"Affiliate" means, in relation to a body corporate, any subsidiary, subsidiary undertaking or holding company of a body corporate, and any subsidiary or subsidiary undertaking of any such holding company for the time being as defined in section 1159 of the Companies Act 2006 (as amended from time to time);
"App" means Thirdfort’s proprietary mobile app that enables Consumers, among things, to upload, store and share personal ID, financial and other information;
"Applicable Laws" means all legislation, regulations, and other rules having equivalent force which are applicable to the provision or use of the Services under the Agreement;
"Business Days" means any day other than a Saturday, Sunday or a day which is a Bank or public holiday in England;
"Client Data" means all data provided by you or on your behalf in connection with the Services;
"Client Personal Data" has the meaning given to it in clause 7.3;
"Consumers" means your clients;
"Consumer Data" means the data that we collect directly from Consumers in connection with the Services;
"Confidential Information" means any and all Consumer Data, information relating to the trade secrets, operations, processes, plans, product information, prices, know-how, designs, customer lists, market opportunities, transactions, affairs and/or business of the parties and/or to their customers, suppliers, group companies and/or, if either party is bound to protect the confidentiality of any third party's information, third parties in or on any medium or format;
"Data Protection Legislation" means any data protection legislation from time to time in force in the UK including the Data Protection Act 2018 or any successor legislation and the UK GDPR;
"EULA" means the end user licence agreement that each Consumer is required to agree to prior to using the App;
"Fees" means the Services Fees and the Set Up Fee, or (if the context so requires) either of them;
"Force Majeure Event" means any act of government or state, civil commotion, epidemic, fire, flood, industrial action or organised protests by third parties, natural disaster, war, failure of payment systems, or any event beyond the reasonable control of the party claiming to be excused from performance of its obligations;
"Permitted Sub-Processors" means the third party service providers listed at https://www.thirdfort.com/terms/third-party-service-providers;
"Permitted Users" means the individuals identified as users in the Thirdfort Account Application, together with such additional or replacement individual users as Thirdfort and the Client may from time to time agree;
“Purpose” means to enable the Client, for internal business purposes, to (i) on-board individuals and entities involved in a particular transaction, legal or otherwise; (ii) perform ID checks; and/or (iii) collect and analyse banking or financial information relevant to source of funds or source of wealth.
"Pricing Sheet" means the Professional Pricing Sheet, Enterprise Pilot Pricing Sheet, Enterprise Pricing Sheet or such other pricing sheet or price list as is either provided by Thirdfort to the Client from time to time or otherwise agreed by Thirdfort and the Client, and which sets out: (i) the Fees (ii) the Client's minimum monthly commitment (if any) (iii) the invoicing and payment terms and (iv) the payment method;
"Reports" means the reports that are provided to you via the Thirdfort Platform as part of the Services;
"Services" means (i) either Original or Standard (passport chip enabled, in line with HMLR safe harbour requirements) ID Checks on individuals (ii) Source of Funds Checks on individuals (iii) Gathering financial information (iv) ID Lite Checks on individuals (v) Verification checks on corporate entities (vi) Ongoing monitoring and screening (vii) Such additional services as Thirdfort may from time to time make available, in each case as provided by Thirdfort via the Thirdfort Platform;
"Services Fees" means the prices payable by the Client for the Services, as set out in the Pricing Sheet.
"Set Up Services" means the set up services to enable the Client to access the Thirdfort Platform and purchase Services;
"Term" has the meaning given to it in clause 10.1;
"Thirdfort", "we", "us" or "our" means Thirdfort Limited, a company registered in England and Wales under number 10757456 and whose registered office is Belle House, Platform 1 Victoria Station, London, SW1V 1JT;
"Thirdfort Account Application" means the Client's online application to open an account with Thirdfort enabling the Client to purchase Services;
"Third Party Products" means the third party products, services and/or software used by Thirdfort to deliver the Services set out in Schedule 1;
"Thirdfort Platform" means Thirdfort’s web platform that may be accessed by the Client at https://www.thirdfort.io/, or such other URL as Thirdfort may from time to time designate; and
2. 1 To enable us to complete the Set Up Services you agree that you will:
2.1.1 set up any security application we reasonably require (e.g. two-tier authentication); and
2.1.2 provide any other information we may reasonably require and request from you.
2.2 On completion of the Set Up Services, you will be able to access the Thirdfort Platform and purchase Services.
2.3 We shall use reasonable endeavours to ensure the Thirdfort Platform is Available for an uptime of 99.5% per month subject to the terms of this clause. Downtime is measured from the time you give written notice to our customer support team that the Thirdfort Platform is not online and operational and until the time the Thirdfort Platform is once again available.
2.4 We accept no responsibility for unavailability as a result of: (a) any act or omission of you and/or any end user not authorised by us in writing; (b) a Force Majeure Event; (c) any scheduled or emergency maintenance of the Thirdfort Platform.
2.5 Any support incident or fault requested must be logged via our customer support that can be accessed at [email protected] Any request for support shall only be deemed received on a Business Day. Upon receipt, we shall use reasonable endeavours to respond to, remedy or provide a workaround to an incident or fault but do not guarantee any support response, fix or workaround within a specific timeframe.
2.6 Where you require technical or other support, outside the terms set out in this clause, we may charge fees at our then current rates for professional services.
3.1 Subject to Clauses 3.2, 3.3 and 3.4, we agree that we shall:
3.1.1 use reasonable skill and care in the performance of the Services;
3.1.2 use all commercially reasonable endeavours to ensure that the Reports are in all material respects accurate and complete;
3.1.3 use reasonable care and skill to ensure the Services are fit for the Purpose; and
3.1.4 ensure that the Thirdfort Platform and the Services do not infringe any third party's intellectual property rights.
