Business Owner Terms & Conditions
Last updated: 7 July 2026 | Version 3.2
These terms govern your subscription to OptiTech Automation. This is a business-to-business agreement between OptiTech Automation and your trade business. It is written in plain English first, with the legal text immediately below each plain-English summary. Both sections are binding. Wherever the law gives you a right that cannot be excluded, that right always prevails over anything in these terms. If anything is unclear, email legal@optitechautomation.co.uk before you accept.
Version 3.2 (effective 7 July 2026) is a clarity-and-balance update. It confirms this is a business-to-business agreement while preserving your non-excludable statutory rights; defines "Business Day"; reconciles the founding rate-lock with VAT (a government tax we may be required to add is not an increase in our rate); adds subscription-contract transparency in line with the Digital Markets, Competition and Consumers Act 2024 (3.9); makes our support Pledge accurate about the tools we use to help you faster while keeping a named person accountable, and makes our data-export commitment realistic (promptly, and within five Business Days); sets out your acceptable-use responsibilities in one place (5.10); adds a licence for us to use only aggregated, de-identified data to improve the platform (8.5); rebalances the liability section so it is fair both ways — we keep liability for data we lose through our own fault, we now give you an intellectual-property indemnity and a service warranty, and your indemnity is tied to your own acts and breaches; adds an express right for us to suspend rather than terminate (11.2A); and adds standard commercial provisions including our right to assign the agreement if the business is ever sold (12.14). Version 3.1 (7 July 2026) completed the sub-processor list (Clause 7.4 and Schedule 1), added our ICO registration number (C1963975), and corrected how we describe our use of AI (Anthropic and Groq provide AI inference; the dispatch engine is rule-based, not AI). Previous versions are available on request from legal@optitechautomation.co.uk.
1. Parties and Definitions
OptiTech Automation is run by one accountable person: Cristian Moise-Putanu, a sole trader in Torquay, Devon. That means a real, named individual stands behind this service and answers for it — you can contact Cristian directly at hello@optitechautomation.co.uk or legal@optitechautomation.co.uk. We take continuity seriously: Clause 12.12 sets out exactly what happens to your data and your access if the business ever cannot continue, including advance notice and a full data export, and you can export your own data at any time.
1.1 "OptiTech Automation", "we", "us", or "our" means Cristian Moise-Putanu, sole trader, trading as OptiTech Automation, Torquay, Devon, England. This business is unincorporated; there is no limited company. All obligations under this Agreement vest personally in Cristian Moise-Putanu.
In this Agreement the following terms have the meanings set out below:
- Platform: "Platform" means the OptiTech Automation software-as-a-service application accessible at app.optitechautomation.co.uk, including the admin console, customer booking portal, and worker mobile application.
- Service: "Service" means the Platform together with support provided by OptiTech Automation under this Agreement.
- Business Owner / you: "Business Owner" or "you" means the sole trader, partnership, or limited company that accepts these terms and subscribes to the Service in the course of, and for the purposes of, its trade business. This is a business-to-business agreement. You confirm that you are entering into it wholly or mainly for the purposes of your business and not as a "consumer". Some of these terms would apply differently if you were a consumer; the position for the rare case where a court finds you were nonetheless acting as a consumer is set out in Clause 3.5(e), and in every case any statutory right you have that cannot lawfully be excluded or restricted continues to apply in full and prevails over anything in this Agreement.
- Workers: "Workers" means natural persons employed by or engaged as independent contractors by the Business Owner who use the OptiTech Automation worker mobile application to manage their job assignments. Workers are engaged by the Business Owner, not by OptiTech Automation.
- Customers: "Customers" means end consumers who use the Business Owner's branded booking portal (hosted on the Platform) to book trade services from the Business Owner.
- Subscription: "Subscription" means the monthly licence to access the Platform at the tier selected by the Business Owner at sign-up.
- The Pledge: "The Pledge" means the six binding commitments set out in Clause 4 of this Agreement.
- Fees: "Fees" means the monthly Subscription fees and any one-time Onboarding Investment payable under Clause 3.
- Onboarding Investment: "Onboarding Investment" means the one-time charge for the initial build, configuration, data import, and activation of the Platform for your business, in the amount itemised and presented to you before payment. It is a charge for that work, and is not a recurring or Subscription fee.
- Business Day: "Business Day" means any day other than a Saturday, Sunday, or public or bank holiday in England and Wales. Where a period in this Agreement is expressed in "Business Days" it is calculated by reference to England and Wales; where it is expressed in "working days" it has the same meaning. Times of day are measured in UK local time.
- Aggregated Data: "Aggregated Data" means data derived from the operation of the Platform that has been aggregated and/or stripped of identifiers so that it does not identify, and cannot reasonably be used to identify, any Business Owner, Worker, Customer, or other individual. Aggregated Data is not personal data. OptiTech Automation's limited right to use Aggregated Data is set out in Clause 8.5.
Notices to OptiTech Automation must be sent to:
- General: hello@optitechautomation.co.uk
- Legal and data protection: legal@optitechautomation.co.uk
2. The Service — Software Only, Not an Employment Agency
OptiTech Automation is a software platform that helps you manage your trade business. It is not an employment agency and it does not employ, supply, recruit, or place any workers. Your workers are your workers; OptiTech Automation gives you tools to schedule, dispatch, and track them.
2.1 OptiTech Automation is NOT an employment agency, employment business, or staffing intermediary as defined in the Employment Agencies Act 1973 (as amended by the Employment Rights Act 2025). OptiTech Automation does not recruit, introduce, supply, match, or place any Worker with any Business Owner or any Customer. OptiTech Automation does not employ or engage Workers. All Workers who access the OptiTech Automation worker application do so as existing members of the Business Owner's own workforce.
2.2 The Platform is software only. All job allocation, pricing, and worker management decisions are made by the Business Owner using the Platform as a tool. OptiTech Automation's dispatch engine implements the Business Owner's own configuration; it does not independently select or direct Workers.
2.3 The Service includes the following features as live and available on the effective date of this Agreement:
- Online booking management for trade businesses, including a branded customer booking portal.
- Worker scheduling and dispatch tools.
- Deposit capture at booking via Stripe Connect (processed through the Business Owner's own Stripe sub-account).
- Job tracking, on-site job completion workflow, and job history.
- Xero OAuth integration: automatic creation of draft invoices in the Business Owner's Xero account on job completion.
- Worker mobile application (offline-capable, caching schedule and Customer details when connectivity is unavailable).
- Admin console for Business Owners.
- Transactional email notifications via Resend.
- SMS notifications and location services via Twilio and Mapbox.
2.4 The following features are NOT currently available on the Platform and must not be relied upon:
- GoCardless payment processing (Stripe only).
- Electronic signatures.
2.5 The Platform is hosted and operated using third-party infrastructure and service providers. These include Vercel (hosting and CDN), Supabase (PostgreSQL database, EU region), Stripe (payment processing), Xero (accounting integration), Resend (transactional email), Twilio (SMS), and Mapbox (mapping and location), together with the further sub-processors that support the platform's AI, operational-alert, scheduling, geocoding, business-look-up, rate-limiting, error-monitoring, and notification features. The complete list of authorised sub-processors, with their locations and transfer safeguards, is set out in Clause 7.4 and Schedule 1. All of them are sub-processors under the Data Processing Schedule at Schedule 1.
3. Subscription and Payment
You pay monthly in advance by Stripe. Your tier and monthly fee are fixed at sign-up. The Onboarding Investment is one-time and non-refundable once setup begins. Founding members (first 20) have their Onboarding Investment waived. If a payment fails, a short grace period applies before Platform access may be suspended. We give 60 days' written notice before any price change.
3.1 Subscription tiers and monthly fees (GBP, excluding VAT where applicable):
- Standard: £599 per month plus a one-time Onboarding Investment (amount specified at sign-up).
- Growth: £1,749 per month plus a one-time Onboarding Investment (amount specified at sign-up).
- Dominator: £3,599 per month plus a one-time Onboarding Investment (amount specified at sign-up).
3.2 VAT: OptiTech Automation is not currently VAT-registered, so no VAT is charged today and the Fees are stated without VAT. VAT is a tax set and collected on behalf of the UK government; it is not part of OptiTech Automation's own charge for the Service. If OptiTech Automation becomes VAT-registered during the term of this Agreement, it will be legally required to add VAT to the Fees at the applicable rate. For clarity, adding VAT that the law requires is not an increase in OptiTech Automation's rate and does not breach the founding-member rate lock (Clause 3.3) or The Pledge (Clause 4, item 5), each of which fixes OptiTech Automation's own net Subscription Fee and not any government tax. OptiTech Automation will give the Business Owner 30 days' written notice before VAT is first added, and the Business Owner may terminate without penalty during that 30-day period if the resulting total cost is unacceptable. Where a Business Owner is itself VAT-registered it will ordinarily be able to recover such VAT.
3.3 Founding members: The first 20 Business Owners to sign up receive their Onboarding Investment waived in full. Their monthly Subscription fee is locked at the rate applicable at sign-up for the life of their continuous Subscription (see also Clause 4 and The Pledge, item 5). This rate lock continues for as long as the Subscription remains active without interruption.
3.4 Billing: Monthly Subscription fees are collected in advance on the monthly anniversary of the Subscription start date via Stripe. The Business Owner must maintain a valid payment method on file. OptiTech Automation will send an email reminder at least 30 days before each renewal confirming the renewal date and amount.
