Terms and Conditions
Version: 1.0
Effective Date: 28 Apr 2025
1. General
2. Accepting these Terms
3. Disclosure of your Verifications
4. Your right to use the Services
5. Our right to use your information
6. Your Account and Eligibility
7. Conditions of Use
8. Our standards of service
9. Charges and payment
10. Term and Termination
11. Survival
12. Our liability
13. Dispute Resolution
14. Confidentiality
15. Intellectual Property
16. Use of Marks
17. Data Protection
18. Compliance
19. Other provisions
20. Definitions
Appendix 1 – Data Processing Appendix
1. Introduction
2. Your obligations as controller
3. Our obligations as processor
4. International transfers
5. Definitions
Schedule A – Data Processing Description
Version: 1.0
Effective Date: 28 Apr 2025
1. General
2. Accepting these Terms
3. Disclosure of your Verifications
4. Your right to use the Services
5. Our right to use your information
6. Your Account and Eligibility
7. Conditions of Use
8. Our standards of service
9. Charges and payment
10. Term and Termination
11. Survival
12. Our liability
13. Dispute Resolution
14. Confidentiality
15. Intellectual Property
16. Use of Marks
17. Data Protection
18. Compliance
19. Other provisions
20. Definitions
Appendix 1 – Data Processing Appendix
1. Introduction
2. Your obligations as controller
3. Our obligations as processor
4. International transfers
5. Definitions
Schedule A – Data Processing Description
1. General
1.1. V3rity.com is owned and operated by Verity SIA (“v3rity”, “we”, “our”, or “us”).
We provide an online platform at V3rity.com (the "Platform") to enable organisations such as banks,
brokers, credit providers, estate agents, recruitment agencies, prospective new employers and
screening providers ("Clients") to manage requests to and from other organisations ("Data Sources")
to verify employment details or documents (the "Services"). Our Platform includes websites, microsites, databases and back-end systems that we use to operate V3rity.com.
1.2. If you are an organisation using our Platform or Services ("you") then:
1.1. V3rity.com is owned and operated by Verity SIA (“v3rity”, “we”, “our”, or “us”).
We provide an online platform at V3rity.com (the "Platform") to enable organisations such as banks,
brokers, credit providers, estate agents, recruitment agencies, prospective new employers and
screening providers ("Clients") to manage requests to and from other organisations ("Data Sources")
to verify employment details or documents (the "Services"). Our Platform includes websites, microsites, databases and back-end systems that we use to operate V3rity.com.
1.2. If you are an organisation using our Platform or Services ("you") then:
- if you are a Client, you may ask Data Sources to verify details about their current or former employees, customers or users or to provide, update or amend verification documents, such as references or evidence of employment or income ("Verifications");
- if you ("Employer") receive a request for Verification about your current or former workers via our Platform, you may use the Platform to respond to the Verification request.
2. Accepting these Terms
2.1. The Services are made available to you subject to these terms and conditions (these "Terms”) and the terms set out in the applicable Order Form (if any). The Terms constitute a binding legal contract between you and us.
2.2. By accessing the Platform or by using the Services in any manner, you signify your acceptance of these Terms. If you do not agree to these Terms, then you must stop using the Platform and the Services.
2.3. We may amend these Terms from time to time. If we do, we will publish the amended Terms or the changes to them on the Platform and the amended Terms will take effect no less than 7 days from the date on which we publish the amendments. Your access to the Platform and the Services may be restricted or prevented unless and until you have agreed to such amended Terms. By continuing to use your account and access the Services after the new changes have taken effect, you indicate your agreement to the amended Terms.
2.4. Any individual who is the subject of your Verification request (“End User”) must accept our End User Terms of Use available on our website , as updated from time to time (“End User Terms of Use”).
2.1. The Services are made available to you subject to these terms and conditions (these "Terms”) and the terms set out in the applicable Order Form (if any). The Terms constitute a binding legal contract between you and us.
2.2. By accessing the Platform or by using the Services in any manner, you signify your acceptance of these Terms. If you do not agree to these Terms, then you must stop using the Platform and the Services.
2.3. We may amend these Terms from time to time. If we do, we will publish the amended Terms or the changes to them on the Platform and the amended Terms will take effect no less than 7 days from the date on which we publish the amendments. Your access to the Platform and the Services may be restricted or prevented unless and until you have agreed to such amended Terms. By continuing to use your account and access the Services after the new changes have taken effect, you indicate your agreement to the amended Terms.
2.4. Any individual who is the subject of your Verification request (“End User”) must accept our End User Terms of Use available on our website , as updated from time to time (“End User Terms of Use”).
3. Disclosure of your Verifications
3.1. The Services enable you to request Verifications from Data Sources and for other organisations to request Verifications from you. Accordingly, our Platform is designed to disclose Verifications and other information (such as messages, links or other posts) to:
3.2. End Users may also receive Verifications and other information (such as messages, link or other posts) where they are required to authorise the disclosure of such information and/or where we otherwise provide a copy to them in accordance with the settings of our Platform.
3.3. We will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of any unauthorised disclosure of Verifications and other information.
3.1. The Services enable you to request Verifications from Data Sources and for other organisations to request Verifications from you. Accordingly, our Platform is designed to disclose Verifications and other information (such as messages, links or other posts) to:
- organisations from whom you have requested Verifications
- organisations that request Verifications from you and are permitted to receive them.
3.2. End Users may also receive Verifications and other information (such as messages, link or other posts) where they are required to authorise the disclosure of such information and/or where we otherwise provide a copy to them in accordance with the settings of our Platform.
3.3. We will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of any unauthorised disclosure of Verifications and other information.
4. Your right to use the Services
4.1. V3rity grants you a non-exclusive, non-transferable, irrevocable right to access the Platform and use the Services during the Term solely for your internal business purposes and such other purposes as we may authorise in writing, subject to your compliance with the Agreement (“Right of Use”).
The Right of Use is personal to you and you must not attempt to transfer the right to any third party, including an Affiliate. All rights not specifically granted hereunder are reserved by v3rity.
4.1. V3rity grants you a non-exclusive, non-transferable, irrevocable right to access the Platform and use the Services during the Term solely for your internal business purposes and such other purposes as we may authorise in writing, subject to your compliance with the Agreement (“Right of Use”).
The Right of Use is personal to you and you must not attempt to transfer the right to any third party, including an Affiliate. All rights not specifically granted hereunder are reserved by v3rity.
5. Our right to use your information
5.1. The Services enable you to request Verifications from Data Sources and for other organisations to request Verifications from you. Accordingly, our Platform is designed to disclose Verifications and other information (such as messages, links or other posts) to third parties. You grant to us:
5.2. Where we have made settings available, we will honour the choices that you make about who can see your Verifications and other information.
5.3. You guarantee that you have the right to allow us to make such disclosures of the Verifications and other information, even if third parties such as Data Sources have rights in and to the Verifications or other information uploaded on or transmitted over the Platform.
5.1. The Services enable you to request Verifications from Data Sources and for other organisations to request Verifications from you. Accordingly, our Platform is designed to disclose Verifications and other information (such as messages, links or other posts) to third parties. You grant to us:
- a non-exclusive licence (including the right to sub licence third parties) to use the Verifications, and other information that you provide, during the Term as necessary to perform the Services and to allow you to access and use the Platform and any features or services connected with the Services or the Platform that you request from us from time to time;
- permission to disclose the Verifications and other information that you provide to your End Users and to other organisations where you or your End Users authorise or request us to do so using the available functionality.
5.2. Where we have made settings available, we will honour the choices that you make about who can see your Verifications and other information.
5.3. You guarantee that you have the right to allow us to make such disclosures of the Verifications and other information, even if third parties such as Data Sources have rights in and to the Verifications or other information uploaded on or transmitted over the Platform.
