Important information

About this document

These Master Terms of Trade apply to all goods and services supplied by Arcnode IT Pty Ltd to its customers. They are written to operate as a contract under the laws of Victoria, Australia, with exclusive jurisdiction of the courts of Victoria.

Where a customer is a consumer within the meaning of section 3 of the Australian Consumer Law, the Consumer Variations Schedule attached to these Terms engages automatically and modifies certain clauses for that customer's benefit. Both documents should be read together for consumer engagements.

How acceptance works

These Terms become binding when the customer accepts a quote issued by Arcnode IT. For business customers, quotes are issued through Arcnode IT's Customer Portal with click-to-accept functionality. For residential customers, quotes are issued by email with a Xero quote link. In each case, the quote includes a link to the current version of these Terms, and acceptance of the quote constitutes acceptance of these Terms.

Reading these Terms

Defined terms have the meanings given in clause 2. Cross-references are to clauses of this document unless otherwise stated. References to legislation include amendments and successor legislation. The singular includes the plural and vice versa, and references to a person include a company, partnership, trust, and other legal entity.

1. Background and application

1.1 These Master Terms of Trade (Terms) apply to all goods and services supplied by Arcnode IT Pty Ltd (ACN 697 143 623, ABN 70 697 143 623) (Arcnode IT, we, us, our) to its customers (Customer, you, your).

1.2 These Terms become binding on the Customer when the Customer accepts a quote issued by Arcnode IT. Acceptance occurs:

(a) for business customers, when the Customer confirms acceptance through Arcnode IT's Customer Portal or by signed written confirmation (including email confirmation);

(b) for residential customers, when the Customer accepts the Xero quote (electronically or by signed return) or otherwise confirms acceptance in writing;

(c) in any case, when the Customer pays a deposit invoice or otherwise gives clear and unambiguous instructions to proceed.

1.3 Quotes issued by Arcnode IT include a link to the version of these Terms current at the time the quote is issued. The Customer should review these Terms before accepting a quote. By accepting a quote, the Customer confirms it has had a reasonable opportunity to review and consider these Terms.

1.4 If the Customer is a consumer within the meaning of section 3 of the Australian Consumer Law (Schedule 2 to the Competition and Consumer Act 2010 (Cth)) (ACL), the Consumer Variations Schedule attached to these Terms engages automatically and modifies these Terms to the extent set out in that Schedule. In the event of inconsistency between these Terms and the Consumer Variations Schedule for a consumer Customer, the Consumer Variations Schedule prevails.

1.5 Where Arcnode IT and the Customer have entered into a separately signed master services agreement, statement of work, or service order, that document prevails over these Terms to the extent of any inconsistency, in relation to the matters it addresses. These Terms apply in all other respects.

1.6 Arcnode IT may update these Terms from time to time in accordance with clause 22.7. The version of these Terms applying to an engagement is the version current at the time the relevant quote is issued, unless the parties agree otherwise in writing.

2. Definitions

In these Terms, the following terms have the following meanings:

ACL means Schedule 2 to the Competition and Consumer Act 2010 (Cth).

Acceptance Period means the period of 10 Business Days after delivery of a Deliverable, or such other period as is specified in the relevant quote or service order, within which the Customer may object in writing to the Deliverable on the basis of a Material Non-Conformance.

APP means an Australian Privacy Principle set out in Schedule 1 to the Privacy Act 1988 (Cth).

Arcnode Tools means the tools, scripts, frameworks, methodologies, templates, processes, internal platforms, configuration baselines, monitoring scripts, deployment templates, know-how, and other intellectual property owned, developed, or maintained by Arcnode IT and used in connection with delivering Services, including all extensions, refinements, and modifications made in the course of delivering Services to any customer.

Background IP means Intellectual Property Rights owned by a party, or to which a party is entitled, that were developed or acquired by that party before the date of the relevant engagement, or independently of the engagement.

Business Day means any day other than a Saturday, Sunday, or a public holiday in Victoria, Australia.

Confidential Information means information disclosed by one party (Disclosing Party) to the other party (Receiving Party) in connection with the Services that is: (a) marked or otherwise identified as confidential; or (b) of a kind that a reasonable person would understand to be confidential, including pricing, technical information, business plans, customer lists, and trade secrets. Confidential Information does not include Customer Data (which is dealt with separately under clause 11), and does not include information of the kinds excluded by clause 10.2.

Customer Data means data, content, and information that is: (a) owned or controlled by the Customer; (b) provided by or on behalf of the Customer to Arcnode IT; or (c) accessed by Arcnode IT in the Customer's systems in the course of providing the Services, including Personal Information of which the Customer is the controller within the meaning of the Privacy Act 1988 (Cth) (Privacy Act).

Cyber Incident means any unauthorised access to, malicious activity on, or compromise of a computer system, network, or data, including ransomware, malware, phishing, business email compromise, denial of service, unauthorised data exfiltration, and Social Engineering Fraud (within the meaning of the cyber liability insurance policy held by Arcnode IT from time to time).

Deliverable means a tangible output of the Services provided by Arcnode IT to the Customer, including reports, configurations, documentation, custom code, and other work product, but excluding Arcnode Tools.

Eligible Data Breach means an eligible data breach within the meaning of section 26WE of the Privacy Act 1988 (Cth).

GST means the goods and services tax payable under the A New Tax System (Goods and Services Tax) Act 1999 (Cth) (GST Act). Other terms used in clause 5 have the meanings given in the GST Act.

Intellectual Property Rights means all intellectual property rights of any kind, including copyright, patents, trade marks, registered designs, circuit layout rights, rights in confidential information and trade secrets, moral rights, and all rights to apply for any of the foregoing, whether registered or unregistered, anywhere in the world.