3.5 Onboarding Investment: (a) The Onboarding Investment is a one-time charge, in the amount itemised and presented to the Business Owner before payment is taken. It covers the initial build, configuration, data import, and activation ("go-live") of the Platform for the Business Owner's business. (b) Founding members: for the first 20 Business Owners (see Clause 3.3), the Onboarding Investment is waived in full and no such charge is payable. (c) Refund position: if the Business Owner cancels before the build begins, the Onboarding Investment is refundable in full. Once the build begins — meaning once OptiTech Automation starts configuration, provisioning, data import, or any customisation work — the Onboarding Investment is non-refundable, because it pays for work then carried out. (d) Discretion: OptiTech Automation may, at its sole discretion and without creating any obligation or precedent, agree a partial or full refund in an individual case. (e) Business-to-business basis, with a consumer fallback: this is a business-to-business agreement (Clause 1) and the Business Owner contracts for the purposes of its trade, so the statutory consumer cooling-off regime does not, as a rule, apply. OptiTech Automation nonetheless gives every Business Owner the fair cancellation position in (c) above (full refund before the build begins; proportionate charge for work actually carried out once it begins) regardless of consumer status. As a clearly-labelled fallback, in the rare case where a court finds that a particular Business Owner was in fact acting as a "consumer" within the meaning of the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013, that Business Owner also has the statutory 14-day right to cancel under those Regulations; where such a consumer asks OptiTech Automation to begin the build within the 14-day period, then (i) under regulation 36 the right to cancel is lost once the service has been fully performed, and (ii) under regulation 37, on cancellation after the build has begun but before it is fully performed, the consumer must pay a proportionate amount for the work carried out. OptiTech Automation provides the pre-contract information, itemised price, and durable confirmation described in Clause 3.9. Nothing in this Clause removes or limits any statutory right that cannot lawfully be excluded, and any such right prevails over anything in this Agreement.
3.6 Late payment: If a Subscription payment fails, OptiTech Automation will allow a short grace period during which it will attempt to collect payment and may send a reminder. If the account is not brought up to date within that grace period, OptiTech Automation may suspend Platform access until the outstanding Fees are paid, without prejudice to its right to recover the Fees due. Suspension does not by itself terminate this Agreement, and access is restored once payment is received. OptiTech Automation reserves the right to charge statutory interest on overdue sums under the Late Payment of Commercial Debts (Interest) Act 1998, but does not do so as a matter of course.
3.7 Price changes: OptiTech Automation will give at least 60 days' prior written notice of any increase to monthly Subscription Fees. The Business Owner may terminate this Agreement without penalty or exit fees during that 60-day notice period by written notice to legal@optitechautomation.co.uk. Founding-member rate locks are not subject to price increases (see Clause 4, The Pledge, item 5).
3.8 Auto-renewal: The Subscription renews automatically each month unless cancelled in accordance with Clause 11. There are no minimum terms or lock-in periods beyond the current monthly period.
3.9 Subscription transparency (fair-by-design): OptiTech Automation designs its subscription to be clear and easy to leave, consistent with the subscription-contract provisions of the Digital Markets, Competition and Consumers Act 2024 as they come into force. Before you subscribe, we present the key information you need in a clear and prominent way: what the Service is, the monthly Subscription Fee for your tier, any one-time Onboarding Investment (itemised in the amount payable), the fact that the Subscription renews automatically each month, and how to cancel. Where a price is shown on a surface a consumer may see, the total price payable (including any VAT then due) is shown up front rather than added later. After you subscribe, we send a confirmation you can keep, send a reminder at least 30 days before each renewal (Clause 3.4), and let you cancel at any time by a simple written notice to legal@optitechautomation.co.uk or from your account — with no exit fees and no cancellation charge (Clause 11.1 and The Pledge, item 1). This Clause supplements, and does not limit, any statutory right you may have.
4. The Pledge
The Pledge is not a marketing statement. These are six binding contract commitments. If OptiTech Automation breaks any of them in a material way, you can terminate immediately and get a pro-rated refund of prepaid fees for the unused period.
The following six commitments are binding terms of this Agreement. They are not aspirational statements. They are enforceable.
- 1. You can cancel any time with 30 days' written notice. No exit fees. No early termination charges. No penalties.
- 2. Your data is yours. When you ask, we will export it in CSV and/or PDF format promptly — we aim for the next Business Day and commit to no later than five Business Days. No charge, and no holding your data hostage.
- 3. The price you agreed at sign-up is the price you pay. No bolt-on surprises. No undisclosed charges.
- 4. A named, accountable person stands behind your support. You can always reach a real human — you will never be trapped in an automated loop or handed off to an anonymous call-centre queue. We may use tools, including AI, to help us answer you faster and more accurately, but a named person is responsible for the answer you receive and you can always ask to speak to them.
- 5. Founding-member rates are locked for the life of your continuous Subscription. We will never increase our own rate while you remain subscribed. (If the law later requires us to add VAT, that is a government tax and not a rate increase — see Clause 3.2.)
- 6. OptiTech Automation is run by Cristian Moise-Putanu, a named, accountable sole trader. The same person who built it supports it.
4.7 Material breach of The Pledge: If OptiTech Automation materially breaches any of the six commitments above, the Business Owner may terminate this Agreement immediately by written notice to legal@optitechautomation.co.uk without serving the standard 30-day notice period, and shall be entitled to a pro-rated refund of prepaid Fees for the unused portion of the current billing period.
4.8 "Material breach" of The Pledge means: (a) refusal or failure to permit cancellation with 30 days' written notice; (b) failure to make a data export available within five Business Days of a written request (the next-Business-Day target in item 2 is what we aim for, not the point at which a breach arises); (c) increasing the net Subscription Fee without 60 days' prior written notice (the lawful addition of VAT under Clause 3.2 is not such an increase); (d) ceasing to provide a route to a named, accountable person for support; (e) increasing the net Subscription Fee of a founding member; or (f) operating the Platform without a named, identified accountable operator. A short, good-faith delay that OptiTech Automation corrects promptly on notice is not a material breach.
4.9 The pro-rated refund remedy in this Clause 4 is separate from and not subject to the general limitation of liability cap in Clause 10.
5. Business Owner Obligations
You are responsible for running your trade business lawfully. OptiTech Automation gives you tools; you make the decisions. The legal obligations for your workers, your customers, your insurances, and your trade certifications are yours, not OptiTech Automation's.
5.1 General: The Business Owner shall at all times: (a) use the Platform and Service only for lawful purposes and in accordance with applicable UK law; (b) provide accurate, complete, and up-to-date information to OptiTech Automation and on the Platform; (c) maintain all licences, certifications, registrations, and insurance policies required by law to operate their trade business; (d) comply with all consumer protection, data protection, employment, and health and safety legislation applicable to their business.
5.2 Accurate information: The Business Owner warrants that all information provided to OptiTech Automation at sign-up and during the Subscription is true and accurate. Any material change to the Business Owner's business (including change of legal entity, change of trade activities, or insolvency proceedings) must be notified to OptiTech Automation within 14 days.
5.3 No resale: The Business Owner may not resell, sublicence, or transfer access to the Platform to any third party. The Subscription is granted to the named Business Owner only.
5.4 Account security: The Business Owner is responsible for maintaining the security of their account credentials and for all activity under their account. Any suspected unauthorised access must be reported to OptiTech Automation immediately at hello@optitechautomation.co.uk.
5.5 Acceptable use: The Business Owner must not use the Platform to: conduct or facilitate fraud; harass, threaten, or discriminate against Workers, Customers, or any person; commit any offence under the Computer Misuse Act 1990, the Fraud Act 2006, the Bribery Act 2010, the Modern Slavery Act 2015, or the Defamation Act 2013; breach any data protection, employment, or consumer protection obligation; reverse-engineer, decompile, or disassemble the Platform (except to the limited extent permitted by the Copyright, Designs and Patents Act 1988 s.50B and s.50C and which cannot be contractually excluded); scrape, harvest, or extract data or content from the Platform by any automated means except through functionality OptiTech Automation provides for that purpose; probe, scan, circumvent, or test the vulnerability of the Platform or attempt to gain unauthorised access to it or to any account, data, or system; introduce any malware or other harmful code; or sublicence, resell, rent, or share access.
5.6 Anti-bribery: The Business Owner warrants that it complies with the Bribery Act 2010 and maintains adequate procedures to prevent bribery. The Business Owner warrants that no payment, gift, or benefit has been or will be offered to any person in connection with this Agreement.
5.7 Modern slavery: The Business Owner warrants that it complies with the Modern Slavery Act 2015 and that it does not engage in, or benefit from, forced labour, child labour, or human trafficking in connection with any Worker engaged through the Platform.
5.8 Your business, your content, your compliance
5.8 Owner responsibility: (a) The Business Owner operates its own business through the Platform, in its own name, in its own commercial interest, and on its own responsibility. The Platform is a tool; the business decisions are the Business Owner's. (b) The Business Owner is solely responsible for: (i) the content, pricing, offers, descriptions, and claims it publishes through the Platform, including on any business website, booking page, or customer-facing material served through the Platform; (ii) compliance with all laws and regulatory requirements applicable to its trade, including holding and maintaining every qualification, certification, registration, licence, and insurance required to carry out and to advertise that trade; (iii) its compliance with consumer-protection, advertising, and pricing-transparency law in its dealings with its own Customers; (iv) its conduct towards, and its legal obligations to, its Customers and its Workers; and (v) the accuracy, lawfulness, and completeness of all information it enters into or publishes through the Platform. (c) OptiTech Automation provides the Platform and its tools on an "as is" and "as available" basis. OptiTech Automation is not the author, publisher, or source of Business Owner content, does not adopt, endorse, verify, or warrant any Business Owner content, offer, price, or claim, and is not a party to any contract between the Business Owner and its Customers or Workers. (d) OptiTech Automation does not pre-vet or actively monitor Business Owner content, and is under no obligation to do so; the Business Owner's content is its own. As a protective backstop, however, OptiTech Automation reserves the right — acting reasonably and proportionately, and generally where a concern is brought to its attention — to ask the Business Owner to correct, amend, or remove content, and, where the risk warrants it, to suspend or disable content, that OptiTech Automation reasonably considers to be unlawful, materially misleading, infringing, or likely to create a legal, regulatory, or safety risk for the Business Owner, a Customer, a Worker, or OptiTech Automation. Wherever it is practicable and lawful to do so, OptiTech Automation will notify the Business Owner first and give it a reasonable opportunity to put the matter right, reserving immediate action for cases of urgency or clear illegality. Exercising, or choosing not to exercise, this right does not make OptiTech Automation the author or publisher of, or otherwise responsible for, Business Owner content, and does not relieve the Business Owner of responsibility for it. (e) The Business Owner's indemnity in respect of its content, offers, and claims is set out in Clause 10.6.