6. Your Account and Eligibility
6.1. As part of the Services, you may appoint users to manage your Verification requests and responses (“Client Users”). Each Client User must have a user account.
6.2. Each Client User must:
6.3. Only a Client User who is duly authorised by an organisation may set up an account on your behalf.
The Client User will be granted administrator rights at the point at which they place an order on behalf of
an organisation.
The administrator:
6.4. The administrator may also appoint other Client Users to act as administrators on your behalf, to the extent permitted by the settings on the Platform.
Each administrator must meet the requirements set out in clause 6.3 above.
6.5. You must notify us of any breach of the Agreement or End User Terms by any End User, Client User or administrator.
6.1. As part of the Services, you may appoint users to manage your Verification requests and responses (“Client Users”). Each Client User must have a user account.
6.2. Each Client User must:
- be at least 16 years old to create a user account and use the Services;
- provide accurate information to us and keep it updated;
- use their real name and contact details to set up your account;
- keep their user account password a secret and not share it with anyone;
- inform us as soon as possible if they believe your/their account credentials have been compromised;
- use the Services honestly and with integrity;
- have their email address using your corporate domain or subdomain.
6.3. Only a Client User who is duly authorised by an organisation may set up an account on your behalf.
The Client User will be granted administrator rights at the point at which they place an order on behalf of
an organisation.
The administrator:
- must have authority to act on behalf of their authorisation and bind the organisation to these Terms and the choices and configurations that the administrator makes using the functionality available on the Platform;
- must notify us immediately if they cease to be employed or otherwise engaged by their organisation in a capacity that permits them to act as an administrator in accordance with this Agreement;
- must act under the instructions of their organisation with respect to any processing of personal data that they authorise or undertake in connection with the Platform.
6.4. The administrator may also appoint other Client Users to act as administrators on your behalf, to the extent permitted by the settings on the Platform.
Each administrator must meet the requirements set out in clause 6.3 above.
6.5. You must notify us of any breach of the Agreement or End User Terms by any End User, Client User or administrator.
7. Conditions of Use
7.1. You must not misuse the Platform or the Services. In particular, you must not (and must ensure that your Client Users do not):
7.2. You must not breach our security or do anything that could harm our Platform or Services. In particular, you must not:
7.3. You must not infringe our rights. In particular, you must not:
7.4. We may temporarily or permanently limit or restrict your access and use of the Platform or the Services if we consider that:
7.1. You must not misuse the Platform or the Services. In particular, you must not (and must ensure that your Client Users do not):
- use the Platform or the Services for any fraudulent or unlawful purpose;
- impersonate any person, to create a false identity, or to falsely state or otherwise misrepresent your identity or your affiliation with any person;
- upload or transmit anything that is obscene, defamatory, abusive, threatening or that infringes any other person’s rights;
- request Verifications for information where you do not have a lawful purpose for doing so or request information in excess of what is required to achieve your lawful purpose;
- disclose information using the Services or the Platform that you are not entitled or do not have consent to disclose (such as confidential information of others);
- disclose, upload or request information on any individual which constitutes “special category personal data” under Article 9 of the GDPR, being personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;
- disclose, upload or request information which is covered by Article 10 of the GDPR, being personal data, which relates to criminal convictions and offences (including alleged offences) or related security measures by any individual;
- amend or alter any Verifications without the consent of the person who was responsible for creating it.
7.2. You must not breach our security or do anything that could harm our Platform or Services. In particular, you must not:
- interfere with or disrupt the operation of the Services or access to it;
- transmit or otherwise make available in connection with the Services any virus, worm, Trojan horse, time bomb, spyware, or other computer code, file, or programme that is harmful or invasive or may or is intended to damage or hijack the operation of, or to monitor the use of, any hardware, software, or equipment;
- access another person’s account on the Platform without their permission;
- attempt to circumvent any security measures or otherwise gain unauthorised access to or interfere with any third party’s online resources or systems including by any form of hacking or penetration testing;
- Use the Services or Platform in any way that may pose a security risk to the Services or may adversely impact the Services or the systems of another use of the Services;
- restrict or inhibit the ability of any other person to access or use the Platform or the Services;
- test or reverse engineer the Platform to find limitations, vulnerabilities or other weaknesses in the Platform or the Services.
7.3. You must not infringe our rights. In particular, you must not:
- do anything this is likely to bring us into disrepute during the course of your use of the Services;
- copy, modify, adapt, translate or create derivative works of the Platform or the Services or any information, content, material or data on the Platform except as expressly permitted by these Terms;
- monitor the Platform or its availability, performance or functionality for any competitive purpose;
- remove, obscure or modify any copyright, trade mark, or other proprietary rights notice from the Platform;
- scrape the Platform or use any software, devices, robots, scrips or other means or processes to scrape the Platform or extract information from the Platform or the Services;
- imply or state that you are affiliated or endorsed by us without our express consent;
- engage in framing, mirroring, or deep linking of the Platform.
7.4. We may temporarily or permanently limit or restrict your access and use of the Platform or the Services if we consider that:
- you have breached, or we reasonably suspect you have breached, any provision of the Agreement;
- it is reasonably necessary from time to time in connection with any actual or perceived security threat to the Platform or the Services.
8. Our standards of service
8.1. We will make the Platform available and provide the Services using reasonable care and skill in accordance with this Agreement. In particular, we shall use commercially reasonable efforts to make
the Services available 24 hours a day, seven days per week, except for maintenance. Incidents and
support requests may be submitted to: support@v3rity.com.
8.2. We may update or change the precise specification or functionality of the Platform and the Services are our discretion, but we will not materially decrease or impair the performance of the Services in doing so.
8.3. We are not responsible or liable for the accuracy or completeness of any Verifications provided
or received by you in connection with the Services and you are responsible for determining if and
the extent to which such information should be relied on and whether or not any further enquiries should be made to confirm the information contained in the Verifications.
8.4. We may also provide third party solutions in conjunction with the Platform or the Services.
We are not acting as an agent for any provider of such third-party solutions and we give no warranty
or representation of any kind in relation to such third-party solutions on our behalf or on behalf of the
third-party provider. You (or the applicable End User) will be responsible for agreeing to any additional
terms presented with respect to a third-party solution and you (or the applicable End User) may not use such a third-party solution unless you accept the additional terms.
8.1. We will make the Platform available and provide the Services using reasonable care and skill in accordance with this Agreement. In particular, we shall use commercially reasonable efforts to make
the Services available 24 hours a day, seven days per week, except for maintenance. Incidents and
support requests may be submitted to: support@v3rity.com.
8.2. We may update or change the precise specification or functionality of the Platform and the Services are our discretion, but we will not materially decrease or impair the performance of the Services in doing so.
8.3. We are not responsible or liable for the accuracy or completeness of any Verifications provided
or received by you in connection with the Services and you are responsible for determining if and
the extent to which such information should be relied on and whether or not any further enquiries should be made to confirm the information contained in the Verifications.
8.4. We may also provide third party solutions in conjunction with the Platform or the Services.
We are not acting as an agent for any provider of such third-party solutions and we give no warranty
or representation of any kind in relation to such third-party solutions on our behalf or on behalf of the
third-party provider. You (or the applicable End User) will be responsible for agreeing to any additional
terms presented with respect to a third-party solution and you (or the applicable End User) may not use such a third-party solution unless you accept the additional terms.
9. Charges and payment
9.1. You shall pay all applicable charges and expenses in accordance with your Order Form,
these Terms and any other applicable payment terms or conditions that we may agree with you.
9.2. Unless specified otherwise in an Order Form, your use of the Services will be charged on
a per Successful Connection basis.
