IMPORTANT: BUSINESS USE ONLY
The RAMSGen Service is made available only for use in the course of business (including by sole traders). It is not intended for consumer use.
These Terms are a legally binding agreement between:
- RAMSGen Ltd, a company incorporated in England and Wales (company number 16458298) with registered office at 4th Floor, 14 Museum Place, City Centre, Cardiff, CF10 3BH ("RAMSGen", "we", "us", "our"); and
- The business customer accepting these Terms ("Customer", "you", "your").
If you accept these Terms on behalf of a company or other entity, you confirm you have authority to bind that entity.
1. About These Terms; Contract Formation; Order of Precedence
1.1 Contract formation
A contract is formed when you (a) click "I agree" (or similar), (b) sign or accept an order form, quotation, subscription order or similar ("Order Form"), (c) create an account/workspace, or (d) otherwise access or use the Service (whichever occurs first).
1.2 Order Forms
If RAMSGen and the Customer enter into an Order Form, it forms part of the contract and sets out commercial details (such as plan, term, included credits, Fees, and any user limits).
1.3 Order of precedence
If there is any conflict between documents, the following order of precedence applies (highest first):
- the Order Form (if any);
- the Data Processing Addendum in Schedule 5 ("DPA");
- these Terms;
- any schedules/policies referenced in these Terms;
- Documentation.
1.4 Purchase orders do not apply
Any purchase order or similar document issued by the Customer is for administrative convenience only and does not form part of the contract. Any additional or different terms are rejected and will not apply.
2. Definitions
| Term | Definition |
|---|---|
| Admin User | An Authorised User designated to manage the Workspace including invitations, permissions, billing, and plan settings. |
| Authorised Users | Individuals authorised by the Customer to access the Service under the Customer's Subscription, using unique credentials. |
| Business Day | Any day that is not a Saturday, Sunday, or public holiday in England and Wales. |
| Confidential Information | Has the meaning in Section 14. |
| Customer Data | All data and content submitted to the Service by or on behalf of the Customer or its Authorised Users (including project/task details, hazard/risk assessment inputs, and uploaded materials), excluding Feedback. |
| Data Protection Legislation | All applicable data protection and privacy laws, including (where applicable) the UK GDPR and the Data Protection Act 2018. |
| Documentation | User guides, help pages, and other documentation made available by RAMSGen describing the Service. |
| Effective Date | The date the contract is formed under Section 1.1. |
| Fees | All fees payable for the Subscription (including any licence/platform access component), Generation Credits, Top-Ups, and any other charges set out at checkout, in-app, on our pricing page, or in an Order Form. |
| Feedback | Any feedback, suggestions, or ideas you provide about the Service. |
| Generated Document / Output | Any draft or finalised RAMS, risk assessment, method statement, or other health and safety documentation generated by the Service using Customer Data. |
| Generation | Each time you instruct the Service to generate or re-generate Output. |
| Generation Credits | Credits that permit Generations, allocated under a plan or purchased as Top-Ups. |
| Published RAMS | Output that you mark as "published", "final", "approved", or equivalent within the Service, and/or that is made available by the Service for final PDF export (as distinct from drafts). |
| Service | The RAMSGen software-as-a-service platform and related services, including app.ramsgen.com and www.ramsgen.com, and any updates, features, and Documentation. |
| Subscription | The Customer's right to access and use the Service under a selected plan during a Subscription Term. |
| Subscription Term | The initial subscription term and any renewal term(s), as described in Section 11 or an Order Form. |
| Third-Party Services | Third-party products, services, software, sites, or content that interoperate with or are linked from the Service, including third-party AI services. |
| Top-Up | Additional Generation Credits purchased by the Customer. |
| Workspace | The Customer's organisation/account within the Service under which Authorised Users access the Service and Customer Data is stored. |
3. Eligibility; Business Use
3.1 Business use only
The Service is provided solely for business use. By accepting these Terms, you confirm you are acting in the course of business (including as a sole trader).