Material Non-Conformance means a failure of a Deliverable to substantially conform to the written specifications agreed between Arcnode IT and the Customer in the relevant quote or service order, that materially impairs the intended use of the Deliverable. Cosmetic, immaterial, or readily correctable deviations are not Material Non-Conformances.

Personal Information means personal information within the meaning of section 6 of the Privacy Act 1988 (Cth).

PPSA means the Personal Property Securities Act 2009 (Cth).

Privacy Act means the Privacy Act 1988 (Cth).

Services means the services described in the relevant quote, statement of work, or service order, together with any related goods supplied by Arcnode IT, including managed services, project services, one-off services, and the supply of hardware and software.

Third-Party Products means hardware, software, cloud services, telecommunications services, and other goods or services supplied by third parties that Arcnode IT resells, procures, or otherwise makes available to the Customer in connection with the Services.

3. Services

3.1 Arcnode IT will provide the Services described in the relevant quote, statement of work, or service order, with reasonable care and skill consistent with industry standards prevailing in the Australian managed services industry.

3.2 Service levels, response times, and availability targets (if applicable) are set out in the relevant quote, service order, or master services agreement. In the absence of an agreed service level, Arcnode IT will use reasonable commercial efforts to deliver Services in a timely manner during Arcnode IT's normal business hours, being 9:00am to 5:30pm AEST or AEDT on Business Days.

Sub-contractors

3.3 Arcnode IT may engage sub-contractors, consultants, and agents to perform Services. Arcnode IT remains responsible to the Customer for Services performed by sub-contractors it engages, to the same extent as if Arcnode IT had performed those Services itself, subject to the limitations of liability in clause 15.

Third-Party Products

3.4 Where Arcnode IT resells, procures, or otherwise makes available Third-Party Products to the Customer, Arcnode IT acts as a reseller or procurement agent only. The Customer's use of Third-Party Products is governed by the relevant vendor's terms. Arcnode IT passes through, but does not extend, replicate, or guarantee, any warranty provided by the vendor of a Third-Party Product. Arcnode IT is not liable for the performance, availability, fitness, or compliance of Third-Party Products, except to the extent that a failure of Third-Party Products results from Arcnode IT's own negligent configuration, selection, or recommendation.

3.5 The Customer acknowledges that some Third-Party Products are essential to the Services and that an interruption, change, or withdrawal of a Third-Party Product by its vendor is outside Arcnode IT's reasonable control. Arcnode IT will use reasonable efforts to notify the Customer of material vendor changes affecting the Services and to assist the Customer in adapting to them.

Acceptance of Deliverables

3.6 Where the Services include the production of a Deliverable for which written specifications have been agreed between the parties in the relevant quote or service order, the following acceptance process applies:

(a) On delivery of the Deliverable, Arcnode IT will notify the Customer that the Deliverable has been delivered.

(b) The Customer has the Acceptance Period to inspect the Deliverable and to notify Arcnode IT in writing of any Material Non-Conformance.

(c) If the Customer does not notify Arcnode IT in writing of a Material Non-Conformance within the Acceptance Period, the Deliverable is deemed to have been accepted by the Customer.

(d) If the Customer notifies Arcnode IT of a Material Non-Conformance within the Acceptance Period, Arcnode IT will use reasonable efforts to correct the Material Non-Conformance and re-deliver the Deliverable. The Acceptance Period then restarts in respect of the corrected Deliverable.

(e) Use of the Deliverable by the Customer in production or live operations constitutes acceptance of the Deliverable.

3.7 For managed services, acceptance is not a one-time event. Continued use of the Services by the Customer, and continued payment of Arcnode IT's invoices, constitutes ongoing acceptance of the Services.

4. Quotes

4.1 Quotes issued by Arcnode IT are valid for 30 days from the quote date, unless otherwise stated on the quote.

4.2 Acceptance of a quote in any manner described in clause 1.2 constitutes acceptance of these Terms (as modified by the Consumer Variations Schedule, if applicable) and of the scope, fees, and other particulars set out in the quote.

4.3 Pricing in a quote assumes that the work proceeds as scoped. Material variations to scope, timing, or assumptions may require a revised quote and may incur additional charges in accordance with clause 7.

5. Fees and payment

5.1 Fees are as set out in the relevant quote, recurring service order, or invoice.

GST

5.2 Unless expressly stated otherwise, all amounts payable under these Terms are exclusive of GST. If GST is payable on a Taxable Supply made under these Terms, the recipient of the supply must pay to the supplier an additional amount equal to the GST payable on that supply, on or before the later of the date the consideration would otherwise be payable and the date the supplier issues a Tax Invoice.

Payment terms

5.3 Invoices are payable within 14 days of the issue date, unless otherwise agreed in writing.

5.4 Overdue accounts may attract interest at the rate fixed from time to time under the Penalty Interest Rates Act 1983 (Vic), or 10% per annum, whichever is lower, calculated daily on the outstanding amount from the due date until payment is received in full.

5.5 Arcnode IT may suspend the Services (in whole or in part) where any invoice remains unpaid for 30 days or more after its due date, having given the Customer at least 7 days' written notice of the intention to suspend. Suspension under this clause does not relieve the Customer of its obligation to pay fees accrued before the suspension.

5.6 The Customer is responsible for all reasonable costs incurred by Arcnode IT in recovering overdue amounts, including legal fees on a solicitor and own client basis, debt collection fees, and court costs.

5.7 Disputes about an invoice must be raised in writing within 21 days of the invoice date. Undisputed portions of an invoice remain payable by the due date. The parties will use reasonable efforts to resolve invoice disputes promptly under the dispute resolution process in clause 21.

Payment verification

5.8 The parties acknowledge that fraudulent emails purporting to come from Arcnode IT or from the Customer requesting changes to bank account or payment details are a common form of cyber-enabled fraud. Accordingly:

(a) Before acting on any email or written instruction purporting to come from Arcnode IT that requests a change to Arcnode IT's bank account details or payment instructions, the Customer must verify the change by telephoning Arcnode IT on the published contact number on Arcnode IT's website or in the original quote, and speaking to a known person. The Customer must not verify by calling any number contained in the email or instruction itself.

