• Legal >
  • Terms >
  • Master Services Agreement - Cloud

This Master Services Agreement (“Agreement”) sets out the general terms on which Cultrix Limited (“Cultrix”, “we”, “us”) provides cloud hosting, remote desktop and related cloud platform services to the customer identified in the relevant order, quotation or statement of work (“you”, “your”).

Service-specific details - including scope, inclusions, exclusions, service levels and operational requirements - are set out in the relevant Service Schedules, which form part of this Agreement.

1. Structure of this Agreement

  1. This Agreement consists of:
    1. this Master Services Agreement - Cloud;
    2. the Service Schedules applicable to the services you purchase, including but not limited to:
      • Schedule 1 - Platform and Infrastructure;
      • Schedule 2 - Hosting and Remote Desktop Services;
      • Schedule 3 - Backup and Recovery;
      • Schedule 4 - Security and Network;
      • Schedule 5 - Management and Administration (if applicable).
    3. Annexes that may include:
      • Annex A - Service Level Agreement (SLA);
      • Annex B - Acceptable Use Policy (AUP);
      • Annex C - Shared Responsibility Model;
      • Annex D - Fair Use Policy (FUP).
    4. Any order form, online checkout confirmation, quotation or statement of work we agree with you (each an “Order”).
  2. If any part of this Agreement conflicts with another, the order of priority is:
    1. the applicable Order;
    2. the relevant Service Schedule;
    3. Annexes A-D;
    4. this Master Services Agreement.

Not every Service described in a Service Schedule will apply to you. You will only receive the Services that are included in your Order.

2. Definitions

In this Agreement:

“Business Day”
Monday to Friday, excluding English bank holidays.
“Business Hours”
08:30-17:30 UK time on a Business Day, unless stated otherwise.
“Cloud Platform”
The underlying hosting, virtualisation, storage, networking, security and management layers that we or our suppliers operate to deliver the Cloud Services. The Cloud Platform may be implemented on shared multi-tenant infrastructure or on dedicated “private cloud” infrastructure for a single customer.
“Cloud Services”
Any cloud hosting, remote desktop, virtual server, platform, backup, security or related services we provide to you under this Agreement and the applicable Service Schedules.
“Customer Applications”
Software, workloads, websites and services that you or your suppliers install, configure or run on the Cloud Platform.
“Customer Data”
All data, content, files and information that you or your users store in, process through, or transmit via the Cloud Services.
“Devices”
Desktops, laptops, servers and endpoints that connect to, or are hosted within, the Cloud Platform.
“Third-Party Services”
Software, platforms, infrastructure and data centre services provided by third parties (for example Microsoft Azure, Virtual Tin infrastructure, data centre providers, firewall vendors or backup vendors).
“Virtual Desktop / Remote Desktop Services”
Session-based or virtual desktop environments published from the Cloud Platform and accessed by your users over a network connection.

3. Term, renewal and termination

  1. Services begin on the start date in the Order or when we begin providing the relevant Cloud Service, whichever is earlier.
  2. Unless otherwise stated in the Order, each Cloud Service has a minimum initial 12-month term.
  3. After the initial term, Cloud Services continue on a rolling 12-month basis unless cancelled in line with this Agreement.
  4. You may cancel a Cloud Service by giving at least 90 days’ written notice, to expire at the end of the initial term or a renewal term, subject to any minimum terms and any early termination charges set out in the Order.
  5. We may terminate a Cloud Service or this Agreement if you materially breach the Agreement, become insolvent, or fail to pay on time.
  6. On termination:
    • you must pay all outstanding charges up to the date the Cloud Service ends;
    • we will cease providing the affected Cloud Services;
    • we will assist with a reasonable, orderly handover (including data export) on a time-and-materials basis, as set out in the relevant Schedule.

4. Our responsibilities

  1. We will provide Cloud Services with reasonable skill and care.
  2. We will operate the Cloud Platform in line with our internal information security and service management processes and any applicable certifications we hold.
  3. We will use reasonable efforts to meet the targets in the applicable Service Level Agreement (Annex A).
  4. We will keep you informed of material issues that affect the availability, performance or security of your Cloud Services.
  5. We will act as a point of escalation with upstream suppliers (for example data centres or cloud infrastructure providers) where those suppliers affect your Cloud Services and are within our contractual control.