3.2 Authority
If you accept these Terms on behalf of an entity, you represent and warrant you have authority to bind that entity.
3.3 Age and capacity
Authorised Users must be at least 18 years old and have legal capacity (or be authorised by the Customer).
4. Workspaces; Authorised Users; Account Security
4.1 Workspace
The Subscription is granted to the Customer and used via the Customer's Workspace.
4.2 Authorised Users; no shared logins
(a) The Customer may permit Authorised Users to access the Service up to any user limits or plan restrictions.
(b) Each Authorised User must use unique credentials. Shared accounts are prohibited.
(c) The Customer is responsible for its Authorised Users' compliance with these Terms and for all activity within the Workspace.
4.3 Admin Users
The Customer must maintain at least one Admin User and is responsible for actions taken by Admin Users.
4.4 Security obligations
The Customer must keep credentials secure, notify us promptly of suspected unauthorised access, and maintain appropriate access controls for its own systems and devices.
5. Licence Grant; Permitted Use; Restrictions
5.1 Licence to use the Service
Subject to payment of Fees and compliance with these Terms, RAMSGen grants the Customer a limited, non-exclusive, non-transferable, non-sublicensable licence during the Subscription Term to access and use the Service for the Customer's internal business purposes.
5.2 Permitted use of Output (Generated Documents)
The Customer may download, store, print, modify, and share Output (including Published RAMS) with its clients, principal contractors, subcontractors, site managers, competent persons, insurers, and regulators where reasonably necessary for project delivery, tendering, and compliance.
5.3 Restrictions
Except as expressly permitted by these Terms, the Customer must not (and must not allow anyone to):
(a) sell, resell, rent, lease, sublicense, or commercialise the Service;
(b) provide the Service to third parties as a service bureau / managed service;
(c) reverse engineer, decompile, disassemble, or attempt to discover source code or underlying algorithms (except to the extent such restriction is prohibited by law);
(d) access the Service to build or support a competing product or service;
(e) circumvent credit limits or technical restrictions;
(f) use automated means (bots, scrapers) to access the Service without our written consent;
(g) introduce malware or attempt unauthorised access; or
(h) use the Service in violation of applicable law or third-party rights.
6. Generation Credits (Usage-Based)
6.1 Plans and included credits
Your plan determines the features enabled and the included Generation Credits. Plan details may be stated at checkout, in-app, on our pricing page, and/or in an Order Form.
6.2 What counts as a Generation
Unless stated otherwise in your plan description or Order Form:
(a) each time you generate Output, one (1) Generation Credit is consumed; and
(b) any re-generation (e.g., "regenerate", "try again") consumes one (1) Generation Credit.
6.3 Monthly subscriptions (credit renewal)
For monthly-billed subscriptions, included Generation Credits renew at the end of each monthly billing period. Unused included credits do not roll over and expire at the end of the billing period.
6.4 Annual subscriptions (credit expiry at end of contract)
For annual (or other non-monthly) contracts, included Generation Credits may be allocated upfront or periodically during the Subscription Term (as described in your plan/Order Form). In all cases, unused included Generation Credits expire at the end of the Subscription Term and do not carry over to any renewal term unless expressly stated in an Order Form.
6.5 Top-Ups
(a) You may purchase Top-Ups at the then-current price.
(b) Unless stated otherwise at purchase or in an Order Form, Top-Up credits expire at the end of the current Subscription Term.
(c) Top-Up Fees are non-refundable except as required by law.
6.6 Usage records; disputes
RAMSGen's usage records will be treated as accurate unless you notify us of an error within 30 days of the relevant record/charge. If we confirm an error, we will correct the records and, where appropriate, reinstate credits or apply an account credit.
6.7 Abuse prevention
We may throttle or restrict Generations if we reasonably believe there is abusive, automated, fraudulent, or abnormal usage that threatens the Service, other customers, or our systems.
