This agreement is entered into between the parties below and subject to the following terms and conditions comprising the Contract entered into on the date when both of the parties sign the Contract or, if different, the last date of signing. The Parties to this Contract are: -


Full Name

Nivo Solutions Limited

Company Registration No


Registered Office

44 Chapel Lane, Wilmslow, Cheshire, England, SK9 5HZ.


Main Email


The ‘Customer’ is the organisation that you represent in agreeing to the Contract.

The Parties hereby agree to the following terms and conditions:-

  • 1. Structure and Definitions –  The Parties agree that the contract comprises of:-

  • these terms and conditions ("Special Terms");
  • the Standard Terms at Schedules 1 and 2 ("Standard Terms"); and
  • applicable Work Statements (as defined in the Standard Terms),

being collectively defined as the "Contract". In the event of any conflict or inconsistency in respect of the terms of the Contract, subject always to applicable law, any terms and conditions in the Work Statements will take priority followed by the Special Terms, then the Standard Terms. The following definitions (and related conditions) apply to this Contract together with the definitions in the Standard Terms:-


The access to and use of the Supplier’s Platform together with any other Additional Services agreed from time to time in accordance with the terms and conditions of this Contract.


The online communications tools and platform known as Nivo Hub.

Services Start Date

The date from which you request the Services

Services Period

The duration of this Contract is 1 year commencing on the Services Start Date ("Initial Term") which will continue for subsequent durations of 1 year ("Renewal Term") and ending on the date when the Contract expires or is terminated in accordance with the terms of this Contract.


The Supplier account for the Customer and the Customer's Users to access the Services, which is access controlled through authentication of the Users by the Supplier, (or via an alternative authentication mechanism agreed with the Customer such as Single Sign On) or in the case of a Third Party Organisation, the account set up by the Supplier for the Third Party Organisation to access the Services.


An individual authorised by the Customer to be a user of the Services under the Customer's own Account.

End User

An individual being communicated with by the Customer through use of the Services which is not a Third Party Organisation or a User.

Third Party Organisation

A legal person authorised to have access to the Services by the Supplier under their own Account which is procured by the Customer.

Customer Data

All data (including Personal Data), graphics, information, text, software and other material that:

  • is uploaded to or input into the Platform by the Customer and their Users (for example, data entered and shared by Customer with End Users within messages and files through the Platform, any notes added by Customer against an End User’s record within the Platform, and any bespoke fields such as customer identification numbers which the Supplier has created for the Customer); and
  • Customer receives through the Platform.  

The Customer Data does not include any data uploaded to the Platform by a Third Party Organisation. Data caught by this definition may be expanded by notice from the Supplier to the Customer

Nivo Data

The data (including Personal Data), graphics, information, text, software and other material which Supplier collects from End Users during the registration process or at any time where the End User uses a Platform (including, but not limited to, the examples below) which may be expanded by notice from the Supplier to the Customer.


Examples of such data are:

  • End User details:
  • Name
  • Telephone numbers
  • eMail addresses
  • Twitter handles
  • Physical addresses
  • Suspicious activity notes
  • Identity and verification reports
  • Bank account transaction reports
  • Details of how End Users have authenticated most recently and in the past
  • Onfido identity verification reports
  • Truelayer bank account transaction reports
  • Information about the channels that have been used by clients and agents

SaaS Fees

The Customer shall not be required to pay the Supplier any fees and charges in respect of the Services. The Customer will have the opportunity to submit up to 10 checklists. Once the Customer has submitted 10 checklists, the Customer will no longer be provided with access to the Services.

If the Customer wishes to upgrade their package during the Services Period, the Supplier may in its sole discretion agree to amend these Special Terms to reflect such upgrade which may be agreed by email. In such circumstances the difference in fees between the Customer's existing package and the new package will be payable to the Supplier on a pro-rata basis, from the date on which the Supplier shall grant a licence for the new package to the Customer until the date on which further payment is due from the Customer to the Supplier in accordance with Term 5.3(a) of the Standard Terms.