5.9 Age of account holder: The Business Owner warrants that the individual who creates and holds the OptiTech Automation account is aged 18 or over. The Platform is a business-to-business service and is not intended for use by persons under the age of 18 as Business Owner account holders. Workers aged 16 or 17 may use the worker mobile application at the Business Owner's direction; the Business Owner as Data Controller is responsible for providing an age-appropriate privacy notice to those workers and for ensuring that processing of their data complies with UK GDPR.
5.10 Your responsibilities and acceptable use — a summary you can rely on
5.10 Acceptable use and Business Owner warranties: These responsibilities protect you, your Workers, your Customers, and the platform community. They are fair, they are what a responsible operator would expect, and they are grounds for the suspension right in Clause 11.2A and, where the breach is material or not remedied, for termination under Clause 11.2. The Business Owner warrants and agrees, for the duration of its Subscription, that it will: (a) use the Platform and Service only for lawful purposes and in accordance with applicable UK law, these terms, and the acceptable-use standards in Clause 5.5; (b) provide accurate, complete, and current information to OptiTech Automation and keep it up to date, and not impersonate any person or misrepresent its identity, trade, or authority; (c) hold and maintain, throughout, every qualification, certification, registration, licence, and insurance that the law requires for the trade it carries out and advertises (see also Clause 6), and not use the Platform to offer or advertise work it is not lawfully entitled to carry out; (d) comply with all consumer-protection, advertising, pricing-transparency, and cancellation law in its own dealings with its Customers, and honour its Customers' statutory rights; (e) keep its account credentials secure and confidential, enable available security protections, and be responsible for all activity carried out under its account, promptly reporting any suspected compromise; (f) be responsible for its Workers' and other authorised users' access to and use of the Platform, ensuring they comply with the parts of these terms that apply to them; (g) not upload, publish, or transmit through the Platform any content or material that is unlawful, defamatory, fraudulent, discriminatory, obscene, harassing, harmful, or that infringes any third party's intellectual property, privacy, or other rights, and be solely responsible for the content it publishes (see Clause 5.8); (h) not misuse the Platform as described in Clause 5.5 (including no reverse-engineering beyond what the law allows, no unauthorised scraping or data extraction, no attempt at unauthorised access, and no resale or sharing of access); and (i) cooperate promptly and in good faith with OptiTech Automation's reasonable requests that are necessary to operate, secure, support, or lawfully administer the Platform, including reasonable requests for evidence of the insurance or certifications required under Clause 6. A breach of this Clause 5.10 that OptiTech Automation reasonably considers to create a legal, regulatory, security, or safety risk entitles OptiTech Automation to act under Clause 11.2A (suspension) and, where appropriate, Clause 11.2 (termination). Nothing in this Clause limits any statutory right the Business Owner has that cannot lawfully be excluded.
6. Employment Status and Worker Engagement
This is the section that protects your business. Employing and deploying trade workers carries real legal duties — on employment status, minimum wage, right to work, insurance, gas and electrical safety, and health and safety. We set them out plainly, in one place, so you know exactly where you stand and are not caught out; most platforms leave you to find out the hard way. The penalties noted below are set by law, not by OptiTech Automation, and we quote them so you can see why each duty matters. You, as the employer or principal, are responsible for meeting these duties and for deciding your workers' employment status; OptiTech Automation is a software tool and does not make those determinations for you. Where a case is borderline, take independent legal or tax advice.
6.1 OptiTech Automation is not an employment agency
OptiTech Automation is a software-as-a-service tool. It is NOT an employment agency, employment business, or staffing intermediary as defined in the Employment Agencies Act 1973 (as amended). OptiTech Automation does not recruit, introduce, supply, match, or place Workers with Business Owners or Customers. OptiTech Automation does not employ, engage, or direct any Worker. All Workers who access the worker application are existing members of the Business Owner's workforce, engaged by the Business Owner under arrangements made independently of the Platform. The Business Owner acknowledges that courts and employment tribunals look at the reality of working relationships and not merely contractual labels (Autoclenz Ltd v Belcher [2011] UKSC 41).
6.2 Employment status determination
Before engaging any Worker to perform services through the Platform, the Business Owner must determine that Worker's employment status under UK law. The three possible categories are: (a) Employee (contract of employment, ERA 1996 s.230(1)) — entitled to full employment rights including unfair dismissal protection, statutory redundancy pay, SSP, and family-friendly rights; (b) Limb-b worker (ERA 1996 s.230(3)(b)) — entitled to National Minimum Wage, 5.6 weeks' paid annual leave, rest breaks, and whistleblowing protections; (c) Genuinely self-employed — genuinely in business on their own account with multiple clients, bearing their own business risk, with an unfettered right to substitute a qualified replacement. The Business Owner is solely responsible for this determination. OptiTech Automation does not provide employment status advice. The HMRC CEST tool provides indicative guidance only and is not binding on HMRC. Independent legal and tax advice must be obtained for borderline cases.
6.3 National Minimum Wage
The Business Owner is solely and exclusively responsible for ensuring that all employees and limb-b workers are paid at least the applicable National Minimum Wage and National Living Wage under the National Minimum Wage Act 1998 and National Minimum Wage Regulations 2015 (SI 2015/621). Current applicable rates (from 1 April 2026, uprated annually): National Living Wage (aged 21 and over) £12.71 per hour; workers aged 18 to 20 £10.85 per hour; workers aged 16 to 17 and apprentices £8.00 per hour. NMW applies to all working time including travel time between jobs and waiting time where the Worker is required to be available. The Business Owner must maintain NMW pay records for a minimum of six years. HMRC enforcement consequences for non-compliance include a civil penalty of 200% of arrears (minimum £100, maximum £20,000 per worker), public naming, and criminal prosecution for wilful refusal. The Business Owner warrants compliance with all NMW obligations and indemnifies OptiTech Automation against any claim, loss, fine, or reputational damage arising from NMW non-compliance.
6.4 Right to Work
The Business Owner must conduct a compliant right-to-work check BEFORE any Worker commences work. The primary legislative basis for right-to-work obligations is sections 15 to 25 of the Immigration, Asylum and Nationality Act 2006 (IANA 2006). The Immigration (Restrictions on Employment) Order 2007 (SI 2007/3290, as amended) established the original check framework and remains in force in amended form; the operative compliance guidance for employers is the Home Office Employer's Guide to Right to Work Checks (updated periodically; the current version is available at gov.uk), which must be followed in its current form and supersedes earlier guidance in practice. From 31 December 2024, the Home Office completed its transition to digital immigration status (eVisa). Workers whose right to work is held as a digital eVisa (rather than a physical document) must provide their Business Owner with a share code and their date of birth so the Business Owner can verify their right to work via the Home Office online service at gov.uk/view-right-to-work. A Business Owner must not rely solely on a physical document where the worker holds only a digital eVisa status. A copy of the online check result must be retained. The Business Owner must retain records of all right-to-work checks for the duration of the engagement and for two years after it ends. Right-to-work checks cannot be conducted by, delegated to, or outsourced to OptiTech Automation. Current civil penalties: up to £45,000 per worker for a first breach; up to £60,000 per worker for a repeat breach (rates in force from 13 February 2024 under SI 2024/130). Criminal liability where the employer knew or had reasonable cause to believe the worker had no right to work: up to 5 years' imprisonment under IANA 2006 s.21. The Business Owner indemnifies OptiTech Automation against any liability, loss, cost, penalty, or reputational damage arising from failure to conduct adequate right-to-work checks.
6.5 Employers' Liability Insurance
Every Business Owner that employs one or more employees must at all times maintain a policy of employers' liability insurance under the Employers' Liability (Compulsory Insurance) Act 1969 and the Employers' Liability (Compulsory Insurance) Regulations 1998 (SI 1998/2573). The policy must be issued by an authorised insurer and provide minimum cover of £5,000,000 (five million pounds) per claim. The penalty for non-compliance is £2,500 per day; the penalty for failure to display the certificate is £1,000 per day. These penalties fall exclusively on the Business Owner. As an additional condition of Platform access, all Business Owners must maintain public liability insurance providing minimum cover of £2,000,000 (two million pounds) per claim. The Business Owner must provide evidence of compliant insurance within 10 business days of a written request from OptiTech Automation. Failure to provide such evidence is grounds for suspension of Platform access.
6.6 Gas Safe Register compliance
The Gas Safety (Installation and Use) Regulations 1998 Regulation 3 prohibits any person from carrying out, supervising, or qualifying gas work unless individually registered on the Gas Safe Register for the specific appliance category. The Business Owner warrants that: (a) every person deployed to carry out, supervise, or qualify any gas work through the Platform holds, at the time of deployment, a current individual Gas Safe Register membership covering the relevant appliance category; (b) the Business Owner will verify such registration before each deployment by checking gassaferegister.co.uk and retain a dated verification record; (c) the Platform will not be used to schedule, dispatch, or manage gas work to be carried out by an unregistered person. Deployment of an unregistered gas engineer is a criminal offence under the Gas Safety Regulations 1998 and HSWA 1974 s.33, carrying up to six months' imprisonment and an unlimited fine. Ignorance of a worker's lack of registration is not a defence. OptiTech Automation does not verify Gas Safe registration status. The Business Owner indemnifies OptiTech Automation against any claim, fine, penalty, or regulatory action arising from non-compliance. Breach of this sub-clause is a material breach of this Agreement entitling OptiTech Automation to terminate with immediate effect. Where gas work includes annual safety inspections on residential rental properties under a tenancy, the Business Owner additionally warrants compliance with Regulation 36 of the Gas Safety (Installation and Use) Regulations 1998, as amended by the Gas Safety (Installation and Use) (Amendment) Regulations 2018 (SI 2018/139): (i) a valid Landlord Gas Safety Record (CP12 or LGSR) must be issued to the landlord customer on completion of the inspection; (ii) a copy must be provided to any existing tenant within 28 days of the inspection, and to any new tenant before they occupy the premises; (iii) by virtue of the Gas Safety (Installation and Use) (Amendment) Regulations 2018, the record may be delivered to tenants electronically -- by email or via a secure online portal -- provided the tenant has not requested a paper copy; (iv) the Business Owner must retain a copy of every Landlord Gas Safety Record for a minimum of two years from the date of inspection, as required by Regulation 39 of the 1998 Regulations.