3.2 Clause 3.1 shall not apply to and we shall have no liability for failures or shortcomings in the provision of the Services caused by or arising out of:
3.2.1 your or your user's internet connection;
3.2.2 any inaccuracy or incompleteness in a Report which arises as a result of data provided to us by you, your users or any third party nominated by you;
3.3 You warrant that:
3.3.1 you shall use the Services and the Reports solely for your internal business purpose and, without limitation, you shall not, without our prior written consent, disclose, share or otherwise make available the Reports to any third party (other than Permitted Users); and
3.3.1 the Client Data does not infringe any third party's intellectual property rights.
3.4 Each party warrants that:
3.4.1 it shall comply with all Applicable Laws;
3.4.2 it has the full authority and power to enter into the Agreement and grant all rights under it;
3.4.3 obtain and maintain all necessary licences, consents, and permissions necessary for the performance of its obligations under the Agreement and for the grant of rights under the Agreement;
3.4.4 entering into the Agreement shall not in any way conflict with any of the parties' existing obligations, either at the date hereof and/or throughout the Term; and
3.4.5 it shall use all commercially reasonable endeavours to ensure that it does not introduce any virus and/or any other contaminant that may be designed to have an adverse effect on the Services and/or the Thirdfort Platform.
3.5 Except as expressly and specifically provided in the Agreement, all warranties, conditions and other terms implied by statute or common law are, to the fullest extent permitted by law, excluded from the Agreement.
4.1 We shall invoice and you shall pay the Fees in accordance with the terms set out in the Pricing Sheet.
4.2 All Fees are stated exclusive of VAT which shall be payable in addition by you to us.
4.3 If you fail to pay any undisputed amount due under the Agreement, we may:
4.3.1 subject to giving you at least five Business Days' prior notice of our intention to do so, suspend the Services until such time as the overdue amount remains unpaid; and
4.3.2 charge you interest on the overdue amount, payable on demand, from the due date up to the date of actual payment, after as well as before judgment, at the rate of 4% per annum above the base rate for the time being of Barclays Bank plc. Such interest shall accrue on a daily basis and be compounded quarterly.
4.4 All overcharges or billing disputes must be notified to us within 30 days of date of receipt of invoice or within 30 days of payment by direct debit (as applicable). In the absence of such, you shall be deemed to have accepted the invoice or agreed the direct debit payment (as applicable).
4.5 We do not accept payment of Fees by cheque.
5.1 Nothing in the Agreement excludes or limits either party's liability to the other for any of the following:
5.1.1 death or personal injury caused by negligence;
5.1.2 fraud or fraudulent misrepresentation; or
5.1.3 any other liability which cannot be excluded or limited by law.
5.2 We shall back up Client Data and Reports using our standard back-up procedure, subject to: (i) any applicable limitations and exclusions in relation to such back-up in the relevant back-up application employed by us and/or our hosting provider; and (ii) where there is any loss of Client Data or Reports, we shall only be bound to restore such Client Data or Reports to the most recent back-up file created in respect of such data. In any event, therefore, you undertake (and we strongly advise you) to back up, and take all precautions and measures in respect of the Client Data and Reports as often as would be considered reasonably prudent to limit the risk of any data loss, especially if the data is important to you. This may include backing up any locally held data which includes Client Data or Reports. Upon request, we may provide you with a download facility and/or other means by which to provide you with a copy of the Client Data and Reports, subject to the parties agreeing a mutually agreeable and reasonably secure file transfer facility and payment of any standard administration fees to provide such data. You may make such a request no more than once per calendar quarter unless agreed otherwise or unless the request is made in respect of fulfilment of your obligations under Clause 7 or the Data Protection Legislation for which there is no limit on the frequency of requests.
5.3 We shall not be liable for any loss, to the extent the cause of the loss;
5.3.1 arose from your use of the Services other than for your internal business purposes; or
5.3.2 was reasonably foreseeable and preventable by you, such as (but not limited to) the loss arising from:
A. Client Data, data or information loss caused by your failure to keep backup copies of important data on separate media; or
B. user inflicted problems such as those caused by failure to read and/or follow user instructions provided in writing.
5.4 Subject to Clause 5.1, neither party shall be liable under or in connection with the Agreement for:
5.4.1 indirect, special or consequential losses or loss of profits, revenue, goodwill, reputation, wasted management time or anticipated savings; or
5.4.2 any liability arising from a virus or malicious code which is not caused by that party's default or breach of the Agreement.
5.5 Subject to the Clauses 5.1 to 5.4:
5.5.1 each party's total liability to the other party arising under or in connection with the Agreement or otherwise (whether in contract, tort (including negligence), under any indemnity or otherwise), whether foreseeable or not will not exceed the greater of: (a) £25,000; or (b) a sum equal to 100% of the amount actually paid or payable by you in connection with the provision of the Services to you in the 12 month period preceding the date upon which the claim arose; and
5.5.2 our total aggregate liability to you arising under or in connection with any Personal Data breach or breach of Clause 7 (Client Data and Data Protection) whether in contract, tort (including negligence), whether foreseeable or not, shall be limited to £2,500,000 (two and a half million pounds).
6.1 Each party may be given access to Confidential Information from the other party in order to perform its obligations under the Agreement. A party’s Confidential Information shall not be deemed to include information that:
6.1.1 is or becomes publicly known other than through any act or omission of the receiving party;
6.1.2 was in the other party’s lawful possession before the disclosure without obligation of confidentiality;
6.1.3 is lawfully disclosed to the receiving party by a third party without restriction on disclosure; and
6.1.4 is independently developed by the receiving party without reference to the Confidential Information and which independent development can be shown by written evidence.
6.2 Each party shall hold the other’s Confidential Information in confidence and, unless required by law, not make the other’s Confidential Information available to any third party, or use the other’s Confidential Information, for any purpose other than for the purposes of the Agreement.