For the avoidance of doubt, the Supplier shall not refund any sum already paid by the Customer should the customer wish to move from the existing package to a new package where the SaaS Fee of the new package is less than the SaaS Fee of the existing package.  

  • 2. Licence - In consideration of full payment of the SaaS Fees and compliance with the Contract, the Supplier hereby grants to the Customer a non-exclusive, non-transferable right, without the right to grant sublicences, to permit the Users to access and use the Services for the duration of the Services Period solely for the Customer's internal business operations.

  • 3. Supply Obligations - The Supplier shall devote commercially reasonable endeavours for the Services to be available to the Users, 24 hours a day, seven days a week, except for unscheduled maintenance performed outside of normal business hours, provided that the Supplier has tried to give the Customer at least six (6) normal business hours' notice in advance. A “normal business hour” is an hour from 9am to 5pm on any Business Day. The Supplier has the right to schedule general maintenance of the Platform provided that 5 Business Days' notice is given on the Platform or via email to the Customer of such general maintenance.

  • 4. Login Credentials - The Customer will keep all access and login credentials secure and confidential and not allow any person who is not authorised to access and use the Services from so accessing and using the Services.  

  • 5. Users -

  • 5.1 The Customer will ensure that each User and Third Party Organisation accesses and uses the Services in accordance with the Contract.

  • 5.1 The Customer will provide the Supplier with details of Users which they are authorising to access their Account and Third Party Organisations to enable account opening. It is the Customer’s responsibility to ensure that the Users and Third Party Organisations operate in the interests of the Customer and work to the terms and conditions of the Contract.

  • 5.3 The Customer will notify the Supplier when they want changes to or to terminate a User’s or Third Party Organisation's access.

  • 5.4 The mechanism of user authentication will be agreed between the Supplier and the Customer. The Supplier has the right to refuse any request for a certain user authentication mechanism if it is: (i) deemed to lack the level of security to maintain the integrity of the Platform; and/or (ii) likely to come at significant expense to the Supplier and a fee for the work cannot be agreed.

  • 5.5 If required by the Supplier, the Customer will maintain a written, up to date list of current Users and Third Party Organisations and provide such list to the Supplier within five (5) Business Days of the Supplier's written request at any time or times.


  • 5.6 If the Customer wishes to purchase a licence for any additional Users, the Customer must enter into a separate agreement with the Supplier for the additional Users.  

  • 6 Data –

  • 6.1 As between the parties:

  • a. all rights, title and interest in and to the Customer Data (and to any intellectual property rights arising in connection with the Customer Data) shall vest in the Customer; and

  • b. all rights, title and interest in and to the Nivo Data (and to any intellectual property rights arising in connection with the Nivo Data) shall vest in the Supplier.

  • 6.2 The Customer will have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.

  • 6.3 If the Customer receives any complaint, notice or communication from a regulator or law enforcement agency which relates to the Services, or to the Customer's legal compliance, it shall immediately notify the Supplier and shall provide the Supplier with reasonable co-operation and assistance in relation to any such complaint, notice or communication.

  • 7. Data Protection - The parties agree that they shall comply with the provisions set out in Schedule 2.

  • 8. Access Control - The Supplier reserves the right, without liability to the Customer or prejudice to the Supplier’s other rights and remedies, to disable the Customer’s, Users, and/or any Third Party Organisation’s access (as applicable) to or use of the Services or the Platform (or any material) that materially breaches the Contract. The Supplier will give reasonable written notice to the Customer prior to disabling access to enable the Customer to cure the issue giving rise to the reason for disabling access unless access needs disabled in an emergency situation or to prevent the Supplier from being in breach of applicable law or contractual obligations owed to third parties, where in such case, no prior written notice will be given.

