Terms of Service

By accessing, purchasing, or using any services, software, websites, or support provided by Drive Network Support Ltd ("DNS", "we", "us", "our"), you ("Client", "you", "your") agree to these Terms of Service ("Terms"). If you are entering into these Terms on behalf of a company or other legal entity, you represent that you have authority to bind that entity. These Terms incorporate by reference the Acceptable Use Policy (AUP), Service Level Agreement (SLA), and Data Processing Agreement (DPA), as published by DNS and updated from time to time. In the event of conflict, an executed Order, Statement of Work (SOW), or Master Services Agreement (MSA) prevails over these Terms.

 

Drive Network Support Ltd provides:

• 24/7 IT support: service desk, remote and onsite assistance, proactive monitoring, patch management, endpoint management, and IT consultancy.

• Cybersecurity protection: security operations, vulnerability management, endpoint protection (EDR/MDR), firewall and email security, SIEM, incident response, and user awareness training.

• Cloud hosting and productivity: private cloud, virtual servers, Microsoft 365 and Azure management, backup and disaster recovery, and migration services.

• CNC and industrial systems support: CAD/CAM support, CNC controller integration, PLC and industrial networking, machine data collection, and automation troubleshooting.

• Training, scholarships, and apprenticeships: CNC training, IT/cyber workshops, and educational programmes delivered directly or with accredited partners.

• Access and cooperation: You will provide timely access, information, accounts, and decision-makers required for DNS to deliver services safely and effectively.

• Environment responsibilities: Unless expressly included in your contract, you remain responsible for software licensing, third‑party contracts, physical security, and compliance with applicable laws.

• Backups: DNS-managed backup and recovery applies only where contracted; otherwise, you are responsible for backup, retention, and test restores.

• Acceptable use: You must comply with the AUP and ensure your users do the same.

• Changes: DNS may recommend or implement changes necessary to maintain security, availability, or compliance, following reasonable notice except in emergencies.

• Fees and invoicing: Managed services are invoiced monthly in advance; projects and time-and-materials are invoiced on completion or monthly in arrears. All fees are exclusive of VAT and reasonable expenses (including travel and subsistence) unless stated otherwise.

• Payment due date: Invoices are due within 14 days of the invoice date unless otherwise agreed in writing.

 

Late payment: We may charge interest and recovery costs in accordance with the Late Payment of Commercial Debts (Interest) Act 1998 (as amended) and suspend services for overdue accounts after notice.

Price changes: We may adjust pricing on renewal or with at least 30 days’ notice for ongoing services to reflect vendor changes or scope adjustments.

 

Nothing in these Terms limits liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, or any liability that cannot lawfully be limited. Subject to the foregoing, DNS shall not be liable for: (a) loss of profits, revenue, or business; (b) loss or corruption of data where DNS does not provide and manage the relevant backup service; (c) indirect or consequential loss. DNS’s aggregate liability arising out of or in connection with the services in any 12‑month period is limited to the greater of (i) the total fees paid or payable by you to DNS for the services giving rise to the claim in that period, or (ii) £50,000.

 

For convenience:

• Either party may terminate ongoing managed services on 30 days’ written notice after any committed minimum term stated in the Order or SOW.

• For cause: Either party may terminate for material breach not remedied within 14 days of written notice, or immediately if the other party becomes insolvent.

• Effect of termination: On termination, accrued fees become due. DNS will reasonably cooperate to transition services; we may charge time and materials for transition support. Upon request within 30 days, DNS will return customer data in a standard format; thereafter data may be securely deleted in accordance with our retention policies.

 

These Terms and any dispute or claim arising out of or in connection with them shall be governed by and construed in accordance with the laws of England and Wales, and the courts of England and Wales shall have exclusive jurisdiction.

• Security baseline and MFA: You agree to implement and maintain DNS’s minimum security baseline, including multi-factor authentication on all supported systems. DNS may enforce controls necessary to protect your environment and DNS infrastructure.

• Backups and disaster recovery: Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO) apply only where expressly stated in the SLA or Order. If you do not procure DNS-managed backup/DR, you accept full responsibility for backup, retention, and recovery testing.

• Critical incident cooperation: You will promptly (within 1 hour where practicable) notify DNS of suspected security incidents or outages and cooperate fully with containment, investigation, and remediation activities.

