1.1. Konfir.com is owned and operated by Konfir (UK) Limited ("Konfir", "we", "us" or "our"). We provide an online platform at Konfir.com (the "Platform") to enable organisations such as banks, brokers, credit providers, estate agents, recruitment agencies, prospective new employers and screening providers ("Clients") to manage requests to and from other organisations ("Data Sources") to verify employment details or documents (the "Services"). Our Platform includes websites, microsites, databases and back-end systems that we use to operate Konfir.com.
1.2. If you are an organisation using our Platform or Services ("you") then:
2.1. The Services are made available to you subject to these terms and conditions (these "Terms”) and the terms set out in the applicable Order Form (if any). The Terms constitute a binding legal contract between you and us.
2.2. By accessing the Platform or by using the Services in any manner, you signify your acceptance of these Terms. If you do not agree to these Terms, then you must stop using the Platform and the Services.
2.3. We may amend these Terms from time to time. If we do, we will publish the amended Terms or the changes to them on the Platform and the amended Terms will take effect no less than 7 days from the date on which we publish the amendments. Your access to the Platform and the Services may be restricted or prevented unless and until you have agreed to such amended Terms. By continuing to use your account and access the Services after the new changes have taken effect, you indicate your agreement to the amended Terms.
2.4. Any individual who is the subject of your Verification request (“End User”) must accept our End User Terms of Use available on our website , as updated from time to time (“End User Terms of Use”).
3.1. The Services enable you to request Verifications from Data Sources and for other organisations to request Verifications from you. Accordingly, our Platform is designed to disclose Verifications and other information (such as messages, links or other posts) to:
3.2. End Users may also receive Verifications and other information (such as messages, link or other posts) where they are required to authorise the disclosure of such information and/or where we otherwise provide a copy to them in accordance with the settings of our Platform.
3.3. We will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of any unauthorised disclosure of Verifications and other information.
4.1. Konfir grants you a non-exclusive, non-transferable, irrevocable right to access the Platform and use the Services during the Term solely for your internal business purposes and such other purposes as we may authorise in writing, subject to your compliance with the Agreement (“Right of Use”). The Right of Use is personal to you and you must not attempt to transfer the right to any third party, including an Affiliate. All rights not specifically granted hereunder are reserved by Konfir.
5.1. The Services enable you to request Verifications from Data Sources and for other organisations to request Verifications from you. Accordingly, our Platform is designed to disclose Verifications and other information (such as messages, links or other posts) to third parties. You grant to us:
5.2. Where we have made settings available, we will honour the choices that you make about who can see your Verifications and other information.
5.3. You guarantee that you have the right to allow us to make such disclosures of the Verifications and other information, even if third parties such as Data Sources have rights in and to the Verifications or other information uploaded on or transmitted over the Platform.
6.1. As part of the Services, you may appoint users to manage your Verification requests and responses (“Client Users”). Each Client User must have a user account.
6.2. Each Client User must:
6.3. Only a Client User who is duly authorised by an organisation may set up an account on your behalf. The Client User will be granted administrator rights at the point at which they place an order on behalf of an organisation. The administrator:
6.4. The administrator may also appoint other Client Users to act as administrators on your behalf, to the extent permitted by the settings on the Platform. Each administrator must meet the requirements set out in clause 6.3 above.
6.5. You must notify us of any breach of the Agreement or End User Terms by any End User, Client User or administrator.
7.1. You must not misuse the Platform or the Services. In particular, you must not (and must ensure that your Client Users do not):
7.2. You must not breach our security or do anything that could harm our Platform or Services. In particular, you must not:
7.3. You must not infringe our rights. In particular, you must not:
7.4. We may temporarily or permanently limit or restrict your access and use of the Platform or the Services if we consider that:
8.1. We will make the Platform available and provide the Services using reasonable care and skill in accordance with this Agreement. In particular, we shall use commercially reasonable efforts to make the Services available 24 hours a day, seven days per week, except for maintenance. Incidents and support requests may be submitted to: verifications@konfir.com.