6.3 Where the receiving party of the Confidential Information is required by law to disclose the Confidential Information, the receiving party shall, prior to such disclosure and to the extent permitted by law:
6.3.1 inform the disclosing party of the obligation to disclose and the information that will be disclosed;
6.3.2 consult with the disclosing party as to possible steps to avoid or limit disclosure and take those steps where they would not result in significant adverse consequences to the receiving party; and
6.3.3 where the disclosure is by way of public announcement, agree the wording with the disclosing party in advance.
6.6 This Clause 6 shall survive termination of the Agreement, however arising.
7. DATA PROTECTION
7.1 In this clause 7 the terms "Controller", "Personal Data", "Personal Data Breach", "Processing" and "Processor" have the meanings given to them in the Data Protection Legislation.
7.2 Both parties shall comply with all applicable Data Protection Legislation in connection with the Services and each party warrants that they shall implement and shall continue to implement appropriate technical and organisational measures to ensure a level of data security and protection of the Personal Data of the other party appropriate to the size of the organisations and risk presented by the Processing.
7.3 The parties acknowledge that, for the purposes of the Data Protection Legislation, you are the Controller and we are the Processor of any Personal Data that you provide to us in connection with the Services ("Client Personal Data").
7.4 In relation to all Services, we shall:
7.4.1 only process the Client Personal Data for the purpose of providing the Services under the Agreement and any other instructions agreed between the parties from time to time;
7.4.2 taking into account the nature of your Processing under the Agreement and the information available to us, provide full cooperation and assistance in ensuring you comply with your obligations under the Data Protection Legislation, including but not limited to:
A. notifying you in writing, without undue delay upon becoming aware of a Personal Data Breach;
B. taking into account the nature of our Processing under the Agreement and the information available to us, in the event of a Personal Data Breach, providing you with details of the Personal Data Breach including a description of the nature of the Personal Data Breach, the consequences of the Personal Data Breach and the reasonable steps that have been or will be taken under Clause 7.4.2(c);
C. responding to Consumers' requests to exercise their rights of access, rectification, erasure, restriction of Processing, data portability, objection to Processing, or any other rights available to Consumers under Data Protection Legislation;
D. providing you with such assistance as you may reasonably require to enable you to (i) conduct data protection impact assessments and (ii) consult with data protection supervisory authorities; and
E. adhere to any requirement of the Information Commissioner and, in the event of a Personal Data Breach, undertake reasonable steps to mitigate the consequences of the Personal Data Breach.
7.4.3 ensure the reliability of all persons authorised to process the Client Personal Data by (i) performing background checks upon such personnel (where permissible under applicable law); (ii) assigning specific and necessity-based access privileges to such personnel; (iii) ensuring that such personnel have undergone training in data protection and privacy; and (iv) ensuring that such personnel have committed themselves to confidentiality obligations at least as onerous as the obligations set out in Clause 6;
7.4.5 without prejudice to any other term in Clause 7, be entitled to appoint third parties as general suppliers of technology and services, provided that such third parties do not carry out specific Processing activities on your behalf;
7.4.6 taking into account the nature of our Processing under the Agreement (i) assist you by appropriate technical and organisational measures, insofar as possible, for the fulfilment of your obligation to respond to subject access requests or any request for disclosure of Client Personal Data by a law enforcement authority, and (ii) provide information, and allow for audits, to enable you to demonstrate your compliance with Data Protection Legislation;
7.4.7 notify you within 3 (three) Business Days if we or any Sub-Processor receives a request from a data subject under any Data Protection Legislation in respect of the Client Data unless the data subject has forbidden the notification in which case we shall inform the data subject that we are only able to respond to such a request on your instruction;
7.4.8 promptly following termination of the Agreement, return or, at your option, delete all Client Personal Data, or at any time during the Term, promptly following your request, amend, correct, or delete any Client Personal Data;
7.4.9 within fifteen (15) working days, provide you with any information which it is reasonable for us to provide to demonstrate, and allow you to demonstrate, compliance with Article 28 of the GDPR;
7.4.10 maintain detailed, accurate and up to date records relating to the Processing of Client Personal Data; and
7.4.11 inform you immediately if in our opinion any instruction under Clause 7.4.1 infringes Data Protection Legislation.
7.5 In relation to all Services except ID Lite:
7.5.1 we shall not process or transfer Client Personal Data outside the European Economic Area, except as agreed between the parties in writing and/or to the extent permissible by and in accordance with applicable law. Where there is a transfer outside the EEA, it will be carried out in accordance with the provisions set out in clause 7.6.2 and 7.7.
7.6 In relation to ID Lite:
7.6.1 Thirdfort and the Permitted Sub-Processors will only access Client Personal Data from, and transfer Client Personal Data to, (i) countries within the European Economic Area ("EEA"), (ii) countries or territories formally recognized by the European Commission as providing an adequate level of data protection ("Adequate Countries") or (iii) other countries, provided that Thirdfort or the Permitted Sub-Processor uses a Valid Transfer Mechanism in accordance with clause 7.6.2; and
7.6.2 for any transfers of Client Personal Data from countries within the EEA to countries which do not ensure an adequate level of data protection (each known as a "third country"), Thirdfort and the Permitted Sub-Processors may use the following transfer mechanism:
A. the contractual clauses for the transfer of personal data to processors established in third countries established pursuant to the EU Commission Decision 2010/87/EU of 5 February 2010 (commonly known as the 'Standard Contractual Clauses'). The transfer and processing of personal data will otherwise be in accordance with Data Protection Legislation.
7.7 In light ofC-311/18Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems where processing of Client Personal Data is carried out by Permitted Sub-Processors, we confirm that that we have carried out an assessment of the transfer and the level of protection in the recipient country prior to the transfer.