  • 9. Platform Protection –

  • 9.1The Customer shall (including ensuring their Users shall), and shall ensure that it provides a licence agreement to all End Users requiring that that such End Users shall:-

  • b. not access, store, distribute, upload or transmit any Virus when accessing or using the Services or the Platform;

  • c. not access, store, distribute, upload or transmit any material when accessing or using the Services or the Platform that: (i) is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive; (ii) facilitates illegal activity; (iii) depicts sexually explicit images; (iv) promotes unlawful violence; (v) is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability; or (vi) is otherwise illegal or causes damage or injury to any person or property;

  • d. not (except as expressly permitted in writing by the Contract, the Supplier or applicable laws) attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Service (or any software comprised in that service) in any form or media or by any means; or attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the software comprised in the Platform or the Services;

  • e. not access all or any part of the Services or the Platform in order to build a product or service which competes with the Services or the Platform;

  • f. not use the Services or the Platform to provide services to third parties that are not expressly approved in advance and in writing by the Supplier;

  • g. not license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services or the Platform available to any third party except the Users;

  • h. not attempt to obtain, or assist third parties in obtaining, access to the Services or the Platform, other than as provided under this Contract;

  • i. use all reasonable endeavours to prevent any unauthorised access to, or use of, the Services or Platform (or software comprised in such services or Platform) and, in the event of any such unauthorised access or use, promptly notify the Supplier; and

  • j. will ensure that its network and systems comply with the relevant specifications (if any) provided by the Supplier from time to time.

  • 9.2 The Customer acknowledges that where it procures access to the Services for a Third Party Organisation, that:-

  • a. an authorized representative of the Third Party Organisation will be required to enter into the Supplier's Terms and Conditions of Access available from the Supplier on behalf of the Third Party Organisation
  • b. it is required to provide support to ensure such Third Party Organisations comply with the Supplier's Terms and Conditions of Access and Privacy Policy; and
  • c. the Supplier will have no liability whatsoever to the Customer for the actions of the Third Party Organisation during their use of the Services; and
  • d. the Customer is liable for the use or misuse of the Services by Third Party Organisations that they have procured access for.

  • 10. Customer Group - The rights provided under this the above terms and conditions. are granted to the Customer only, and shall not be considered granted to any other member of the same corporate or VAT group of the Customer.  

  • 11. Customer Support - The Customer should contact the Supplier via the Platform, telephone or email channels for customer support. This includes the amendment, creation or removal of authorised Users or Third Party Organisations. The Supplier will aim to respond to the Customer within one Business Day. If applicable, the response will include details of a proposed plan of action to be discussed and agreed with the Customer.

  • 12. Modification – The Customer acknowledges that, the Supplier may modify the Platform, the features and the functionality of the Services during the Services Period which includes the addition of new services which may require new terms. The Supplier shall provide the Customer with commercially reasonable advance notice of any deprecation of any material feature or functionality via email or through the Platform and of new terms.
  • 13. ID&V Service - Nivo Hub utilises identity verification services provided by Onfido whose privacy practices is described in the Onfido Privacy Policy, available for review and download at The ID&V Service produces a report containing a summary of checks (Reports). In relation to the use of the ID&V Service and Reports, the Customer should be aware that:

  • 13.1 The Customer may use the Reports solely for its legitimate, professional, informational, internal business operations purposes only and not in any event for the reselling or otherwise making the Reports available to any third parties;

  • 13.2 The Customer assumes sole responsibility for conclusions drawn from use of the Report;

  • 13.3 The Customer will comply with all applicable laws and regulations with respect to its use of the Reports and will not: (a) use the Reports to discriminate against End Users or in a manner that causes damage or injury to any person or property or that could be expected to bring Onfido into disrepute or otherwise harm its reputation; (b) attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, display, transmit, or distribute all or any portion of the Reports in any form or media or by any means to any individual or entity, including without limitation, End Users; or (c) use the Reports as part of its decision-making process for determining a consumer's eligibility for credit, insurance or any other similar purpose; and

  • 13.4 The Customer will leave in place (and not alter or obscure) all proprietary notices and licences contained in the Reports.