6.7 Electrical work — Part P and Competent Person Scheme compliance
Building Regulations 2010 Approved Document P governs notifiable electrical installation work in dwellings in England and Wales. (Note: this platform operates in England and Wales only. Business Owners conducting work in Scotland should take independent legal advice as a different framework applies under the Building (Scotland) Act 2003.) The Business Owner warrants that: (a) any notifiable electrical installation work in a dwelling in England or Wales is performed only by a person holding current membership of an approved Competent Person Scheme covering the relevant work category -- the approved schemes for England and Wales are NICEIC, NAPIT, ELECSA, BRE Certification, Stroma Certification, and BSI Kitemark -- OR that prior notification has been given to the relevant Local Authority Building Control before work commences; (b) SELECT (SELECT Electrical) is a Scottish trade body and is NOT an approved Competent Person Scheme for Part P purposes in England or Wales; Business Owners must not rely on SELECT membership as evidence of Part P compliance for work in England or Wales; (c) the Business Owner will verify CPS membership before each deployment in England or Wales and retain a dated verification record; (d) all relevant electrical installation certificates, minor works certificates, and EICR reports are obtained, issued to the customer, and retained by the Business Owner. Non-compliant electrical work in a dwelling is a criminal offence under the Building Act 1984 s.35. OptiTech Automation does not verify electrician certifications. The Business Owner indemnifies OptiTech Automation against any claim, loss, penalty, or regulatory action arising from non-compliant electrical work. Breach is a material breach entitling OptiTech Automation to terminate with immediate effect.
6.8 Health and safety
The Business Owner is an employer or principal contractor with direct obligations under the Health and Safety at Work etc. Act 1974. The Business Owner must comply with all applicable health and safety legislation, including: HSWA 1974 s.2 (general duty to employees); HSWA 1974 s.3 (duty to non-employees including Customers at whose premises work is carried out); Management of Health and Safety at Work Regulations 1999; Electricity at Work Regulations 1989; and the Construction (Design and Management) Regulations 2015 where applicable. For projects exceeding 500 person-days or 30 working days with more than 20 simultaneous workers, the Business Owner must assess CDM 2015 notification obligations, appoint a principal designer and principal contractor, and file HSE Form F10 where required. OptiTech Automation has no presence on any job site and no health and safety obligations in relation to trade work performed by the Business Owner's Workers. The Business Owner indemnifies OptiTech Automation against any claim, enforcement action, fine, or liability arising from health and safety failures relating to work managed through the Platform.
6.9 RIDDOR reporting obligations
The Business Owner must comply with the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR 2013). The Business Owner must report to the Health and Safety Executive (HSE): (a) any workplace fatality or specified injury to an employee or self-employed person; (b) any injury to a non-worker (e.g., a Customer at whose property work is being carried out) that requires hospital treatment; (c) over-7-day incapacitation injuries to workers; (d) occupational diseases; (e) dangerous occurrences. Gas and electrical incidents at customer premises may trigger both RIDDOR reporting and Gas Safe/Part P obligations simultaneously. RIDDOR reports must be submitted through the HSE RIDDOR reporting portal at riddor.hse.gov.uk. OptiTech Automation recommends that Business Owners familiarise their workers with RIDDOR reporting obligations before deployment on the Platform.
6.10 Off-payroll working (IR35)
Where a Business Owner engages workers who provide personal services through an intermediary (a personal service company or partnership), the Business Owner must assess whether the off-payroll working rules in Chapter 10 of Part 2 of the Income Tax (Earnings and Pensions) Act 2003 (IR35) apply. If the Business Owner is a medium or large private sector organisation (as defined under Finance Act 2021, s.5), the Business Owner is the "deemed employer" for PAYE and NIC purposes where a worker would be an employee but for the intermediary. The Business Owner is solely responsible for conducting Status Determination Statements (SDS) as required and for any PAYE/NIC consequences of a wrong determination. OptiTech Automation provides no IR35 assessment tools and is not liable for IR35 determinations or consequential liabilities. The Business Owner indemnifies OptiTech Automation against any HMRC assessment, penalty, or interest arising from IR35 non-compliance.
6.11 Construction Industry Scheme (CIS)
Where the Business Owner engages subcontractors to carry out construction operations (as defined in Finance Act 2004 s.74), the Construction Industry Scheme (CIS) under Chapter 3 of Part 3 of the Finance Act 2004 and the Income Tax (Construction Industry Scheme) Regulations 2005 (SI 2005/2045) may apply. The Business Owner as "contractor" must: verify each subcontractor with HMRC before first payment; deduct CIS tax at the applicable rate (20% or 30%) from payments for labour; submit monthly returns to HMRC; and provide subcontractors with deduction statements. The OptiTech Automation Platform does not calculate, record, or submit CIS deductions. The Business Owner is solely responsible for CIS compliance. Failure to operate CIS correctly may result in HMRC penalties and the Business Owner becoming personally liable for unpaid CIS deductions. The Business Owner indemnifies OptiTech Automation against any CIS-related liability.
6.12 Worker certifications
The Business Owner warrants the ongoing validity of all professional certifications, trade registrations, and scheme memberships for every Worker whose profile is active on the Platform. The Business Owner must promptly update the Platform or notify OptiTech Automation if any certification lapses, is withdrawn, or expires. OptiTech Automation may suspend a Worker's app access with immediate effect if the Business Owner reports or if OptiTech Automation becomes aware of a lapse in required certifications, without liability to the Business Owner or the Worker.
6.13 Automated dispatch -- Keith: role and limits
6.13 The Platform includes an automated job-suggestion feature known as "Keith". Keith processes worker availability data, GPS proximity (via Mapbox), recorded skills, and Business Owner-configured dispatch rules to produce a ranked list of workers who meet the criteria set by the Business Owner for an incoming job. Keith then acts on that ranked list in accordance with the Business Owner's pre-configured dispatch rules. The following matters are confirmed and form part of this Agreement: (a) Keith does not select workers independently of the Business Owner's configuration. All dispatch rules -- including the criteria for ranking, the pool of eligible workers, the offer sequence, and the acceptance window -- are set exclusively by the Business Owner in the platform admin console. (b) The Business Owner may override any Keith-generated suggestion, cancel any outstanding job offer, and reassign any job manually at any time before a worker accepts. Keith does not prevent or override such manual intervention. (c) OptiTech Automation is not a party to the relationship between the Business Owner and any Worker. Keith's automated suggestion function does not constitute OptiTech Automation selecting, directing, controlling, rating, or engaging any Worker. All employment, engagement, and supervision obligations remain exclusively with the Business Owner. (d) Keith does not set, influence, or record worker pay, working hours, or working conditions. (e) The Business Owner warrants that its use of Keith's dispatch function complies with all applicable obligations, including: (i) its obligations under UK employment law in relation to the workers to whom job offers are sent; and (ii) where Keith operates in a fully automated dispatch mode (sending job offers without human review of each individual allocation before dispatch), the Business Owner's obligations as Data Controller under UK GDPR Article 22, including the obligation to ensure that a lawful basis for automated processing exists under Article 22(2) and that the Article 22(4) safeguards (right to human intervention, right to express a point of view, right to contest) are available to affected workers. (f) Nothing in this clause qualifies or limits the Business Owner's obligations under Clauses 6.1 to 6.12.
7. Data Processing — Schedule 1
You are the data controller for your customers' and workers' personal data. OptiTech Automation processes that data on your behalf as your data processor. Schedule 1 below is a full Article 28 UK GDPR compliant data processing agreement. It is incorporated into and forms part of this Agreement.
7.1 Roles: The Business Owner is the Data Controller in respect of personal data relating to its Customers and Workers processed via the Platform. OptiTech Automation is the Data Processor in respect of that data. OptiTech Automation is an independent Data Controller in respect of its own operational Platform data (Business Owner account data, billing records, support communications, platform analytics), which is governed by OptiTech Automation's Privacy Policy at optitechautomation.co.uk/privacy.
7.2 Data Processing Agreement: The Data Processing Schedule at Schedule 1 to this Agreement constitutes the written contract required by UK GDPR Article 28 between the Business Owner as Controller and OptiTech Automation as Processor. Both parties must comply with their respective obligations under Schedule 1.
7.3 ICO registration: OptiTech Automation is registered with the Information Commissioner's Office (ICO) under registration number C1963975. The Business Owner must be independently ICO-registered (or a valid exemption must apply) in respect of their own Customer and Worker data processing activities. Note: many sole traders and small trade businesses qualify for the 'small organisation' exemption from the ICO registration fee (but NOT from data protection obligations) — this applies where processing is limited to own-business employee and customer records only. If you are unsure, check ico.org.uk/registration. The Business Owner shall, where registered, provide their ICO registration number to OptiTech Automation within 14 days of sign-up or within 14 days of obtaining it.
7.4 Sub-processors: OptiTech Automation currently processes Personal Data using the following authorised sub-processors (full details in Schedule 1):
- Vercel Inc. — application hosting and CDN (United States, UK DPF Extension).
- Supabase Inc. — PostgreSQL database (EU, Frankfurt, AWS eu-central-1; UK-EU adequacy decision).
- Stripe Inc. / Stripe Payments UK Ltd — payment processing (United States/UK, UK DPF Extension and UK SCCs addendum).
- Xero — accounting integration, draft invoice creation via OAuth (contracted through Xero's UK entity; the Xero group is headquartered in New Zealand with group companies including Australia; the Business Owner's own Xero account). Any intra-group transfer is covered by Xero's data processing agreement and appropriate safeguards.