7.8 Thirdfort shall maintain a comprehensive information security policy which requires Thirdfort to:
7.8.1 implement back-up and disaster recovery systems;
7.8.2 continuously assess risks to the security of Client Personal Data by (i) assessing the likelihood and potential damage of such risks, taking into account the sensitivity and risk of the Client Personal Data, (ii) identifying internal and external threats that could result in a security breach, and (iii) conducting penetration testing; and
7.8.3 take appropriate steps to protect against such risks.
7.9 Each party (the "Defaulting Party") shall be liable to the other party for all reasonable and properly incurred costs, losses, damages, expenses (including reasonable legal expenses) incurred as a direct result of the Defaulting Party's breach of this Clause 7.
8. INTELLECTUAL PROPERTY RIGHTS
8.1 We grant you a personal, non-exclusive, non-transferable (with no rights to sub-license or to assign) licence for Permitted Users to access and use the Thirdfort Platform during the Term and to copy and use the Reports, in each case solely for your internal business purposes and, for the avoidance of doubt, without any right to grant sub-licences to any third parties.
8.4 Each party:
8.4.1 acknowledges and agrees that it shall not acquire or claim any title to any of the other party’s Intellectual Property Rights (or those of the other party’s licensors) by virtue of the rights granted to it under the Agreement or through its use of such Intellectual Property Rights;
8.4.2 agrees that it will not, at any time, do, or omit to do, anything which is likely to prejudice the other party’s ownership (or the other party’s licensors’ ownership) of such Intellectual Property Rights; and
8.4.3 agrees not to remove, suppress or modify in any way any proprietary marking, including any trade mark or copyright notice, on or in the materials of the other party and agrees to incorporate any such proprietary markings in any copies it takes of such materials.
9. INDEMNITY AND WAIVER
9.1 You shall defend, indemnify and hold us, our Affiliates and our respective directors and employees harmless against claims, actions, proceedings, losses, liabilities, damages, expenses and costs (including, without limitation, court costs and reasonable legal fees) arising out of or in connection with claims from a third party that the Client Data infringes the intellectual property rights or other rights of a third party.
9.2 The Thirdfort Platform and Reports are not intended to be used as the sole basis of any business decision and should be used in conjunction with other third party information or traditional identity checks and such other verification measures as are advisable in the applicable industry and your dealings with the Consumer generally. Accordingly, to the fullest extent permissible, you waive all rights you may have against us for any claims arising from the Reports or the Thirdfort Platform in connection with services that you provide to your clients.
9.3 We shall defend, indemnify and hold you, your Affiliates and your respective Permitted Users, directors and employees harmless against claims, actions, proceedings, losses, liabilities, damages, expenses and costs (including, without limitation, court costs and reasonable legal fees) arising out of or in connection with claims from a third party that the Thirdfort Platform and the Services infringe the intellectual property rights or other rights of a third party.
10. TERM AND TERMINATION
10.1 The Agreement will come into effect on the date that we confirm our acceptance of your Thirdfort Account Application or such other date that may be set out in a Pricing Sheet and, unless terminated earlier in accordance with the remaining provisions of this clause 10, shall remain in effect until terminated by either party giving 30 days’ prior written notice of termination to the other party ("Term"). This clause will not apply to any Term or other relevant provisions agreed between the parties separately and set out in a Pricing Sheet.
10.2 Without prejudice to any other rights or remedies which the parties may have, either party may terminate the Agreement without liability to the other immediately on giving written notice to the other if:
10.2.1 the other party commits a material or persistent breach of any of its obligations under the Agreement and (in the case of a breach capable of being remedied) does not remedy such breach within 30 days (or, in the case of your failure to pay any undisputed sum due under these Terms of Conditions, within 10 Business Days) of receiving from the other party written notice of the breach and a request to remedy the breach;
10.2.2 the other party suspends, or threatens to suspend, payment of its debts, is unable to pay its debts as they fall due, admits inability to pay its debts or (being a company) is deemed unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986 or (being a natural person) is deemed either unable to pay its debts or as having no reasonable prospect of so doing, in either case, within the meaning of section 268 of the Insolvency Act 1986 or (being a partnership) has any partner to whom any of the foregoing apply;
10.2.3 the other party commences negotiations with all, or any class of, its creditors with a view to rescheduling any of its debts, or makes a proposal for, or enters into any compromise or arrangement with, its creditors other than for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies, or the solvent reconstruction of that other party; or
10.2.4 any event occurs, or proceeding is taken, with respect to the other party in any jurisdiction to which it is subject that has an effect equivalent or similar to any of the events mentioned in Clauses 10.2.2 to 10.2.3 (inclusive).
10.3 Termination of the Agreement shall not affect any accrued rights or liabilities of either party.
10.4 Upon termination of the Agreement:
10.4.1 you shall pay us (i) all Fees which remain outstanding and due under the Agreement within 7 days of its termination and (ii) if you terminate the Agreement under clause 10.1 or if we terminate the Agreement under clause 10.2, all Fees that, in the absence of such termination, would have been payable by you under the Agreement as a result of any minimum purchase commitments that we had agreed;
10.4.2 we will provide you with access to the Thirdfort Platform for a period of thirty (30) days following termination to enable you to download your Client Data, following which we will close your account with Thirdfort and delete all Client Data;
10.4.3 the parties shall mutually agree a notice that shall be displayed to users via the App (and/or by such other means, such as email) notifying users that the Service has come to an end; and
10.4.4 subject to the parties' retention policies, each party shall each securely delete and destroy copies of each other's Confidential Information and, if requested, provide a written certificate to the other party signed by a director or equivalent of the destroying party.
