This is a copy of the Terms & Conditions for the Portal system as they apply to Nightlines and Nightline Volunteers. These terms were last updated in April 2025 and apply to all users of the Portal system which is maintained and provided for Nightlines by Three Rings CIC.

1.      Definitions

“Agreement” shall refer to these Terms and Conditions, which shall form a legal contract.

“The Company” and “Three Rings CIC” shall refer to Three Rings CIC, Company 06820837 registered in England and Wales.

“The Organisation” shall refer to the company, organisation, or geographical or functional subdivision thereof, with whom Three Rings CIC makes this Agreement.

“The System” shall refer to the Portalsoftware system provided by Three Rings CIC for use by the Organisation, including any Public-facing elements. 

“The Services” shall refer to access to the System and any supplementary services which may be offered by the Company, including but not limited to technical support.

“The User” and “Users” shall refer to the Organisation’s individual staff members (including paid staff and volunteers) who use the System and/or Services.

“The Public” shall refer to individuals other than Users with whom the Organisation comes into contact in the course of their ordinary activities, including such persons who use functions of the System to contact and communicate with the Organisation and/or Users.

“Data Controller”, “Data Processor”, and “Data Subject” shall take the same meanings as defined under the General Data Protection Regulations 2016 and the Data Protection Act 2018.

2.      Application

2.1. Unless otherwise expressly agreed by the Company in writing, this Agreement constitutes the entire Agreement between the Company and the Organisation and shall apply in place of, and prevail over:

1. any other terms or conditions contained, or referred to, in correspondence or other documents; or
2. any terms or conditions implied by trade custom and practice; or
3. any other purported provisions or oral representations.

3.      Provision and Use

3.1. The Company agrees to provide the Organisation with service operational management software by its provision of the Services, subject to this Agreement. By its acceptance of this Agreement, the Organisation warrants that it is satisfied that the Services provided meet its needs.

3.2. The Organisation agrees that the System and the Services shall be used in accordance with provisions of this Agreement, and that Users shall be required to do the same.

3.3. By logging in to the System, the User agrees to be bound by these Terms and Conditions of Use and agrees to use the System and the Services in accordance with this Agreement.

3.4. Users must be at least 18 years of age. If the Organisation is not based wholly and exclusively within the United Kingdom, Users must also be of the age of majority in the Organisation’s country or countries of operation, if higher.

3.5. The Organisation must not sub-license, sell, or otherwise transfer use of the Services to a third-party company, organisation, or geographical or functional subdivision thereof.

3.6. The User must not transfer their account to a third party or knowingly permit a third party to use their account. The User accepts responsibility for any and all actions undertaken using their account.

3.7. Users must not use the System to store, share, distribute, facilitate, promote, link to, or otherwise encourage the use of or engagement with, materials related to:

1. terrorism;
2. child sexual exploitation and/or abuse including grooming and image-based child sexual abuse material or URLs to such material;
3. hate;
4. harassment, stalking, threats, or abuse;
5. controlling or coercive behaviour;
6. intimate image abuse;
7. pornography;
8. sexual exploitation of adults;
9. human trafficking;
10. unlawful immigration;
11. fraud or financial offences;
12. proceeds of crime;
13. the possession, use, or supply of drugs or psychoactive substances;
14. the possession, use, or supply of firearms or other weapons;
15. encouraging or assisting suicide;
16. foreign interference; or
17. animal cruelty.

3.8. For the avoidance of doubt, the provisions of section 3.7 do not prohibit the logging and recording of the existence of such offences or material having been disclosed to the User by the Public in the course of the ordinary use of the System and/or whilst undertaking the ordinary legitimate activities of the Organisation.

3.9. The Organisation and Users agree to comply with any guidance that may from time to time be issued by the Company relating to the use of the Services.

4.      Data Protection Legislation and Compliance

4.1. The Organisation warrants that any and all data stored and/or processed via the System has been obtained and is kept in accordance with all relevant laws, including but not limited to the General Data Protection Regulations 2016 (GDPR), the Data Protection Act 2018 (DPA 2018), and any subsequent legislation in the United Kingdom; and additionally, where the Organisation is not based wholly and exclusively within the United Kingdom, any other data protection legislation which applies in the Organisation’s own country or countries of operation.

