then Customer is responsible for providing complete, accurate, and up-to-date information to Responsiv Solutions on the actual Data Subjects from within the above list that Customer will process in this Cloud Service via Additional Instructions to Responsiv Solutions.

Personal Data

The lists as set out below are the Types of Personal Data and Special Categories of Personal Data that generally can be processed within this Cloud Service. Responsiv Solutions will process all Types of Personal Data and Special Categories of Personal Data listed below in accordance with the Agreement. Given the nature of the Services, Customer acknowledges that Responsiv Solutions is not able to verify or maintain the below lists of Types of Personal Data and Special Categories of Personal Data.

Therefore, if the Customer does not use this Cloud Service for all the Types of Personal Data and Special Categories of Personal Data as set out below, then the Customer is responsible for providing complete, accurate, and up-to-date information to Responsiv Solutions on the actual Types of Personal Data and Special Categories of Personal Data from within the below list that Customer will process in this Cloud Service via Additional Instructions to Responsiv Solutions.

Types of Personal Data

Customer should not include personal data in text fields that are not intended for or do not request personal data.

- Basic Personal Information (such as name, address, phone number, email, etc.)

- Technically Identifiable Personal Information (such as device IDs, usage based identifiers, static IP address, etc. - when linked to an individual)

- Employment Related Identifiable Information (any HR data such as job history, performance review information, etc.)

- Personality Related Identifiable Information (such as personality insights or sentiment analysis)

- Financial Information (e.g., PCI DSS, FFIEC, etc. - such as credit card, bank account, financial holdings, salary information, etc.)

- Healthcare Information (data related to physical or mental health of an individual, or which otherwise reveals information about his or her health status. such as patient record, health insurance information, diagnostic and treatment information)

- Personal Location Information (such as geolocation data)

- Behavioural biometrics processed to identify patterns, not individuals Customer should not include personal data in text fields that are not intended for or do not request personal data.

Special Categories of Personal Data

- Personal Data revealing racial or ethnic origin

- Personal Data revealing political opinions

- Personal Data revealing religious or philosophical beliefs

- Personal Data revealing trade union membership

- Genetic data

- Biometric data

- Health data.

- Data concerning a person's sex life or sexual orientation

- Personal Data relating to criminal convictions and offenses

Processing Activities

The processing activities with regard to Customer Content (including Customer Personal Data) within this Cloud Service include:

- Receipt of Content from Data Subjects and/or third parties

- Computer processing of Content, including data transmission, data retrieval, data access, and network access to allow data transfer if required

- Technical customer support involving Content at Customer request, including monitoring, problem determination, and problem resolution

- Transformation and transition of Content as necessary to deliver the Cloud Service

- Storage and associated deletion of Content

Duration of Processing

Content (including Customer Personal Data) that is stored or persisted within this Cloud Service will become unavailable within 30 days after termination or expiration of the Cloud Service. Some Content (including Customer Personal Data) may remain in the Cloud Service backups until the expiration of such backups no more than 360 days after data is made unavailable from the online service.

Technical and Organisational Measures

The Technical and Organisation Measures (TOMs) apply to all Content processed by Responsiv Solutions within this Cloud Service (including Customer Personal Data).

Responsiv Solutions' foundational Technical and Organisational Measures for data protection within its Cloud Services are as described in Responsiv Solutions' Data Security and Privacy Principles for Responsiv Solutions Cloud Services (https://responsiv.co.uk/legal/ ) or as otherwise described below or within this Cloud Service Description.

Encryption

By default for connections established and managed by the Service Customer Content is encrypted when transmitted by the Service on any public networks.

Customer Content is encrypted when written to disc by the Service.

Business Continuity

Customer is responsible for their own data backup, and associated recovery of Customer Content, in the event of disaster situation.

Deletion and Return of Content

If requested prior to termination or expiration of the Service, Responsiv Solutions will return a copy of Customer Content that is accessible to Responsiv Solutions within a reasonable period and in a reasonable format.

Customer may also request removal of Content (including Customer Personal Data) at any time prior to termination or expiration of the Cloud Service.

Hosting and Processing Locations

The default location for hosting and processing will be the United Kingdom. However, due to the nature of our agreements with our 3rd party cloud providers, Responsiv Solutions is able to offer alternative locations worldwide. A request for an alternative location must be made before initiation of the service for clients who need to host and/or process data outside the United Kingdom

Third Party Sub-Processors

This Cloud Service may involve the following third-party Sub-processors in the Processing of Content, including Customer Personal Data:

- IBM Cloud

- Microsoft Azure

- Amazon AWS

- Google Cloud

- 4D Data Centres Ltd

Any changes to Sub-processors will be communicated via update of this document. Additional details on each 3rd party sub-processor are available upon request.

Privacy Contact and Customer Notifications

The general privacy contact for Responsiv Cloud Services is privacy@responsiv.co.uk

Data Privacy Officer and Other Controllers

Customer is responsible for providing complete, accurate and up-to-date information about its data privacy officer and any other Controllers (including their data privacy officer). Please see the Privacy Contact and Customer communications section for contact information.

Zoe Whyte