(b) Before acting on any email or written instruction purporting to come from the Customer that requests a change to the Customer's bank account details or payment instructions, Arcnode IT will verify the change by telephoning the Customer on a known number held on file, and speaking to a known person.

(c) Neither party is liable for losses arising from a failure by the other party to comply with the verification procedure in this clause. Where the Customer fails to verify a change of payment details in accordance with paragraph (a) and incurs a loss as a result, the Customer bears that loss.

6. Customer obligations

6.1 The Customer will:

(a) provide Arcnode IT with timely access to the systems, premises, information, and personnel reasonably required to deliver the Services;

(b) ensure that information provided to Arcnode IT is accurate, complete, and not misleading;

(d) comply with reasonable security and access requirements notified by Arcnode IT;

(e) follow the payment verification procedure in clause 5.8;

(f) not use the Services for any unlawful purpose or in a manner that infringes the rights of any third party;

(g) promptly notify Arcnode IT of any actual or suspected security incident affecting systems or data accessed by Arcnode IT.

6.2 The Customer warrants that it has all necessary rights, licences, consents, and authorisations for the systems, software, data, and intellectual property on which Arcnode IT works in providing the Services. The Customer indemnifies Arcnode IT against any third-party claim arising from breach of this warranty, in accordance with clause 16.

6.3 Delays or additional costs caused by the Customer's failure to meet its obligations under this clause 6 do not relieve the Customer of its payment obligations and may result in additional charges. Arcnode IT will use reasonable efforts to notify the Customer of any such delay or additional cost before incurring it.

7. Variations and change requests

7.1 Either party may request a change to the scope, deliverables, timing, or fees for the Services by giving the other party written notice (including by email).

7.2 Arcnode IT will assess the impact of a requested change on cost, timing, deliverables, and other aspects of the Services, and will provide a written change response within a reasonable time.

7.3 No change takes effect until both parties have confirmed it in writing (including by email). Until a change is confirmed, the original scope, fees, and timing apply.

8. Intellectual property

Background IP

8.1 Each party retains ownership of its Background IP. Nothing in these Terms transfers Background IP from one party to the other.

Deliverables

8.2 Subject to full payment of all fees payable under the relevant engagement, Intellectual Property Rights in bespoke Deliverables created exclusively for the Customer transfer to the Customer on payment. Pending full payment, the Customer has a limited licence to use those Deliverables for the purpose for which they were supplied.

Arcnode Tools

8.3 Arcnode IT retains ownership of all Arcnode Tools, including refinements and extensions made to them in the course of delivering Services to the Customer or to other customers. Arcnode Tools include, but are not limited to, internal management platforms, monitoring scripts, deployment templates, configuration baselines, and methodologies used by Arcnode IT across multiple customers.

8.4 Where Arcnode Tools are incorporated into a Deliverable, Arcnode IT grants the Customer a non-exclusive, perpetual, royalty-free, non-transferable licence to use those Arcnode Tools solely as part of, and in connection with, the Customer's use of that Deliverable. The Customer must not extract, copy, modify, redistribute, or commercialise the Arcnode Tools independently of the Deliverable.

Moral rights consent

8.5 Arcnode IT will procure from each of its personnel who contributes to a Deliverable a written consent under section 195AW of the Copyright Act 1968 (Cth) consenting to all acts or omissions by Arcnode IT and the Customer (and their respective licensees and successors) that would otherwise infringe the personnel's moral rights in the Deliverable, including any acts of attribution, non-attribution, false attribution, and acts in relation to the integrity of the work, to the maximum extent permitted by law.

Third-party IP

8.6 Nothing in this clause 8 affects the ownership of, or licences granted in relation to, Third-Party Products. Where a Deliverable incorporates third-party IP licensed to Arcnode IT, the Customer's use of that IP is subject to the relevant third-party licence terms.

9. Insurance

9.1 Arcnode IT maintains, and will continue to maintain throughout the term of the engagement:

(a) professional indemnity insurance to a limit of not less than $2,500,000 per claim and $5,000,000 in the aggregate per insurance period;

(b) public and products liability insurance to a limit of not less than $10,000,000 per occurrence and $10,000,000 in the aggregate per insurance period;

9.2 Arcnode IT will provide a certificate of currency for the insurance in clause 9.1 on the Customer's reasonable written request, not more frequently than annually.

9.3 The Customer is responsible for maintaining its own insurance appropriate to its business and its use of the Services, including cyber liability insurance where relevant. The Customer acknowledges that Arcnode IT's insurance is for Arcnode IT's own benefit and does not extend to the Customer.

10. Confidentiality

10.1 Each party will:

(a) keep the other party's Confidential Information confidential;

(b) use the other party's Confidential Information only for the purposes of performing or receiving the Services under these Terms;

(c) protect the other party's Confidential Information using at least the same degree of care it uses to protect its own confidential information of a similar nature, and in any event no less than a reasonable degree of care; and

(d) disclose the other party's Confidential Information only to its personnel, contractors, and professional advisers who have a need to know and who are bound by obligations of confidentiality at least as protective as those in this clause 10.

10.2 The obligations in this clause 10 do not apply to information that:

(a) is or becomes publicly available other than through a breach of these Terms;

(b) was lawfully known to the Receiving Party before disclosure by the Disclosing Party;

(c) is independently developed by the Receiving Party without reference to the Disclosing Party's Confidential Information; or

(d) is required to be disclosed by law, court order, or regulatory authority, in which case the Receiving Party will (where lawful and practicable) give the Disclosing Party reasonable prior notice.

10.3 This clause 10 survives termination of the engagement for a period of 5 years, except in respect of information that is a trade secret, in which case the obligations continue for so long as the information retains the character of a trade secret.