9.3. Where you have an Order Form, all invoices issued under an Order Form must be paid within
thirty (30) days after the date of issue, unless different payment terms are specified in your Order Form.
9.4. Otherwise, where you have self-signed up to the v3rity platform (and do not have an Order Form),
you will be automatically debited at the end of each month for the Successful Connection Fees incurred
that month. You expressly consent to authorise and instruct us to deduct the Successful Connection Fees from your nominated payment method in accordance with the terms of this Agreement. You acknowledge that you are giving us the ability to collect variable amounts from your nominated payment method. Where an automatic debit is unsuccessful for any reason, we reserve the right to issue you an invoice for the Successful Connection Fees and that invoice must be paid within thirty (30) days after the date of issue.
9.5. V3rity will retain all Client Data in accordance with our standard data retention and deletion schedule.
9.6. All amounts payable are payable in pounds sterling and are exclusive of tax, including value added tax, which shall be payable by you and added to our invoices where applicable.
9.7. Without limiting any other remedy available to us under the terms of the Agreement or at law,
we may suspend the provision of all Services and access to the Platform if you fail to pay the fees and charges in accordance with clause 9.1, and those fees are more than thirty (30) days overdue and v3rity
has issued a reminder notice. Unpaid due amounts are subject to a finance charge of 1.5% per month
on any outstanding balance and all payment collection expenses.
9.8. Unless otherwise specified in the Order Form, the Fees will be increased each year during the
Term on each Anniversary Date by CPI.
9.1. You shall pay all applicable charges and expenses in accordance with your Order Form,
these Terms and any other applicable payment terms or conditions that we may agree with you.
9.2. Unless specified otherwise in an Order Form, your use of the Services will be charged on
a per Successful Connection basis.
9.3. Where you have an Order Form, all invoices issued under an Order Form must be paid within
thirty (30) days after the date of issue, unless different payment terms are specified in your Order Form.
9.4. Otherwise, where you have self-signed up to the v3rity platform (and do not have an Order Form),
you will be automatically debited at the end of each month for the Successful Connection Fees incurred
that month. You expressly consent to authorise and instruct us to deduct the Successful Connection Fees from your nominated payment method in accordance with the terms of this Agreement. You acknowledge that you are giving us the ability to collect variable amounts from your nominated payment method. Where an automatic debit is unsuccessful for any reason, we reserve the right to issue you an invoice for the Successful Connection Fees and that invoice must be paid within thirty (30) days after the date of issue.
9.5. V3rity will retain all Client Data in accordance with our standard data retention and deletion schedule.
9.6. All amounts payable are payable in pounds sterling and are exclusive of tax, including value added tax, which shall be payable by you and added to our invoices where applicable.
9.7. Without limiting any other remedy available to us under the terms of the Agreement or at law,
we may suspend the provision of all Services and access to the Platform if you fail to pay the fees and charges in accordance with clause 9.1, and those fees are more than thirty (30) days overdue and v3rity
has issued a reminder notice. Unpaid due amounts are subject to a finance charge of 1.5% per month
on any outstanding balance and all payment collection expenses.
9.8. Unless otherwise specified in the Order Form, the Fees will be increased each year during the
Term on each Anniversary Date by CPI.
10. Term and Termination
10.1. This Agreement and your Right of Use commences on the Order Commencement Date and
continues for the Initial Order Term and each Renewal Period unless terminated earlier in accordance with this clause 10.
10.2. Each party may terminate the Agreement by providing no less than sixty (60) days’ notice in writing to the other party prior to the end of the Initial Order Term or then current Renewal Period, with termination to take effect on the expiration of the Initial Order Term or then current Renewal Period.
10.3. Either party may terminate this Agreement with immediate effect if:
10.4. On termination or expiry of this Agreement:
10.1. This Agreement and your Right of Use commences on the Order Commencement Date and
continues for the Initial Order Term and each Renewal Period unless terminated earlier in accordance with this clause 10.
10.2. Each party may terminate the Agreement by providing no less than sixty (60) days’ notice in writing to the other party prior to the end of the Initial Order Term or then current Renewal Period, with termination to take effect on the expiration of the Initial Order Term or then current Renewal Period.
10.3. Either party may terminate this Agreement with immediate effect if:
- a party commits a material breach and fails to remedy the breach within thirty (30) days of being notified by the other party requiring it to do so with particulars of the breach;
- a party enters into liquidation (apart from solvent liquidation for the purposes of amalgamation or reconstruction), is dissolved, is declared bankrupt, has a receiver, administrator or administrative receiver appointed over all or part of its assets, enters into an arrangement with its creditors, or takes or suffers any action similar to those set out above.
10.4. On termination or expiry of this Agreement:
- your Right to Use will automatically cease and you and your Client Users must immediately stop using the Services and cease accessing the Platform;
- each party must return or destroy all Confidential Information of the other party in its care, custody or control to the other party;
- accrued rights are not affected.
11. Survival
11.1. Termination of this Agreement will not affect clauses 10.5, 12, 14, 15 and 16 or any provision
of this Agreement which is expressly or by implication intended to come into force or continue
on or after the termination.
11.1. Termination of this Agreement will not affect clauses 10.5, 12, 14, 15 and 16 or any provision
of this Agreement which is expressly or by implication intended to come into force or continue
on or after the termination.
12. Our liability
12.1. Any liability of v3rity for any loss or damage however caused (including whether such liability is asserted on the basis of contract, tort or otherwise) suffered by you in connection with this Agreement is limited to the fees paid or payable by you to us in the twelve (12) months prior to the initial claim. Each applicable limitation of liability set out in this clause 12 is an aggregate limit for all claims, whenever made.
12.2. Nothing in this Agreement is intended to exclude or limit our liability for death or
personal injury caused by our negligence, fraud and fraudulent misrepresentation or for
any other liability that cannot be excluded or limited by law.
12.3. The Services and the Platform are made available to you on an AS IS and AS AVAILABLE basis.
It is your responsibility to ensure that the Platform and the Services are suitable for your intended purposes.
12.4. We give no warranties, assurances or guarantees:
12.5. Except as otherwise set out in these Terms, all warranties, terms, conditions and undertakings,
whether expressed or implied by common law, statute, course of dealing or otherwise in relation
to the Platform and the Services are excluded to the fullest extent permitted by law.
12.6. You acknowledge and agree that the operation of the Platform and the Services is dependent
upon the proper and effective functioning of the internet and other third-party equipment and services,
and we do not guarantee and will not be liable for these in any way.
12.7. Subject to clause 12.2, we will not be liable to you or your employees (past, present or prospective):
12.8. We shall not be in breach of contract or otherwise liable to you or any of your individual users
for any failure to perform or any delay in performing our obligations under these Terms or in respect of
the Services if and to the extent that such failure or delay is due to any failure or delay of yours, a Client User or End User to comply with these Terms or to provide us with reasonable assistance and cooperation in connection with the Services, or any other circumstances outside our reasonable control.
12.1. Any liability of v3rity for any loss or damage however caused (including whether such liability is asserted on the basis of contract, tort or otherwise) suffered by you in connection with this Agreement is limited to the fees paid or payable by you to us in the twelve (12) months prior to the initial claim. Each applicable limitation of liability set out in this clause 12 is an aggregate limit for all claims, whenever made.
12.2. Nothing in this Agreement is intended to exclude or limit our liability for death or
personal injury caused by our negligence, fraud and fraudulent misrepresentation or for
any other liability that cannot be excluded or limited by law.
12.3. The Services and the Platform are made available to you on an AS IS and AS AVAILABLE basis.
It is your responsibility to ensure that the Platform and the Services are suitable for your intended purposes.