- Resend Inc. — transactional email delivery (United States, UK Extension to the EU-US Data Privacy Framework; Resend's DPF certification reference: to be verified annually by OptiTech Automation).
- Twilio Inc. — SMS notifications (United States, UK DPF Extension).
- Mapbox Inc. — mapping and GPS location services (United States, UK DPF Extension).
- Anthropic PBC — AI inference for in-platform AI assistance and for text drafting and summarisation features (United States; UK DPF Extension where certified, UK IDTA as fallback). Does not train on submitted data. The "Keith" dispatch engine is rule-based and uses no AI model.
- Groq, Inc. — fast AI inference for the website assistant, inbound-email triage, and reply drafting (United States). Where a transfer occurs it is protected by an appropriate safeguard — the UK Extension to the EU-US Data Privacy Framework where Groq is certified, or otherwise the UK IDTA or UK Addendum to the EU SCCs — and only the data needed for the feature in use is sent (website-chat text, inbound-email content, or lead or prospect contact details, as applicable).
- Telegram Messenger Inc. — used only to deliver short internal operational alerts to the operator (United States). We minimise the personal data included in an alert (typically a name and email address so the operator can act) and, where such transfers occur, rely on appropriate safeguards such as the UK IDTA or UK Addendum to the EU SCCs; where a suitable safeguard cannot be confirmed for a given alert type, we further reduce or omit the personal data sent. We keep this channel under review and will move to a mainstream operational channel if that better protects the data.
- Cal.com, Inc. — demo and discovery-call scheduling (United States). Receives a prospect's name, email, and booking notes; where such transfers occur they are protected by an appropriate safeguard such as the UK IDTA or UK Addendum to the EU SCCs, or DPF certification where held.
- postcodes.io — UK postcode geocoding for routing and job matching (United Kingdom; no overseas transfer). Receives customer and worker postcodes.
- Companies House — look-ups of public company and officer information (United Kingdom; no overseas transfer). Receives a company name or registration number.
- Upstash, Inc. (Redis) — rate-limiting and abuse protection (European Union / United States; UK-EU adequacy for EU processing, UK IDTA or UK Addendum to the EU SCCs for any US transfer). Receives client IP addresses.
- Functional Software, Inc. (Sentry) — error and performance monitoring (United States / European Union; UK IDTA or UK Addendum to the EU SCCs, adequacy for EU processing). Receives technical diagnostic data that may incidentally include identifiers.
- Apple, Google, and Mozilla push services — delivery of push notifications the recipient has opted into (United States and vendor global infrastructure; UK IDTA or UK Addendum to the EU SCCs, or Data Privacy Framework certification where available). Receives the device push token and the notification payload.
- hCaptcha (Intuition Machines, Inc.) — bot and abuse protection, engaged only when the CAPTCHA feature is enabled (United States; UK IDTA or UK Addendum to the EU SCCs). When active, receives the visitor IP address and interaction signals.
- Sightengine SAS — automated image moderation, engaged only when the photo feature is enabled (European Union, France; UK-EU adequacy decision). When active, receives uploaded images for classification.
7.5 Sub-processor changes: OptiTech Automation will give at least 30 calendar days' written notice before engaging any new sub-processor or replacing any listed sub-processor. The Business Owner may object within 14 calendar days on legitimate data protection grounds.
8. Intellectual Property
OptiTech Automation owns all rights in the Platform. You own your business data. OptiTech Automation has a limited licence to process your data in order to provide the Service. You have a licence to use the Platform while your Subscription is active.
8.1 OptiTech Automation owns all intellectual property rights in the Platform, including: software code, design, branding, database structure, and the organisation and selection of data within the Platform database (including database right under the Copyright and Rights in Databases Regulations 1997). No rights in the Platform are transferred to the Business Owner by this Agreement.
8.2 Licence to Business Owner: OptiTech Automation grants the Business Owner a non-exclusive, non-transferable, revocable licence to access and use the Platform during the Subscription for the Business Owner's internal trade business management purposes only. This licence terminates automatically on termination or expiry of the Subscription.
8.3 Business Owner data: The Business Owner retains all rights in their own data (Customer records, job records, Worker records, and all other data created by or on behalf of the Business Owner on the Platform). OptiTech Automation acquires no ownership rights in Business Owner data.
8.4 Processing licence: The Business Owner grants OptiTech Automation a limited, non-exclusive licence to store, process, and transmit Business Owner data solely to the extent necessary to provide the Service. This licence terminates on termination or expiry of the Subscription, subject to the data deletion and export obligations in Clause 11 and Schedule 1.
8.5 Aggregated Data: OptiTech Automation may create Aggregated Data (as defined in Clause 1 — data that has been aggregated and/or stripped of identifiers so that it does not identify, and cannot reasonably be used to identify, any Business Owner, Worker, Customer, or other individual) and may use that Aggregated Data to operate, secure, analyse, benchmark, and improve the Platform and Service and to develop new features. The Business Owner grants OptiTech Automation a perpetual, non-exclusive, royalty-free licence to use Aggregated Data for those purposes. This right is limited as follows: (a) it applies only to genuinely de-identified and/or aggregated data — it is not a right to use identifiable personal data for OptiTech Automation's own purposes, and OptiTech Automation does not use Customer or Worker personal data that it processes as your Data Processor for its own commercial purposes (see the Privacy Policy and Schedule 1); (b) OptiTech Automation will not attempt to re-identify individuals from Aggregated Data or publish Aggregated Data in any form that identifies the Business Owner or reveals its confidential information; and (c) it does not permit the sale of personal data, which OptiTech Automation does not do. This Clause is consistent with, and does not override, OptiTech Automation's obligations as Data Processor under Schedule 1 and the Privacy Policy.
9. Confidentiality
Both parties keep each other's confidential information confidential. Personal data obligations are governed separately by Schedule 1.
9.1 Each party ("Receiving Party") agrees to hold the other party's ("Disclosing Party's") confidential information in strict confidence and not to disclose it to any third party without prior written consent, except: (a) to employees, contractors, or sub-processors who need to know it for the purpose of this Agreement and are bound by equivalent confidentiality obligations; (b) where required by law, court order, or regulatory authority, provided the Receiving Party gives the Disclosing Party as much notice as is legally permissible before disclosure.
9.2 "Confidential information" means all non-public information disclosed by one party to the other in connection with this Agreement that is identified as confidential or that ought reasonably to be understood to be confidential given its nature or the circumstances of disclosure. It does not include information that: (a) is or becomes publicly available through no breach by the Receiving Party; (b) was known to the Receiving Party before disclosure; or (c) is independently developed by the Receiving Party without reference to the Disclosing Party's confidential information.
9.3 Confidentiality obligations survive termination of this Agreement for a period of five years, except in relation to personal data which is governed by Schedule 1 and applicable data protection law without time limit.
10. Limitation of Liability
This section shares risk fairly between us. Our liability to you is limited — for most matters, to the Subscription Fees you paid us over the previous 12 months (and never less than a £1,000 floor for brand-new accounts); and for a data-protection or confidentiality failure that is our fault, to a higher, separate cap in Clause 10.2A, because we know your data is the most valuable thing we hold. We keep responsibility for data we lose through our own fault, we warrant the Service and give you an intellectual-property indemnity (Clauses 10.7–10.8), and your own indemnity to us is tied to your own acts and breaches (Clause 10.6). Nothing in this Agreement limits anyone's liability for death, personal injury, fraud, or anything else the law does not allow to be limited (Clause 10.1). We do not accept liability for indirect losses such as lost profits, which in a business-to-business contract each party carries for itself and insures against. We think this allocation is reasonable; your non-excludable statutory rights are unaffected.
10.1 Absolute carve-outs: Nothing in this Agreement limits or excludes either party's liability for: (a) death or personal injury caused by that party's negligence (UCTA 1977 s.2(1)); (b) fraud or fraudulent misrepresentation; (c) any other statutory liability that cannot be contractually excluded under English law. These carve-outs are non-negotiable and cannot be waived.
10.2 General liability cap: Subject to Clause 10.1 (the matters that are never limited), Clause 10.2A (the higher data-protection cap), and Clause 4 (The Pledge refund remedy), OptiTech Automation's total aggregate liability to the Business Owner under or in connection with this Agreement, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall not exceed the greater of: (a) the total Subscription Fees paid by the Business Owner in the 12 calendar months immediately preceding the event giving rise to the claim; or (b) £1,000. In practice, for an established subscriber limb (a) is the operative cap and is a substantial sum (for example, a year of Subscription Fees); the £1,000 in limb (b) is only a floor, so that a subscriber in the first weeks of its Subscription — before much has been paid — is not left with a near-nil cap. It is not a statement of what the Business Owner's data or business is worth.
10.2A Higher cap for data-protection and confidentiality failures: OptiTech Automation recognises that protecting the personal data and business information it holds is a serious responsibility, and sets a higher, separate cap for it. Accordingly, and by way of exception to Clause 10.2, OptiTech Automation's total aggregate liability for loss or damage arising from its own breach of its data-protection obligations under Schedule 1, its breach of the confidentiality obligations in Clause 9, or a personal data breach caused by its own failure to meet the security standard in Schedule 1, shall not exceed the greater of: (a) 150% of the total Subscription Fees paid by the Business Owner in the 12 calendar months immediately preceding the event giving rise to the claim; or (b) £25,000. This higher cap sits above the general cap in Clause 10.2 and is without prejudice to Clause 10.1 (which is never limited) and to the Business Owner's own responsibilities as Data Controller. Each party is expected to hold appropriate insurance for the risks that fall to it.
10.3 Excluded losses: These are the standard limits that apply between businesses; they are subject to Clause 10.1 (which is never limited) and do not affect the Business Owner's non-excludable statutory rights. Subject to those, OptiTech Automation shall not be liable, whether in contract, tort, or otherwise, for any of the following, in each case only where the loss is indirect or consequential: (a) loss of profits; (b) loss of revenue; (c) loss of business or contracts; (d) loss of anticipated savings; (e) loss of goodwill or reputation; or (f) any other indirect, special, or consequential loss, whether or not it was foreseeable or the party had been advised of the possibility of it. For the avoidance of doubt, OptiTech Automation does NOT exclude its liability for loss of or damage to Business Owner data that is caused by OptiTech Automation's own negligence or breach of this Agreement; that liability remains, subject to the caps in Clause 10.2 and 10.2A. Each party is nonetheless expected to keep its own reasonable, regular backups. These exclusions apply in a business-to-business context and each party carries and insures its own indirect and operational losses.
