Hosting services agreement
This is a relatively long and sophisticated hosting services agreement. It has been designed to cover the provision of web hosting, where the hosting services provider makes available web hosting resources to the customer, and the customer has some discretion as to the use of those resources.
An optional service level agreement (SLA) is included as a schedule. The SLA can be used to set out guarantees in relation to the availability of the hosting services.
Another optional schedule contains an acceptable use policy, which sets out detailed rules about the content that may be processed by means of the hosting services and the ways in which the hosting services may be used.
This agreement does not include any clauses dealing with consumer protection, and accordingly should only be used for B2B contracts.
Under the General Data Protection Regulation or GDPR, which is in force from May 2018, certain clauses must be included in contracts between companies that host personal data and their customers. This template includes the relevant clauses.Ask about this document
Hosting services agreement contents
- Definitions: definitions.
- Term: commencement of term; end of term.
Hosting Services: creation of hosting services account; grant of right to use hosting services; limitations on use of hosting services account; prohibitions on the use of the hosting services account; prevention of unauthorised access to hosting services account; no administrative access to hosting platform; availability of hosting services and SLA ; hosting services acceptable use policy; no access to hosting platform code; suspension of hosting services.
- Customerobligations: general second party obligations; access to computer systems.
Hosted Data: licence of hosted data; warranties relating to hosted data; right to edit or delete hosted data; back-up of hosted data; restoration of hosted data;Customerresponsibility for hosted data back-ups; hosted data upon termination.
- No assignment of
Intellectual Property Rights: no assignments of intellectual property rights.
- Charges: obligation to pay charges; amounts inclusive or exclusive of VAT; variation of charges.
- Payments: issue of invoices; time for payment of charges following invoice; payment methods; interest on late payments; interest on late payments.
- Confidentiality obligations: first party confidentiality undertaking; second party confidentiality undertaking; disclosure of confidential information to certain persons; exceptions to confidentiality obligations; disclosures of confidential information mandated by law etc; parties to stop using confidential information upon termination; parties to return or destroy confidential information following termination; confidentiality obligations after termination.
- Data protection: compliance with data protection laws; warranty of Customer's right to disclose personal data (GDPR); details of personal data and purposes of processing bythe Host(GDPR); duration of personal data processing byHost(GDPR); personal data processed byHoston instructions (GDPR); informingCustomerof illegal instructions (GDPR); personal data processed byHostas required by law (GDPR); confidentiality obligations onHostpersons processing personal data (GDPR); security of personal data processed byHost(GDPR); appointment of sub-processor byHost(GDPR); authorisation forHostto appoint sub-processors (GDPR);Hostto assist with exercise of data subject rights (GDPR);Hostto assist with compliance (GDPR);Hostto provide information (GDPR); deletion of personal data byHost(GDPR);Hostto allow audit (GDPR); changes to data protection law.
- Warranties: standard of hosting services; first party general warranties; second party warranty of authority; exclusion of implied warranties and representations.
- Indemnities: indemnity upon breach: any provision or specified provisions (with definition); conditions upon first party indemnity; indemnity upon breach: any provision or specified provisions (with definition); conditions upon second party indemnity; limitations of liability vs indemnities.
- Limitations and exclusions of liability: caveats to limits of liability; interpretation of limits of liability; no liability for force majeure; no liability for loss of profits; no liability for loss of revenue; no liability for loss of use; no liability for loss of opportunities; no liability for loss of data or software (subject to back-up obligations); no liability for consequential loss; per event liability cap upon services contract; aggregate liability cap upon services contract.
Force Majeure Event: obligations suspended for force majeure; force majeure notification and information; mitigation of effects of force majeure.
- Termination: termination without cause (optionally assymetric); termination by either party without cause; termination upon breach; termination upon insolvency; termination upon non-payment; rights of termination supplemental or exclusive.
- Effects of termination: surviving provisions upon termination; termination does not affect accrued rights; charges on termination of contract (hosting services).
- Notices: methods and deemed receipt of contractual notices; first party contact details for contractual notices; substitute contact details for notices.
- Subcontracting: no subcontracting without consent; subcontracting permitted; first party responsible for subcontracted obligations.
- Assignment: assignment by first party; assignment by second party.
- No waivers: no unwritten waivers of breach; no continuing waiver.
- Severability: severability of whole; severability of parts.
- Third party rights: third party rights: benefit; third party rights: exercise of rights.
- Variation: variation only in accordance with section; variation by signed written agreement; variation on first party's notice.
- Entire agreement: entire agreement: documents; no mispresentation; section subject to caveats to limits of liablity.
- Law and jurisdiction: governing law; jurisdiction.
- Interpretation: statutory references; section headings not affecting interpretation; calendar month meaning; no ejusdem generis.
Schedule 1 (
- Specification of
Hosting Services: specification of hosting services prompt.
- Financial provisions: financial provisions prompt.
- Contractual notices: prompt for second party contractual notice address details.
Schedule 2 (Acceptable Use Policy)
- Introduction: definitions for acceptable use policy for hosting services; parties to acceptable use policy; agreement to policy by using services; express agreement to policy.
- General usage rules: no damaging use of services; no unlawful use of services; content must comply with provisions of part.
Content: no unlawful user content: general prohibition; no unlawful user content: specific prohibitions; previous complaints and user content.
- Graphic material: age suitability of user content; no violence in user content; no pornographic user content.
- Marketing and spam: prohibition on marketing activities; no spam in user content; sending spam using email addresses; no promotion of marketing schemes; avoidance of IP blacklisting.
- Regulated businesses: no gambling-related activities; no pharmaceutical activities; no weapon-related activities.
- Monitoring: acknowledgement relating to monitoring.
- Data mining: no data mining.
- Harmful software: no harmful software; no risky software.
Schedule 3 (Availability SLA)
- Introduction to availability SLA: purpose of hosting services availability SLA; informal definition of uptime.
- Availability: uptime commitment; measurement of uptime; reporting of uptime measurements.
- Service credits: earning service credits; amount of service credits; application of service credits; service credits are sole remedy; service credits upon termination.
- Exceptions: list of exceptions to availablity commitment.
Schedule 4 (Data processing information)
- Categories of data subject: prompt for categories of data subject.
- Types of
Personal Data: prompt for types of personal data.
- Purposes of processing: prompt for personal data processing purposes.
- Security measures for
Personal Data: prompt for security measures for personal data.
- Sub-processors of Personal Data: prompt for identifying sub-processors of personal data.