11. AUDIT AND COMPLIANCE
11.1 Each party (or their authorised representatives) shall be permitted to audit the other's compliance with the Agreement no more than once every 12 months and provided that:
11.1.1 the other party is given reasonable prior written notice;
11.1.2 they enter the other party's premises during normal business hours;
11.1.4 the auditing party indemnifies the other party for all of its costs and losses and any damage to the other party's premises incurred by the other party or its Affiliates in the performance of or in connection with the audit; and
11.1.5 does not interfere with the Client's normal business and take all reasonable steps to minimise disruption to the Client's business during such audit.
11.2 Each party shall cooperate and share information with the other as reasonably necessary from time to time to discharge their regulatory obligations. Where the request to the other party is onerous or disproportionate to the Services, the party who made the request shall indemnify the reasonable and proper costs of the other party providing the information.
11.3 In performing our obligations under the Agreement, we shall:
11.3.1 comply with all applicable anti-slavery and human trafficking laws, statutes and regulations from time to time in force including, but not limited to, the Modern Slavery Act 2015; and
12. REFERRED CLIENTS
12.1 If a Client has been referred to Thirdfort by a third party partner, where we are required to do so, we will provide information to the third party on an ongoing basis about the Client’s usage of Thirdfort Services. This is to enable the third party to monitor any relevant terms of the referral partnership. No personal data relating to either Clients or Consumers will be provided as part of this process.
13.1 Subject to the remainder of this clause 13.1, you may not assign or sub-contract the Agreement or any rights and obligations thereunder without our prior written consent (such consent not to be unreasonably withheld or delayed). Either party may assign or sub-contract the Agreement to its respective Affiliates.
13.2 Except as set out in the Pricing Sheet:
13.2.2 A notice delivered by hand, by recorded delivery or by email will be deemed to have been received when delivered (or if delivery is not in Business Hours, at 9am on the first Business Day following delivery).
13.3 No failure by either party to enforce any rights under the Agreement shall constitute a waiver of such right then or in the future. Any waiver must be in writing and signed by an authorised representative of the waiving party.
13.4 If for any reason a court of competent jurisdiction finds any provision of the Agreement, or portion thereof, to be unenforceable, that provision of the Agreement will be enforced to the maximum extent permissible so as to give effect to the economic intent of the parties, and the remainder of the Agreement will continue in full force and effect.
13.5 Other than our Affiliates, a person who is not a party to the Agreement has no right or benefit under or to enforce the Agreement whether under the Contracts (Rights of Third Parties) Act 1999 or otherwise.
14. THIRD PARTY PRODUCTS
14.1 Any third party data included as part of the Services shall be subject to any limitations and exclusions relating to such data and notified to you by us. In addition, the Services may consist of Third Party Products. Third Party Products are provided on the condition that you accept and agree to the applicable terms and conditions, restrictions and limitations upon which such Third Party Products are provided by the applicable third party provider, as set out in Schedule 2. We may update the list of third party providers and/or the applicable terms and conditions of the Third Party Products from time to time. We shall notify you of any changes to the Third Party Products and/or third party providers and you, in accordance with Clause 16.1, shall be deemed to have accepted the terms and conditions governing such Third Party Products.
14.2 Where the use of Third Party Products are subject to you executing a EULA, your use of the Third Party Products comprised in the Services is conditional upon your acceptance of such terms. Subject to Clause 14.3, if you do not agree to such terms, we may suspend your access to that particular element of the Services comprising the Third Party Products. Where you execute the EULA for the provision of the Third Party Products, the EULA shall take precedence over any other applicable terms and conditions incorporated into the Agreement with that third party.
15. DISPUTE RESOLUTION
15.1 Both parties shall use all reasonable endeavours to resolve all disputes arising out of or relating to the Agreement in a constructive and bona-fide way.
15.2 Either party may initiate the dispute procedure by giving written notice to the other party.
15.3 The notice of Dispute will be sent to the following representatives of the parties:
15.3.1 first, to the client manager assigned to you by us from time to time, and to the Managing Director or equivalent for you; and
15.3.2 if not resolved within five (5) Business Days following the date of the notice referred to above, the Dispute may be escalated by either party to The Managing Director for us and the Chairman or CEO for you.
15.4 The parties’ representatives will use all reasonable endeavours to discuss the Dispute and attempt to resolve the Dispute as soon as practicable and without the necessity of any formal proceeding.
16.2 In addition, you acknowledge that from time to time during the Term we may apply upgrades to the Thirdfort Platform, and that such upgrades may, subject to Clause 15.2, result in changes to the appearance and/or functionality of the Thirdfort Platform, that no such upgrade shall adversely affect the functionality of the Thirdfort Platform of the Services in any material respect.
17. FORCE MAJEURE
17.1 Provided it has complied with the provisions of Clause 17.3, neither party shall be in breach of the Agreement nor liable or responsible for any failure to perform, or delay in the performance of, any of its obligations under the Agreement where such failure or delay results from a Force Majeure Event.
17.2 A party's performance under the Agreement is deemed to be suspended for the period that the Force Majeure Event continues, and the party will have an extension of time for performance for the duration of that period.
17.3 The affected party will use reasonable commercial endeavours to mitigate the effect of any Force Majeure Event and to carry out its obligations under the Agreement in any way that is reasonably practicable despite the Force Majeure Event and to resume the performance of its obligations as soon as reasonably possible.
17.4 Where a Force Majeure Event affects a party to the Agreement and the affected party is unable to perform its obligations under the Agreement for a period longer than 30 (thirty) consecutive days, the other party may terminate the Agreement immediately upon notice.
18.1.1 Pricing Sheet;
18.1.3 EULAs and Third Party Products terms and conditions;
18.1.4 Thirdfort Policies;
18.1.6 any other written agreement between the parties.
19. GOVERNING LAW AND JURISDICTION
19.1 The Agreement is governed by and construed according to English law and the parties hereby submit to the exclusive jurisdiction of the courts of England in relation to any disputes arising therefrom.