4.2. Should the Organisation fail to ensure that the data is stored in accordance with the GDPR and/or the DPA 2018, and the Company become thus aware, the Company in their capacity as Data Processor shall notify the Organisation of the non-compliance.

4.3. If after notification under Section 4.2 the Organisation fails to rectify the noncompliance within seven days, the Company may take any necessary action on behalf of the Organisation to ensure GDPR compliance. In such an event, the Company shall endeavour to keep any such action to the minimum necessary, and shall inform the Organisation at the earliest opportunity of the action taken and the reasons therefore.

4.4. For the avoidance of doubt, for the purposes of data protection legislation and compliance, the Organisation is the Data Controller and the Company is the Data Processor for all information stored in or processed using the System, except for technical information including but not limited to system logs involving Users for which the Company is the Data Controller and the User is the Data Subject.

4.5. The Company shall store and process all data within the United Kingdom and/or the European Economic Area.

4.6. In the event of a substantial change to the data protection legislation in the United Kingdom, the Company shall notify the Organisation of such a change. The Organisation shall be responsible for ensuring its continued compliance with any and all applicable data protection legislation in the United Kingdom; and additionally, where the Organisation is not based wholly and exclusively within the United Kingdom, any other data protection legislation which applies in the Organisation’s own country or countries of operation.

5.      Data Processing

5.1. The Organisation may determine at any time the data to be stored on the System and the duration for which it is to be thus stored, including the type(s) of personal data and the categories of data subject, provided such data storage is compatible with the provisions of Section 4.

5.2. If the Organisation should choose to store any data described as “special categories of data” under the law as defined in Section 4, the Organisation warrants that the data subjects are aware that the data may be transferred to a third country as described in Section 4.5.

5.3. The Organisation may determine at any time, through the use of the System, the nature of the processing. This shall be recorded by the System in the logs and shall form a written record of the processing requested by the Organisation. The Organisation warrants that any processing conducted through the System is permissible in law and undertaken in line with the Organisation’s own Privacy Policy.

5.4. The Company shall only process data in accordance with the written request of the Organisation. Such written requests shall include that as described in Section 5.3, as stated elsewhere in this Agreement, or in any other written communications in any form between the Company and the Organisation.

5.5. The Company warrants that technical and organisational measures are in place to ensure the security of the data stored within the System, and further warrants that the security of the System conforms to the principles of “security by design” and “privacy by design”, as described on the Company’s website. The Organisation warrants that after assessment of the requirements of the applicable data protection law, said security measures are adequate and appropriate to protect the personal data being processed.

5.6. The Company shall inform the Organisation at the earliest opportunity should the Company become aware of an actual, suspected, or potential data breach on the part of the Company that affects the Organisation’s data, and the Organisation shall inform the Company at the earliest opportunity should the Organisation become aware of anything that may pose a threat to the security of the System or the data stored therein.

5.7. The Company shall assist the Organisation to meet any legal obligations with regard to the processing of data, should the Organisation so request it.

5.8. The Company shall submit to any audits and/or inspections as appropriate to the role of Data Processor, should the Organisation so request it.

5.9. The Company shall not respond to a data subject request by supplying, amending, or erasing any personal data for which it is not the Data Controller, except where the Company is obligated to do so in accordance with data protection legislation as defined in Article 4.1.

6.      User Data

6.1. The Company holds Users’ identity and communication information on the basis of legitimate interests, for the purposes of maintaining Users’ accounts with their respective Organisation(s), to link Users’ accounts to their accounts with other Three Rings CIC products, and to enable the Company to contact Users regarding their accounts.

6.2. Where Three Rings CIC is the Data Controller, the Company may engage data processors to process User data.

6.3. The Company’s use of User data is governed by the Three Rings CIC Privacy Policy and shall at all times be in accordance with the GDPR and DPA 2018.

6.4. The Company shall not share any User data for which Three Rings CIC is the Data Controller with any third parties other than with the User’s permission, and/or where otherwise stated in these Terms and Conditions and/or the Three Rings CIC Privacy Policy, and/or where required by law.