7. Service; Changes; Beta Features
7.1 Service evolution
We may add, modify, or remove features, and suspend or discontinue parts of the Service. Where reasonably practicable, we will provide notice of material changes that significantly reduce core functionality of the plan you have purchased.
7.2 Beta features
Beta/preview features are provided "as is", may not work correctly, and may be withdrawn at any time.
7.3 System requirements
The Customer is responsible for ensuring it has suitable devices, software, and internet connectivity.
8. Acceptable Use; Customer Responsibilities
8.1 Customer responsibilities
The Customer is responsible for:
(a) the accuracy, legality, and completeness of Customer Data;
(b) ensuring Authorised Users are competent and appropriately trained; and
(c) ensuring all Output is reviewed, validated, and adapted for site-specific use before reliance.
8.2 The Service is not intended for special category data
The Service is not designed for, and you should not input, special category personal data or criminal offence data (as defined in Data Protection Legislation). If exceptional processing is required, it must be agreed in writing in advance and may require additional safeguards and/or an updated DPA.
8.3 Prohibited content and behaviour
The Customer must not use the Service to:
(a) create documentation known to be false or misleading;
(b) infringe third-party rights;
(c) upload unlawful, harmful, abusive, or defamatory content; or
(d) compromise security or integrity of the Service.
9. Output; Professional Responsibility; AI Features
9.1 Draft documentation only; competent review required
(a) The Service is a software tool intended to assist in producing draft documentation.
(b) Output may be inaccurate, incomplete, unsuitable, or out of date.
(c) The Customer must ensure a competent person reviews, validates, customises, and approves all Output before use or reliance.
(d) The Customer remains solely responsible for health and safety compliance and for the content and use of Generated Documents.
9.2 AI Features and Third-Party Services (OpenRouter)
(a) Certain features may use Third-Party Services (including AI services) to generate Output ("AI Features").
(b) Where AI Features are used, Customer Data may be transmitted to OpenRouter and (via OpenRouter) to underlying model providers for the purpose of generating Output.
(c) RAMSGen configures OpenRouter with its "zero retention" (or equivalent) setting where available. However, Third-Party Services remain outside RAMSGen's direct control; their processing is governed by the DPA, our subprocessor arrangements, and applicable third-party terms.
9.3 No training by RAMSGen
RAMSGen does not use Customer Data to train RAMSGen-owned general-purpose AI models.
10. Fees; Billing; Auto-Renewal; Taxes; Late Payment
10.1 Fees and payment
You must pay all Fees associated with your Subscription and any Top-Ups.
10.2 Payment processing
We use third-party payment processors (including Stripe). Payment processing is subject to the payment processor's terms and policies in addition to these Terms.
10.3 Auto-renewal
Unless you cancel before renewal, your Subscription will automatically renew for successive periods equal to the prior Subscription Term (or as described at checkout or in an Order Form).
10.4 Taxes and VAT
Fees are exclusive of VAT unless stated otherwise. VAT and other applicable taxes will be added where required by law.
10.5 Failed payments
If a payment fails, we may retry your payment method and/or suspend access until payment is resolved.
10.6 Late payment (invoiced customers)
If we invoice you and you pay late, we may charge statutory interest, fixed compensation, and reasonable recovery costs as permitted under the Late Payment of Commercial Debts (Interest) Act 1998.
10.7 Price changes
We may change Fees. For subscriptions, fee changes apply from the next renewal date. We will use reasonable efforts to provide at least 30 days' notice of material fee increases.
11. Suspension
11.1 Suspension events
We may suspend access (in whole or part) if:
(a) Fees are overdue (following notice and a reasonable opportunity to pay);
(b) we reasonably believe the account is compromised or poses a security risk;
(c) the Customer breaches Sections 5 or 8 in a way that threatens the Service or others; or
(d) we are required to do so to comply with law or a regulator/court order.