10.4 Reasonableness acknowledgement: The Business Owner acknowledges that: (a) the Fees payable under this Agreement reflect the allocation of risk between the parties; (b) the Business Owner is better placed than OptiTech Automation to insure against its own operational losses; (c) these limitations are reasonable in all the circumstances of this Agreement, having regard to the matters in UCTA 1977 s.11 (and Schedule 2 by analogy), including: the relative bargaining power of the parties; whether the Business Owner received an incentive (such as reduced price or founding-member rate) in exchange; the reasonableness of the Business Owner insuring against their own operational losses; and the nature of the service provided. This acknowledgement is given for the purposes of UCTA 1977 s.11.
10.5 The cap in Clause 10.2 does not apply to the pro-rated Fees refund remedy available under Clause 4 (The Pledge) upon material breach of The Pledge by OptiTech Automation.
10.6 Business Owner indemnity: This indemnity is limited to things that are genuinely the Business Owner's own responsibility — it protects OptiTech Automation from being held liable for the Business Owner's own acts, omissions, and regulatory breaches, and for third-party claims arising from the Business Owner's own content and trade. It is balanced by OptiTech Automation's own commitments to the Business Owner in this Clause 10, including the intellectual-property indemnity in Clause 10.7 and the warranty in Clause 10.8. It is not a general or open-ended indemnity: it does not cover anything caused by OptiTech Automation's own negligence or breach, and it does not cover indirect or consequential losses. Subject to those limits, the Business Owner shall indemnify OptiTech Automation (meaning Cristian Moise-Putanu trading as OptiTech Automation; this indemnity runs in favour of OptiTech Automation as contracting entity and does not impose separate personal liability on Cristian Moise-Putanu beyond his liability as sole trader under this Agreement) against direct losses, liabilities, damages, costs, and reasonable legal fees actually and reasonably incurred by OptiTech Automation arising directly from any of the following: (a) any claim brought by a Customer relating to trade services provided or not provided by the Business Owner, where the claim arises from the Business Owner's own acts or omissions and not from a defect in the Platform; (b) any claim brought by a Worker relating to employment or engagement by the Business Owner, including claims for unpaid wages, unlawful deduction from wages, unfair dismissal, or discrimination, where the claim arises from the Business Owner's own acts or omissions and not from a defect in the Platform; (c) any material breach of this Agreement by the Business Owner; (d) any regulatory non-compliance by the Business Owner, including (without limitation) failure to maintain required employers' liability insurance, failure to verify Gas Safe registration before deployment of a gas engineer, failure to verify CPS membership before deployment of an electrician, failure to conduct right-to-work checks, failure to pay the National Minimum Wage, breach of consumer protection legislation, or breach of data protection obligations as Data Controller; (e) any act, omission, or wilful misconduct of the Business Owner or their Workers that directly causes loss to OptiTech Automation; (f) any claim brought by a third party (including a Customer, a competitor, a regulator, or any person identified or referred to in Business Owner content) arising out of or relating to the content, offers, prices, descriptions, or claims that the Business Owner publishes through the Platform (including any business website or booking page served through the Platform), including any claim of misleading or unfair advertising, defamation, or infringement of intellectual property or other rights, except to the extent the claim arises from a defect in the Platform itself rather than from the Business Owner's content or its acts or omissions. Scope limitations: This indemnity covers direct losses only. It does not require the Business Owner to indemnify OptiTech Automation against: (i) losses caused by or contributed to by OptiTech Automation's own negligence or breach of this Agreement; (ii) indirect, special, or consequential losses of any kind (which are excluded under Clause 10.3 in any event). These limitations are included to comply with the reasonableness requirement of s.4 of the Unfair Contract Terms Act 1977. Procedure: OptiTech Automation will: (i) give the Business Owner prompt written notice of any claim or proceeding in respect of which an indemnity under this clause may arise, and in any event within 15 business days of becoming aware; (ii) not make any admission of liability or agree any settlement in relation to any such claim without the prior written consent of the Business Owner (not to be unreasonably withheld or delayed); (iii) give the Business Owner reasonable opportunity to participate in the defence of any such claim at the Business Owner's cost. Failure by OptiTech Automation to comply with (i) or (ii) above does not extinguish the indemnity but reduces it to the extent the Business Owner is materially prejudiced.
10.7 OptiTech Automation intellectual-property indemnity: OptiTech Automation will indemnify the Business Owner against direct losses, damages, costs, and reasonable legal fees the Business Owner actually and reasonably incurs as a result of any third-party claim that the Platform, as provided by OptiTech Automation and used by the Business Owner in accordance with this Agreement, infringes that third party's United Kingdom intellectual-property rights. This indemnity does not apply to the extent a claim arises from: (a) Business Owner content, data, branding, or materials, or anything OptiTech Automation includes at the Business Owner's request; (b) use of the Platform in breach of this Agreement, or combined with, or modified by, anything not supplied or approved by OptiTech Automation, where the claim would have been avoided but for that combination or modification; or (c) use of a version of the Platform after OptiTech Automation has notified the Business Owner to stop and offered a non-infringing alternative. If a claim within this indemnity arises, OptiTech Automation may, at its option and cost, procure the right for the Business Owner to continue using the affected part of the Platform, modify or replace it so it is non-infringing, or, if neither is reasonably achievable, terminate the affected part and refund a fair proportion of prepaid Fees. The conduct-of-claims and mitigation provisions in Clause 10.6 apply to this indemnity, with the roles reversed. This indemnity is subject to the cap in Clause 10.2 and is the Business Owner's exclusive remedy for intellectual-property infringement by the Platform.
10.8 Limited platform warranty: OptiTech Automation warrants that: (a) it has the right to provide the Platform and to grant the licence in Clause 8.2; and (b) it will provide the Service with reasonable care and skill. If OptiTech Automation is in breach of (b), its obligation is to remedy the deficient Service (for example by re-performing it) within a reasonable time at no extra charge; if it cannot reasonably do so, the Business Owner's remedy is governed by the rest of this Clause 10. Except for this warranty, the warranties in Clause 10.7, and any term implied by law that cannot lawfully be excluded, the Platform and Service are provided on an "as is" and "as available" basis and OptiTech Automation does not give any other warranty, including any implied warranty of satisfactory quality or fitness for a particular purpose, to the fullest extent the law allows in a business-to-business contract. Nothing in this Clause excludes any statutory right or term that cannot lawfully be excluded.
11. Termination and Data Export
You can cancel any time with 30 days' written notice to legal@optitechautomation.co.uk. No exit fees. No penalties. You keep access to the Platform during the 30-day notice period. On termination, your data is exported within 5 working days of your request. We then securely delete your data within 30 days of your account closing or of a deletion request, unless the law requires longer retention.
11.1 Cancellation by Business Owner: The Business Owner may terminate this Agreement at any time by giving 30 days' written notice to legal@optitechautomation.co.uk. Platform access continues and the Service is provided normally throughout the 30-day notice period. No exit fees, early termination charges, or penalties apply. This mirrors The Pledge, item 1.
11.2 Termination by OptiTech Automation for material breach: OptiTech Automation may terminate this Agreement immediately by written notice to the Business Owner if the Business Owner: (a) fails to pay Fees and does not remedy the failure within 14 days of written notice; (b) materially breaches this Agreement (including any breach of Clause 6 obligations) and fails to remedy that breach within 14 days of written notice; (c) breaches Clause 6.6 (Gas Safe) or Clause 6.7 (Part P electrical) — these are material breaches entitling immediate termination; (d) becomes insolvent or enters administration, liquidation, or any insolvency process.
11.2A Suspension of access (a lighter-touch alternative to termination): Suspension lets OptiTech Automation pause access to protect the platform and the Business Owner without ending the relationship. OptiTech Automation may suspend the Business Owner's access to the Platform, in whole or in part, immediately and for as long as the relevant circumstance continues, where: (a) Fees are overdue after the grace period in Clause 3.6; (b) OptiTech Automation reasonably suspects a breach of Clause 5 (including the acceptable-use and conduct obligations in Clause 5.5 and 5.10), or a breach of Clause 6, that creates a legal, regulatory, security, or safety risk; (c) a Worker or account presents an unaddressed lapse in a required certification or insurance (see Clauses 6.5 and 6.12); (d) OptiTech Automation reasonably believes suspension is necessary to prevent or stop unlawful activity, a security threat, harm to any person, or a risk to the integrity of the Platform; or (e) OptiTech Automation is required to do so by law or by a competent authority. OptiTech Automation will limit any suspension to what is reasonably necessary, will give notice and the reason wherever it is practicable and lawful to do so (and, where the cause is capable of being put right, a reasonable opportunity to do so), and will restore access promptly once the cause is resolved. Suspension does not by itself terminate this Agreement and is without prejudice to OptiTech Automation's other rights, including termination under Clause 11.2. Suspension for a cause attributable to the Business Owner does not entitle the Business Owner to a refund for the suspended period; where OptiTech Automation suspends without proper cause, the Business Owner's remedies (including a pro-rated refund) are preserved.
11.3 Data export on termination: On termination or expiry of this Agreement for any reason, OptiTech Automation will make available a full export of all the Business Owner's data in CSV and/or PDF format promptly following a written request from the Business Owner — OptiTech Automation aims to do so by the next Business Day and commits to do so within five Business Days at the latest (a longer period applying only where an unusually large data volume genuinely requires more processing time, in which case OptiTech Automation will tell the Business Owner and complete the export as soon as reasonably practicable). This fulfils The Pledge, item 2.