12.4. We give no warranties, assurances or guarantees:
- that access to and use of the Platform or the Services will be uninterrupted or error free;
- that the Platform or the computer servers from which the Services are made available, are free of viruses or other harmful components. You are responsible for implementing appropriate processes, systems and procedures to protect yourself and your devices from these types of issues; and
- as to the accuracy, content, timeliness, completeness, reliability, quality or suitability of the Platform, the Services, the Verifications and any other information, materials or content accessed via the Platform or otherwise made available in connection with the Services.
12.5. Except as otherwise set out in these Terms, all warranties, terms, conditions and undertakings,
whether expressed or implied by common law, statute, course of dealing or otherwise in relation
to the Platform and the Services are excluded to the fullest extent permitted by law.
12.6. You acknowledge and agree that the operation of the Platform and the Services is dependent
upon the proper and effective functioning of the internet and other third-party equipment and services,
and we do not guarantee and will not be liable for these in any way.
12.7. Subject to clause 12.2, we will not be liable to you or your employees (past, present or prospective):
- for any special, indirect or consequential loss;
- for any loss of profits, data, revenues, business, employment, reputation or goodwill (whether such losses are direct or indirect);
- loss of bargain, loss of actual or anticipated savings, loss of opportunities including opportunities to enter into arrangements with third parties; and
- any inaccuracies or errors relating to the Verifications or other information and any decisions an organisation makes in connection with any Verifications disclosed to them.
12.8. We shall not be in breach of contract or otherwise liable to you or any of your individual users
for any failure to perform or any delay in performing our obligations under these Terms or in respect of
the Services if and to the extent that such failure or delay is due to any failure or delay of yours, a Client User or End User to comply with these Terms or to provide us with reasonable assistance and cooperation in connection with the Services, or any other circumstances outside our reasonable control.
13. Dispute Resolution
13.1. The parties agree that in the event that any dispute arises out of or in connection with this Agreement, the parties will first meet to attempt to resolve the dispute in good-faith by direct communications between the individuals responsible for administering this Agreement on behalf of each party, followed by negotiation between authorised executives to settle the dispute.
13.1. The parties agree that in the event that any dispute arises out of or in connection with this Agreement, the parties will first meet to attempt to resolve the dispute in good-faith by direct communications between the individuals responsible for administering this Agreement on behalf of each party, followed by negotiation between authorised executives to settle the dispute.
14. Confidentiality
14.1. For the purposes of this Agreement, Confidential Information means these Terms, an Order Form and all materials, data and other documents which are disclosed by one party to the other in connection with the Services, and (subject to these Terms):
14.2. Except to the extent set out herein or where disclosure is expressly permitted in this Agreement or by the functionality of the Services, each party shall treat the other party’s Confidential Information as confidential and safeguard it accordingly, and shall not disclose the other party s Confidential Information to any other person without the other party s prior written consent.
14.3. Neither party will be restricted from disclosing information to the extent that:
14.1. For the purposes of this Agreement, Confidential Information means these Terms, an Order Form and all materials, data and other documents which are disclosed by one party to the other in connection with the Services, and (subject to these Terms):
- all data, information, documents and materials provided by you or your users are your Confidential Information;
- all data that is in aggregate or de identified form (irrespective of its source), or is held by or disclosed to us independently of the Services are our Confidential Information; and
- personal data shall be the Confidential Information of the applicable controller and may be the Confidential Information of both parties if they are each a controller with respect to the personal data.
14.2. Except to the extent set out herein or where disclosure is expressly permitted in this Agreement or by the functionality of the Services, each party shall treat the other party’s Confidential Information as confidential and safeguard it accordingly, and shall not disclose the other party s Confidential Information to any other person without the other party s prior written consent.
14.3. Neither party will be restricted from disclosing information to the extent that:
- such disclosure is a requirement of law placed on the party making the disclosure;
- such information was in the possession of the party making the disclosure without obligation of confidentiality prior to its disclosure by the information owner, or is obtained from a third party without obligation of confidentiality;
- such information was already in the public domain at the time of disclosure otherwise than by a breach of contract;
- such information is independently developed without access to the other party s Confidential Information;
- disclosure is made to a party s legal counsel, independent auditors, or other professional advisers who are subject to professional duties of confidence;
- the Confidential Information is personal data for which a party who would otherwise be subject to an obligation of confidence under these Terms is a controller.
15. Intellectual Property
15.1. All Intellectual Property Rights, title and interest in and to the Services, Platform and
v3rity Material and otherwise created by us in the course of performing the Services are retained
by v3rity and other than the Right of Use, nothing in this Agreement grants you any right,
title or interest in the Services, Platform or v3rity Material.
15.2. V3rity retains all Intellectual Property Rights in any modifications to the Platform or Services regardless of whether those modifications are made based on Feedback or if you have paid for those modifications.
If you or your Client Users provide any feedback, comments or suggestions concerning the functionality or performance of the Services or Platform (“Feedback”), and we implement a change suggested by that Feedback, you hereby assign all rights, title and interest in the Feedback to us.
15.3. Client Material will remain your property and other than as set out in this clause 15.3,
nothing in this Agreement grants us any Intellectual Property Rights in Client Material.
You grant us a non-exclusive, global licence (including the right to sublicense) to exercise the Intellectual Property Rights in Client Material to the extent required to perform the Services and to improve the Services, including to use and modify Client Material as necessary.
15.1. All Intellectual Property Rights, title and interest in and to the Services, Platform and
v3rity Material and otherwise created by us in the course of performing the Services are retained
by v3rity and other than the Right of Use, nothing in this Agreement grants you any right,
title or interest in the Services, Platform or v3rity Material.
15.2. V3rity retains all Intellectual Property Rights in any modifications to the Platform or Services regardless of whether those modifications are made based on Feedback or if you have paid for those modifications.
If you or your Client Users provide any feedback, comments or suggestions concerning the functionality or performance of the Services or Platform (“Feedback”), and we implement a change suggested by that Feedback, you hereby assign all rights, title and interest in the Feedback to us.
15.3. Client Material will remain your property and other than as set out in this clause 15.3,
nothing in this Agreement grants us any Intellectual Property Rights in Client Material.
You grant us a non-exclusive, global licence (including the right to sublicense) to exercise the Intellectual Property Rights in Client Material to the extent required to perform the Services and to improve the Services, including to use and modify Client Material as necessary.
16. Use of Marks
16.1. We may disclose the fact that you are a customer of ours and may use your logo and trademarks
in the user journey, on emails and SMS messages to users, on FAQ pages and in marketing materials.
Your trademarks and logos will remain, as between you and us, your sole and exclusive property.
Other than as set out in this clause 16, each party must not use the trade marks or logos of the other party except with the prior written consent. Without limiting the confidentiality obligations set out in these Terms, each party must not and must ensure their employees, officers and agents do not make any public or
media statement regarding the other party, this Agreement, the Services or the Platform
without the prior written consent of the other party.
16.1. We may disclose the fact that you are a customer of ours and may use your logo and trademarks
in the user journey, on emails and SMS messages to users, on FAQ pages and in marketing materials.
Your trademarks and logos will remain, as between you and us, your sole and exclusive property.
Other than as set out in this clause 16, each party must not use the trade marks or logos of the other party except with the prior written consent. Without limiting the confidentiality obligations set out in these Terms, each party must not and must ensure their employees, officers and agents do not make any public or
media statement regarding the other party, this Agreement, the Services or the Platform
without the prior written consent of the other party.
17. Data Protection
17.1. Our Services are designed to enable you to request, respond to and share Verifications, which contain personal data about individuals, with other organisations who either request or provide them. We therefore need to share personal data with you, with other organisations and in many cases with the End Users, for the purposes of providing our Services and for you to enjoy their benefits. The data will include such information as required to identify an individual to a Data Source (such as name, job title, employment status, date of birth or otherwise) and such other information that the Data Source is asked to provide. Further information about our processing of personal data, including the type of data that we share and our lawful basis for processing, is set out in our privacy policy available on our website.