11.2 Reinstatement
Where reasonably practicable, we will restore access promptly once the issue is resolved.
12. Term; Cancellation; Termination
12.1 Subscription Term
These Terms commence on the Effective Date and continue until terminated in accordance with these Terms. Subscription access continues for the Subscription Term.
12.2 Cancellation (non-renewal)
You may cancel renewal through account settings (if available) or by contacting support. Cancellation takes effect at the end of the current Subscription Term. Fees are non-refundable except as required by law or expressly stated in an Order Form.
12.3 Termination for cause
Either party may terminate these Terms immediately by written notice if the other party:
(a) commits a material breach that is not capable of remedy; or
(b) commits a material breach capable of remedy and fails to remedy it within 14 days after written notice requiring remedy.
12.4 Termination for non-payment
We may terminate if Fees are overdue and remain unpaid 14 days after notice.
12.5 Effect of termination
On termination/expiry:
(a) the Customer's right to access and use the Service ends (subject to any export window in Section 13); and
(b) all outstanding Fees become immediately due.
13. Data Export; Retention; Deletion
13.1 Export during the Subscription Term
During the Subscription Term, you may export Published RAMS as PDFs via the Service (as available). The Service does not guarantee export of underlying draft data, prompt history, or non-published drafts.
13.2 Post-termination export window
Following termination/expiry, we will make Published RAMS PDF exports available for download as a single zip bulk download for 30 days, unless:
(a) we are legally prohibited from doing so; or
(b) access was terminated due to unlawful use, security abuse, or fraud where continued access would pose material risk.
13.3 Deletion of personal data (30 days)
Subject to Section 13.4 and the DPA, we will delete (or anonymise) personal data within Customer Data within 30 days after termination/expiry, except to the extent:
(a) retention is required by law; or
(b) personal data is contained within Published RAMS retained under Section 13.4; or
(c) data remains in backups and is deleted in accordance with our backup cycles.
13.3A Backups
Customer Data may be retained in backups and deleted in accordance with our backup cycles, typically within 90 days.
13.4 Retention of Published RAMS (6 years)
We may retain Published RAMS (and associated metadata) for 6 years after termination/expiry for legitimate business purposes such as compliance, audit trails, record-keeping, and establishing, exercising, or defending legal claims. Published RAMS may contain personal data; where they do, that personal data will be retained for the same period.
13.5 No obligation after the export window
RAMSGen has no obligation to retain, provide, or make available any Customer Data, Published RAMS, or other exports after the 30-day export window has expired. The Customer acknowledges that it is solely responsible for downloading and retaining copies of its data during the export window. We may, at our sole discretion, provide copies upon written request (subject to identity/authority checks and a reasonable administration fee), but we are under no obligation to do so.
14. Confidentiality
14.1 Confidential Information
"Confidential Information" means any non-public information disclosed by or on behalf of a party that is identified as confidential or ought reasonably to be understood as confidential, including the Service's non-public features, pricing (including discounts), security measures, and Customer Data.
14.2 Obligations
The receiving party must keep Confidential Information confidential, use it only to perform obligations/exercise rights under the contract, and restrict access to those who need to know and are bound by confidentiality obligations.
14.3 Compelled disclosure
The receiving party may disclose Confidential Information to the extent required by law or competent authority, provided it gives prior notice where lawful and cooperates to limit scope.
14.4 Duration
Confidentiality obligations apply during the Subscription Term and for 3 years after termination, except trade secrets which remain protected while they remain trade secrets.
15. Data Protection
15.1 DPA incorporated
The DPA in Schedule 5 forms part of these Terms.
15.2 Privacy policy/notice
RAMSGen's privacy policy/notice (as published on our website) describes how we handle personal data where RAMSGen acts as a controller (for example, account administration and marketing). Where RAMSGen processes personal data on behalf of the Customer, the DPA applies.