8.2. We may update or change the precise specification or functionality of the Platform and the Services are our discretion, but we will not materially decrease or impair the performance of the Services in doing so.
8.3. We are not responsible or liable for the accuracy or completeness of any Verifications provided or received by you in connection with the Services and you are responsible for determining if and the extent to which such information should be relied on and whether or not any further enquiries should be made to confirm the information contained in the Verifications.
8.4. We may also provide third party solutions in conjunction with the Platform or the Services. We are not acting as agent for any provider of such third-party solution and we give no warranty or representation of any kind in relation to such third-party solution on our behalf or on behalf of the third-party provider. You (or the applicable End User) will be responsible for agreeing to any additional terms presented with respect to a third-party solution and you (or the applicable End User) may not use such third-party solution unless you accept the additional terms.
9.1. You shall pay all applicable charges and expenses in accordance with your Order Form, these Terms and any other applicable payment terms or conditions that we may agree with you.
9.2. Unless specified otherwise in an Order Form, your use of the Services will be charged on a per Successful Connection basis and the Successful Connection Fees will be calculated in accordance with our standard Pricing Schedule .
9.3. We may adjust our charges and the Pricing Schedule on not less than three months’ notice to you.
9.4. Where you have an Order Form, all invoices issued under an Order Form must be paid within thirty (30) days after the date of issue, unless different payment terms are specified in your Order Form.
9.5. Otherwise, where you have self-signed up to the Konfir Platform (and do not have an Order Form), you will be automatically debited at the end of each month for the Successful Connection Fees incurred that month. You expressly consent to authorise and instruct us to deduct the Successful Connection Fees from your nominated payment method in accordance with the Pricing Schedule and the terms of this Agreement. You acknowledge that you are giving us the ability to collect variable amounts from your nominated payment method. Where an automatic debit is unsuccessful for any reason, we reserve the right to issue you an invoice for the Successful Connection Fees and that invoice must be paid within thirty (30) days after the date of issue.
9.6. Konfir will retain all Client Data in accordance with our standard data retention and deletion schedule.
9.7. All amounts payable are payable in pounds sterling and are exclusive of tax, including value added tax, which shall be payable by you and added to our invoices where applicable.
9.8. Without limiting any other remedy available to us under the terms of the Agreement or at law, we may suspend the provision of all Services and access to the Platform if you fail to pay the fees and charges in accordance with clause 9.3, and those fees are more than thirty (30) days overdue and Konfir has issued a reminder notice. Unpaid due amounts are subject to a finance charge of 1.5% per month on any outstanding balance and all payment collection expenses.
9.9. Unless otherwise specified in the Order Form, the Fees will be increased each year during the Term on each Anniversary Date by CPI.
10.1. This Agreement and your Right of Use commences on the Order Commencement Date and continues for the Initial Order Term and each Renewal Period unless terminated earlier in accordance with this clause 10.
10.2. Each party may terminate the Agreement by providing no less than sixty (60) days’ notice in writing to the other party prior to the end of the Initial Order Term or then current Renewal Period, with termination to take effect on the expiration of the Initial Order Term or then current Renewal Period.
10.3. Either party may terminate this Agreement with immediate effect if:
10.4. On termination or expiry of this Agreement:
11.1. Termination of this Agreement will not affect clauses 10.5, 12, 14, 15 and 16 or any provision of this Agreement which is expressly or by implication intended to come into force or continue on or after the termination.
12.1. Any liability of Konfir for any loss or damage however caused (including whether such liability is asserted on the basis of contract, tort or otherwise) suffered by you in connection with this Agreement is limited to the fees paid or payable by you to us in the twelve (12) months prior to the initial claim. Each applicable limitation of liability set out in this clause 12 is an aggregate limit for all claims, whenever made.