11. Data and privacy

Australian Privacy Principles

11.1 Arcnode IT will handle Personal Information in connection with the Services in a manner consistent with the Australian Privacy Principles set out in Schedule 1 to the Privacy Act 1988 (Cth), as if Arcnode IT were an APP entity. Arcnode IT maintains a Privacy Policy describing how it handles Personal Information, available on Arcnode IT's website.

Customer Data

11.2 As between Arcnode IT and the Customer, the Customer is responsible for Customer Data, including its accuracy, lawfulness of collection, and authority to disclose it to Arcnode IT. Arcnode IT will access and use Customer Data only as reasonably necessary to provide the Services and in accordance with the Customer's documented instructions.

11.3 Arcnode IT will not sell, licence, or otherwise commercialise Customer Data, and will not use Customer Data for any purpose other than providing the Services or as required by law.

Security

11.4 Arcnode IT will take reasonable steps to protect Customer Data against misuse, interference, loss, and unauthorised access, modification, or disclosure, having regard to the nature of the Customer Data, the harm that might result from a breach, and the practicability of the measures available. Reasonable steps include access controls, encryption in transit, logging, incident response procedures, and personnel training.

Notification of data breaches

11.5 Where Arcnode IT confirms that an Eligible Data Breach has occurred affecting Customer Data, Arcnode IT will:

(a) notify the Customer in writing without undue delay and in any event within 72 hours of confirming the Eligible Data Breach;

(b) provide the Customer with the information reasonably required by the Customer to assess and respond to the breach, including the nature of the breach, the kinds of Personal Information involved, the steps taken to contain the breach, and the steps recommended to the Customer in response;

(c) cooperate reasonably with the Customer in responding to the breach, including in respect of the Customer's obligations under Part IIIC of the Privacy Act.

11.6 For security incidents affecting Customer Data that do not constitute an Eligible Data Breach, Arcnode IT will notify the Customer as soon as reasonably practicable after Arcnode IT becomes aware of the incident, having regard to the nature and severity of the incident.

11.7 Nothing in this clause 11 transfers from the Customer to Arcnode IT any obligation that the Customer has under the Privacy Act or any other law in respect of Personal Information of which the Customer is the APP entity.

Return or destruction of Customer Data

11.8 On termination of the engagement, Arcnode IT will, at the Customer's written instruction, return or securely destroy Customer Data in Arcnode IT's possession, except where:

(a) retention is required by law;

(b) Customer Data is co-mingled with operational backups, in which case retention will follow Arcnode IT's standard backup retention schedule, with Customer Data remaining subject to clauses 10 and 11 until destruction; or

12. Cyber security cooperation

12.1 The parties will cooperate reasonably in respect of cyber security incidents affecting the Services, including in respect of obligations either party has under the Cyber Security Act 2024 (Cth) (Cyber Security Act), the Privacy Act, the Security of Critical Infrastructure Act 2018 (Cth), and other applicable law.

12.2 If the Customer is required to make a ransomware payment report under Part 3 of the Cyber Security Act, the obligation to make that report is the Customer's. Arcnode IT will provide the Customer with reasonable information and assistance in connection with such a report on the Customer's request. The Customer indemnifies Arcnode IT against any liability arising from the Customer's failure to make a report it is required to make.

12.3 Neither party will pay any ransom or extortion demand on behalf of the other party, or in connection with the other party's systems or data, without the other party's prior written consent. Each party makes its own decision about whether to pay or not pay a ransom in accordance with its own legal advice and risk assessment.

12.4 Each party will provide reasonable cooperation to the other in any investigation or notification process arising from a Cyber Incident, including providing access to logs, system information, and personnel as reasonably requested, subject to legal privilege and any limitations imposed by the cooperating party's own insurer or legal counsel.

13. Warranties and disclaimers

13.1 Arcnode IT warrants that the Services will be performed with reasonable care and skill consistent with industry standards prevailing in the Australian managed services industry.

13.2 To the maximum extent permitted by law, all warranties (express or implied) not expressly set out in these Terms are excluded, including warranties of merchantability, fitness for a particular purpose, and non-infringement of third-party rights.

Consumer guarantees

13.3 Nothing in these Terms excludes, restricts, or modifies any consumer guarantee, right, or remedy conferred on a Customer by the ACL or any other applicable law that cannot lawfully be excluded, restricted, or modified.

Section 64A election

13.4 Where the Services are not of a kind ordinarily acquired for personal, domestic, or household use or consumption, and to the maximum extent permitted by section 64A of the ACL, Arcnode IT's liability for failure to comply with a consumer guarantee in respect of the Services is limited, at Arcnode IT's option, to:

(a) supplying the Services again; or

(b) payment of the cost of having the Services supplied again.

13.5 The election in clause 13.4 does not apply where the Customer establishes that reliance on the election would not be fair or reasonable, within the meaning of section 64A(3) of the ACL.

14. Information security

14.1 Arcnode IT will maintain an information security program appropriate to its business and the Services it provides, having regard to industry standards including the Australian Cyber Security Centre's Essential Eight.

14.2 The Customer will maintain its own information security controls appropriate to its business, including (where relevant) multi-factor authentication, endpoint protection, patch management, and data backup. Arcnode IT may, but is not obliged to, provide recommendations on the Customer's security controls; the Customer is responsible for its own implementation decisions.

14.3 Each party will promptly notify the other of any security incident that may materially affect the other party's systems or data, in accordance with clauses 11.5 and 11.6.

15. Limitation of liability

Aggregate cap

15.1 Subject to clauses 15.3 and 15.4, Arcnode IT's total aggregate liability arising out of or in connection with the Services and these Terms (whether in contract, tort (including negligence), statute, or otherwise) is limited to the greater of:

(a) the fees paid by the Customer to Arcnode IT under the relevant engagement in the 12 months immediately preceding the event giving rise to the liability; or

(b) AUD $1,000,000.

