This Managed Website Services Schedule (“Service Schedule”) forms part of the Master Services Agreement (“MSA”) between Empreus IT Support (“Provider”) and the Client. This Service Schedule should be read in conjunction with the MSA and all referenced legal documents.

In the event of any conflict between this Service Schedule and the MSA, the terms of this Service Schedule shall prevail to the extent of the inconsistency.

This Service Schedule governs the hosting, maintenance, security, and ongoing management of the Client’s website(s). The Provider hosts the Client’s website on a third-party hosting platform and delivers the managed service to the Client under the terms set out below.

In addition to the definitions set out in the MSA, the following definitions apply to this Service Schedule:

• “Website” means the Client’s website(s) managed by the Provider under this Service Schedule, as identified in the Quote.
• “CMS” means the Content Management System used to build and manage the Website (e.g., WordPress, or other platform as specified in the Quote).
• “Hosting Platform” means the third-party web hosting infrastructure on which the Website is hosted. The identity of the Hosting Platform may change from time to time at the Provider’s discretion.
• “Website Service Term” means the minimum subscription period for the Managed Website Service, which shall match the term of the Client’s active Managed IT Services – Service Schedule (EMPREUS-SS-MIT-001), unless otherwise agreed in writing.
• “Monthly Website Fee” means the recurring monthly subscription fee payable by the Client for the Managed Website Service, as detailed in the Quote.
• “Minor Content Update” means a small change to existing website content, such as updating text, replacing images, adding or editing pages, updating contact details, or modifying existing page layouts. Minor Content Updates do not include new feature development, structural redesigns, custom functionality, or new page templates.
• “Major Change” means any work that involves new feature development, structural redesign, new custom functionality, new integrations, e-commerce implementation, or creation of new page templates that go beyond the scope of a Minor Content Update.

3.1 Website Hosting

The Provider shall host the Client’s Website on a third-party Hosting Platform selected by the Provider. The Hosting Platform is chosen based on performance, reliability, security, and suitability for the Client’s CMS. The Provider manages the hosting environment on the Client’s behalf, including:

• Hosting account provisioning and configuration
• Server environment management and optimisation
• Storage and bandwidth allocation as appropriate for the Website
• Hosting platform renewal and account management

3.2 CMS Management

The Provider shall manage the Client’s CMS, including:

• CMS core updates and version management
• CMS configuration and settings management
• User account management within the CMS (creating, modifying, and removing user access)
• Performance optimisation (caching, database optimisation, image compression)

3.3 Plugin and Theme Updates

The Provider shall manage all plugins, themes, and extensions installed on the Website, including:

• Regular updates and patching of all active plugins and themes
• Compatibility testing after updates to ensure the Website functions correctly
• Removal or replacement of deprecated, abandoned, or vulnerable plugins
• Notification to the Client of any plugin or theme changes that may affect Website functionality

The Provider will schedule plugin and theme updates during low-traffic periods where possible to minimise any disruption.

3.4 Security Monitoring and Malware Scanning

The Provider shall implement and maintain website security measures, including:

• Automated malware scanning and detection
• Web application firewall (WAF) configuration (where supported by the Hosting Platform)
• Security hardening of the CMS (login protection, file permissions, security headers)
• Monitoring for unauthorised access attempts, file changes, and suspicious activity
• Malware removal and remediation in the event of a security breach
• Security incident notification to the Client

While the Provider implements industry-standard security measures, no website security system is infallible. The Provider does not warrant complete protection against all cyber threats, hacking attempts, or malware infections.

3.5 SSL Certificate Management

The Provider shall manage SSL/TLS certificates for the Website, including:

• Procurement or provisioning of SSL certificates (e.g., Let’s Encrypt, or commercial certificates as specified in the Quote)
• Installation and configuration of SSL certificates
• Renewal of SSL certificates prior to expiry
• Enforcement of HTTPS across the Website

3.6 Performance Monitoring and Uptime Checks

The Provider shall monitor the Website’s performance and availability, including:

• Uptime monitoring with automated alerting for downtime events
• Page load speed monitoring and performance benchmarking
• Server resource utilisation monitoring (where accessible on the Hosting Platform)
• Proactive response to downtime events, including liaison with the Hosting Platform provider

The Provider will strive to maintain maximum Website uptime. However, Website availability is dependent on the Hosting Platform’s infrastructure, and the Provider does not guarantee 100% uptime. Planned maintenance, Hosting Platform outages, and force majeure events may cause temporary unavailability.