THIRD PARTY PRODUCTS PROVIDERS
- Onfido Limited
- Experian PLC
- IVXS UK Limited trading as ComplyAdvantage
- Emailage (part of RELX PLC)
- InnoValor Software B.V
- iProov Limited
THIRD PARTY PRODUCTS TERMS AND CONDITIONS
PART A- ONFIDO LIMITED
2. The expected turnaround time service level for Onfido Services is up to 5 minutes, or exceptionally up to 2 hours.
3. You represent and warrant that:
3.1 You have taken all required steps to ensure that it may lawfully obtain the personal data for the purpose of providing the Services in accordance with Data Protection Legislation and privacy laws (including by having obtained all necessary consents and provided all necessary notices, where required) and that the personal data provided is accurate, complete and provided in a form that we can process to maximize the quality of the Services Onfido;
3.2 You are solely and fully responsible for:
3.2.1 ensuring that all Client Data is accurate, complete and captured in a form we can process to maximise the quality of the Onfido Services;
3.2.2 conclusions drawn from your use of the Onfido Services; and
3.2.3 all password(s) and security routine and for all activities that occur under your password(s) or security routines, and you agree to notify Thirdfort immediately in case of accidental or unauthorised access or use of the Services.
3.3 if the you receive any complaint, notice or communication from a regulator or law enforcement agency which relates to the services, any data provided under the services, or to your legal compliance, you shall immediately notify us and shall provide us with reasonable co-operation and assistance in relation to any such complaint, notice or communication;
3.4 you will comply with all Applicable Laws (including any obligation to seek prior regulatory review, approval, or similar) with respect to its activities under the Agreement and will not: (a) use the services to discriminate against the user, or otherwise misuse the reports, in violation of applicable law; (b) use the Onfido Services in a manner that causes damage or injury to any person or property; (c) act or omit to act in a way which interferes with or compromises the integrity or security of the Onfido Services; (d) access all or any part of the Onfido Services in order to build a product or service which competes with the Onfido Services; (e) except as may be required by any Applicable Laws which are incapable of exclusion by agreement between the parties: (i) attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Onfido Services (as applicable) in any form or media or by any means to any individual or entity, including without limitation, users; or (ii) attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Onfido Services; or (f) attempt to access the Onfido Services other than through the means made available to you by us;
3.5 you acknowledge and agree the Onfido Services are based on information that was not collected, in whole or in part, for the purpose of serving as a factor in establishing a consumer’s eligibility for credit or insurance to be used primarily for personal, family or household purposes, employment, or any other similar purpose. Accordingly, you shall not use any services as part of its decision-making process for determining a consumer’s eligibility for credit, insurance or any other similar purpose. For the avoidance of doubt, this Paragraph is not intended to prohibit you from using the Onfido Services for the purpose of verifying a Consumer's identity.
PART B - EXPERIAN
1. The terms set out in this Part B apply to those elements of the Services that provided to Thirdfort by Experian Limited, including the storage and/or processing through CrossCore (Experian’s on-demand, web-based tool for fraud and ID verification assessment) ("Experian Services").
2. The following definitions apply in this Part B:
2.1 "Derivative Output" means information, data and materials that are derived, prepared or generated by Experian and/or its sub-contractors within Experian’s environment pursuant to (and/or as a consequence of) the Services, including search footprints but excluding the Client Data;
2.2 “Experian Data” means any of the data and/or databases and/or scores supplied by or sourced from Experian to the Client in connection with the Agreement but excluding the Client Data; and
2.3 “Experian Materials” means any of the items developed and/or licensed by Experian to the Thirdfort and the Client in connection with the Agreement but excluding Experian Data.
3. The Experian Services shall be subject to the burden (but not the benefit) of the applicable Experian terms of service.
4. Experian may process personal data outside the EEA; to the extent that it does, it will ensure that any such transfer is compliant for the purposes of GDPR.
5. You hereby grant and Experian the right to use Client Data sent to Experian to enable Experian to provide the Experian Services.
6. The Client understands and agrees that Thirdfort may provide Experian with confirmed fraud feedback on a monthly basis during the Term based on its use of the Experian service(s) (“Outcome Reporting”) in the format specified by Experian or as otherwise agreed by the parties in writing. After extraction of information identifying the Client's consumers, Thirdfort grants Experian the right to use Client Data and Outcome Reporting for validation, deployment, measurement, improvement, research, development and optimisation of CrossCore and the Experian Service(s). The Client acknowledges that Experian and Thirdfort may incorporate these improvements and performance optimizations into and for use within Thirdfort’s and Experian’s identity and fraud services generally.
7. The Client may use the Experian Services to perform identity verification for the purposes of the prevention or detection of fraud and to assist in preventing money laundering (which purposes for the avoidance of doubt shall exclude the provision of any bureau services to any third party).
8. In relation to ID Lite, the Client undertakes to notify each Consumer in respect of whom it proposes to carry out an ID Lite check that (i) the Client is carrying out an ID Lite check and (ii) the ID Lite check constitutes Experian Services.
9. The Client shall promptly provide to Thirdfort full details of all complaints relating to the Experian Services made by a Consumer or other individual to whom the Experian Services relate. The Client shall co-operate with Thirdfort and Experian to resolve any such complaints. If Thirdfort receives a complaint relating to the Experian Services, the Client shall co-operate with Experian and Thirdfort to resolve that complaint and shall respond promptly, and in any event within 5 Working Days, to any request for information relating to the complaint.
10. The Client shall ensure that it maintains reasonable anti-virus and data security controls.
11. Experian may release updates, which may modify CrossCore, from time-to-time (“Updates”). Experian agrees that it will use reasonable endeavours to ensure that such Updates will not result in a material reduction in the level of performance or availability or functionality of CrossCore or the latest version of Experian Services.