Consequential loss

15.2 Neither party is liable to the other for any indirect, consequential, special, incidental, or punitive damages, including loss of profits, loss of revenue, loss of business opportunity, loss of goodwill, or loss of anticipated savings, even if advised of the possibility of such damages. For the avoidance of doubt, loss of or damage to data is not, by itself, indirect or consequential.

Confidentiality and privacy carve-out

15.3 Arcnode IT's aggregate liability for breach of clause 10 (Confidentiality) or clause 11 (Data and Privacy), including breaches arising from a Cyber Incident affecting Confidential Information or Customer Data, is limited to AUD $2,000,000 in the aggregate, in lieu of (and not in addition to) the cap in clause 15.1.

Exclusions from the caps

15.4 The limitations in clauses 15.1 to 15.3 do not apply to:

(a) liability arising from fraud or wilful misconduct;

(b) the Customer's obligation to pay fees properly due under these Terms;

(d) any liability that cannot be limited under the ACL or other applicable law.

Proportionate liability

15.5 The provisions of Part IVAA of the Wrongs Act 1958 (Vic) apply to any apportionable claim arising under or in connection with these Terms. The parties do not contract out of Part IVAA. Where a claim brought against Arcnode IT involves the conduct of one or more concurrent wrongdoers, Arcnode IT's liability is limited to the amount reflecting Arcnode IT's proportionate responsibility for the loss.

16. Indemnities

Customer indemnities

16.1 The Customer indemnifies Arcnode IT against any loss, damage, cost, or expense (including reasonable legal costs) suffered or incurred by Arcnode IT arising from a third-party claim against Arcnode IT in connection with:

(a) a breach by the Customer of its warranties under clause 6.2 (Customer rights, licences, and authorisations);

(b) use of the Services by the Customer in breach of law or in breach of third-party rights, where Arcnode IT was not aware (and could not reasonably have been aware) of the breach;

(c) Customer Data provided by the Customer to Arcnode IT that is unlawful, misleading, infringing of third-party rights, or otherwise improperly collected; or

(d) the Customer's failure to make a report or notification it is required to make under law in respect of a Cyber Incident or data breach.

Arcnode IT indemnity for third-party IP claims

16.2 Subject to the limitations in clause 15 and the conditions in clause 16.3, Arcnode IT indemnifies the Customer against any judgment, settlement, or reasonable legal cost arising from a third-party claim alleging that bespoke Deliverables created by Arcnode IT for the Customer (excluding Arcnode Tools, Background IP of either party, Third-Party Products, and Customer Data) infringe the third party's Intellectual Property Rights in Australia.

16.3 The indemnity in clause 16.2 does not apply to claims to the extent they arise from:

(a) modifications to the Deliverable made by or on behalf of the Customer without Arcnode IT's consent;

(b) combination of the Deliverable with materials not supplied by Arcnode IT, where the infringement would not have arisen but for the combination;

(d) Customer Data or third-party IP supplied by the Customer for incorporation into the Deliverable; or

(e) infringement claims first arising more than 2 years after delivery of the Deliverable.

Indemnity procedure

16.4 An indemnity under this clause 16 is conditional on the indemnified party:

(a) giving the indemnifying party prompt written notice of the third-party claim;

(b) permitting the indemnifying party to assume conduct of the defence and settlement (provided the indemnifying party acknowledges its indemnity obligation);

(d) not admitting liability or settling the claim without the indemnifying party's prior written consent (not to be unreasonably withheld).

17. Term and termination

17.1 These Terms apply from the start of the engagement and continue until terminated in accordance with this clause.

17.2 Either party may terminate an ongoing recurring service engagement (such as managed services) by giving the other party at least 60 days' written notice, unless a longer minimum term has been agreed in writing in the relevant quote or service order.

17.3 Either party may terminate immediately by written notice if:

(a) the other party commits a material breach and fails to remedy it within 30 days of written notice describing the breach;

(b) the other party becomes insolvent, enters administration or liquidation, has a controller or receiver appointed, or is unable to pay its debts as they fall due.

17.4 On termination:

(a) the Customer must pay all fees for Services rendered up to the termination date;

(b) each party must return or, at the disclosing party's instruction, destroy the other party's Confidential Information (subject to clauses 10 and 11);

(c) the clauses that by their nature survive termination remain in force, including clauses 5 (in respect of unpaid amounts), 8, 10, 11, 13, 15, 16, 18, 20, 21, and 22.

18. Off-boarding and transition

18.1 On termination of a managed services engagement, Arcnode IT will provide reasonable transition assistance to enable the Customer or its nominated successor to continue services, including:

(a) returning Customer Data and credentials in a commonly used format;

(b) documenting current configurations and active services;

(d) providing reasonable cooperation with a nominated successor provider, subject to the successor entering into reasonable confidentiality obligations.

18.2 Transition assistance is provided at Arcnode IT's then-current standard hourly rate, up to a maximum of 40 hours unless the parties agree otherwise in writing. Transition assistance beyond 40 hours is provided at the standard hourly rate by agreement.

19. Force majeure

19.1 Neither party is liable for failure or delay in performance (other than payment obligations) caused by events outside its reasonable control, including natural disasters, acts of government, war, civil unrest, pandemics, large-scale internet or upstream service outages, third-party cloud or telecommunications failures, and cyber attacks on upstream suppliers or platforms.

19.2 The affected party must notify the other party promptly and use reasonable efforts to mitigate the impact. If a force majeure event continues for more than 60 days, either party may terminate the affected engagement on written notice.

20. Non-solicitation of personnel

20.1 During the term of the engagement and for 12 months after termination, the Customer will not, without Arcnode IT's prior written consent:

(a) solicit for employment or engagement; or

(b) employ or engage,

any person who is at the time, or was within the preceding 12 months, an employee or contractor of Arcnode IT who has worked materially on the Customer's account.