 

 

Fair use and resource protection:

• You shall not use services in a manner that degrades service for others, violates the AUP, or circumvents security controls. DNS may throttle, suspend, or isolate services to protect customers and networks.

• Non-solicitation: You will not solicit or hire DNS personnel involved in delivering your services during the term and for 6 months thereafter, except with DNS’s written consent. If breached, a fee equal to 25% of the employee’s annual remuneration is payable.

 

Where DNS provides training, scholarships, or apprenticeship programmes:

• Eligibility and selection: Admission is at DNS’s discretion and may require verification of identity, right to work/study, and any safeguarding checks required by law or by partners.

 

Conduct and safety:

• Participants must comply with DNS’s code of conduct, health and safety rules, and any applicable partner or awarding‑body terms.

 

Fees and cancellations:

• Fees (if any) and cancellation terms are stated at booking. DNS may reschedule for operational or safety reasons; we will provide reasonable notice.

 

Certification and outcomes:

DNS does not guarantee qualifications, placements, or employment outcomes.

 

Data protection:

Processing of participant data is described in our Privacy Policy and DPA.

Book your Free Network Health Check today.

 

 

Privacy Policy

Last Updated: 31 October 2025

Drive Network Support Ltd ("DNS") acts as a data controller for most client and website data, and as a data processor when we process personal data on behalf of clients under our DPA. We collect:

• Identity and contact data: name, job title, organisation, business address, email, phone.

• Account and authentication data: usernames, role/permissions, audit logs.

• Support and operations data: tickets, chat/phone recordings (where notified), diagnostic files, system inventory and telemetry from remote monitoring and management (RMM) tools.

• Technical data: IP addresses, device identifiers, browser type, cookies and similar technologies, access timestamps, and network metadata generated by our services.

• Commercial and financial data: orders, invoices, payment status (processed via PCI‑compliant providers; DNS does not store full card details).

 

Marketing preferences and communications: your preferences, event registrations, feedback.

Training, scholarship, and apprenticeship data: applications, CVs, qualifications, references, attendance, assessment results, safeguarding information where necessary, and any reasonable adjustments information. We only collect special category data where required by law or with your explicit consent.

 

We obtain data directly from you, from your employer, from our service tools, from publicly available sources (e.g., Companies House), and from trusted partners acting on our instructions.

 

We use personal data to:

• Provide, operate, secure, and improve our services and websites.

• Set up and manage accounts, authenticate users, and provide support.

• Monitor, detect, and prevent security incidents, fraud, and misuse.

• Deliver training, scholarships, and apprenticeship programmes, including admissions, administration, assessment, certification, and safeguarding.

• Bill and collect payments, manage renewals, and perform internal reporting.

• Communicate about service updates, security notices, and changes to terms.

• Send marketing communications where permitted; you may opt out at any time.

• Comply with legal obligations and respond to lawful requests.

 

Lawful bases include performance of a contract, legitimate interests (e.g., securing systems and improving services), consent (e.g., certain marketing or special category data), and legal obligation.

 

We share data with:

• Sub‑processors and service providers under contract, such as data centers and cloud platforms (including Microsoft 365/Azure), ticketing and RMM providers, payment processors, learning and assessment partners, and couriers. These parties act on our instructions and implement appropriate safeguards.

• Professional advisers, insurers, auditors, and regulators where necessary.

• Law enforcement or other authorities where required by law.

• Buyers or successors in the event of a business reorganisation, subject to confidentiality.

 

International transfers: Where data is transferred outside the UK, we implement appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, plus technical and organisational measures.

 

We employ technical and organisational measures appropriate to the risk, including access controls and MFA, encryption in transit and at rest where feasible, network segmentation, vulnerability and patch management, logging and monitoring, employee vetting and training, and incident response procedures. We test and review our controls regularly.

 

Retention: We retain personal data only as long as necessary for the purposes collected and to meet legal, tax, and regulatory requirements. Typical periods include: customer account and billing records (7 years), support tickets and operational logs (up to 6 years, with certain telemetry retained for up to 12 months), training records (up to 7 years), and unsuccessful training/apprenticeship applications (up to 12 months) unless a shorter period is required.

 

Under UK data protection law, you have rights to request access, rectification, erasure, restriction, portability, and to object to certain processing. Where processing is based on consent, you may withdraw consent at any time. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or 0303 123 1113. If your data is processed under contract with your employer, please contact your employer (the controller) first; we will assist them as processor.