12.2. Nothing in this Agreement is intended to exclude or limit our liability for death or personal injury caused by our negligence, fraud and fraudulent misrepresentation or for any other liability that cannot be excluded or limited by law.
12.3. The Services and the Platform are made available to you on an AS IS and AS AVAILABLE basis. It is your responsibility to ensure that the Platform and the Services are suitable for your intended purposes.
12.4. We give no warranties, assurances or guarantees:
12.5. Except as otherwise set out in these Terms, all warranties, terms, conditions and undertakings, whether express or implied by common law, statute, course of dealing or otherwise in relation to the Platform and the Services are excluded to the fullest extent permitted by law.
12.6. You acknowledge and agree that the operation of the Platform and the Services is dependent upon the proper and effective functioning of the internet and other third-party equipment and services, and we do not guarantee and will not be liable for these in any way.
12.7. Subject to clause 12.2, we will not be liable to you or your employees (past, present or prospective):
12.8. We shall not be in breach of contract or otherwise liable to you or any of your individual users for any failure to perform or any delay in performing our obligations under these Terms or in respect of the Services if and to the extent that such failure or delay is due to any failure or delay of yours, a Client User or End User to comply with these Terms or to provide us with reasonable assistance and cooperation in connection with the Services, or any other circumstances outside our reasonable control.
13.1. The parties agree that in the event that any dispute arises out of or in connection with this Agreement, the parties will first meet to attempt to resolve the dispute in good-faith by direct communications between the individuals responsible for administering this Agreement on behalf of each party, followed by negotiation between authorised executives to settle the dispute.
14.1. For the purposes of this Agreement, Confidential Information means these Terms, an Order Form and all materials, data and other documents which are disclosed by one party to the other in connection with the Services, and (subject to these Terms):
14.2. Except to the extent set out herein or where disclosure is expressly permitted in this Agreement or by the functionality of the Services, each party shall treat the other party’s Confidential Information as confidential and safeguard it accordingly, and shall not disclose the other party s Confidential Information to any other person without the other party s prior written consent.
14.3. Neither party will be restricted from disclosing information to the extent that:
15.1. All Intellectual Property Rights, title and interest in and to the Services, Platform and Konfir Material and otherwise created by us in the course of performing the Services are retained by Konfir and other than the Right of Use, nothing in this Agreement grants you any right, title or interest in the Services, Platform or Konfir Material.
15.2. Konfir retains all Intellectual Property Rights in any modifications to the Platform or Services regardless of whether those modifications are made based on Feedback or if you have paid for those modifications. If you or your Client Users provide any feedback, comments or suggestions concerning the functionality or performance of the Services or Platform (“Feedback”), and we implement a change suggested by that Feedback, you hereby assign all rights, title and interest in the Feedback to us.
15.3. Client Material will remain your property and other than as set out this clause 15.3, nothing in this Agreement grants us any Intellectual Property Rights in Client Material. You grant us a non-exclusive, global licence (including the right to sublicense) to exercise the Intellectual Property Rights in Client Material to the extent required to perform the Services and to improve the Services, including to use and modify Client Material as necessary.
16.1. We may disclose the fact that you are a customer of us and may use your logo and trademarks in the user journey, on emails and SMS messages to users, on FAQ pages and in marketing materials. Your trademarks and logos will remain, as between you and us, your sole and exclusive property. Other than as set out in this clause 16, each party must not use the trade marks or logos of the other party except with the prior written consent. Without limiting the confidentiality obligations set out in these Terms, each party must not and must ensure their employees, officers and agents do not, make any public or media statement regarding the other party, this Agreement, the Services or the Platform without the prior written consent of the other party.
17.1. Our Services are designed to enable you to request, respond to and share Verifications, which contain personal data about individuals, with other organisations who either request or provide them. We therefore need to share personal data with you, with other organisations and in many cases with the End Users, for the purposes of providing our Services and for you to enjoy their benefits. The data will include such information as required to identify an individual to a Data Source (such as name, job title, employment status, date of birth or otherwise) and such other information that the Data Source is asked to provide. Further information about our processing of personal data, including the type of data that we share and our lawful basis for processing, is set out in our privacy policy available on our website.