20.2 Clause 20.1 does not prevent the Customer from responding to a general public recruitment advertisement not specifically directed at Arcnode IT personnel.

20.3 If the Customer breaches clause 20.1, the Customer will pay Arcnode IT an amount equal to 30% of the relevant person's gross annual remuneration package, as agreed compensation for the cost of replacing the personnel. The parties agree this represents a genuine pre-estimate of Arcnode IT's loss.

21. Dispute resolution

21.1 If a dispute arises between the parties in connection with these Terms or the Services, the parties will use the following process before commencing court proceedings (other than for urgent injunctive relief):

(a) the party raising the dispute will give the other written notice setting out the dispute;

(b) within 10 Business Days, senior representatives of the parties will meet (in person or virtually) and use reasonable efforts to resolve the dispute in good faith;

(c) if the dispute is not resolved within 20 Business Days of the notice, either party may refer the dispute to mediation administered by the Resolution Institute, or such other mediation provider as the parties agree;

(d) if the dispute is not resolved within 30 Business Days of the referral to mediation, either party may commence court proceedings.

21.2 Each party bears its own costs of the dispute resolution process and shares equally the costs of the mediator.

21.3 This clause 21 does not prevent a party from seeking urgent injunctive relief in any court of competent jurisdiction.

22. General

Governing law and jurisdiction

22.1 These Terms are governed by the laws of Victoria, Australia. The parties submit to the exclusive jurisdiction of the courts of Victoria, and courts competent to hear appeals from those courts.

Notices

22.2 Notices must be in writing and may be given by email to the address on file for the recipient (for Arcnode IT, legal@arcnode.com.au). Notices are deemed received on the next Business Day after the email is sent, unless the sender receives a delivery failure notification.

Entire agreement

22.3 These Terms, together with the Consumer Variations Schedule (where applicable), any signed master services agreement, and any statement of work or service order, constitute the entire agreement between the parties on the subject matter and supersede all prior negotiations and representations, other than fraudulent representations or representations that cannot be excluded by law.

Severability

22.4 If any provision of these Terms is held by a court of competent jurisdiction to be invalid or unenforceable, that provision is severed and the remainder of these Terms continue in full force and effect.

Waiver

22.5 A failure or delay by a party in exercising any right under these Terms does not operate as a waiver of that right.

Assignment

22.6 Neither party may assign or transfer its rights or obligations under these Terms without the other party's prior written consent (not to be unreasonably withheld), except that Arcnode IT may assign to a related body corporate or in connection with a sale of all or substantially all of its business, on giving the Customer written notice.

Variation

22.7 Arcnode IT may update these Terms from time to time by publishing the updated version at the canonical location notified to customers (currently arcnode.com.au/terms). The version current at the time the relevant quote is issued applies to that engagement, unless the parties agree otherwise in writing. Where Arcnode IT proposes to make a change to these Terms that materially adversely affects an active recurring engagement, Arcnode IT will:

(a) give the affected Customer at least 30 days' written notice of the change before it takes effect;

(b) permit the Customer to terminate the affected engagement during the notice period without penalty;

22.8 Material commercial changes (including changes to price, scope of Services, or core obligations) for an active recurring engagement require the Customer's agreement. This clause 22.8 does not prevent ordinary price reviews at renewal of a defined term, where the new price applies prospectively from the renewal date.

PPSA

22.9 Where the supply of Services or goods under these Terms creates a security interest within the meaning of the Personal Property Securities Act 2009 (Cth) (PPSA):

(a) the Customer consents to Arcnode IT registering its security interest on the Personal Property Securities Register and waives any right under section 157 of the PPSA to receive notice of registration;

(b) to the maximum extent permitted by section 115 of the PPSA, the parties contract out of the provisions of the PPSA specified in section 115 in respect of the security interest;

(c) neither party will disclose information of the kind described in section 275(1) of the PPSA, except as required under section 275(7);

(d) each party waives its right to receive notices under sections 95, 118, 121(4), 130, 132(3)(d), and 132(4) of the PPSA.

No partnership

22.10 Nothing in these Terms creates a partnership, joint venture, agency, employment, or fiduciary relationship between the parties.

Counterparts and electronic signature

22.11 These Terms (and any document forming part of an engagement) may be agreed by electronic acceptance, click-acceptance, or signed in counterparts including by electronic signature in accordance with the Electronic Transactions (Victoria) Act 2000. Each counterpart is an original and all counterparts together form one document.

Acceptance

These Terms become binding on the Customer when accepted in accordance with clause 1.2. No physical signature is required where acceptance is given through Arcnode IT's Customer Portal, by accepting a Xero quote, by paying a deposit invoice, or by other clear written confirmation.

Arcnode IT Pty Ltd

ACN 697 143 623 · ABN 70 697 143 623

Melbourne, Victoria, Australia

Legal: legal@arcnode.com.au · Accounts: accounts@arcnode.com.au · arcnode.com.au

Terms of Trade (Master Terms), version 2.0. Effective May 2026.

Consumer Variations Schedule

The following Schedule forms part of the Terms of Trade and applies to consumers. It gives additional protections that cannot be excluded.

Purpose of this Schedule

Arcnode IT supplies services to both business customers and residential customers. Australian Consumer Law gives consumers specific rights and protections that cannot be excluded by contract. This Schedule sets out how the Master Terms of Trade are modified for consumer Customers, to ensure that those rights are preserved and that the contract is fair to consumer Customers.

Reading the Master Terms together with this Schedule, a consumer Customer should be able to understand:

which services Arcnode IT will provide and what the consumer will pay;
the consumer's rights under Australian Consumer Law, which cannot be excluded;
how complaints and disputes can be raised, including external avenues such as Consumer Affairs Victoria and VCAT;
how the Customer's information will be handled;
what happens at the end of the engagement.