  • 14. Account information reports – Nivo Hub utilises a tool provided by TrueLayer Limited ( (“TrueLayer”) that allows End Users to send information on their payment accounts to Nivo and other service providers. In order to use our services, End Users will be asked to enter their payment account details with TrueLayer and agree to their Terms of Service. The Terms of Service set out the terms on which they agree to TrueLayer accessing information on their payment accounts for the purposes of transmitting that information to us. TrueLayer is subject to UK and EU data protection laws and is required to treat your data in accordance with those laws, as well as the Terms of Service and TrueLayer’s Privacy Policy ( TrueLayer is authorised and regulated by the UK Financial Conduct Authority under the Payment Services Regulations 2017 and Electronic Money Regulations 2011 (Firm Reference Number: 901096).

Schedule 1 - Standard Terms

Nivo Solutions Limited.    Registered Office:  44 Chapel Lane, Wilmslow, Cheshire, England, SK9 5HZ.    Company Registration No: 10744928.     VAT No:  282 9912 64        Website:


  • 1.1 Legal Authority - Each party warrants that it has the necessary legal capacity, authority, rights and powers to enter into and comply with the Contract.

  • 1.2 Co-operation - Each party will (at its own expense and in good faith) promptly do all such things as are necessary to give full legal effect to each Contract. The parties will co-operate in all matters concerning the Services and Contracts.

  • 2. TERMS

  • 2.1 Application - The Terms will apply to all Services, Deliverables, Work Statements and Contracts.

  • 2.2 Requests/orders for Services – Services that require a Work Statement as per Term 3.3 below will only be provided either upon a Work Statement being signed by the parties or as otherwise expressly agreed in writing between the parties or authorised in writing by the Customer.


  • 3.1 Supply - The Supplier will supply the Services in accordance with: (1) applicable laws; (2) the terms of the Contract; (3) Industry Practice; and (4) all reasonable instructions of the Customer to the extent reasonably necessary for the Supplier to comply with the Supplier’s other obligations under the Contract for the Services.

  • 3.2 Timescales – The Supplier will devote and implement all commercially reasonable resources to perform the Services within expressly agreed timescales or by expressly agreed deadlines. All of the Supplier’s dates and time requirements of a Work Statement or Contract will be considered subject to this Term 3.2.

  • 3.3 Software & Other Bespoke Work –

  • a. If the Services for the Contract include the requirement to develop and/or test Software then such work will be subject to the applicable acceptance criteria, acceptance procedure and other additional terms captured and approved in the applicable Work Statement.  

  • b. The Customer may request the Supplier to undertake other bespoke work for their use of the Services. Any such bespoke work will be captured and approved in the applicable Work Statement under these Terms.

  • 3.4 Additional Services – Subject to payment of the Additional Services Fees and in accordance with any specification and delivery dates set out in the Work Statement, the Supplier shall supply (as applicable) the following Additional Services where identified in the Work Statement:

  • a. the white label version of the Platform (together with any customisations agreed in the Work Statement; and / or
  • b. the Software Development Kits.


  • 4.1 Information - The Customer will ensure that the specification for Services, the content of any Work Statement, any instructions to the Supplier and (whether or not requested by the Supplier) any information provided to the Supplier from time to time is complete, accurate and not misleading. The Customer will also provide the Supplier with such information (and in such format), and allow inspection of such documentation, as the Supplier may reasonably request, to the extent reasonably necessary for the Supplier to undertake the Services, to evaluate the Customer’s compliance with the Contract for any other purpose relevant for the Contract.

  • 4.2 Facilities - The Customer will ensure that the Supplier and its sub-contractors and their respective staff, agents and representatives receive (for no charge) the following facilities throughout the Customer’s normal business hours and at such other times as the Customer authorises after reasonable prior notice from the Supplier, to perform or deliver Services:

  • a. access to suitably knowledgeable or experienced personnel of the Customer;

  • b. access to the Equipment (if deemed necessary for the Services);

  • c. to the extent any work is required or premises of the Customer: (i) effective access to such premises and (ii) all facilities required at such premises to carry out the Services as requested or confirmed by the Supplier.