17.2. Except as otherwise provided, we and you will each act as individual controllers with respect to the personal data processed about individuals to whom Verifications relate. We will also act as a controller with respect to CRM Data.
17.3. You must comply with Data Protection Law with respect to your use or disclosure of Verifications that you give or receive via our Platform. You will be responsible for compliance with all data subject requests under Data Protection Law with which you are required to comply as a controller. We will not be responsible for complying with or providing any support or assistance to you with respect to any requests by individuals to exercise their data subject rights regarding information that we do not store on our Platform and you hereby indemnify and will keep us indemnified against all claims that we receive from any individuals that relate to the use (or misuse) of Verifications by you, whether under Data Protection Law or otherwise.
17.4. We will comply with Data Protection Law with respect to the operation of our Platform and our provision of the Services. We will comply, to the extent required by applicable Data Protection Law, with individual’s requests to exercise their data subject rights in respect of the personal data that is stored on our Platform.
17.5. In certain limited circumstances or where specified in an Order Form, we will act as a processor on your behalf or on behalf of other organisations on whose behalf we act in connection with Verifications. We will act as a processor on your behalf where we agree to act on your instructions with respect to Verifications that you may ask us to make on your behalf. In such circumstances, the provisions set out in the Data Processing Appendix to these Terms shall apply.
17.6. In this clause, capitalised terms or terms beginning with a capital letter shall have the meaning given in the Data Processing Appendix.
18.1. We confirm that we comply in all material respects with all applicable laws and regulations governing the operation of our Platform and the provision of our Services. Where required, you agree to provide reasonable assistance to us in complying with all such laws and regulations.
19.1. Illegality/Severance: If any provision of this Agreement is declared by any competent court or body to be illegal, invalid or unenforceable under the law of any jurisdiction, or if any enactment is passed that renders any provision illegal, invalid or unenforceable under the law of any jurisdiction, this shall not affect or impair the legality, validity or enforceability of the remaining provisions.
19.2. Third party rights: any member of the Konfir group of companies may enforce the Agreement directly against you as if they were a party to these Terms. Otherwise, no person who is not a party to the Agreement may enforce these Terms against a party.
19.3. Waiver: If we fail to insist that you meet your obligations under the Agreement or if we do not enforce our rights against you or if we delay in doing so, that will not mean that we have waived our rights against you and it does not mean that you do not have to comply with those obligations. If we do waive a default by you, we will only do so in writing and that will not mean that we will automatically waive any later default by you. Even if we delay in enforcing our rights under the Agreement, we may still enforce our rights later.
19.4. Entire Agreement: These Terms and the applicable Order Form constitute the entire agreement and understanding between you and us relating to your access to and use of the Services. Any terms and conditions contained in any Purchase Order provided by You in relation to the supply of Services by Konfir are expressly excluded and Konfir will not be bound by those terms.
19.5. No reliance: You acknowledge and agree that you do not rely on, and shall have no remedy in respect of, any promise, assurance, statement, warranty, undertaking or representation made (whether innocently or negligently) by us or any other person except as expressly set out in the Agreement, in respect of which your sole remedy shall be for breach of contract
19.6. Assignment and subcontracting: we may assign our rights and/or subcontract our obligations under the Agreement to any other person at any time. You may not assign or transfer any of your rights or obligations under the Agreement without our prior written consent.
19.7. Governing Law and Jurisdiction: The Agreement and any dispute or claim arising out of or in connection with them or the Services (including non-contractual disputes or claims) shall be governed by English law. The parties submit to the non-exclusive jurisdiction of the English courts for all purposes relating to and in connection with the Agreement and any such dispute or claim.
19.8. Force Majeure Event: Neither party will be in breach of this Agreement or liable to the other for any failure or delay in the performance of obligations under this Agreement to the extent that such failure or delay is caused by a Force Majeure.