16. Intellectual Property; Customer Data; Output Rights
16.1 RAMSGen IP
RAMSGen (and its licensors) own all Intellectual Property Rights in the Service, Documentation, templates, software, and all improvements and derivatives. No rights are granted except as expressly stated.
16.2 Customer Data
The Customer owns (or controls) all rights in Customer Data. The Customer grants RAMSGen a limited licence to process Customer Data solely to provide, maintain, support, and secure the Service and comply with legal obligations (and as otherwise set out in the DPA).
16.3 Output
As between the parties, the Customer owns the Output it generates, subject to RAMSGen's underlying rights in the Service and templates. To the extent RAMSGen template elements are embedded in Output, RAMSGen grants the Customer a perpetual, worldwide, royalty-free licence to use, reproduce, modify, and share that Output in accordance with Section 5.2.
16.4 Anonymised and aggregated analytics
We may use anonymised and aggregated data derived from use of the Service for product improvement, analytics, and business operations, provided it does not identify the Customer or any individual.
16.5 Feedback
The Customer grants RAMSGen a perpetual, irrevocable, worldwide, royalty-free licence to use and incorporate Feedback without restriction or compensation.
17. Warranties; Disclaimers
17.1 Limited service warranty
We will provide the Service with reasonable skill and care.
17.2 Disclaimers (B2B)
Except as expressly stated and to the maximum extent permitted by law:
(a) the Service is provided on an "as available" basis;
(b) we do not warrant uninterrupted or error-free operation;
(c) we do not warrant that Output is accurate, complete, compliant, or suitable for any particular purpose; and
(d) we do not provide professional health and safety advice.
17.3 Third-Party Services
Third-Party Services are subject to their own terms. We are not responsible for Third-Party Services and do not warrant their availability, performance, or content.
18. Limitation of Liability
18.1 Non-excludable liabilities
Nothing in these Terms limits or excludes liability for:
(a) death or personal injury caused by negligence;
(b) fraud or fraudulent misrepresentation; or
(c) any liability that cannot be limited or excluded by law.
18.2 Excluded losses
Subject to Section 18.1, RAMSGen will not be liable for indirect or consequential loss, or for loss of profit, revenue, business opportunity, anticipated savings, goodwill, or reputation.
18.3 Liability cap
Subject to Section 18.1, RAMSGen's total aggregate liability arising out of or in connection with the Service and these Terms (whether in contract, tort (including negligence) or otherwise) will not exceed the total Fees paid or payable by the Customer in the 12 months preceding the event giving rise to the claim.
18.4 Allocation of risk
The Customer acknowledges that the Service generates draft documentation and the Customer remains responsible for competent review and compliance, and that Fees reflect the allocation of risk in these Terms.
19. Indemnities
19.1 Customer indemnity
The Customer will indemnify RAMSGen against losses, damages, liabilities, costs, and expenses (including reasonable legal fees) arising from third-party claims relating to:
(a) Customer Data (including that it infringes third-party rights or is unlawful);
(b) the Customer's or Authorised Users' misuse of the Service or breach of these Terms; or
(c) the Customer's use of Output without competent review or in circumstances for which it is not suitable.
19.2 RAMSGen IP infringement indemnity (UK only)
RAMSGen will indemnify the Customer against losses finally awarded by a court (or agreed in a settlement approved by RAMSGen) arising from a third-party claim that the Customer's use of the Service in accordance with these Terms infringes that third party's UK Intellectual Property Rights.
19.3 Exclusions
RAMSGen has no liability under Section 19.2 to the extent a claim arises from:
(a) Customer Data or third-party content;
(b) use of the Service other than in accordance with these Terms;
(c) modification not made by RAMSGen; or
(d) combination with items not provided by RAMSGen.
19.4 Process
The indemnified party must promptly notify the indemnifying party, allow control of defence/settlement, and provide reasonable cooperation. The indemnifying party may not settle in a way that admits liability on behalf of the indemnified party without consent (not to be unreasonably withheld).