17.2. Except as otherwise provided, we and you will each act as individual controllers with respect to the personal data processed about individuals to whom Verifications relate. We will also act as a controller with respect to CRM Data.
17.3. You must comply with Data Protection Law with respect to your use or disclosure of Verifications that you give or receive via our Platform. You will be responsible for compliance with all data subject requests under Data Protection Law with which you are required to comply as a controller. We will not be responsible for complying with or providing any support or assistance to you with respect to any requests by individuals to exercise their data subject rights regarding information that we do not store on our Platform and you hereby indemnify and will keep us indemnified against all claims that we receive from any individuals that relate to the use (or misuse) of Verifications by you, whether under Data Protection Law or otherwise.
17.4. We will comply with Data Protection Law with respect to the operation of our Platform and
our provision of the Services. We will comply, to the extent required by applicable Data Protection Law,
with individual’s requests to exercise their data subject rights in respect of the personal data that
is stored on our Platform.
17.5. In certain limited circumstances or where specified in an Order Form, we will act as a processor
on your behalf or on behalf of other organisations on whose behalf we act in connection with Verifications. We will act as a processor on your behalf where we agree to act on your instructions with respect to Verifications that you may ask us to make on your behalf. In such circumstances, the provisions set out
in the Data Processing Appendix to these Terms shall apply.
17.6. In this clause, capitalised terms or terms beginning with a capital letter shall have the meaning
given in the Data Processing Appendix.
17.1. Our Services are designed to enable you to request, respond to and share Verifications, which contain personal data about individuals, with other organisations who either request or provide them. We therefore need to share personal data with you, with other organisations and in many cases with the End Users, for the purposes of providing our Services and for you to enjoy their benefits. The data will include such information as required to identify an individual to a Data Source (such as name, job title, employment status, date of birth or otherwise) and such other information that the Data Source is asked to provide. Further information about our processing of personal data, including the type of data that we share and our lawful basis for processing, is set out in our privacy policy available on our website.
17.2. Except as otherwise provided, we and you will each act as individual controllers with respect to the personal data processed about individuals to whom Verifications relate. We will also act as a controller with respect to CRM Data.
17.3. You must comply with Data Protection Law with respect to your use or disclosure of Verifications that you give or receive via our Platform. You will be responsible for compliance with all data subject requests under Data Protection Law with which you are required to comply as a controller. We will not be responsible for complying with or providing any support or assistance to you with respect to any requests by individuals to exercise their data subject rights regarding information that we do not store on our Platform and you hereby indemnify and will keep us indemnified against all claims that we receive from any individuals that relate to the use (or misuse) of Verifications by you, whether under Data Protection Law or otherwise.
17.4. We will comply with Data Protection Law with respect to the operation of our Platform and
our provision of the Services. We will comply, to the extent required by applicable Data Protection Law,
with individual’s requests to exercise their data subject rights in respect of the personal data that
is stored on our Platform.
17.5. In certain limited circumstances or where specified in an Order Form, we will act as a processor
on your behalf or on behalf of other organisations on whose behalf we act in connection with Verifications. We will act as a processor on your behalf where we agree to act on your instructions with respect to Verifications that you may ask us to make on your behalf. In such circumstances, the provisions set out
in the Data Processing Appendix to these Terms shall apply.
17.6. In this clause, capitalised terms or terms beginning with a capital letter shall have the meaning
given in the Data Processing Appendix.
18. Compliance
18.1. We confirm that we comply in all material respects with all applicable laws and regulations governing the operation of our Platform and the provision of our Services. Where required, you agree to provide reasonable assistance to us in complying with all such laws and regulations.
18.1. We confirm that we comply in all material respects with all applicable laws and regulations governing the operation of our Platform and the provision of our Services. Where required, you agree to provide reasonable assistance to us in complying with all such laws and regulations.
19. Other provisions
19.1. Illegality/Severance: If any provision of this Agreement is declared by any competent court or body to be illegal, invalid or unenforceable under the law of any jurisdiction, or if any enactment is passed that renders any provision illegal, invalid or unenforceable under the law of any jurisdiction, this shall not affect or impair the legality, validity or enforceability of the remaining provisions.
19.2. Third party rights: no person who is not a party to the Agreement may enforce these Terms against a party.
19.3. Waiver: If we fail to insist that you meet your obligations under the Agreement or if we do not enforce our rights against you or if we delay in doing so, that will not mean that we have waived our rights against you and it does not mean that you do not have to comply with those obligations. If we do waive a default by you, we will only do so in writing and that will not mean that we will automatically waive any later default by you. Even if we delay in enforcing our rights under the Agreement, we may still enforce our rights later.
19.4. Entire Agreement: These Terms and the applicable Order Form constitute the entire agreement and understanding between you and us relating to your access to and use of the Services. Any terms and conditions contained in any Purchase Order provided by You in relation to the supply of Services by v3rity
are expressly excluded and v3rity will not be bound by those terms.
19.5. No reliance: You acknowledge and agree that you do not rely on, and shall have no remedy in respect of, any promise, assurance, statement, warranty, undertaking or representation made (whether innocently or negligently) by us or any other person except as expressly set out in the Agreement, in respect of which your sole remedy shall be for breach of contract
19.6. Assignment and subcontracting: we may assign our rights and/or subcontract our obligations under the Agreement to any other person at any time. You may not assign or transfer any of your rights or obligations under the Agreement without our prior written consent.
19.7. Governing Law and Jurisdiction: The Agreement and any dispute or claim arising out of or in connection with them or the Services (including non-contractual disputes or claims) shall be governed by English law. The parties submit to the non-exclusive jurisdiction of the English courts for all purposes relating to and in connection with the Agreement and any such dispute or claim.
19.8. Force Majeure Event: Neither party will be in breach of this Agreement or liable to the other
for any failure or delay in the performance of obligations under this Agreement to the extent
that such failure or delay is caused by a Force Majeure.
19.9. Order of Precedence: In the event of any inconsistency or conflict between the documents
constituting the Agreement, the documents shall rank in the following order of priority
(with document (i) being the highest in priority, etc.):
19.1. Illegality/Severance: If any provision of this Agreement is declared by any competent court or body to be illegal, invalid or unenforceable under the law of any jurisdiction, or if any enactment is passed that renders any provision illegal, invalid or unenforceable under the law of any jurisdiction, this shall not affect or impair the legality, validity or enforceability of the remaining provisions.
19.2. Third party rights: no person who is not a party to the Agreement may enforce these Terms against a party.
19.3. Waiver: If we fail to insist that you meet your obligations under the Agreement or if we do not enforce our rights against you or if we delay in doing so, that will not mean that we have waived our rights against you and it does not mean that you do not have to comply with those obligations. If we do waive a default by you, we will only do so in writing and that will not mean that we will automatically waive any later default by you. Even if we delay in enforcing our rights under the Agreement, we may still enforce our rights later.
19.4. Entire Agreement: These Terms and the applicable Order Form constitute the entire agreement and understanding between you and us relating to your access to and use of the Services. Any terms and conditions contained in any Purchase Order provided by You in relation to the supply of Services by v3rity
are expressly excluded and v3rity will not be bound by those terms.
19.5. No reliance: You acknowledge and agree that you do not rely on, and shall have no remedy in respect of, any promise, assurance, statement, warranty, undertaking or representation made (whether innocently or negligently) by us or any other person except as expressly set out in the Agreement, in respect of which your sole remedy shall be for breach of contract
19.6. Assignment and subcontracting: we may assign our rights and/or subcontract our obligations under the Agreement to any other person at any time. You may not assign or transfer any of your rights or obligations under the Agreement without our prior written consent.