1. Application of this Schedule

1.1 This Schedule (Consumer Variations Schedule) forms part of the Master Terms of Trade (Master Terms) between Arcnode IT Pty Ltd (ACN 697 143 623, ABN 70 697 143 623) and the Customer. It applies where the Customer is a consumer within the meaning of section 3 of the Australian Consumer Law (ACL).

1.2 Under section 3 of the ACL, a person is a consumer if (relevantly) they acquire services where: (a) the amount payable for the services does not exceed the threshold amount set out in section 3 (currently $100,000); or (b) the services are of a kind ordinarily acquired for personal, domestic, or household use or consumption; or (c) the services consist of the transportation or storage of goods for the consumer's personal, domestic, or household use.

1.3 Where there is any inconsistency between this Schedule and the Master Terms, this Schedule prevails for a consumer Customer.

1.4 Acceptance of a quote by a consumer Customer (as described in clause 1.2 of the Master Terms) constitutes acceptance of both the Master Terms and this Schedule.

2. Your rights under Australian Consumer Law

The Australian Consumer Law (Schedule 2 to the Competition and Consumer Act 2010 (Cth)) provides that, when Arcnode IT supplies services to you as a consumer, the following consumer guarantees apply:

Services to be supplied with due care and skill

Arcnode IT guarantees that the services will be provided with due care and skill (section 60 ACL).

Services to be reasonably fit for purpose

If you tell Arcnode IT the particular purpose for which you want the services, and Arcnode IT accepts that work, Arcnode IT guarantees that the services will be reasonably fit for that purpose (section 61(1) ACL).

Services to be supplied within a reasonable time

Where no time is fixed in the quote, Arcnode IT guarantees that the services will be supplied within a reasonable time (section 62 ACL).

Goods to be of acceptable quality

Where Arcnode IT supplies you with goods (such as hardware) as part of the services, Arcnode IT guarantees that the goods will be of acceptable quality (section 54 ACL).

Your remedies

If a consumer guarantee is not met, you have remedies under sections 259 to 273 of the ACL, including the right to:

have the problem fixed at no charge;
get a refund or replacement (for major failures);
recover compensation for any loss reasonably foreseeable as a result of the failure.

Where to get more information

More information about your consumer rights is available at accc.gov.au or consumer.vic.gov.au.

3. Modifications to the Master Terms

The following clauses of the Master Terms are modified or supplemented as set out below where the Customer is a consumer.

3.1 Acceptance (Master Terms clause 1.2)

For consumer Customers, acceptance occurs when:

the Customer accepts the Xero quote sent by Arcnode IT (electronically or by signed return);
the Customer confirms acceptance in writing (including by email);
the Customer pays a deposit invoice or otherwise gives clear and unambiguous instructions to proceed.

Quotes sent to consumer Customers include a link to the current Master Terms and this Schedule. The Customer should review both documents before accepting a quote.

3.2 How consumer engagements arise

3.2.1 All residential engagements with Arcnode IT arise from the Customer's own enquiry. Where the Customer first contacts Arcnode IT (whether by website enquiry, telephone, email, or in response to a referral) and a service engagement is subsequently agreed, that engagement is not an unsolicited consumer agreement within the meaning of Part 3-2 Division 2 of the ACL.

3.3 Section 64A ACL (Master Terms clause 13.4)

Clause 13.4 of the Master Terms (election under section 64A of the ACL to limit liability for breach of consumer guarantees to resupply or cost of resupply) does not apply to consumer Customers. Services supplied to residential customers are services ordinarily acquired for personal, domestic, or household use or consumption, and section 64A does not permit Arcnode IT to limit liability for breach of consumer guarantees in respect of such services.

This means that, where a consumer guarantee is not met for a consumer Customer, the Customer's remedies under the ACL apply in full. Those remedies are summarised in clause 2 of this Schedule.

3.4 Liability cap (Master Terms clause 15)

3.4.1 For a consumer Customer, clause 15.1 of the Master Terms (aggregate cap on Arcnode IT's liability) is replaced with the following:

Subject to clauses 15.3 and 15.4 of the Master Terms, and to the consumer guarantees and other rights conferred by the ACL that cannot be excluded, Arcnode IT's total aggregate liability to a consumer Customer arising out of or in connection with the Services and the Master Terms (whether in contract, tort (including negligence), statute, or otherwise) is limited to the greater of:

(a) the fees paid by the Customer to Arcnode IT in the 12 months immediately preceding the event giving rise to the liability; or

(b) AUD $10,000.

3.4.2 Clause 15.3 of the Master Terms (separate cap of $2,000,000 for breaches of confidentiality and privacy) continues to apply for consumer Customers without modification.

3.4.3 Clause 15.4 of the Master Terms (exclusions from the caps, including for fraud, wilful misconduct, unpaid fees, customer indemnities, and ACL non-excludable rights) continues to apply for consumer Customers without modification.

3.5 Customer backup obligation (Master Terms clause 6.1(c))

Clause 6.1(c) of the Master Terms requires the Customer to maintain its own data backups except where backup is an explicitly contracted Service. For a consumer Customer, this clause is supplemented as follows:

3.5.1 Arcnode IT recommends that all residential Customers maintain backups of important data on devices and systems serviced by Arcnode IT. Where Arcnode IT is engaged to perform work that may put Customer data at risk, Arcnode IT will, where reasonably practicable:

(a) discuss backup options with the Customer before commencing the work;

(b) offer (as a separately contracted Service) to perform a backup before commencing the work;

3.5.2 Where the Customer chooses to proceed without a backup, the Customer accepts the risk of data loss to the extent of any consumer rights that cannot be excluded under law.