3.7 Content Updates

The Provider shall perform unlimited Minor Content Updates to the Website as part of the Monthly Website Fee. Minor Content Updates include:

• Updating text content on existing pages
• Replacing or adding images within existing page layouts
• Adding new pages using existing templates
• Updating contact details, business hours, team members, or similar information
• Modifying menu items and navigation links
• Updating or adding blog posts and news articles
• Minor formatting and layout adjustments within existing page structures

Content update requests should be submitted through the Provider’s designated support channels. The Provider will process Minor Content Updates within a reasonable timeframe, typically within 2 to 5 business days depending on complexity and volume of requests.

The Client is responsible for providing all content (text, images, documents) for content updates in a ready-to-publish format. The Provider is not responsible for content creation, copywriting, image sourcing, or graphic design unless separately agreed in the Quote.

3.8 Major Changes

Major Changes to the Website are not included in the Monthly Website Fee and will be quoted separately. Major Changes include but are not limited to:

• New feature development or custom functionality
• Website redesign or structural changes
• New page template creation
• E-commerce implementation or modification
• Third-party integration development (e.g., CRM, booking systems, payment gateways)
• Migration to a different CMS platform
• Custom plugin or theme development

The Provider will assess all Major Change requests and provide a separate Quote prior to commencement. Major Changes are subject to the Quote – Terms & Conditions.

3.9 Website Backups

The Provider shall maintain regular backups of the Website, including:

• Full website backups (files, database, media, configuration)
• Backup frequency as specified in the Quote (typically daily or weekly)
• Backup retention for a minimum period as specified in the Quote
• Backup monitoring and alerting for failed backups
• Restoration of the Website from backup upon Client request or in the event of a security incident or data loss

Backups are stored on the Hosting Platform or a separate backup storage location selected by the Provider. The Provider will use commercially reasonable efforts to restore the Website as promptly as possible following a backup restoration request.

3.10 Domain and DNS Management

The Provider shall manage the Client’s domain name(s) and DNS records as they relate to the Website, including:

• Domain registration renewal management and expiry monitoring
• DNS record configuration and management (A records, CNAME, MX, TXT, SPF, DKIM, DMARC)
• DNS changes required for website hosting, email services, or third-party integrations
• Domain privacy and WHOIS protection (where available and applicable)

The Client’s domain name(s) remain the property of the Client at all times. The Provider administers domains on the Client’s behalf but does not claim ownership of any domain name.

3.11 IT Support

All IT support related to the Managed Website Service — including helpdesk, troubleshooting, and associated service levels and rates — is provided under the Managed IT Services – Service Schedule (EMPREUS-SS-MIT-001). The Client must hold an active Managed IT Services subscription to receive support for the Managed Website Service.

3.12 Exclusions

The following are not included in the Managed Website Service:

• Major Changes (quoted separately — see Section 3.8)
• Content creation, copywriting, or graphic design
• SEO management and search engine optimisation services (available as an add-on)
• Photography, videography, or media production
• Social media management or integration beyond basic link embedding
• E-commerce platform management (available as an add-on or separate schedule)
• IT support services (provided under Managed IT Services)
• Email hosting (provided under Microsoft 365 Services or other email schedules)

4.1 Third-Party Hosting

The Website is hosted on a third-party Hosting Platform selected and managed by the Provider. The Client’s contractual relationship for hosting is solely with the Provider. The Client has no direct contractual relationship with the Hosting Platform provider.

4.2 Platform Changes

The Provider may change the Hosting Platform at any time, provided that the change does not materially reduce the performance, security, or availability of the Website. The Provider will notify the Client in advance of any platform change that may result in temporary downtime during migration.

4.3 Platform Terms

The Website hosting may be subject to the Hosting Platform’s terms of service, acceptable use policies, and resource limits. The Client shall comply with any such terms communicated by the Provider. The Provider does not assume liability for restrictions, resource limits, or actions imposed by the Hosting Platform provider.

4.4 Platform Availability

Website availability is dependent on the Hosting Platform’s infrastructure. The Provider does not guarantee uninterrupted hosting availability. The Provider will liaise with the Hosting Platform provider to resolve outages and keep the Client informed of progress.