6.5. The Company shall not share any data for which Three Rings CIC is the Data Processor but not the Data Controller with any third parties other than with the permission of or at the request of the Organisation, and/or where otherwise stated in these Terms and Conditions and/or the Three Rings CIC Privacy Policy, and/or where required by law.

7.      Sub-Processing

7.1. The Organisation agrees that the Company may engage a sub-processor at the Company’s sole discretion. The Company shall provide on request a list of any and all sub-processors and the functions or purposes for which they have been engaged.

7.2. Any use of a sub-processor by the Company shall be under a written contract, which shall provide at least the same level of protection for the personal data and the rights of the data subjects as in this Agreement.

7.3. Should the Organisation so request it, the Company shall, upon receipt of such a request, provide a copy of the contractual agreement between the Company and any sub-processor, unless the contract contains any commercial information, in which case any such commercial information shall be redacted before the provision of the contract.

8. Billing and Invoices

8.1. The Company may issue an invoice to the Organisation for provision of the Services which shall be issued in advance to cover a period specified therein and of no less than one calendar month, in accordance with the billing rates in effect at the time of issue of the invoice, unless otherwise explicitly agreed by the Company in writing.

8.2. Any increase in the applicable billing rates compared to the most-recently issued invoice shall be communicated to the Organisation by the Company no less than one calendar month prior to the issue of the invoice.

8.3. If payment is delayed beyond thirty days from the date of issue of the invoice, the Company shall have the right to levy an administrative fee of £30 and/or suspend the provision of the Services until the payment is made and cleared through the banking system.

9. Intellectual Property and Copyright

9.1. The copyright, patent and other intellectual property rights (the ‘IPR’) of the System, whether registered or otherwise, shall remain the property of the Company or (where applicable) of the third party who originally supplied them.

9.2. Any data which the Organisation or a User places into the System shall remain the property of the Organisation or the individual to whom it applies, in accordance with current data protection legislation. Any data generated by the Organisation or a User over the course of their ordinary use of the System shall remain the property of the Organisation, subject to the provisions of Section 9.3.

9.3. The Company reserves the right to use anonymous, aggregated, statistical data generated by the Organisation’s use of the System insofar as the use of such data is permitted by the General Data Protection Regulations 2016, the Data Protection Act 2018, and any subsequent legislation.

9.4. The provisions of this section shall remain in force indefinitely after the termination of the other provisions of this Agreement.

10. Updates and Fault Rectification

10.1. The Company shall, at its sole discretion, update the software as and when it is deemed necessary.

10.2. The Company shall give the Organisation and Users at least 14 days’ notice of any substantial changes to the Services provided. Such notice may be made through an announcement on the Company’s website, through a notification placed on the System, or through any other method the Company deems suitable and appropriate.

10.3. The Company shall use all reasonable endeavours to correct any faults that the Organisation reports in the operation of the Services.

11.      Liability for Loss or Damage

11.1. The Company shall use all reasonable care in the provision of the Services.

11.2. The Company shall not be liable to the Organisation for any loss of profits or goodwill or for any type of special, indirect, incidental or consequential loss (including, but not limited to, loss or damage suffered by the Organisation as a result of an action brought by a third party) even if such loss were reasonably foreseeable or the Company had been advised of the possibility of the Organisation incurring such loss.

11.3. Save as expressly provided herein, all other terms and conditions, warranties or representations, whether expressed or implied (by statute or otherwise), relating to the Services and their supply or imposing liability on the Company, are hereby excluded, save that which is by law incapable of exclusion.

11.4. Subject to the limit set out in 11.5 below, the Company shall accept liability in respect of damage to the tangible property of the Organisation resulting directly from the negligence of the Company or its employees (including paid or voluntary) or subcontractors.

11.5. Except in relation to liability that is by law incapable of exclusion, the Company’s liability hereunder or otherwise arising from the provision of the Services shall not exceed the full value of the annual charges due from the Organisation under this Agreement.

12. Confidentiality

12.1. The Company, the Organisation, and all Users agree not to publish or reveal to any third party any confidential information relating to the System, the Company, or the Organisation, including but not limited to their operations and data, except with prior consent in writing of the affected party.