19.9. Order of Precedence: In the event of any inconsistency or conflict between the documents constituting the Agreement, the documents shall rank in the following order of priority (with document (i) being the highest in priority, etc.):
“Affiliate” shall mean and include any company which in relation to either party is a subsidiary, holding company or subsidiary of a holding company as the terms "subsidiary" and "holding company" are defined by Section 1159 of the Companies Act 2006 (as amended).
“Agreement” means this Agreement, which is comprised of the Order Form (as applicable) and these Terms.
“Anniversary Date” means the annual anniversary of the Order Commencement Date.
“Client Data” means any data provided by the Client or the Client Users to Konfir or input by the Client or Client Users into the Services but excludes Konfir Material and End User Data.
“Client Material” means any data provided by You to Konfir for input into the Services and any Material provided by You to Konfir for the purposes of this Agreement but excludes Konfir Material and End User Data
“CPI” means the percentage change in the Consumer Price Index (CPI) for the twelve (12) month period most recently published by the Office of National Statistics (or any successor UK government Department) prior to the relevant Anniversary Date.
“End User Data” means data provided by the End User or on behalf of the End User (but not by the Client) to Konfir for the purposes of provided the Services to the End User.
“Force Majeure” means any occurrence or omission outside a party’s control including:
“Initial Order Term” means the initial term of the Services as set out in the Order Form or if no initial term is detailed or no Order Form applies, a period of twelve (12) months from the Order Commencement Date.
“Intellectual Property Rights” means all existing and future industrial and intellectual property rights, and includes any copyright, patent, registered or unregistered trade mark, trade or business or company name, registered or unregistered design, moral right, trade secret, knowhow and right in relation to semiconductors and circuit layouts both in the United Kingdom and throughout the world, or right of registration of such rights.
“Konfir Material” means any Material created by Konfir or provided by Konfir to You in the course of performing the Services or the purposes of this Agreement but excludes Client Material.
“Material” means any material including documents, technical information, plans, studies, equipment, reports, charts, drawings, software, schemas calculations, tables, schedules and data stored by any means.
“Order Form” means the service order form signed by you and accepted by us for purchase of Konfir Services, or the online order form completed by you for purchase of Konfir Services.
“Order Commencement Date” means the date specified in your Order Form, or if no date is specified or no Order Form applies, the date you sign up to the Konfir Platform and create a business account.
“Pricing Schedule” means our standard pricing available on our website, as updated from time to time.
“Renewal Period” means the twelve (12) month period beginning on expiration of the Initial Order Term, and each subsequent twelve (12) month period commencing on an anniversary of that date.
“Successful Connection” means a data connection supporting the verification of an Employment or Gap Activity delivered via Payroll, Banking, Konfir Konsole or other data source. Read more about Employment Verification Activities here.
“Successful Connection Fee” means the charges payable by you in respect of each Successful Connection.
“Term” shall have the meaning given to it in clause 10.1
APPENDIX 1 - DATA PROCESSING APPENDIX
1.1 This Data Processing Appendix applies where we act as processor on your behalf in connection with personal data that we process on our Platform or in the provision of the Services.
2.1 You will comply with your obligations as a controller under Data Protection Law in respect of your processing of personal data and any processing instructions that you issue to us.
2.2 You are responsible for providing such notifications or, where your processing of personal data is based on consent, obtaining all consents required by Data Protection Laws for our processing of personal data on your behalf.
2.3 You will not upload or share with us any personal data that is considered to be special category personal data without our prior written consent and then only on condition that you have explicit consent to process such data or another appropriate lawful basis taking into account the categorisation of such data as special category personal data under Data Protection Law.
3.1 We will comply with the obligations set out in this Data Processing Appendix where we process personal data on your behalf. Further details about the subject matter and duration of processing, the nature and purposes of processing, the type of personal data and categories of data subjects are set out in Schedule A to this Data Processing Appendix.