19.7. Governing Law and Jurisdiction: The Agreement and any dispute or claim arising out of or in connection with them or the Services (including non-contractual disputes or claims) shall be governed by English law. The parties submit to the non-exclusive jurisdiction of the English courts for all purposes relating to and in connection with the Agreement and any such dispute or claim.
19.8. Force Majeure Event: Neither party will be in breach of this Agreement or liable to the other
for any failure or delay in the performance of obligations under this Agreement to the extent
that such failure or delay is caused by a Force Majeure.
19.9. Order of Precedence: In the event of any inconsistency or conflict between the documents
constituting the Agreement, the documents shall rank in the following order of priority
(with document (i) being the highest in priority, etc.):
- the Order Form (if any);
- these Terms;
- other document attached or specifically incorporated into the Agreement.
20. Definitions
“Affiliate” shall mean and include any company which in relation to either party is a subsidiary, holding company or subsidiary of a holding company as the terms "subsidiary" and "holding company" are defined by Section 1159 of the Companies Act 2006 (as amended).
“Agreement” means this Agreement, which is comprised of the Order Form (as applicable) and these Terms.
“Anniversary Date” means the annual anniversary of the Order Commencement Date.
“Client Data” means any data provided by the Client or the Client Users to v3rity or input by the Client or Client Users into the Services but excludes v3rity Material and End User Data.
“Client Material” means any data provided by You to v3rity for input into the Services and any Material provided by You to v3rity for the purposes of this Agreement but excludes v3rity Material and End User Data
“CPI” means the percentage change in the Consumer Price Index (CPI) for the twelve (12) month period most recently published by the Office of National Statistics (or any successor UK government Department) prior to the relevant Anniversary Date.
“End User Data” means data provided by the End User or on behalf of the End User (but not by the Client) to v3rity for the purposes of provided the Services to the End User.
“Force Majeure” means any occurrence or omission outside a party’s control including:
“Initial Order Term” means the initial term of the Services as set out in the Order Form or if no initial term is detailed or no Order Form applies, a period of twelve (12) months from the Order Commencement Date.
“Intellectual Property Rights” means all existing and future industrial and intellectual property rights, and includes any copyright, patent, registered or unregistered trade mark, trade or business or company name, registered or unregistered design, moral right, trade secret, knowhow and right in relation to semiconductors and circuit layouts both in the United Kingdom and throughout the world, or right of registration of such rights.
“v3rity Material” means any Material created by v3rity or provided by v3rity to You in the course of performing the Services or the purposes of this Agreement but excludes Client Material.
“Material” means any material including documents, technical information, plans, studies, equipment, reports, charts, drawings, software, schemas, calculations, tables, schedules and data stored by any means.
“Order Form” means the service order form signed by you and accepted by us for purchase of v3rity Services, or the online order form completed by you for purchase of v3rity Services.
“Order Commencement Date” means the date specified in your Order Form, or if no date is specified or no Order Form applies, the date you sign up to the v3rity Platform and create a business account.
“Renewal Period” means the twelve (12) month period beginning on expiration of the Initial Order Term, and each subsequent twelve (12) month period commencing on an anniversary of that date.
“Successful Connection” means a data connection supporting the verification of an Employment or Gap Activity delivered via Payroll, Banking, v3rity System or other data source.
“Successful Connection Fee” means the charges payable by you in respect of each Successful Connection.
“Term” shall have the meaning given to it in clause 10.1
“Affiliate” shall mean and include any company which in relation to either party is a subsidiary, holding company or subsidiary of a holding company as the terms "subsidiary" and "holding company" are defined by Section 1159 of the Companies Act 2006 (as amended).
“Agreement” means this Agreement, which is comprised of the Order Form (as applicable) and these Terms.
“Anniversary Date” means the annual anniversary of the Order Commencement Date.
“Client Data” means any data provided by the Client or the Client Users to v3rity or input by the Client or Client Users into the Services but excludes v3rity Material and End User Data.
“Client Material” means any data provided by You to v3rity for input into the Services and any Material provided by You to v3rity for the purposes of this Agreement but excludes v3rity Material and End User Data
“CPI” means the percentage change in the Consumer Price Index (CPI) for the twelve (12) month period most recently published by the Office of National Statistics (or any successor UK government Department) prior to the relevant Anniversary Date.
“End User Data” means data provided by the End User or on behalf of the End User (but not by the Client) to v3rity for the purposes of provided the Services to the End User.
“Force Majeure” means any occurrence or omission outside a party’s control including:
- a physical or natural disaster event including fire, flood, lightning or earthquake;
- war or other state of armed hostilities, act of terrorism, riot, insurrection or declaration of martial law;
- strike, lock-out or other labour dispute including industrial disputes that are specific to a party or the party's subcontractors;
- disruption or unavailability of the internet or failure of a utility service provider; and
- law taking effect after the date of this Agreement;
“Initial Order Term” means the initial term of the Services as set out in the Order Form or if no initial term is detailed or no Order Form applies, a period of twelve (12) months from the Order Commencement Date.
“Intellectual Property Rights” means all existing and future industrial and intellectual property rights, and includes any copyright, patent, registered or unregistered trade mark, trade or business or company name, registered or unregistered design, moral right, trade secret, knowhow and right in relation to semiconductors and circuit layouts both in the United Kingdom and throughout the world, or right of registration of such rights.
“v3rity Material” means any Material created by v3rity or provided by v3rity to You in the course of performing the Services or the purposes of this Agreement but excludes Client Material.
“Material” means any material including documents, technical information, plans, studies, equipment, reports, charts, drawings, software, schemas, calculations, tables, schedules and data stored by any means.
“Order Form” means the service order form signed by you and accepted by us for purchase of v3rity Services, or the online order form completed by you for purchase of v3rity Services.
“Order Commencement Date” means the date specified in your Order Form, or if no date is specified or no Order Form applies, the date you sign up to the v3rity Platform and create a business account.
“Renewal Period” means the twelve (12) month period beginning on expiration of the Initial Order Term, and each subsequent twelve (12) month period commencing on an anniversary of that date.
“Successful Connection” means a data connection supporting the verification of an Employment or Gap Activity delivered via Payroll, Banking, v3rity System or other data source.
“Successful Connection Fee” means the charges payable by you in respect of each Successful Connection.
“Term” shall have the meaning given to it in clause 10.1
Appendix 1 – Data Processing Appendix
1. Introduction
1.1 This Data Processing Appendix applies where we act as processor on your behalf in connection with personal data that we process on our Platform or in the provision of the Services.
1. Introduction
1.1 This Data Processing Appendix applies where we act as processor on your behalf in connection with personal data that we process on our Platform or in the provision of the Services.
2. Your obligations as controller
2.1 You will comply with your obligations as a controller under Data Protection Law in respect of your processing of personal data and any processing instructions that you issue to us.
2.2 You are responsible for providing such notifications or, where your processing of personal data is based on consent, obtaining all consents required by Data Protection Laws for our processing of personal data on your behalf.
2.3 You will not upload or share with us any personal data that is considered to be special category personal data without our prior written consent and then only on condition that you have explicit consent to process such data or another appropriate lawful basis taking into account the categorisation of such data as special category personal data under Data Protection Law.
2.1 You will comply with your obligations as a controller under Data Protection Law in respect of your processing of personal data and any processing instructions that you issue to us.
2.2 You are responsible for providing such notifications or, where your processing of personal data is based on consent, obtaining all consents required by Data Protection Laws for our processing of personal data on your behalf.
2.3 You will not upload or share with us any personal data that is considered to be special category personal data without our prior written consent and then only on condition that you have explicit consent to process such data or another appropriate lawful basis taking into account the categorisation of such data as special category personal data under Data Protection Law.