12.2. The provisions of 12.1 shall not apply to information that is, or becomes, public knowledge otherwise than through the default of the party concerned, or is already in the receiving party’s possession, or is legally acquired from a third party, or is required by law to be disclosed.

12.3. The Company shall notify the Organisation of any legally binding request for disclosure of personal data by a law enforcement agency, unless otherwise prohibited such as by a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation or any other such legally binding prohibition.

12.4. The Company and the Organisation shall take appropriate measures to ensure that their staff (including paid staff and volunteers) and sub-contractors are bound by the provisions of this clause.

12.5. The provisions of Section 12 shall remain in force for five years after the termination of the other provisions of this Agreement.

13.      Indemnification

13.1. The Organisation shall indemnify the Company against any action by a third party arising from the Organisation’s use of the Services.

13.2. The Company shall indemnify the Organisation against any action by a third party for breach of copyright, patent rights, or other intellectual property right arising from its use of the Services, provided such use does not violate any provisions of this Agreement.

14.   Termination

14.1. The Company or the Organisation may terminate the Agreement forthwith by written notice to the other party if:

1. the other party shall be in substantial breach (including, but not limited to, late payment) of any of its obligations under this Agreement and shall not have remedied the breach within four weeks of receiving written notice of the breach; or
2. the other party shall become bankrupt or have a receiver appointed otherwise than for the purpose of an amalgamation or reconstruction in which the emergent company assumes all the obligations of the party in liquidation or receivership; or
3. the Organisation’s account has been dormant for a period of two years or more.

14.2. Either party may terminate the Agreement by giving 28 days’ written notice of termination. The Organisation thereby becomes liable to pay for any and all outstanding charges incurred up to and including that date. 

14.3. Upon termination of the Agreement the Company shall delete, return, or otherwise transfer any data stored on the System, according to the request of the Organisation. Should the Organisation not specify the Action the Company should take with regard to the data, the Company shall continue to store the data for not less than one month and not more than three months from the effective date of the termination of the agreement to allow time for the Organisation to communicate such a decision, after which time the data shall be destroyed. 

15.   Obligations and Liability

15.1. Neither the Company nor the Organisation shall be liable for any delay in meeting, or failure to meet, any of its obligations due to any cause outside its reasonable control, including (without limitation) Acts of God, war, riot, terrorism, pandemic disease, malicious damage, fire, acts of any government or public body, failure of the public electricity supply, failure or delay on the part of any sub-contractors beyond its reasonable control, or the unavailability of materials.

15.2. If the Company is prevented from meeting its obligations by virtue of a cause covered by this section, it shall notify the Organisation of the circumstances as soon as is reasonably possible and the Organisation shall grant a reasonable extension for the performance of the Agreement.

16.   Amendments

16.1. The Company reserves the right to amend this Agreement at any time upon provision of 28 days’ notice, which may be made in writing or electronically.

16.2. If the Organisation does not wish to accept the new Agreement, then it may terminate this Agreement by giving 28 days’ notice, during which time the original Agreement shall remain in place.

16.3. If the Organisation continues to use the Services after 28 days without having notified the Company that it wishes to terminate the Agreement, it will be deemed as the Organisation having accepted the new Agreement.

17.   Provision of Notice

17.1. Any formal notice, consent or communication required to be given or served under this Agreement to the Company shall be given or served by sending it by first class mail to the registered office of the Company or by e-mail to the e-mail address provided by the Company for such purposes.

17.2. Any formal notice, consent or communication required to be given or served under this Agreement to the Organisation shall be given or served by sending it by first class mail to the last known address provided by the Organisation to the Company or by e-mail to the e-mail address(es) specified by the Organisation.

18.   Jurisdiction

18.1. The construction, validity and performance of this Agreement shall be governed by the laws of England and Wales and the parties hereby submit exclusively to the jurisdiction of the courts of England and Wales.

---

Three Rings CIC is registered as a Community Interest Company in England and Wales, No. 06820837

Contact: portal@threerings.org.uk
Web: www.threerings.org.uk
Post: Three Rings CIC, The Green, Eynsham Road, Sutton, Witney, OX29 5RZ, United Kingdom