  • 4.3 Customer Premises - The Customer will ensure that all areas of its premises to be accessed or used under the Contract are compliant with all applicable laws and regulations (to include, but not limited to, all applicable health and safety laws and regulations) and are reasonably safe, clean and tidy.

  • 4.4 Supplier’s Property - The Customer will keep and maintain all materials, equipment, documents and other property of the Supplier (if any) from time to time at the Customer’s premises in safe custody and in good condition until returned to the Supplier.

  • 4.5 Equipment -

  • a. The Customer is responsible at its own expense: (1) to ensure that the Equipment is properly installed and operational, is sufficient and suitable for its purpose and that any adjustments which may be required are carried out expeditiously, and (2) if deemed necessary for the Services, for the prompt and continuing availability to the Consultants of the Equipment in good working order throughout the duration of the Contract.

  • b. The Customer will ensure that it owns or has a valid licence to all software (other than the software or Services) which is used on the Equipment and that such software is compatible with the Services or any Deliverable.

  • 4.6 Licences - The Customer will obtain and maintain all necessary licences, permissions and consents of any kind which may be required from time to time by the Supplier to enable supply/performance of the Services.

  • 4.7 Supplier Obligations – The Customer will take all reasonable steps to ensure that any and all statements, acts or omissions of the Customer and/or any Customer Associate do not cause or contribute to any delays, hindrances, failures, breaches or defaults of the Supplier in respect of any Services, Deliverables or Contract.  

  • 4.8 Deliverables - The Customer will indemnify and hold harmless the Supplier on first written demand from and against the Supplier incurring any Detriments howsoever arising from:

  • a. any changes made to the Deliverables (after being delivered by the Supplier) and/or the Equipment by any person other than the Supplier; or

  • b. any misuse of the Deliverables (after being delivered by the Supplier) or the Equipment by the Customer or any of the Customer Associate contrary to express instructions of the Supplier.

  • 4.8 Pausing Work – Without prejudice to other rights and remedies of the Supplier, the Supplier may suspend the supply of the Services (with all applicable performance and delivery dates being deemed moved back by a period equal to the period of such suspension), if the Supplier reasonably considers that the Customer has delayed or failed (or is reasonably expected to delay or fail) to comply with its Material obligations under the Contract, and such delay or failure in the Supplier’s reasonable opinion will:

  • a. threaten the life or wellbeing of any director or other officer, employee, consultant, agent or representative of the Supplier or any sub-contractor of the Supplier (or any other person);

  • b. infringe any third party’s rights of any kind (that in turn exposes or can reasonably be expected to expose the Supplier to actual or potential Detriments);

  • c. risk a Material third party ceasing to supply any Material equipment, information technology or services to the Supplier that the Supplier needs for any of its other customers or clients; or

  • d. risk the Supplier not recovering operational or other costs incurred or to be incurred at the request of the Customer or as a result of entering into the Contract.

  • 4.10 Cloud Services - Notwithstanding anything to the contrary in the Contract, if the Services and/or Deliverables involve using or incorporating a service and/or deliverable from a “cloud” service or platform provider (a “Cloud Service Provider” and the service being a "Cloud Service":

  • a. The use of, and access to the Services and the Platform is subject to the Supplier continuing to have access to such Cloud Service from the Cloud Service Provider.
  • b. The Provider shall have no liability of any kind for any  failure, fault, delay or unavailability ofany Cloud Service including for any service credits..

  • 4.11SaaS Fees

  • a. The Customer shall pay the SaaS Fees to the Supplier in advance of the commencement of the SaaS Services and on each relevant Renewal Payment Date.

  • Unless stated in the relevant Work Statement or otherwise agreed in writing with the Supplier, the Customer shall pay the SaaS Fees by:
  • i. direct debit; or
  • ii. credit card.  

  • 4.12 Invoices for Bespoke Work Fees

  • a. The Supplier will invoice the Customer monthly in arrears for all Bespoke Work, unless otherwise stated in the Work Statement or agreed in writing with the Customer.