12. If Thirdfort is aware that implementing CrossCore or an Update will result in a material reduction in or unavailability either of (i) other Experian Service(s) or (ii) third party services the Client is currently using, Thirdfort will make commercially reasonable efforts to notify the Client ninety (90) days before the required implementation of CrossCore or the relevant Update. Thereafter, the Client and Thirdfort agree to cooperate in transitioning to the current version of the Experian Services or third-party service(s) that allow for proper access to such service(s) through CrossCore following the Update, subject to the Client paying the applicable and reasonable professional services fees at Thirdfort’s then-current rates. If such transition is not possible or practicable within the allotted time or at all, Thirdfort will not be required to continue to facilitate delivery of such service(s) through CrossCore following the Update and may terminate the Client’s use of CrossCore, any of the Experian Services provided via CrossCore and/or any other Experian Services in its discretion.
13. In order for Thirdfort to provide the Experian Services to the Client and in order for Experian to comply with the licence terms which British Telecommunications plc and/or other third party suppliers of telephone number data require, the Client:
13.1 appoints Experian as its agent under the Agreement for the purpose of using Client Data to carry out directory enquiry searches for and on behalf of the Client;
13.2 authorises and instructs Experian to:
13.2.1 use any retrieved telephone numbers resulting from such directory enquiries for the sole purpose of comparing such telephone numbers against any telephone numbers contained within the relevant and applicable data and producing a score based upon whether there was or was not a match of telephone numbers; and
13.2.2 incorporate the score referred to in paragraph 13.2.1 into the overall score delivered to Thirdfort in connection with the Service; and
13.2.3 instructs and confirms to Experian that telephone numbers retrieved from such directory enquiry searches are for use as input into the comparison process described in paragraph only and Experian is not required to return such telephone numbers to the Client.
14. To the extent that the Experian Services comprise Royal Mail NCOA® Alert Data, the Client agrees to the terms of the End User Agreement required by Royal Mail which may be accessed at https://info.thirdfort.com/terms/royal-mail-eula.
15. Experian Services are not intended to be used as the sole basis for any business decision, and are based upon data which is provided by third parties, the accuracy and/or completeness of which it would not be possible and/or economically viable for Experian to guarantee. Experian’s services also involve models and techniques based on statistical analysis, probability and predictive behaviour. Experian is therefore not able to accept any liability, for:
15.1 any inaccuracy, incompleteness or other error in the Experian Data which arises as a result of data provided to Experian by the Client or any third party;
15.2 any failure of the Experian Services to achieve any particular result for the Client.
16. If Experian considers in its reasonable opinion that it is no longer desirable or commercially viable to continue to provide the Experian Services, or if any third party data or software becomes unavailable to Experian, Thirdfort shall be entitled to do one of the following on giving three months’ prior notice to the Client:
16.1 modify the affected Experian Services as necessary to accommodate such changes or unavailability; or
16.2 terminate the Agreement (without liability) in respect of those Experian Services which are affected by such changes or unavailability.
18. If Thirdfort reasonably believes the Experian Services have been used in breach of these End User Terms by a Client,
18.1 Thirdfort shall be entitled to suspend provision of the Experian Services;
18.2 the Client shall, co-operate fully with Thirdfort’s investigations into such use; and
18.3 Thirdfort and the Client shall use all reasonable endeavours to resolve the investigations and recommence provision of the Experian Services.
19. Thirdfort grants the Client a non-exclusive licence to use any Experian Data and/or Experian Materials provided to Thirdfort solely as part of the Experian Services in the United Kingdom. This licence granted will automatically expire on termination of the Agreement for any reason.
20. The Client grants Thirdfort and Experian a royalty free, non-exclusive, non-transferable licence to use and copy the Client Data which is provided to Thirdfort or input into any of Experian’s databases as part of the Service under or in accordance with the terms of the Agreement for the Purpose and/or for Thirdfort to comply with any requests made to Experian under statute.
21. The Client agrees that it will:
21.1 use the Experian Services, Experian Data and/or Experian Materials solely in connection with the Thirdfort Service, provided as part of the Service;
21.2 not sell, transfer, sub-license, distribute, commercially exploit or otherwise make available to, or use for the benefit of, any third party any of the Experian Services, Experian Data and/or Experian Materials;
21.3 not (and will not allow any third party to) adapt, alter, modify, reverse engineer, de-compile or otherwise interfere with the Experian Data and/or Experian Materials without the prior written consent of Experian or as otherwise permitted by law;
21.4 only take such copies of the Experian Data and/or Experian Materials as are reasonably required for the use of the Experian Data and/or Experian Materials in accordance with the Agreement;
21.5 in the case of a machine and/or site specific licence, only use the Experian Data and/or Experian Materials on the equipment and/or at the site (as the case may be) specified in the applicable Schedule.
23. All Intellectual Property Rights in the Experian Materials, the Experian Data and the Derivative Output will remain vested in Experian (or its relevant licensors) and to the extent that any rights in such materials and data vest in the Client by operation of law, the Client hereby assigns such rights to Experian.
PART C - COMPLYADVANTAGE
1. The terms set out in this Part C apply to those elements of the Services (“ComplyAdvantage Services”) that are provided to Thirdfort by IVXS UK Ltd t/as ComplyAdvantage (“ComplyAdvantage”).