4A. Cloud platform responsibilities and limitations

The Cloud Services rely on the correct design, configuration and operation of the Cloud Platform, including hypervisors, storage, networking, firewalls, remote desktop servers and management tools. Our responsibilities and limits at the platform layer include:

  • provisioning and managing host servers, storage and core networking in our chosen data centres or supplier platforms;
  • maintaining platform operating systems and virtualisation layers in line with supported vendor versions;
  • maintaining shared security controls such as perimeter firewalls, VPN end-points, web access gateways and intrusion-prevention tools;
  • managing backups of platform components and cloud-hosted workloads as described in Schedule 3;
  • monitoring platform-level health and responding to alerts in line with Annex A (SLA);
  • working within the supported combinations of operating systems, hypervisor tools and backup/replication products we have documented.

Platform behaviour and capabilities may be constrained by Third-Party Services (for example data centre facilities, virtualisation vendors, backup vendors or providers such as Virtual Tin). Where a platform or version falls outside supported parameters, we may limit support for the affected system until appropriate corrective action is taken, such as upgrading an operating system or migrating to a supported platform.

5. Your responsibilities

  1. Provide access, information and approvals we reasonably need to provision and manage the Cloud Services.
  2. Ensure your staff and any third parties who use the Cloud Services cooperate with us and follow reasonable instructions.
  3. Ensure usernames, passwords, multi-factor authentication methods and other access credentials are kept secure and are not shared inappropriately.
  4. Ensure Customer Applications and Customer Data are lawful, properly licensed and do not infringe third-party rights.
  5. Follow the Acceptable Use Policy, Fair Use Policy and Shared Responsibility Model for the Cloud Services.
  6. Meet your obligations regarding user and permission management, application configuration, and any customer-side backups or exports described in the relevant Service Schedule.
  7. Maintain your own business continuity plans covering systems and locations that sit outside the Cloud Platform, including your local networks, devices and on-premise infrastructure.

6. Access, tools and changes to your environment

  1. You authorise us to:
    • provision and manage virtual machines, remote desktop servers, storage volumes, firewalls and other platform components used to deliver your Cloud Services;
    • install and operate our remote access, monitoring, security and backup tools on in-scope virtual machines and Devices where needed;
    • access your Cloud Services remotely for support, maintenance, monitoring and improvement.
  2. Remote sessions may be logged or recorded for quality, troubleshooting and security purposes.
  3. You must not remove, disable or interfere with any management, backup, security or monitoring tools we install, unless we agree an alternative approach in writing.
  4. Where configuration changes (for example security policies, firewall rules, VPNs, routing, identity settings or resource limits) are required to deliver a Service safely, we will plan and apply these carefully, discussing material changes with you where practical.
  5. Changes you or third parties make directly to the Cloud Platform (for example changing firewall rules, storage, snapshots or host settings) without our knowledge may affect our ability to support the environment. We may need to carry out remedial work on a time-and-materials basis to bring the environment back into a supported state.

6A. Out of scope and project-only work

The following types of work are always delivered on a project or professional-services basis and are not included under any standard cloud hosting or support package unless expressly stated in a separate Statement of Work:

  • large-scale application migrations into or out of the Cloud Platform;
  • re-platforming or re-architecting applications for cloud-native operation;
  • designing or redesigning network topologies, hybrid connectivity or multi-site VPNs;
  • complex disaster recovery designs (for example active-active or multi-region failover);
  • performance-tuning or capacity planning beyond standard monitoring and advice;
  • custom security architecture (for example Zero Trust, micro-segmentation, advanced identity design);
  • compliance or regulatory alignment projects (for example CE/ISO/PCI work that goes beyond the standard controls in the platform);
  • significant restructuring of tenancies, subscriptions, resource groups or domains; and
  • any work clearly described as “project”, “migration” or “professional services” in an Order or Schedule.

7. Third-Party Services

  1. You must comply with the terms of any Third-Party Services that form part of the Cloud Services (for example Microsoft, data centre providers, backup vendors or Virtual Tin infrastructure providers).
  2. We are not responsible for the design, performance or availability of Third-Party Services, but we will act reasonably to manage and escalate issues with those suppliers where they form part of your Cloud Services.
  3. Changes made by third parties (for example feature changes, end-of-support decisions or platform retirements) may affect how we deliver the Cloud Services. We will act reasonably to adapt and will discuss any material impact or required changes with you.
  4. If a Third-Party Service is withdrawn or fundamentally changed and this affects your Cloud Services, we may need to modify, replace or discontinue all or part of the affected Service. We will work with you to agree a reasonable transition plan where this happens.