  • b. The Customer will pay each invoice from the Supplier in full no later than thirty (30) days following receipt by the Customer of a correctly calculated invoice. However, subject to Term 4.12.c. if the Customer in good faith and acting reasonably disputes an invoice then:

  • i. the Customer will pay any undisputed proportion of the invoice to the Supplier within the thirty (30) day period;

  • ii. the Customer will fully co-operate with the Supplier to discuss and resolve the dispute in a time and cost efficient manner (without prejudice to the Supplier’s right to seek recovery of the disputed proportion through the courts if the dispute is not resolved within thirty (30) days); and

  • iii. the proportion of the disputed amount that is agreed or determined to be payable to the Supplier must be paid by the Customer to the Supplier within ten (10) days after such agreement or determination or, if later, on or by the end of the above stated thirty (30) day period.

  • c. The Customer can only dispute an invoice: (i) within the first ten (10) days of the said thirty (30) day payment period for the invoice; and (ii) only to the extent that the invoice is incorrectly calculated, not a VAT invoice (when required to be a VAT invoice under the law) or the invoice concerns undelivered/unperformed Services and/or expenses that do not comply with the applicable Contract).

  • 4.13 Bespoke Work Expenses – For Bespoke Work covered under Term 3.3, in addition to the Contract Charges the Customer will reimburse the Supplier for all reasonable travel and hotel expenses incurred by any Consultants in providing the Services. The Supplier will give to the Customer reasonable evidence of such expense being incurred for the purposes of the Contract/Services.

  • 4.14 Currency Exchange & Bank Transfer Fees - The Customer must pay for all currency exchange fees and bank transfer fees so that the Supplier receives the full invoiced amount.

  • 4.15 Taxes - Each party will be responsible for (and will account for) all its own taxes including any income tax, National Insurance Contributions and VAT to the relevant tax authorities. All Contract Charges and other sums due to the Supplier under the Contract are exclusive of applicable VAT, which the Supplier will charge and add to its invoices at the appropriate rate.

  • 4.16 Receipts - Receipt and/or banking of a payment by the Supplier that is less than the invoiced amount for any reason will not be deemed a waiver of the remainder unless and until such waiver is made or confirmed expressly in writing by the Supplier. The Supplier may, without prejudice to any other rights it may have, set off any liability of the Customer to the Supplier against any liability of the Supplier to the Customer.

  • 4.17 Overdue Payments 

  • a. Where the Customer fails to make a payment for SaaS Fees by the due date , the Supplier reserves the right to suspend the Customer's access to the SaaS Services until the Customer makes full payment of any SaaS Fee that is due and payable.  

  • b. If a payment that is due and payable to the Supplier under the Contract is not paid in full on or by the due date, the Supplier may (but is not obliged to), without prejudice to the Supplier’s other rights and remedies, charge interest on any overdue payment from the due date until full payment is received in fully cleared funds, at the annual interest rate from time to time specified by the Late Payment of Commercial Debts (Interest) Act 1998 to accrue daily before and after any judgment and be subject to monthly compounding.

  • 4.18 Set-off - A party may deduct from any payment due from it to another party (the “Outgoing Amount”) any payment due to it from the other party (the “Incoming Amount”) if both parties either expressly agree to such set-off or if a court of competent jurisdiction declares or orders that both the Outgoing Amount and the Incoming Amount are due and payable.


  • 5.1 Pre-Existing IPR - Subject to the terms and conditions in the main body of the Contract: any and all IPR that belongs to a party before the commencement of the Contract shall continue to belong to that party.

  • 5.2 New IPR – All new IPR in the Services shall belong to the Supplier unless expressly agreed otherwise in writing between the parties.