5.1 Client Content

All content provided by the Client for the Website (text, images, logos, documents, videos) remains the Client’s exclusive intellectual property. The Provider acquires no ownership rights in Client-provided content.

5.2 Website Design and Code

Ownership of the Website’s design, custom code, and bespoke functionality shall be as specified in the Quote or the original website development agreement. Where the Provider has developed custom design or code for the Client, ownership transfers to the Client upon full payment, unless otherwise specified.

5.3 Third-Party Licences

The Website may use third-party themes, plugins, frameworks, or libraries subject to their own licensing terms (e.g., GPL, commercial licences). The Client’s right to use such components is subject to the applicable licence terms. The Provider will disclose relevant licence terms where required.

5.4 Domain Ownership

The Client’s domain name(s) are and remain the property of the Client at all times. The Provider administers domains on the Client’s behalf but does not claim ownership. Upon termination and payment of all outstanding fees, the Provider will transfer domain management access to the Client or the Client’s nominated representative.

6.1 Minimum Term

The Managed Website Service is subject to a minimum Website Service Term that matches the term of the Client’s active Managed IT Services – Service Schedule (EMPREUS-SS-MIT-001), unless otherwise agreed in writing in the Quote.

6.2 Renewal

At the expiry of the Website Service Term, the Managed Website Service shall automatically renew on a month-to-month basis under the same terms, unless either party provides at least 30 days’ written notice of non-renewal prior to the expiry of the current term.

7.1 Monthly Website Fee

The Client shall pay the Monthly Website Fee as specified in the accepted Quote. Monthly Website Fees are invoiced in advance in accordance with the Payment – Terms & Conditions.

7.2 Inclusions

Unless otherwise stated in the Quote, the Monthly Website Fee includes:

• Website hosting on the Hosting Platform
• CMS management, updates, and optimisation
• Plugin and theme updates and patching
• Security monitoring, malware scanning, and remediation
• SSL certificate management and HTTPS enforcement
• Performance monitoring and uptime checks
• Unlimited Minor Content Updates
• Website backups (frequency and retention as specified in the Quote)
• Domain and DNS management

7.3 Exclusions

The following are excluded from the Monthly Website Fee and may be charged separately:

• Major Changes (quoted separately per Section 3.8)
• Domain registration or renewal fees (passed through at cost)
• Premium SSL certificates (if required beyond standard provisioning)
• Third-party plugin or theme licence fees (if not included in the Quote)
• Content creation, copywriting, or graphic design services
• SEO services, e-commerce management, or social media management
• IT support services (provided under Managed IT Services)

7.4 Payment Terms

All payment obligations under this Service Schedule are subject to the Payment – Terms & Conditions published at empreusitsupport.com.au/payment-terms-and-conditions, which are incorporated by reference.

8.1 Content Provision

The Client is responsible for providing all content for the Website in a ready-to-publish format. This includes text, images, documents, and any other media. The Provider is not responsible for content accuracy, legality, or compliance with advertising standards or industry regulations.

8.2 Content Compliance

The Client warrants that all content provided for the Website does not infringe upon any third-party intellectual property rights, does not contain defamatory, misleading, or unlawful material, and complies with all applicable laws including the Australian Consumer Law, Competition and Consumer Act 2010 (Cth), and the Privacy Act 1988 (Cth).

The Client shall indemnify the Provider against any claims arising from content provided by the Client and published on the Website.

8.3 CMS Access

The Client may retain CMS login access for viewing purposes and basic content editing (e.g., blog posts). However, the Client shall not install, update, remove, or modify plugins, themes, or core CMS files without the Provider’s prior written consent. Unauthorised changes may compromise Website security, stability, or functionality, and the Provider is not liable for issues arising from unauthorised changes.

8.4 Domain Registrar Access

Where the Client’s domain is registered with a third-party registrar, the Client shall provide the Provider with the necessary access or authorisation to manage DNS records on the Client’s behalf. If the Client changes domain registrar credentials without notifying the Provider, the Provider is not liable for DNS-related issues.

8.5 Timely Responses

The Client shall respond to the Provider’s requests for content approvals, information, or decisions in a timely manner. Delays in Client responses may delay content updates, security patches, or other maintenance activities.