 

To exercise your rights or ask questions, contact us via https://www.dnsupport.co.uk/ (Contact page) or email privacy@dnsupport.co.uk. For processor activities, see our DPA for details on roles and responsibilities.

 

Book your Free Network Health Check today.

 

 

Service Level Agreement (SLA)

Effective Date: 31 October 2025

 

This SLA covers the following services provided by Drive Network Support Ltd ("DNS"):

• 24/7 IT support and service desk, including remote and onsite support.

• Proactive monitoring, patching, and endpoint management.

• Cybersecurity services, including SOC monitoring, EDR/MDR, email and web security, and incident response.

• Cloud hosting, Microsoft 365/Azure management, backup, and disaster recovery.

• CNC/CAD/CAM and industrial systems support and advisory.

• Training, scholarships, and apprenticeship programme support (administration and learner support).

 

Service desk hours: 24/7 for Priority 1 (P1) incidents; standard business hours (Mon–Fri, 08:00–18:00 UK time, excluding UK public holidays) for P2–P4 unless 24/7 coverage is contracted.

 

Monitoring: 24/7 automated monitoring with human review for actionable alerts.

Patching: Critical security patches applied in the next maintenance window or sooner if risk dictates, per change control.

 

Backup verification: Where DNS-managed backup is in place, daily backup jobs monitored and weekly restore tests on sampled systems.

 

Target initial response from ticket creation:

• P1 – Critical outage/security incident: 15 minutes (24/7).

• P2 – High impact/major degradation: 1 hour (business hours; 24/7 if contracted).

• P3 – Standard request/incident: 4 business hours.

• P4 – Minor request/Change/How‑to: 1 business day. Resolution targets are influenced by complexity, vendor dependencies, and access; DNS will provide regular updates and work continuously on P1 until service is restored or a workaround is in place.

 

For DNS‑hosted cloud services within DNS’s control:

Monthly uptime: 99.9% measured per calendar month, excluding planned maintenance and Exclusions below.

 

Maintenance windows: Planned changes are notified at least 48 hours in advance where practicable and conducted outside business hours.

 

If monthly uptime for a covered service falls below 99.9%, you may request a service credit within 30 days of month‑end:

• 99.0% to <99.9%: 5% of the monthly fee for the affected service.

• 98.0% to <99.0%: 10% credit.

• <98.0%: 25% credit. Credits are capped at 25% of the monthly fee for the affected service and are not available where downtime falls under Exclusions.

 

• Issues caused by factors outside DNS’s reasonable control (force majeure, upstream provider outage, DDoS beyond reasonable mitigation).

• Client‑caused issues, misuse, AUP breaches, or unauthorised changes.

• Third‑party software, connectivity, or hardware not managed by DNS.

• Planned and notified maintenance, emergency security patches, and changes performed to address an urgent vulnerability or incident.

• Downtime occurring while client access or approvals are outstanding.

• This SLA should be read with the Management Priority Clauses and the ToS; RPO/RTO apply only where expressly defined in an Order or SOW.

 

 

Data Processing Agreement (DPA)

Effective Date: 31 October 2025

 

For the purposes of this DPA:

• "Applicable Data Protection Laws" means UK GDPR, the Data Protection Act 2018, and any UK laws implementing or supplementing them.

• "Controller", "Processor", "Personal Data", "Data Subject", "Processing", and "Personal Data Breach" have the meanings given in Applicable Data Protection Laws.

• "Client" means the entity identified in the Order or SOW that engages DNS to provide services and acts as Controller for its Personal Data.

• "Sub‑processor" means any third party engaged by DNS to process Personal Data on behalf of the Client.

 

Drive Network Support Ltd ("DNS") shall process Personal Data as Processor on behalf of Client to deliver the contracted services described in the Order/SOW and related documentation, including:

• Provision of IT support, monitoring, cybersecurity, hosting, backup/DR, CNC/CAD/CAM support, and training/apprenticeship administration.

• User account management, authentication, and access control.

• Incident detection, response, and forensics.

• Service configuration, migration, and maintenance. Duration: for the term of the services and until deletion or return of Personal Data in accordance with Section 10.

 

Personal Data may relate to:

• Client employees, workers, contractors, and authorised users.

• Client customers and suppliers (as applicable to the services).

• Training, scholarship, and apprenticeship applicants and participants.