20. Third-Party Services
20.1 Integrations
The Service may integrate with or rely on Third-Party Services. Your use of Third-Party Services is subject to their terms.
20.2 No endorsement
We do not endorse and are not responsible for Third-Party Services.
21. Changes to These Terms
21.1 Updates
We may update these Terms from time to time.
21.2 When changes take effect
(a) Changes will normally take effect on renewal of the Subscription.
(b) If we must change these Terms mid-term for legal, security, or operational reasons, we will provide notice and changes will take effect on the date stated in the notice.
(c) If a change is materially adverse to the Customer and is made mid-term (and not required by law), the Customer may terminate the affected Subscription by written notice within 30 days of notice of the change, and we will refund any prepaid Fees for the unused portion of the then-current Subscription Term (if applicable).
22. Notices
22.1 Notices to RAMSGen
Notices must be sent to: legal@ramsgen.com (or such other address we notify).
22.2 Notices to Customer
We may send notices by email to the account email address, via in-app notice, or by posting notice on the Service.
23. Assignment; Subcontracting
23.1 Customer assignment
The Customer may not assign or transfer these Terms without RAMSGen's prior written consent.
23.2 RAMSGen assignment
RAMSGen may assign these Terms (including to an affiliate or in connection with a merger, acquisition, or sale of assets).
23.3 Subcontracting
RAMSGen may subcontract performance, including to subprocessors, provided RAMSGen remains responsible for its obligations subject to these Terms and the DPA.
24. Compliance; Anti-Bribery; Sanctions
24.1 Compliance
Each party will comply with applicable laws in connection with these Terms.
24.2 Anti-bribery
The Customer must not engage in any activity that would put RAMSGen in breach of the Bribery Act 2010.
24.3 Sanctions and export controls
The Customer must not use the Service in violation of applicable sanctions or export control laws.
25. Force Majeure
Neither party will be liable for failure or delay caused by events beyond its reasonable control. If such an event continues for more than 30 days, either party may terminate on written notice.
26. General
26.1 Entire agreement
These Terms (including any Order Form and the DPA) constitute the entire agreement and supersede prior discussions and representations relating to the Service.
26.2 Severability
If any provision is held invalid or unenforceable, it will be modified to the minimum extent necessary to make it enforceable and the remainder will continue in effect.
26.3 Waiver
A waiver is effective only if in writing.
26.4 Relationship
Nothing in these Terms creates a partnership, joint venture, or agency relationship.
26.5 English language
These Terms are written in English. Any translation is for convenience only.
27. Governing Law and Jurisdiction
These Terms and any dispute or claim arising out of or in connection with them are governed by the laws of England and Wales. The courts of England and Wales have exclusive jurisdiction.
Schedules
Schedule 1 — Support (Targets Only)
1. Support channels
Support is provided via email and/or in-app support (if available): support@ramsgen.com.
2. Support standard
We aim to respond to support enquiries within 2 Business Days. This is a target, not a guarantee.
3. Exclusions
Support does not include professional health & safety consultancy or approval of Generated Documents.
Schedule 2 — Security Measures (Baseline)
RAMSGen will implement appropriate technical and organisational measures designed to protect Customer Data, which may include:
- Access controls (least privilege; MFA for administrative access where available);
- Encryption in transit (TLS) and encryption at rest for core storage where supported;
- Secure development and change control practices;
- Logging and monitoring for anomalous activity;
- Backups and resilience (subject to technical feasibility);
- Incident response processes; and
- Contractual security requirements for subprocessors.
Schedule 3 — Subprocessors
RAMSGen may use subprocessors to provide the Service. The authoritative list of key subprocessors is maintained in Annex 3 of the Data Processing Addendum (DPA).
The DPA sets out the notice and objection mechanism for subprocessor changes in accordance with Article 28 UK GDPR.