3.2 We shall process personal data in our capacity as processor only as set out in Schedule A to this Data Protection Appendix. We will not process any such data for our own purposes or those of any third party, unless the individual to whom the personal data relates has or sets up an account on our Platform, in which case this Data Processing Appendix shall not apply.
3.3 We will process the personal data to which this Data Processing Appendix applies only on your documented instructions and we shall inform you if, in our opinion, an instruction infringes any Data Protection Laws. Nothing in this paragraph 3.3 shall require us to undertake any assessment of instructions that a controller would be required to undertake under Data Protection Law or to make enquiries of you or your instructions that are outside of our role as a processor in connection with this Data Processing Appendix. You agree that your complete and final instructions with regard to the nature and purposes of the processing are set out in this Data Processing Appendix, except as otherwise provided using the functionality made available on the Platform.
3.4 We shall ensure that any person that we authorise to process personal data shall be subject to a strict duty of confidentiality (whether a contractual duty or statutory duty) and we shall not permit any person to process personal data who is not under such a data of confidentiality.
3.5 We have implemented and will maintain appropriate technical and organisational security measures to protect personal data from personal data breaches (the Security Measures). A summary of the Security Measures applicable to our Services is available on our website. You agree that the Security Measures are subject to technical progress and development and that we may update or modify the Security Measures from time to time provided that such updates or modifications do not result in the degradation of the overall security of the Services. We will update our summary of Security Measures where material changes are required to it.
3.6 We will notify you without undue delay after becoming aware of a personal data breach in respect of the personal data that we process on your behalf. We will provide reasonable and timely information and cooperation as you may require in order to fulfil any obligation you may have to report the personal data breach under (and in accordance with the timescales required by) Data Protection Laws.
3.7 You agree that in order to provide the Services we may engage subprocessors to process personal data. We maintain an up to date list of our authorised subprocessors on our website. Where we engage an authorised subprocessor, we will:
(a) restrict the subprocessor s access to the relevant personal data to what is necessary to assist us in providing or maintaining the Services and we will prohibit the subprocessor from accessing personal data for any other purpose;
(b) enter into a written agreement with the subprocessor imposing data protection terms that require the subprocessor to protect the personal data to the standard required by Data Protection Laws; and
(c) remain responsible for compliance with our obligations under this Data Processing Appendix for any acts or omissions of the subprocessor that cause us to breach any of our obligations.
3.8 We will provide you with reasonable prior notice via email or such other electronic means as we may use from time to time (such as in app messaging on our Platform) if we intend to make any changes to our subprocessors. You may object in writing to our appointment of a new subprocessor, provided that such objection is based on reasonable grounds relating to data protection. In any event, you will discuss such concerns with us in good faith with a view to achieving resolution. If this is not possible, we may suspend or terminate the Services without prejudice to any fees incurred by you before suspension or termination.
3.9 We shall, taking into account the nature of our processing of personal data, assist you by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of your obligations to respond to any requests by data subjects to exercise their rights. We shall also assist you in implementing appropriate technical and organisational measures concerning personal data breaches, completing data protection impact assessments required under Data Protection Law and notifying personal data breaches to the competent supervisory authority or to the data subjects concerned, as required by Data Protection Law and taking into account the information available to us.
3.10 If compliance by us with paragraph 3.9 of this Data Processing Appendix requires: (i) a change to the Services; (ii) the expenditure of material effort or cost that is not provided for in the Services or compensated in the associated fees or charges, then we shall not be required to provide any assistance except if and to the extent that a suitable change and associated fees and charges are agreed. We shall consider requests made by you for such assistance in good faith.
3.11 In the event that any data subject request is made directly to us, we shall not respond to such communication directly without your prior authorisation, unless legally compelled to do so. If we are required to respond to such a request, we will promptly notify you and provide you with a copy of the request and you shall be responsible for responding to it and (where required under Data Protection Law) complying with it.