8. Data protection

  1. Each party will comply with applicable data protection laws when handling personal data in connection with the Cloud Services.
  2. Our role as controller or processor depends on context, as set out in our Privacy Policy and any Data Processing Agreement (DPA) we enter into with you.
  3. Where we process personal data as your processor, our DPA applies. This will normally describe the subject matter, duration, nature and purposes of processing, the types of personal data and categories of data subject, and our obligations as a processor.
  4. We will implement appropriate technical and organisational measures to protect personal data hosted or processed on the Cloud Platform, taking into account the nature of the data and the risks of processing.
  5. You remain responsible for:
    • the lawfulness of personal data you store in or process through the Cloud Services;
    • the accuracy of that data and any retention or deletion decisions; and
    • ensuring that your configuration and use of the Cloud Services supports your own compliance obligations.

9. Security

  1. We operate an information security framework aligned with recognised standards such as ISO 27001 and Cyber Essentials, and we apply proportionate controls across the Cloud Platform.
  2. Security-related Cloud Services (for example perimeter firewalls, VPNs, web filtering, endpoint protection, log collection or threat monitoring) are set out in the relevant Service Schedule.
  3. No system can be perfectly secure. We will take proportionate steps to manage security risks, monitor for issues and respond promptly to incidents affecting the Cloud Platform.
  4. You are responsible for security within your own tenancy and Customer Applications, including:
    • user access and privilege management;
    • multi-factor authentication and password policies;
    • application-level security (for example roles, permissions and input validation);
    • managing any local devices, networks or systems that connect to the Cloud Services.
  5. Where a security incident or serious vulnerability is identified that requires urgent changes (for example firewall rule changes, account lockouts or emergency patches), we may implement those changes immediately to protect you, the platform and other customers, and will inform you as soon as reasonably possible.

10. Charges, invoicing and payment

  1. Charges for Cloud Services are set out in the Order and/or relevant Service Schedule.
  2. Unless we agree otherwise, recurring cloud hosting and platform fees are invoiced monthly in advance, based on the resources, licences and options in use at the billing date.
  3. Usage-based or variable charges (for example overage, additional storage, bandwidth or metered services) may be invoiced in arrears.
  4. Project and professional-services work (including migrations and complex changes) is normally invoiced in arrears on a time-and-materials basis or as set out in the Order.
  5. Payment terms are 30 days from the invoice date, unless the Order specifies different terms.
  6. If you dispute an invoice, you must notify us before the due date with reasonable details. Undisputed amounts must still be paid on time.
  7. If you fail to pay without a genuine dispute:
    • we may charge interest on overdue amounts at the statutory rate; and
    • we may suspend or downgrade Cloud Services under section 11.

11. Suspension

  1. We may suspend all or part of the Cloud Services if:
    • you fail to pay undisputed amounts after reminder;
    • you materially breach this Agreement, the AUP or FUP;
    • your use of the Cloud Services poses an immediate security, legal or operational risk to you, us or others;
    • a third-party supplier requires suspension or imposes restrictions that affect your Cloud Services.
  2. We will act reasonably and, where practical, contact you before suspension unless the risk is urgent.
  3. We will restore Cloud Services when the reason for suspension has been resolved to our reasonable satisfaction. Suspension does not affect our right to terminate under section 3.

12. Limitation of liability

  1. We do not limit or exclude liability for death or personal injury caused by our negligence, or for fraud or fraudulent misrepresentation.
  2. Otherwise:
    • we are not liable for loss of profit, revenue, anticipated savings, business interruption, loss of data (except where explicitly covered by a Backup and Recovery Schedule), or any indirect or consequential loss;
    • our total liability arising from or in connection with the affected Cloud Service is limited to the amount paid or payable for that Service during the previous 12 months.
  3. You remain responsible for any decisions you take based on information or recommendations we provide. Our role is to advise and implement, not to run your business or accept fiduciary duties.

13. General

  1. Subcontracting. We may use carefully chosen subcontractors, partners and suppliers (including cloud and data centre providers) to deliver the Cloud Services. We remain responsible to you for their performance as it relates to this Agreement.
  2. Force majeure. Neither party is liable for delays or failures caused by events outside reasonable control, such as power failures, natural disasters, industrial action, major internet outages or failure of third-party networks and infrastructure.
  3. Variation. We may update this Agreement, the Annexes and the Service Schedules to reflect legal, security or operational changes. Material changes will be communicated with reasonable notice. If a change materially disadvantages you and you do not agree, you may discuss alternatives with us or, if no resolution is possible, give notice to end the affected Service at the end of its current term.
  4. Governing law. This Agreement is governed by the laws of England and Wales. The courts of England and Wales have exclusive jurisdiction in relation to it.