11.4 Data deletion: Where the Business Owner has received their data export and does not request further copies, OptiTech Automation will securely delete all Business Owner Customer and Worker data from Platform systems within 30 calendar days of the later of: (a) the date of termination or account closure; or (b) the date the export is confirmed as received by the Business Owner — or, if earlier, within 30 calendar days of a written deletion request. OptiTech Automation will provide written confirmation of deletion. OptiTech Automation may retain data beyond 30 days only to the extent required by applicable law (including Stripe transaction records, HMRC business records, and data required for ongoing legal proceedings), and will notify the Business Owner of such retention with the legal basis.
11.5 Surviving clauses: The following clauses survive termination of this Agreement: Clause 4 (to the extent of the refund remedy for Pledge breach); Clause 8.5 (the aggregated-data licence, which is expressed to continue after termination); Clause 9 (Confidentiality); Clause 10 (Limitation of Liability); Clause 11.3 and 11.4 (data export and deletion); Clause 12 (General). Schedule 1 Data Processing Agreement survives until data is deleted or returned.
12. General Provisions
Standard legal housekeeping: English law, English courts, third-party rights excluded, entire agreement, severability, no waiver, version control on updates, and electronic contract formation.
12.1 Governing law: This Agreement is governed by the law of England and Wales.
12.2 Jurisdiction: Both parties submit to the exclusive jurisdiction of the courts of England and Wales in relation to any dispute arising out of or in connection with this Agreement.
12.3 Dispute resolution: Before commencing court proceedings, the parties agree to attempt to resolve any dispute by negotiation. If not resolved within 20 business days of a written dispute notice, either party may refer the dispute to mediation through CEDR or an agreed mediator, to commence within 30 days of written request. Costs are shared equally unless the mediator directs otherwise. This clause does not prevent either party from seeking urgent injunctive relief from a court without prior mediation.
12.4 Third-party rights: These terms confer no rights on any third party, including Customers or Workers, under the Contracts (Rights of Third Parties) Act 1999. Workers' rights in relation to the Platform are governed by the Worker Platform Terms. Customers' rights are governed by the Customer Booking Terms.
12.5 Entire agreement: This Agreement (including Schedule 1 and the Employment Status obligations in Clause 6, together with any Founding Member Confirmation Letter) constitutes the entire agreement between the parties and supersedes all prior agreements, representations, and understandings relating to its subject matter. This clause does not exclude or limit liability for fraud or fraudulent misrepresentation. Where no separate Founding Member Confirmation Letter has been issued, the founding-member rate lock and Onboarding Investment waiver are evidenced by: (a) the Business Owner's account creation date (which must fall within the first 20 Business Owner accounts); and (b) the acceptance records logged under Clause 12.10 confirming acceptance of the version of this Agreement in effect at sign-up. OptiTech Automation will maintain records sufficient to verify founding-member status on request.
12.6 Severability: If any provision of this Agreement is found to be unenforceable by a court of competent jurisdiction, that provision shall be severed and the remainder of the Agreement shall continue in full force and effect.
12.7 No waiver: No failure or delay by either party in exercising any right or remedy under this Agreement shall operate as a waiver of that right or remedy. No single or partial exercise of any right or remedy shall prevent any further exercise of that right or remedy.
12.8 Notices: All notices under this Agreement must be in writing and sent by email. Notices to OptiTech Automation: legal@optitechautomation.co.uk. Notices are deemed received on the next business day after sending. Both parties must retain copies of all notices.
12.9 Updates to this Agreement: (a) Categories of change: OptiTech Automation distinguishes between two categories of change: (i) Administrative updates: corrections of typographical errors, clarifications of existing obligations that do not alter their substance, or changes required by a change in applicable law or regulatory guidance. Administrative updates take effect on the date specified in the update notice or, where required by law, on the date the legal requirement comes into force. (ii) Substantive changes: any change that materially alters a party's rights or obligations, including (without limitation): changes to the limitation of liability or indemnity provisions; the addition, withdrawal, or material reduction of a Platform feature listed in Clause 2.3; changes to pricing or billing terms not already governed by Clause 3.7; changes to data processing or sub-processor arrangements not already governed by Clause 7.5; and any other change that could reasonably affect the Business Owner's decision to continue the Subscription. (b) Notice periods: Administrative updates require 30 days' prior written notice. Substantive changes require 60 days' prior written notice, consistent with the price change notice period in Clause 3.7. Where a change is immediately required by law, OptiTech Automation may implement it immediately with a contemporaneous written explanation; no exit right arises from a regulatory-required change. (c) Exit right for substantive changes: Where OptiTech Automation gives notice of a substantive change, the Business Owner may terminate this Agreement without penalty by written notice to legal@optitechautomation.co.uk received during the notice period. Termination under this sub-clause entitles the Business Owner to a pro-rated refund of any prepaid Subscription Fees for the period after the termination date. Continued use of the Platform after the notice period expires constitutes acceptance of the updated terms. (d) Version history: OptiTech Automation will maintain a publicly accessible version history of this Agreement at optitechautomation.co.uk/terms. Business Owners may request a copy of any previous version by emailing legal@optitechautomation.co.uk.
12.10 Electronic contract formation: Acceptance of these terms is effected by the Business Owner clicking the acceptance checkbox on the sign-up page ("click-wrap" acceptance). By clicking the checkbox, the Business Owner confirms they have read, understood, and agree to be bound by this Agreement. OptiTech Automation logs the account identifier, IP address, timestamp (UTC), and version of this Agreement accepted for each acceptance event. Records are retained for a minimum of six years.
12.11 Force majeure: (a) Definition: A "Force Majeure Event" means an event or circumstance beyond the reasonable control of the affected party that could not reasonably have been foreseen or prevented by that party taking reasonable precautions, and that directly causes a failure or material delay in performing an obligation under this Agreement. Force Majeure Events include: (i) acts of God, including flood, fire, earthquake, lightning strike, or extreme weather of a severity not reasonably foreseeable in the UK; (ii) pandemic or epidemic formally declared by a competent governmental or international public health authority; (iii) acts of terrorism or civil riot materially disrupting infrastructure necessary to deliver the Platform; (iv) action by a governmental or regulatory authority suspending or prohibiting the operation of the Platform in a manner outside OptiTech Automation's reasonable control; (v) cyber-attack by a third-party threat actor, provided OptiTech Automation has at the time of the attack implemented security measures that are reasonable and proportionate for a SaaS platform of this scale and the attack is not attributable to OptiTech Automation's failure to apply available security patches or maintain basic security hygiene; (vi) total and complete cessation of a named infrastructure sub-processor (Vercel, Supabase, Stripe, Twilio, or Mapbox) due to causes outside OptiTech Automation's reasonable control, where OptiTech Automation has implemented reasonable failover measures, and only where the cessation persists for more than 4 hours despite those measures. Partial outages, regional outages, and service degradations do not constitute a Force Majeure Event under this sub-clause. (b) Exclusions: The following are not Force Majeure Events: (i) general internet or telecommunications congestion, routine ISP outages, or connectivity issues affecting only the Business Owner's own systems; (ii) partial or regional degradation of a named infrastructure sub-processor; (iii) any event actually foreseen or foreseeable by OptiTech Automation at the time of contracting; (iv) general economic conditions, market fluctuations, or changes in the cost of providing the Service; (v) any failure caused by the affected party's own breach, negligence, or failure to maintain systems within its reasonable control. (c) Notification: The affected party must notify the other in writing within 2 hours of becoming aware that a Force Majeure Event is affecting or is likely to affect performance, identifying: the nature of the event; the obligations affected; the anticipated duration; and the mitigation steps being taken. (d) Mitigation: Where a Force Majeure Event affects OptiTech Automation's ability to deliver the Platform, OptiTech Automation must within 24 hours (or as soon as reasonably practicable): (i) implement any available failover or backup system; (ii) communicate a status update to affected Business Owners; and (iii) continue to use reasonable endeavours to restore service. (e) Duration and exit right: If a Force Majeure Event continues for more than 30 consecutive days, either party may terminate this Agreement without penalty by written notice. Where the Business Owner terminates under this sub-clause, OptiTech Automation will issue a pro-rated refund of any prepaid Subscription Fees for the period after the date of termination notice. (f) Suspension: Neither party is in breach to the extent a Force Majeure Event directly prevents performance, provided the obligations in sub-clauses (c) and (d) are met.
12.12 Continuity of service and insolvency: OptiTech Automation is operated by Cristian Moise-Putanu as a sole trader. In the event of Cristian Moise-Putanu's death, long-term incapacity, or the permanent cessation of the OptiTech Automation business, OptiTech Automation will use reasonable endeavours to: (a) give Business Owners a minimum of 30 days' written notice where advance notice is possible; (b) provide a full data export to all active Business Owners during that period; (c) cease collecting further Subscription Fees from the date of written notice or, if no advance notice is possible, issue pro-rated refunds for any prepaid period. These obligations are personal to Cristian Moise-Putanu and will, to the extent legally possible, bind any legal representative or successor in title of Cristian Moise-Putanu's business. Business Owners are advised to maintain their own backup export of their data at regular intervals using the Platform's data export function.
12.13 Transfer of undertakings (TUPE)
12.13 (a) Business Owner's TUPE obligations: The Transfer of Undertakings (Protection of Employment) Regulations 2006 (SI 2006/246) ("TUPE") may apply where the Business Owner transfers all or part of their trade business to a third party (whether by sale of the business, transfer of assets, change of legal entity, or change of service provider). Where TUPE applies, the Business Owner is solely responsible for complying with all obligations under TUPE 2006, including: the obligation to inform and consult employee representatives under Regulation 13; the obligation to transfer the employment contracts and associated liabilities of affected employees and workers; and the obligation to provide Employee Liability Information to the transferee under Regulation 11. OptiTech Automation has no TUPE obligations in respect of workers or employees engaged by the Business Owner. (b) Notice to OptiTech Automation: The Business Owner must notify OptiTech Automation in writing at least 30 days before the expected date of any relevant transfer of their trade business, identifying the nature of the transfer, the expected date, and whether platform account access is to be migrated to the transferee or terminated. On receipt, OptiTech Automation will use reasonable endeavours to facilitate either: (i) migration of the Business Owner's account to the transferee, subject to the transferee entering into a fresh Platform Subscription Agreement; or (ii) termination of the Business Owner's account and export of all platform data for onward transfer to the transferee. OptiTech Automation will not transfer account access to any third party without a signed Platform Subscription Agreement from the transferee. (c) OptiTech Automation's own position: OptiTech Automation is currently operated as a sole tradership with no employees. Any future sale or transfer of the OptiTech Automation business may engage TUPE obligations at that time. This Agreement does not create TUPE rights in favour of Business Owners, Workers, or Customers in the event of any future transfer of the OptiTech Automation business. (d) Indemnity: The Business Owner shall indemnify OptiTech Automation against any direct loss or cost (including reasonable legal fees) arising from the Business Owner's failure to comply with its TUPE obligations under sub-clause (a), subject to the scope limitations in Clause 10.6.