3. Our obligations as processor
3.1 We will comply with the obligations set out in this Data Processing Appendix where we process personal data on your behalf. Further details about the subject matter and duration of processing, the nature and purposes of processing, the type of personal data and categories of data subjects are set out in Schedule A to this Data Processing Appendix.
3.2 We shall process personal data in our capacity as processor only as set out in Schedule A to this Data Protection Appendix. We will not process any such data for our own purposes or those of any third party, unless the individual to whom the personal data relates has or sets up an account on our Platform, in which case this Data Processing Appendix shall not apply.
3.3 We will process the personal data to which this Data Processing Appendix applies only on your documented instructions and we shall inform you if, in our opinion, an instruction infringes any Data Protection Laws. Nothing in this paragraph 3.3 shall require us to undertake any assessment of instructions that a controller would be required to undertake under Data Protection Law or to make enquiries of you or your instructions that are outside of our role as a processor in connection with this Data Processing Appendix. You agree that your complete and final instructions with regard to the nature and purposes of the processing are set out in this Data Processing Appendix, except as otherwise provided using the functionality made available on the Platform.
3.4 We shall ensure that any person that we authorise to process personal data shall be subject to a strict duty of confidentiality (whether a contractual duty or statutory duty) and we shall not permit any person to process personal data who is not under such a data of confidentiality.
3.5 We have implemented and will maintain appropriate technical and organisational security measures to protect personal data from personal data breaches (the Security Measures). A summary of the Security Measures applicable to our Services is available on our website. You agree that the Security Measures are subject to technical progress and development and that we may update or modify the Security Measures from time to time provided that such updates or modifications do not result in the degradation of the overall security of the Services. We will update our summary of Security Measures where material changes are required to it.
3.6 We will notify you without undue delay after becoming aware of a personal data breach in respect of the personal data that we process on your behalf. We will provide reasonable and timely information and cooperation as you may require in order to fulfil any obligation you may have to report the personal data breach under (and in accordance with the timescales required by) Data Protection Laws.
3.7 You agree that in order to provide the Services we may engage subprocessors to process personal data. We maintain an up to date list of our authorised subprocessors on our website. Where we engage an authorised subprocessor, we will:
3.8 We will provide you with reasonable prior notice via email or such other electronic means as we may use from time to time (such as in app messaging on our Platform) if we intend to make any changes to our subprocessors. You may object in writing to our appointment of a new subprocessor, provided that such objection is based on reasonable grounds relating to data protection. In any event, you will discuss such concerns with us in good faith with a view to achieving resolution. If this is not possible, we may suspend or terminate the Services without prejudice to any fees incurred by you before suspension or termination.
3.9 We shall, taking into account the nature of our processing of personal data, assist you by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of your obligations to respond to any requests by data subjects to exercise their rights. We shall also assist you in implementing appropriate technical and organisational measures concerning personal data breaches, completing data protection impact assessments required under Data Protection Law and notifying personal data breaches to the competent supervisory authority or to the data subjects concerned, as required by Data Protection Law and taking into account the information available to us.
3.10 If compliance by us with paragraph 3.9 of this Data Processing Appendix requires: (i) a change to the Services; (ii) the expenditure of material effort or cost that is not provided for in the Services or compensated in the associated fees or charges, then we shall not be required to provide any assistance except if and to the extent that a suitable change and associated fees and charges are agreed. We shall consider requests made by you for such assistance in good faith.
3.11 In the event that any data subject request is made directly to us, we shall not respond to such communication directly without your prior authorisation, unless legally compelled to do so. If we are required to respond to such a request, we will promptly notify you and provide you with a copy of the request and you shall be responsible for responding to it and (where required under Data Protection Law) complying with it.
3.12 On the termination or expiry of the Services, we shall (at your election) delete or return to you all personal data in our possession or control that we are processing on your behalf. This requirement shall not apply to the extent we are required by applicable law to retain some or all of the personal data, in which event we shall isolate and protect the personal data from further processing except to the extent required by such law, until deletion is possible.
3.13 We shall make available to you all information necessary to demonstrate compliance with the obligations set out in this Schedule and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you, except if and to the extent that providing such information nor permitting such an audit would place us in breach of law or cause us to infringe the rights (including any Intellectual Property Rights or confidential information) of any of our other customers. No more than one audit may be conducted in any calendar year, except if and when required by instruction of a competent data protection authority. We shall be entitled to recover our costs of complying with requests for information and audits from you on demand.
3.14 Where we have appointed a third-party auditor to assess any of our technical or organisational measures to protect against personal data breaches for the purposes of any industry certification or otherwise (such as a SOC2 certification), we may share a copy of the auditor s certificate or report, in lieu of providing other information or allowing for other audits by you or another auditor.
3.1 We will comply with the obligations set out in this Data Processing Appendix where we process personal data on your behalf. Further details about the subject matter and duration of processing, the nature and purposes of processing, the type of personal data and categories of data subjects are set out in Schedule A to this Data Processing Appendix.
3.2 We shall process personal data in our capacity as processor only as set out in Schedule A to this Data Protection Appendix. We will not process any such data for our own purposes or those of any third party, unless the individual to whom the personal data relates has or sets up an account on our Platform, in which case this Data Processing Appendix shall not apply.
3.3 We will process the personal data to which this Data Processing Appendix applies only on your documented instructions and we shall inform you if, in our opinion, an instruction infringes any Data Protection Laws. Nothing in this paragraph 3.3 shall require us to undertake any assessment of instructions that a controller would be required to undertake under Data Protection Law or to make enquiries of you or your instructions that are outside of our role as a processor in connection with this Data Processing Appendix. You agree that your complete and final instructions with regard to the nature and purposes of the processing are set out in this Data Processing Appendix, except as otherwise provided using the functionality made available on the Platform.
3.4 We shall ensure that any person that we authorise to process personal data shall be subject to a strict duty of confidentiality (whether a contractual duty or statutory duty) and we shall not permit any person to process personal data who is not under such a data of confidentiality.
3.5 We have implemented and will maintain appropriate technical and organisational security measures to protect personal data from personal data breaches (the Security Measures). A summary of the Security Measures applicable to our Services is available on our website. You agree that the Security Measures are subject to technical progress and development and that we may update or modify the Security Measures from time to time provided that such updates or modifications do not result in the degradation of the overall security of the Services. We will update our summary of Security Measures where material changes are required to it.
3.6 We will notify you without undue delay after becoming aware of a personal data breach in respect of the personal data that we process on your behalf. We will provide reasonable and timely information and cooperation as you may require in order to fulfil any obligation you may have to report the personal data breach under (and in accordance with the timescales required by) Data Protection Laws.
3.7 You agree that in order to provide the Services we may engage subprocessors to process personal data. We maintain an up to date list of our authorised subprocessors on our website. Where we engage an authorised subprocessor, we will:
- restrict the subprocessor’s access to the relevant personal data to what is necessary to assist us in providing or maintaining the Services and we will prohibit the subprocessor from accessing personal data for any other purpose;
- enter into a written agreement with the subprocessor imposing data protection terms that require the subprocessor to protect the personal data to the standard required by Data Protection Laws;
- remain responsible for compliance with our obligations under this Data Processing Appendix for any acts or omissions of the subprocessor that cause us to breach any of our obligations.
3.8 We will provide you with reasonable prior notice via email or such other electronic means as we may use from time to time (such as in app messaging on our Platform) if we intend to make any changes to our subprocessors. You may object in writing to our appointment of a new subprocessor, provided that such objection is based on reasonable grounds relating to data protection. In any event, you will discuss such concerns with us in good faith with a view to achieving resolution. If this is not possible, we may suspend or terminate the Services without prejudice to any fees incurred by you before suspension or termination.