Schedule 4 — AI Feature Terms (Additional)
1. AI Outputs are probabilistic
AI-generated Output may include errors or omissions.
2. Zero retention configuration
RAMSGen configures OpenRouter with a "zero retention" (or equivalent) setting where available. This means prompts/outputs are not intended to be stored by that provider beyond what is necessary to provide the response, but Third-Party Services remain outside RAMSGen's direct control.
3. No training by RAMSGen
RAMSGen does not train RAMSGen-owned general-purpose AI models on Customer Data.
4. Customer responsibilities
The Customer must ensure a competent person reviews Output before any operational use, sharing, or reliance.
5. Restricted inputs
The Customer should not include special category data, criminal offence data, or confidential third-party information the Customer is not authorised to share.
Schedule 5 — Data Processing Addendum (DPA)
This DPA applies where RAMSGen processes personal data on behalf of the Customer in providing the Service.
1. Definitions
Capitalised terms not defined in this DPA have the meaning given in the Terms. "Personal Data", "Processing", "Controller", "Processor" have the meanings given in Data Protection Legislation.
2. Roles
2.1 The Customer is the Controller of personal data comprised in Customer Data.
2.2 RAMSGen is the Processor of that personal data.
3. Details of processing
3.1 Subject matter: provision of the Service (including generation of draft H&S documentation).
3.2 Duration: Subscription Term plus the export/deletion/retention periods in Section 13.
3.3 Nature and purpose: hosting Customer Data; enabling collaboration; generating Output; providing support; security monitoring; billing; and processing necessary to provide the Service.
3.4 Categories of data subjects: Customer's staff, contractors, client contacts, and other individuals whose personal data is included in Customer Data.
3.5 Types of personal data: typically names, contact details, role/job title, project information, and any other personal data entered by the Customer. The Service is not intended for special category data.
4. Processor obligations
RAMSGen will:
4.1 process Personal Data only on the Customer's documented instructions (including as set out in the Terms and this DPA), unless required by law;
4.2 ensure persons authorised to process Personal Data are bound by confidentiality;
4.3 implement appropriate technical and organisational measures (Schedule 2);
4.4 assist the Customer, taking into account the nature of processing, with data subject requests as required by Data Protection Legislation;
4.5 assist the Customer with security, breach notifications, and DPIAs to the extent required by law and proportionate to the Service;
4.6 notify the Customer without undue delay after becoming aware of a personal data breach involving Customer Data; and
4.7 delete or return Personal Data at end of services in accordance with Section 13, unless retention is required by law.
5. Subprocessors
5.1 Authorisation: the Customer authorises RAMSGen to appoint subprocessors as described in Annex 3 of the standalone DPA (or, where the standalone DPA applies, that Annex 3).
5.2 Flow-down: RAMSGen will impose written obligations on subprocessors no less protective than this DPA.
5.3 Changes/objections: where required, RAMSGen will notify the Customer of new subprocessors. The Customer may object on reasonable grounds relating to data protection within 14 days. If unresolved, RAMSGen may (at its option) not appoint the subprocessor or allow termination of the affected Subscription with a pro-rata refund of prepaid Fees for the unused portion (if applicable).
6. International transfers
Where processing involves transfer of Personal Data outside the UK, RAMSGen will ensure appropriate safeguards are in place as required by Data Protection Legislation (for example, the UK IDTA or other valid transfer mechanism).
7. Security and breach notification
7.1 Security measures are described in Schedule 2.
7.2 Breach notifications will include, where feasible: nature of breach, categories/approximate numbers affected, likely consequences, and measures taken/proposed.
8. Deletion and retention
RAMSGen will delete/return Personal Data in accordance with Section 13. For clarity, Personal Data within Published RAMS may be retained for 6 years under Section 13.4.
9. Liability
Liability under this DPA is subject to the limitations and exclusions of liability set out in the Terms, unless prohibited by law.
END OF TERMS