12.14 Assignment, novation, and change of control
12.14 Assignment and novation: (a) OptiTech Automation may assign, transfer, novate, charge, subcontract, or otherwise deal with any or all of its rights and obligations under this Agreement, including in connection with any reorganisation, incorporation of the business into a company, or any sale or transfer of all or part of the OptiTech Automation business or its assets, provided that the Business Owner's rights under this Agreement (including The Pledge and any founding-member rate lock) are not diminished as a result. Where OptiTech Automation novates this Agreement to a successor that agrees to be bound by it, the Business Owner consents in advance to that novation, and OptiTech Automation will give the Business Owner written notice of it. This ability to transfer the Agreement is important so that the OptiTech Automation business can continue, be incorporated, or be sold as a going concern without disrupting the Business Owner's service. (b) The Business Owner may not assign, transfer, novate, subcontract, charge, or otherwise deal with any of its rights or obligations under this Agreement, in whole or in part, without OptiTech Automation's prior written consent, such consent not to be unreasonably withheld or delayed (and, in the case of a genuine transfer of the Business Owner's trade business, to be dealt with together with the account-migration process in Clause 12.13(b)). (c) Any purported assignment or dealing in breach of this Clause is void. This Clause does not affect the parties' respective positions under Clause 12.13 (TUPE).
12.15 No partnership or agency: Nothing in this Agreement creates a partnership, joint venture, employment relationship, or relationship of principal and agent between the parties. Neither party has authority to bind the other or to incur obligations on the other's behalf, and neither party may hold itself out as having such authority. OptiTech Automation is an independent supplier of software and support; the Business Owner runs its own business in its own name and on its own account.
12.16 Publicity and use of name: Neither party may use the other's name, logo, or trade marks in any public statement, marketing, or promotional material without the other's prior written consent, except that: (a) either party may state the mere existence of the business relationship where reasonably required (for example to a professional adviser, insurer, investor, or acquirer in confidence); and (b) OptiTech Automation may name or feature a Business Owner in a case study, testimonial, or reference only with that Business Owner's prior consent, which the Business Owner may withdraw for future use at any time. Any consented use is subject to the other party's reasonable brand guidelines.
12.17 Payments and set-off: All sums payable by the Business Owner under this Agreement are to be paid in full without set-off, counterclaim, deduction, or withholding, except any deduction or withholding required by law. This does not prevent the Business Owner from pursuing any genuine claim it has by separate proceedings, and does not limit any set-off right the Business Owner has that cannot lawfully be excluded.
12.18 Feedback: If the Business Owner chooses to give OptiTech Automation feedback, suggestions, or ideas about the Platform or Service, OptiTech Automation may use them freely to operate and improve the Platform and Service without restriction and without any obligation to the Business Owner, and the Business Owner grants OptiTech Automation a perpetual, irrevocable, royalty-free licence to do so. This Clause does not give OptiTech Automation any right in the Business Owner's own data, confidential information, or intellectual property, which continue to be governed by Clauses 8 and 9.
12.19 Trade controls and sanctions: Each party will comply with all applicable export-control, trade-sanctions, and anti-money-laundering laws that apply to it. The Business Owner warrants that it is not, and is not owned or controlled by, a person subject to UK sanctions, that it will not use the Platform in breach of such laws, and that it will not make the Platform or Service available to any person where doing so would breach them. OptiTech Automation may suspend or terminate access (Clauses 11.2A and 11.2) to the extent necessary to comply with such laws.
12.20 Further assurance: Each party will, at the other's reasonable request and cost, do or procure the doing of all such acts, and execute or procure the execution of all such documents, as may be reasonably necessary to give full effect to this Agreement (for example, steps reasonably required to give effect to a permitted assignment or novation under Clause 12.14, or to a data export or deletion under Clause 11).
Schedule 1 — Data Processing Agreement
This Schedule is a full Article 28 UK GDPR compliant data processing agreement. It governs how OptiTech Automation processes personal data on your behalf. Both parties are legally bound by its terms.
This Data Processing Schedule ("Schedule") forms part of the Agreement between OptiTech Automation ("Processor") and the Business Owner ("Controller"). It constitutes the written data processing agreement required by UK GDPR Article 28 and the Data Protection Act 2018.
Roles and scope
Scope: The Controller is the Data Controller in respect of personal data relating to the Controller's Customers and Workers processed via the Platform. The Processor processes such data solely on behalf of, and on the documented instructions of, the Controller. The Processor is an independent Data Controller in respect of its own operational Platform data, governed by its Privacy Policy.
Subject matter, nature, purpose, and duration
Subject matter and purpose: Provision of the OptiTech Automation online booking management, worker scheduling and dispatch, deposit capture, job tracking, Xero draft invoice creation, and worker mobile application services, for the duration of the Subscription.
Types of personal data and categories of data subjects
Types of personal data processed: Customer data (first name, last name, postal address, email, telephone, booking details, appointment date and time, payment status and reference, job history). Worker data (name, contact details, employment status, skills and certifications recorded by the Business Owner, schedule, real-time and historical GPS location during active jobs via Mapbox, job completion records, timestamps, and any photographs or notes uploaded via the worker application).
Processing instructions (UK GDPR Art. 28(3)(a))
Processing instructions (Art. 28(3)(a)): The Processor shall process personal data only on the documented instructions of the Controller. The Processor will notify the Controller immediately if it believes any instruction infringes UK GDPR or DPA 2018.
Technical and organisational security measures (Art. 28(3)(c))
Security measures (Art. 28(3)(c)): The Processor implements and maintains: encryption at rest (AES-256 equivalent) and in transit (TLS 1.2 minimum); row-level security and tenant isolation in the Supabase database; encrypted local storage for cached data on Worker devices; access controls and least-privilege principles; regular testing and evaluation of security measures; nightly backups with 30-day rolling restore. GPS location data is subject to a platform-enforced maximum retention of 90 days per location record from the date of the associated job, as a technical platform control that cannot be extended by Controller configuration. The Processor maintains a Data Protection Impact Assessment covering the real-time GPS location tracking feature, which is available in summary form on written request by the Controller.
Sub-processors (Art. 28(2) and 28(3)(d))
Sub-processors (Art. 28(2)): The Controller grants general written authorisation for the sub-processors listed in Clause 7.4. OptiTech Automation will give 30 days' written notice before engaging any new sub-processor. The Business Owner may object within 14 days on legitimate data protection grounds.
AI sub-processors: OptiTech Automation engages Anthropic PBC and Groq, Inc. (both United States; transfers under the UK Extension to the EU-US Data Privacy Framework where certified, otherwise the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses) to provide AI inference for features within the platform application and on the marketing website. The categories of data sent to these providers depend on the feature in use and may include: lead and prospect contact details (name, email, business name); the content of inbound emails being triaged (sender details, subject, and body); and the free text a website visitor types into the website assistant ("Sarah"). Only the data necessary to perform the requested feature is sent, and neither provider trains its models on data submitted through its API. This description replaces any earlier statement that AI prompts contain "job metadata only". The Controller grants specific authorisation for these sub-processors under Art. 28(2).
Data subject rights assistance (Art. 28(3)(e))
Data subject rights (Art. 28(3)(e)): On receipt of a data subject rights request directed to the Processor in relation to Controller personal data, OptiTech Automation will notify the Controller within 5 business days and provide data extracts, deletion confirmations, or other assistance needed for the Controller to respond within the statutory one-month period.
Personal data breach notification
Personal data breach notification: The Processor will notify the Controller without undue delay after becoming aware of a personal data breach affecting Controller personal data — the Processor aims to do so within 24 hours — with such details of the categories affected, likely consequences, and measures taken or proposed as are available, followed by further information as it becomes known. This meets the Processor's obligation under UK GDPR Art. 28(3)(f). The Controller is responsible for its own ICO and data-subject notification obligations under UK GDPR Art. 33 and 34.
Deletion and return on termination (Art. 28(3)(g))
Deletion and return on termination (Art. 28(3)(g)): On termination, OptiTech Automation will at the Controller's election: (a) provide a full data export in CSV/PDF within 5 working days; or (b) securely delete all personal data within 30 calendar days. Written confirmation of deletion will be provided. Data may be retained beyond 30 days only where required by law.
Audit and inspection rights (Art. 28(3)(h))
Audit rights (Art. 28(3)(h)): On 30 days' written notice, OptiTech Automation will allow audits by the Controller or an independent auditor, during business hours, at the Controller's cost, no more than once per year absent specific grounds. OptiTech Automation may satisfy audit obligations by providing up-to-date third-party security certifications (e.g. SOC 2 Type II or ISO 27001) where available from infrastructure sub-processors.
International data transfers (UK GDPR Art. 44-49)
International transfers (Art. 44-49): Personal data is transferred to US sub-processors only where a lawful mechanism is in place (UK DPF Extension where the sub-processor is certified, or IDTA as fallback). Supabase (EU Frankfurt) transfers are covered by the UK-EU adequacy decision. OptiTech Automation monitors sub-processor certification status annually.
Questions about these terms: legal@optitechautomation.co.uk or hello@optitechautomation.co.uk.