3.9 We shall, taking into account the nature of our processing of personal data, assist you by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of your obligations to respond to any requests by data subjects to exercise their rights. We shall also assist you in implementing appropriate technical and organisational measures concerning personal data breaches, completing data protection impact assessments required under Data Protection Law and notifying personal data breaches to the competent supervisory authority or to the data subjects concerned, as required by Data Protection Law and taking into account the information available to us.
3.10 If compliance by us with paragraph 3.9 of this Data Processing Appendix requires: (i) a change to the Services; (ii) the expenditure of material effort or cost that is not provided for in the Services or compensated in the associated fees or charges, then we shall not be required to provide any assistance except if and to the extent that a suitable change and associated fees and charges are agreed. We shall consider requests made by you for such assistance in good faith.
3.11 In the event that any data subject request is made directly to us, we shall not respond to such communication directly without your prior authorisation, unless legally compelled to do so. If we are required to respond to such a request, we will promptly notify you and provide you with a copy of the request and you shall be responsible for responding to it and (where required under Data Protection Law) complying with it.
3.12 On the termination or expiry of the Services, we shall (at your election) delete or return to you all personal data in our possession or control that we are processing on your behalf. This requirement shall not apply to the extent we are required by applicable law to retain some or all of the personal data, in which event we shall isolate and protect the personal data from further processing except to the extent required by such law, until deletion is possible.
3.13 We shall make available to you all information necessary to demonstrate compliance with the obligations set out in this Schedule and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you, except if and to the extent that providing such information nor permitting such an audit would place us in breach of law or cause us to infringe the rights (including any Intellectual Property Rights or confidential information) of any of our other customers. No more than one audit may be conducted in any calendar year, except if and when required by instruction of a competent data protection authority. We shall be entitled to recover our costs of complying with requests for information and audits from you on demand.
3.14 Where we have appointed a third-party auditor to assess any of our technical or organisational measures to protect against personal data breaches for the purposes of any industry certification or otherwise (such as a SOC2 certification), we may share a copy of the auditor s certificate or report, in lieu of providing other information or allowing for other audits by you or another auditor.
4. International transfers
4.1 We may transfer and process personal data anywhere in the world where we or our subprocessors maintain data processing operations. We will at all times provide an adequate level of protection for the personal data processed in accordance with the requirements of Data Protection Laws. In particular, we may transfer personal data to a third country outside the United Kingdom where the transfer is:
4.2 You hereby allow us to enter into Standard Contractual Clauses on your behalf (whether on a named or unnamed basis and whether combined with any other transfers on behalf of others) in order to transfer personal data to a recipient outside the United Kingdom to whom we would not otherwise be entitled to transfer personal data.
4.1 We may transfer and process personal data anywhere in the world where we or our subprocessors maintain data processing operations. We will at all times provide an adequate level of protection for the personal data processed in accordance with the requirements of Data Protection Laws. In particular, we may transfer personal data to a third country outside the United Kingdom where the transfer is:
- to a recipient in an Adequate Territory;
- to a recipient that has achieved binding corporate rules authorisation in accordance with Data Protection Law;
- to a recipient that has executed the Standard Contractual Clauses.
4.2 You hereby allow us to enter into Standard Contractual Clauses on your behalf (whether on a named or unnamed basis and whether combined with any other transfers on behalf of others) in order to transfer personal data to a recipient outside the United Kingdom to whom we would not otherwise be entitled to transfer personal data.
5. Definitions
5.1 In this Data Processing Appendix, these terms shall have the meanings given to them below:
The terms "controller", "processor", "process", "data subject", "personal data", "special category personal data" and "personal data breach" shall have the meaning given to them under Data Protection Law;
"Adequate Territory" means a territory that has been recognised by the United Kingdom as ensuring an adequate level of protection pursuant to Data Protection Laws;
"CRM Data" means any personal data of staff or representatives of yours which is processed by us for the purposes of managing the Services, administering the Agreement and any financial or operational matters in connection with it and marketing products and services to you;
"Data Protection Law" means any law, enactment, regulation or order concerning the processing of data relating to living persons including:
"Standard Contractual Clauses" means the standard data protection clauses adopted pursuant to or permitted under Article 46 of the UK GDPR;
“UK GDPR" means the GDPR as it forms part of retained EU law (as defined in the European Union (Withdrawal) Act 2018 and as amended (if applicable) by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 or any other laws or regulations in the United Kingdom.
5.2 Where we have made settings available, we will honour the choices that you make about who can see your Verifications and other information.
5.3 You guarantee that you have the right to allow us to make such disclosures of the Verifications and other information, even if third parties such as Data Sources have rights in and to the Verifications or other information uploaded on or transmitted over the Platform.
5.1 In this Data Processing Appendix, these terms shall have the meanings given to them below:
The terms "controller", "processor", "process", "data subject", "personal data", "special category personal data" and "personal data breach" shall have the meaning given to them under Data Protection Law;
"Adequate Territory" means a territory that has been recognised by the United Kingdom as ensuring an adequate level of protection pursuant to Data Protection Laws;
"CRM Data" means any personal data of staff or representatives of yours which is processed by us for the purposes of managing the Services, administering the Agreement and any financial or operational matters in connection with it and marketing products and services to you;
"Data Protection Law" means any law, enactment, regulation or order concerning the processing of data relating to living persons including:
- the UK GDPR;
- the UK Data Protection Act 2018;
- any other law relating to personal data, each to the extent applicable to the parties or the processing activities in connection with the Services;
"Standard Contractual Clauses" means the standard data protection clauses adopted pursuant to or permitted under Article 46 of the UK GDPR;
“UK GDPR" means the GDPR as it forms part of retained EU law (as defined in the European Union (Withdrawal) Act 2018 and as amended (if applicable) by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 or any other laws or regulations in the United Kingdom.
5.2 Where we have made settings available, we will honour the choices that you make about who can see your Verifications and other information.
5.3 You guarantee that you have the right to allow us to make such disclosures of the Verifications and other information, even if third parties such as Data Sources have rights in and to the Verifications or other information uploaded on or transmitted over the Platform.
Schedule A – Data Processing Description
Subject matter: The subject matter of the data processing under this Schedule is the processing of personal data provided to us by the Client in connection with Verifications.
Duration: The duration of the data processing under this Schedule is the duration of the Services.
Purpose: The purposes of the processing by us are:
Nature of the processing: The provision of Services.
Categories of data subjects: Your employees including volunteers (past, present and prospective).
Types of personal data: This includes all personal data processed by us on your behalf in relation to the
Services including:
Special categories of data (if appropriate): not applicable
Subject matter: The subject matter of the data processing under this Schedule is the processing of personal data provided to us by the Client in connection with Verifications.
Duration: The duration of the data processing under this Schedule is the duration of the Services.
Purpose: The purposes of the processing by us are:
- the performance of our obligations, including the provision of the Services;
- complying with our obligations under applicable law;
- improving and enhancing our Platform and the Services.
Nature of the processing: The provision of Services.
Categories of data subjects: Your employees including volunteers (past, present and prospective).
Types of personal data: This includes all personal data processed by us on your behalf in relation to the
Services including:
- First name
- Middle name
- Last name
- Address
- Email address
- Phone number
- National Insurance Number
- Date of birth
- Job title
- Previous Employer name
- New employer name
- New employer job title
- Salary, commission, bonus
- Employment and gap dates (start date, end date)
- Payment/payslip dates
- Work address
- Department
- Employee type
- Reason for leaving
- Bank account information (including credits, debits and category)
- Education information (including institute name and dates)
Special categories of data (if appropriate): not applicable
Verify with v3rity