8.6 Timely Reporting of Issues

The Client agrees to promptly report any website issues, errors, or concerns through the Provider’s designated support channels as set out in the Managed IT Services – Service Schedule.

9.1 Definitions

“Confidential Information” means any non-public, proprietary, or sensitive information disclosed by one party to the other, including trade secrets, client lists, business strategies, financial data, website analytics, CMS credentials, hosting credentials, and any information clearly identified or reasonably understood as confidential.

“Data Protection Laws” means all applicable legislation relating to the protection of personal data and privacy, including the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and if applicable, the General Data Protection Regulation (GDPR) (EU) 2016/679.

9.2 Confidentiality Obligations

Each party shall use Confidential Information solely for the purpose of fulfilling obligations under this Agreement. Neither party shall disclose Confidential Information to any third party without prior written consent, except as necessary to perform under this Agreement or as required by law.

9.3 Website Data

Any personal data collected through the Website (e.g., contact form submissions, enquiry data, analytics data) is the Client’s responsibility. The Client shall ensure the Website includes an appropriate privacy policy and cookie consent mechanism in compliance with applicable Data Protection Laws.

The Provider shall implement commercially reasonable measures to protect Website data but is not responsible for the Client’s compliance with privacy laws regarding data collected through the Website.

9.4 Data Breach Notification

In the event of a confirmed or reasonably suspected security breach affecting the Website or data within the Provider’s control, the Provider shall promptly notify the Client and provide sufficient details about the nature and scope of the breach.

9.5 Survival

The confidentiality and data protection obligations under this section shall survive termination of this Service Schedule for as long as the Receiving Party possesses or controls any Confidential Information or personal data belonging to the Disclosing Party.

10.1 Provider Warranty

The Provider warrants that the Managed Website Service will be performed in a professional and workmanlike manner, consistent with generally recognised industry standards. The Provider warrants that it will use commercially reasonable efforts to maintain Website security, performance, and availability.

10.2 No Uptime Guarantee

The Provider does not guarantee 100% Website uptime or availability. Website availability is dependent on the Hosting Platform’s infrastructure and may be affected by planned maintenance, platform outages, DNS propagation, security incidents, or force majeure events.

10.3 Security Disclaimer

The Provider implements industry-standard security measures but does not warrant complete protection against all cyber threats, hacking attempts, or malware infections. Website security is a shared responsibility. The Client must not install unauthorised plugins, share CMS credentials, or weaken security settings.

10.4 Third-Party Disclaimer

The Website relies on third-party components including the Hosting Platform, CMS, plugins, themes, and frameworks. The Provider does not make any representations or warranties with respect to the performance, security, or availability of third-party components. Third-party vendors may discontinue, modify, or introduce vulnerabilities in their products, which is outside the Provider’s control.

10.5 Content Disclaimer

The Provider is not responsible for the accuracy, legality, or compliance of content published on the Website. The Client is solely responsible for all Website content.

10.6 Disclaimer of Implied Warranties

Except as expressly set out in this Service Schedule and the MSA, the Provider disclaims all implied warranties, including warranties of merchantability, fitness for a particular purpose, and non-infringement, to the maximum extent permitted by law. Nothing in this Service Schedule excludes or limits any consumer guarantee or statutory right that cannot be excluded under Australian Consumer Law.

11.1 The Provider shall not be liable for any indirect, incidental, consequential, or special damages arising from the Website or the Managed Website Service, including lost profits, lost business, lost data, reputational damage, or loss of goodwill, regardless of the legal theory, even if advised of the possibility of such damages.

11.2 The Provider’s aggregate liability under this Service Schedule shall not exceed the total Monthly Website Fees actually paid by the Client in the six (6) months immediately preceding the date on which the claim arose.

11.3 The Provider shall not be liable for Website downtime, data loss, or performance degradation caused by the Hosting Platform, third-party plugins, themes, or any factor outside the Provider’s reasonable control.

11.4 The Provider shall not be liable for any claims arising from content published on the Website by or on behalf of the Client.

11.5 The Provider shall not be liable for security breaches that exploit vulnerabilities in third-party CMS core, plugins, themes, or the Hosting Platform, provided the Provider has maintained updates in accordance with this Service Schedule.