 

Typical categories include identity and contact data, employment/role data, authentication data, device and telemetry data, support records, training records, and limited special category data only where required by law or with explicit consent (e.g., health information for reasonable adjustments).

 

DNS shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Access controls, least privilege, and multi‑factor authentication.

• Encryption in transit and at rest where feasible and appropriate.

• Network security, segmentation, monitoring, and vulnerability management.

• Secure development and change control.

• Backup and recovery for contracted services, with regular testing.

• Staff vetting, confidentiality undertakings, and security awareness training.

• Incident response processes, including breach detection and escalation.

 

DNS shall ensure persons authorised to process Personal Data are bound by confidentiality obligations and receive appropriate training.

 

Client authorises DNS to engage Sub‑processors necessary for service delivery. DNS will:

• Maintain a current list of Sub‑processors and provide notice of material changes upon request.

• Impose data protection obligations on Sub‑processors equivalent to those in this DPA.

• Remain responsible for Sub‑processor performance.

 

DNS shall assist Client, taking into account the nature of processing, with Data Subject requests, security, DPIAs, and consultations with regulators, as reasonably required. Upon reasonable prior notice, Client may audit DNS’s compliance through questionnaires, certifications, or on‑site audits no more than once annually, during business hours, without unduly disrupting operations. Confidentiality and security requirements apply; audits may be satisfied by independent third‑party reports where appropriate.

 

DNS shall notify Client without undue delay and in any event within 24 hours of confirming a Personal Data Breach affecting Client Personal Data, providing information reasonably available at the time and cooperating with remediation.

 

At Client’s choice upon termination or expiry of services, DNS shall return all Client Personal Data in a commonly used format and delete existing copies, unless storage is required by law, in which case DNS will isolate and protect the data.

 

Where DNS or its Sub‑processors transfer Personal Data outside the UK, DNS shall ensure appropriate transfer safeguards are in place, including the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, plus supplementary measures as needed.

 

Each party’s liability under this DPA is subject to the limitations and exclusions set out in the governing agreement between the parties, except to the extent such limitations are prohibited by Applicable Data Protection Laws.

 

 

Acceptable Use Policy

Last Updated: 31 October 2025

 

This Acceptable Use Policy ("AUP") governs the use of services provided by Drive Network Support Ltd ("DNS"). It is designed to protect clients, users, and DNS infrastructure and forms part of the Terms of Service.

 

Clients may use our services for:

• Legitimate business purposes consistent with applicable laws and contracts.

• Hosting and processing of business data in accordance with the DPA.

• Training, scholarship, and apprenticeship activities conducted under DNS or partner programme rules.

 

The following activities are strictly prohibited:

• Illegal activities, infringement of intellectual property, or violation of third‑party rights.

• Distribution of malware, phishing, unauthorised scanning, exploitation, or denial‑of‑service.

• Circumventing security controls, attempting unauthorised access, or testing without written authorisation from DNS and the system owner.

• Sending unsolicited bulk communications or spam; email abuse.

• Hosting or transmitting content that is defamatory, hateful, harassing, discriminatory, or otherwise harmful.

• Crypto‑mining, resource abuse, or activity that materially degrades service for others.

• Storage or processing of special category or regulated data (e.g., payment card data, health data) unless expressly agreed in writing with appropriate safeguards.

• Use unique accounts; do not share credentials. Enable and use multi‑factor authentication where provided.

• Keep systems patched and protected with DNS‑approved endpoint security.

• Maintain secure configurations; do not disable logging or protective controls without authorisation.

• Report suspected incidents, compromise, or misuse to DNS promptly and within 1 hour where practicable.

• Respect license terms and do not install unauthorised software.

 

DNS may monitor service usage, network traffic, logs, and security signals as necessary to operate, secure, and improve the services, in accordance with applicable law and our Privacy Policy. DNS may investigate suspected violations and may preserve, review, and disclose information where required by law or to protect users and systems.

 

DNS may, with or without notice depending on urgency: warn, suspend, throttle, or terminate access; remove offending content; isolate affected systems; and/or require remediation steps. DNS may also notify appropriate authorities where unlawful activity is suspected.

Report violations or security issues via https://www.dnsupport.co.uk/ (Contact page) or the support portal at https://www.dnsupport.net/. Provide sufficient detail to enable investigation.

This AUP should be read alongside the Management Priority Clauses and the ToS.