3.12 On the termination or expiry of the Services, we shall (at your election) delete or return to you all personal data in our possession or control that we are processing on your behalf. This requirement shall not apply to the extent we are required by applicable law to retain some or all of the personal data, in which event we shall isolate and protect the personal data form further processing except to the extent required by such law, until deletion is possible.
3.13 We shall make available to you all information necessary to demonstrate compliance with the obligations set out in this Schedule and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you, except if and to the extent that providing such information nor permitting such an audit would place us in breach of law or cause us to infringe the rights (including any Intellectual Property Rights or confidential information) of any of our other customers. No more than one audit may be conducted in any calendar year, except if and when required by instruction of a competent data protection authority. We shall be entitled to recover our costs of complying with requests for information and audits from you on demand.
3.14 Where we have appointed a third-party auditor to assess any of our technical or organisational measures to protect against personal data breaches for the purposes of any industry certification or otherwise (such as a SOC2 certification), we may share a copy of the auditor s certificate or report, in lieu of providing other information or allowing for other audits by you or another auditor.
4.1 We may transfer and process personal data anywhere in the world where we or our subprocessors maintain data processing operations. We will at all times provide an adequate level of protection for the personal data processed in accordance with the requirements of Data Protection Laws. In particular, we may transfer personal data to a third country outside the United Kingdom where the transfer is:
(a) to a recipient in an Adequate Territory;
(b) to a recipient that has achieved binding corporate rules authorisation in accordance with Data Protection Law; or
(c) to a recipient that has executed the Standard Contractual Clauses.
4.2 You hereby allow us to enter into Standard Contractual Clauses on your behalf (whether on a named or unnamed basis and whether combined with any other transfers on behalf of others) in order to transfer personal data to a recipient outside the United Kingdom to whom we would not otherwise be entitled to transfer personal data.
5.1 In this Data Processing Appendix, these terms shall have the meanings given to them below:
(a) The terms "controller", "processor", "process", "data subject", "personal data", "special category personal data" and "personal data breach" shall have the meaning given to them under Data Protection Law;
(b) "Adequate Territory" means a territory that has been recognised by the United Kingdom as ensuring an adequate level of protection pursuant to Data Protection Laws;
(c) "CRM Data" means any personal data of staff or representatives of yours which is processed by us for the purposes of managing the Services, administering the Agreement and any financial or operational matters in connection with it and marketing products and services to you;
(d) "Data Protection Law" means any law, enactment, regulation or order concerning the processing of data relating to living persons including: (a) the UK GDPR; (b) the UK Data Protection Act 2018; and (c) any other law relating to personal data, each to the extent applicable to the parties or the processing activities in connection with the Services;
(e) "Standard Contractual Clauses" means the standard data protection clauses adopted pursuant to or permitted under Article 46 of the UK GDPR; and
(f) UK GDPR" means the GDPR as it forms part of retained EU law (as defined in the European Union (Withdrawal) Act 2018 and as amended (if applicable) by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 or any other laws or regulations in the United Kingdom.
5.2 Where we have made settings available, we will honour the choices that you make about who can see your Verifications and other information.
5.3 You guarantee that you have the right to allow us to make such disclosures of the Verifications and other information, even if third parties such as Data Sources have rights in and to the Verifications or other information uploaded on or transmitted over the Platform.
Subject matter: The subject matter of the data processing under this Schedule is the processing of personal data provided to us by the Client in connection with Verifications.
Duration: The duration of the data processing under this Schedule is the duration of the Services.
Purpose: The purposes of the processing by us are:
(a) the performance of our obligations, including the provision of the Services;
(b) complying with our obligations under applicable law; and
(c) improving and enhancing our Platform and the Services.
except where otherwise required by law.
Nature of the processing: The provision of Services.
Categories of data subjects: Your employees including volunteers (past, present and prospective).
Types of personal data: This includes all personal data processed by us on your behalf in relation to the Services including:
Special categories of data (if appropriate): not applicable