2. The following definitions apply in this Part C:
2.1 “ComplyAdvantage Data” means all data held within ComplyAdvantage’s databases, other than Client Data, that is accessible to the Client through use of the ComplyAdvantage Services;
2.2 “ComplyAdvantage Material” means written documentation and content, verbal, electronic and other information, databases, computer software, ComplyAdvantage Software, designs, drawings, pictures or other images (whether still or moving), the ComplyAdvantage Site, sounds or any other record of any information in any form belonging to ComplyAdvantage but for the avoidance of doubt not including the Client Data or other material belonging to the Client;
2.3 “ComplyAdvantage Site” means ComplyAdvantage's website at complyadvantage.com, or other websites that ComplyAdvantage choose to operate and provide ComplyAdvantage Services through; and
2.4 “ComplyAdvantage Software” means ComplyAdvantage's data management and manipulation software made available by ComplyAdvantage to the Client.
3. You agree that you shall not:
3.1 use the ComplyAdvantage Services in any way that does or may bring the ComplyAdvantage Services or ComplyAdvantage into disrepute;
3.2 use the ComplyAdvantage Services in a manner which is unlawful, harmful, threatening, abusive, harassing, tortious, indecent, obscene, libellous, menacing or invasive of another person’s privacy;
3.3 use the ComplyAdvantage Services in a manner which infringes the Intellectual Property Rights, proprietary or personal rights of any third party, including data subjects;
3.4 misuse the ComplyAdvantage Site by introducing viruses, trojans, worms, logic bombs or other material which is technologically harmful;
3.5 attempt to gain unauthorised access to the ComplyAdvantage Site or ComplyAdvantage Services, the server on which the ComplyAdvantage Site or ComplyAdvantage Services are stored or any server, computer or database connected to the ComplyAdvantage Site or ComplyAdvantage Services;
3.6 attack the ComplyAdvantage Site or ComplyAdvantage Services via a denial-of-service attack or a distributed or malicious denial-of service attack; or
3.7 access the ComplyAdvantage software, the ComplyAdvantage Services or the ComplyAdvantage Site in connection with building a product or services which competes with the ComplyAdvantage Software or ComplyAdvantage Services;
3.8 attempt to extract ComplyAdvantage's data in bulk; or
3.9 use any ComplyAdvantage Data or ComplyAdvantage Material, or release any ComplyAdvantage Data or ComplyAdvantage Material to third parties, except as authorised in writing by Thirdfort or as permitted under the Agreement.
4. ComplyAdvantage Data is made available only for the Client’s use as part of the ComplyAdvantage Services and must not be made public by the Client unless required by law. By making the ComplyAdvantage Data public or using it other than for the purposes for which it is provided, the Client may be in breach of the Data Protection Legislation. Client shall not transfer or access the ComplyAdvantage Data outside of the European Economic Area unless subject to legally enforceable mechanism(s) for transfers of personal data as may be permitted under Data Protection Legislation from time to time.
5. The Client shall ensure that all ComplyAdvantage Data and ComplyAdvantage Material are kept secure and shall use appropriate security practices and systems applicable to the use of the ComplyAdvantage Data and ComplyAdvantage Material to prevent, and take prompt and proper remedial action against, unauthorised access, copying, modification, storage, reproduction, display or distribution of the ComplyAdvantage Data and ComplyAdvantage Material. Such appropriate security practices shall not be of a standard lower than the steps that the Client takes to protect Client Data or its Confidential Information of a similar nature.
6. If the Client becomes aware of any misuse of any ComplyAdvantage Data or ComplyAdvantage Material, or any security breach in connection with the Agreement that could compromise the security or integrity of the ComplyAdvantage Data or ComplyAdvantage Material, or otherwise adversely affect ComplyAdvantage, or if the Client learns or suspects that any password or other security feature has been revealed to or obtained by any unauthorised person, the Client shall, at the Client’s expense, promptly notify Thirdfort and fully co-operate with Thirfort to remedy the issue as soon as reasonably practicable.
7. The Client’s obligations regarding the retention and protection of the ComplyAdvantage Data and ComplyAdvantage Material survives termination of the Agreement for any reason.
8. The Client understands and acknowledges that:
8.1 ComplyAdvantage gives no opinion and makes no recommendation in relation to persons appearing in the ComplyAdvantage Data; and
8.2 results derived from Client’s use of the ComplyAdvantage Services should not be used to draw any automatic conclusion, or relied upon in isolation to make a decision, relating to any person flagged or not flagged in the course of the Client’s use of the ComplyAdvantage Services.
PART D - EMAILAGE
1. The terms set out in this Part D apply to those elements of the Services that are provided to Thirdfort by Emailage Limited (“Emailage Services”).
2. In relation to ID Lite, the Client agrees to take all reasonable steps to ensure that each Consumer is aware of (i) the nature of the processing to be undertaken by Emailage in connection with the Emailage Services, and (ii) the terms of the Emailage Privacy Statement which can be accessed at https://emailage.com/privacy-policy/.
PART E - INNOVALOR SOFTWARE (owner of the ReadID technology service)
1. The terms set out in this Part E apply to those elements of the Services that are provided to Thirdfort by InnoValor Software B.V (“InnoValor Services”).
2. The Client agrees:
2.1 at all times to comply with applicable laws and regulations, including but not limited to privacy regulations;
2.2 to not reverse engineer, disassemble, decompile, or otherwise attempt to derive the source code of the ReadID service, (i) copy, make error corrections or otherwise modify or adapt the ReadID service, nor create derivative works based on the ReadID service, (iii) sublicense or use the Service for commercial time-sharing, rental, or service bureau use.
PART F - IPROOV
1. The terms set out in this Part F apply to those elements of the Services that are provided to Thirdfort by iProov Limited (“iProov Services”).
2. The Client agrees:
2.1 to comply with iProov’s Acceptable Use Policy (as available from time to time at (https://www.iproov.com/legal/acceptable-use);
2.2 Only to use the iProov service in the context of the Services provided by Thirdfort; and
2.3 To use reasonable endeavours to encourage Consumers to update to the latest version of the Thirdfort App when appropriate and relevant to the provision of the iProov service.