11.6 Any claim must be brought within twelve (12) months from the date on which the Client first became aware, or reasonably should have become aware, of the basis for such claim.

11.7 The limitations in this section shall not apply to damages resulting from the Provider’s gross negligence or wilful misconduct, or any liability that cannot be excluded by law.

12.1 By the Provider: The Provider shall indemnify and hold the Client harmless from any third-party claims arising from the Provider’s gross negligence or wilful misconduct in performing Services under this Service Schedule.

12.2 By the Client: The Client shall indemnify and hold the Provider harmless from any third-party claims arising from content published on the Website, the Client’s breach of intellectual property rights, the Client’s non-compliance with applicable laws regarding Website content, or the Client’s unauthorised modifications to the Website.

Neither party shall be liable for delays or failures due to events beyond their reasonable control, including natural disasters, war, strikes, pandemics, governmental actions, Hosting Platform outages, or widespread cyber attacks. The affected party shall notify the other promptly and use reasonable efforts to resume performance as soon as feasible.

If a Force Majeure event prevents performance for more than 30 days, either party may terminate this Service Schedule upon written notice. The Client remains liable for all fees accrued up to the termination date.

14.1 Termination

Termination of this Service Schedule is governed by the Termination – Terms & Conditions published at empreusitsupport.com.au/termination-terms-conditions, which are incorporated by reference.

14.2 Early Termination

If the Client terminates this Service Schedule prior to the expiry of the Website Service Term, the Client shall be liable for the Early Termination Cost as defined in the Termination – Terms & Conditions.

14.3 Website Transition

Upon termination and payment of all outstanding fees, the Provider will cooperate with the Client (or the Client’s new provider) to transition the Website. This may include:

• Providing a full backup of the Website (files, database, media)
• Transferring domain management access to the Client or the Client’s nominated representative
• Providing CMS administrator credentials
• Reasonable assistance with DNS changes to point to a new hosting environment

Transitional support will be provided at the post-termination hourly rate specified in the Termination – Terms & Conditions ($320 inc. GST per hour), unless otherwise agreed in writing.

14.4 Hosting Discontinuation

Upon termination, the Provider will maintain the Website on the Hosting Platform for 30 days following the effective termination date to allow the Client to complete the transition. After 30 days, the Provider reserves the right to remove the Website from the Hosting Platform. The Provider is not liable for any data loss after this 30-day period.

14.5 Domain Transfer

Upon termination, the Client retains full ownership of their domain name(s). The Provider will initiate or facilitate domain transfer to the Client’s new registrar or provider within 7 days of the Client’s written request, subject to all outstanding fees being paid in full.

15.1 Relationship to MSA

This Service Schedule supplements and forms part of the Master Services Agreement. All terms of the MSA (including the Director’s Guarantee, Governing Law and Dispute Resolution, and Privacy Policy reference) apply to this Service Schedule as if set out in full herein.

15.2 Prerequisite Service Schedule

The Client acknowledges that an active Managed IT Services – Service Schedule (EMPREUS-SS-MIT-001) is required to receive IT support for the Managed Website Service.

If the Managed IT Services subscription is terminated or expires, the Provider will continue to maintain the Website (hosting, security, backups, updates) under this Service Schedule, but helpdesk and user-facing support will not be available.

15.3 Cross-References

This Service Schedule is subject to the following Empreus IT Support legal documents, all of which are incorporated by reference:

• Master Services Agreement (EMPREUS-MSA-001)
• Managed IT Services – Service Schedule (EMPREUS-SS-MIT-001)
• Payment – Terms & Conditions (empreusitsupport.com.au/payment-terms-and-conditions)
• Termination – Terms & Conditions (empreusitsupport.com.au/termination-terms-conditions)
• Quote – Terms & Conditions (empreusitsupport.com.au/quote-terms-conditions)
• Privacy Policy (empreusitsupport.com.au/privacy-policy)

15.4 Amendments

No modification to this Service Schedule shall be valid unless made in writing and signed by both parties.

15.5 Severability

If any provision of this Service Schedule is found to be unenforceable, the remaining provisions shall remain in full force and effect.

15.6 Entire Agreement

This Service Schedule, together with the MSA and all incorporated documents, constitutes the entire agreement between the parties regarding the Managed Website Services described herein and supersedes all prior agreements, representations, and understandings on this subject matter.