3.6 Privacy and data handling (Master Terms clause 11)

Clause 11 of the Master Terms applies to a consumer Customer with the following supplementary provisions:

3.6.1 For consumer Customers, the Personal Information that Arcnode IT may handle includes (without limitation) names, contact details, home addresses, family member details, photographs, browsing history, financial information visible on devices, and other information held on the Customer's devices or accounts that Arcnode IT services.

3.6.2 Arcnode IT will handle Personal Information of consumer Customers in accordance with the Australian Privacy Principles, regardless of whether Arcnode IT is, or is not, an APP entity under the Privacy Act at the relevant time.

3.6.3 Arcnode IT will not access, view, copy, or use Personal Information of consumer Customers beyond what is reasonably necessary to perform the Services.

3.7 Termination notice (Master Terms clause 17.2)

Clause 17.2 of the Master Terms requires 60 days' notice to terminate an ongoing recurring service engagement. For a consumer Customer, this is reduced to:

3.7.1 Either party may terminate an ongoing recurring service engagement for a consumer Customer by giving the other party at least 14 days' written notice, unless a longer minimum term has been agreed in writing in the quote.

3.8 Non-solicitation (Master Terms clause 20)

Clause 20 of the Master Terms (non-solicitation of personnel) does not apply to consumer Customers.

3.9 Dispute resolution (Master Terms clause 21)

Clause 21 of the Master Terms continues to apply to consumer Customers, but is supplemented as follows:

3.9.1 Nothing in clause 21 of the Master Terms limits a consumer Customer's right to make a complaint to, or seek redress from:

(a) Consumer Affairs Victoria (consumer.vic.gov.au, 1300 558 181);

(b) the Victorian Civil and Administrative Tribunal (VCAT), in respect of disputes within VCAT's jurisdiction (currently up to $10,000 for goods and services disputes under the Australian Consumer Law and Fair Trading Act 2012 (Vic));

(d) the Office of the Australian Information Commissioner (OAIC) in respect of privacy complaints (oaic.gov.au, 1300 363 992).

3.9.2 The mediation step in clause 21.1(c) of the Master Terms is optional for a consumer Customer. A consumer Customer may proceed directly from senior representative discussion to court or tribunal proceedings, or to a regulatory complaint, without first attempting mediation.

3.10 Variation (Master Terms clause 22.7)

For consumer Customers, the following applies in addition to clauses 22.7 and 22.8 of the Master Terms:

3.10.1 Arcnode IT will not apply a variation to these Terms or this Schedule that materially adversely affects an active engagement with a consumer Customer without the Customer's specific agreement to the variation.

3.10.2 An ordinary update of these Terms or this Schedule (for example, to correct a typographical error, to update a regulatory reference, or to reflect a change in law) is not a material adverse variation and does not require consumer Customer agreement.

4. Additional consumer provisions

4.1 Quotes and pricing

4.1.1 Quotes provided to consumer Customers will:

(a) clearly identify the services to be provided;

(b) state the price (inclusive of GST), or the basis on which the price will be calculated;

(d) include a link to the current Master Terms and this Schedule.

4.1.2 Where the price for the services depends on factors that cannot be determined in advance (for example, the time required to diagnose and fix a problem), the quote will state this and provide an estimate. Arcnode IT will notify the Customer if the actual cost is likely to materially exceed the estimate, and the Customer may choose to discontinue the work at that point and pay only for work performed up to that time.

4.2 On-premises service visits

4.2.1 Where Arcnode IT attends the Customer's premises (including a residence) to perform services, Arcnode IT will:

(a) comply with reasonable directions from the Customer regarding access to the premises;

(b) use reasonable care in the premises and in relation to property in the premises;

(d) carry appropriate identification.

4.2.2 The Customer is responsible for ensuring that the premises are safe for Arcnode IT's personnel to enter and work in, and for supervising or restraining any animals on the premises.

4.3 Refund approach for one-off services

4.3.1 If a consumer Customer is dissatisfied with a one-off service supplied by Arcnode IT, the Customer should contact Arcnode IT promptly to raise the issue. Arcnode IT will use reasonable efforts to resolve the issue, which may include:

(a) performing the service again at no additional cost;

(b) providing a refund or partial refund;

4.3.2 This clause 4.3 does not limit the Customer's rights under the consumer guarantees. Where a major failure has occurred (within the meaning of section 268 of the ACL), the Customer is entitled to a refund or replacement and to recover compensation for reasonably foreseeable loss.

5. Complaints and contact

5.1 How to raise a concern with Arcnode IT

If you have a concern about the Services, please contact Arcnode IT promptly:

Email: legal@arcnode.com.au
Web: arcnode.com.au

Arcnode IT will acknowledge the concern within 5 Business Days and use reasonable efforts to resolve it within 30 Business Days.

5.2 External avenues

If you are not satisfied with Arcnode IT's response, you may contact an external body. The most relevant external bodies for consumer IT service disputes are:

Consumer Affairs Victoria

Provides information and dispute resolution for consumer-supplier disputes in Victoria.

Web: consumer.vic.gov.au · Phone: 1300 558 181

Victorian Civil and Administrative Tribunal (VCAT)

Handles consumer disputes in Victoria, including disputes about goods and services under the Australian Consumer Law and Fair Trading Act 2012 (Vic). VCAT's small claims jurisdiction covers consumer disputes up to $10,000.

Web: vcat.vic.gov.au · Phone: 1300 018 228

Australian Competition and Consumer Commission (ACCC)

Enforces the Australian Consumer Law at a national level.

Web: accc.gov.au · Phone: 1300 302 502

Office of the Australian Information Commissioner (OAIC)

Handles privacy complaints and notifiable data breaches.

Web: oaic.gov.au · Phone: 1300 363 992

Arcnode IT Pty Ltd

ACN 697 143 623 · ABN 70 697 143 623

Melbourne, Victoria, Australia

Legal: legal@arcnode.com.au · arcnode.com.au

Consumer Variations Schedule, version 2.0. Effective May 2026.