  • 5.3 IPR Cover

  • a. The Supplier will indemnify and hold harmless the Customer from and against all Detriments arising from or incurred by reason of any third party obtaining a declaration or judgement from a court of competent jurisdiction that any Deliverable infringes the IPR of the third party - in each case to the extent that: (i) such IPR of the third party existed at the time of delivery of the Deliverables to the Customer, and (ii)  such infringement is not due to any act, omission or fault on the part of the Customer, any Customer Associate or other third party that is not a Consultant (to include, but not limited to, any modification or adaptation of the Deliverable by or for the Customer after delivery to the Customer by or for the Supplier and/or any use of the Deliverable for any purpose or any context not specified in the applicable Work Statement).

  • b. The Customer will notify the Supplier as soon as reasonably practicable in writing of any allegation of infringement, make no admissions or offers of compromise or settlement without the consent in writing of the Supplier and provide the Supplier with all reasonable assistance at the Supplier’s reasonable cost which the Supplier will reasonably require in respect of any such claims and/or pre-claim allegations.

  • c. The Supplier may choose to conduct the defence of (and/or settle) all negotiations and litigations, but will promptly discuss with the Customer and keep the Customer informed of the progress of such defence (and/or settlement) issues.

  • d. The Supplier may choose (at the Supplier’s expense) to replace or modify all or any part of the Deliverables (without reducing the performance or function of any part of the Deliverables) in order to avoid any alleged or actual infringement or to procure the right for the Customer to continue to use the same.


  • 6.1 Subject to Term 6.2, each party will keep secret and confidential, and not disclose (or use for any research, investigation, report or work other than in respect of an agreement between the parties), any Confidential Information relating to the other party without the other party’s prior written consent.

  • 6.2 The obligation under Term 6.1 does not apply to the extent that a disclosure is to be made of any information:

  • a. in the public domain otherwise than in breach of the applicable Contract;

  • b. in the possession of the receiving party prior to its disclosure to it in connection with the applicable Contract;

  • c. obtained from a third party who is free to divulge the same;

  • d. under a court order or otherwise as required by mandatory legal or regulatory requirements;

  • e. to professional advisers, employees or other staff on a “need to know” basis for the purposes of applying or enforcing the Contract (subject to each such person being bound to keep the same confidential under any legal or contractual obligation); or

  • f. in any combination of the above circumstances.

  • 6.3 Each party will upon receiving a specific request in writing from the other party deliver up any Confidential Information belonging to the other party (including any and all copies made) to the other party following the termination of the Contract.

  • 6.4 Each party will immediately inform the other if it becomes aware of the possession, use or knowledge of any of the Confidential Information by any unauthorised person, whether during or after the period of the Contract (and will provide such reasonable assistance as is required to deal with such event).

  • 6.5 Despite the above terms of Term 6, the Supplier is authorised to disclose that the Customer is a customer or client of the Company (with or without reference to the Services).


  • 7.1 A “Restricted Person” means any of the following of the Supplier as the case may be: (i) a director or other officer; (ii) a senior management level employee or worker of any kind; (iii) an employee or worker of any kind that can reasonably be considered to have any Confidential Information that can reasonably be considered to give a competitor of the Supplier a Material commercial advantage; or (iv) an employee or worker with whom the Customer or any Customer Associate had Material contact.

  • 7.2 The Customer undertakes to the Supplier that during the term of the Contract and for twelve (12) months after its expiry or termination to not directly or indirectly, for the benefit of any person other than the Supplier, canvass, solicit, seek or offer to engage, or engage, any Restricted Person to do work or perform a role with the Customer or any third party that is or can reasonably be considered to be in competition with the Supplier.


  • 8.1 The Customer will notify the Supplier of any Customer Concern as soon as reasonably practicable (and, in any event, thirty (30) days) after the Customer becomes aware (or should reasonably have been aware) of the same.

  • 8.2 Without prejudice to the Supplier’s right to commence litigation to enforce its rights for overdue Contract Charges and/or other payments under the Contract:

  • a. the parties will act and co-operate in good faith in respect of any Customer Concern (and/or the Supplier’s performance of Services in respect of that Contract) to reach a reasonable solution in a time and cost efficient manner;

  • b. if a Customer Concern remains unresolved for at least thirty (30) days any party may apply to The British Computer Society (registered charity number 292786), the Chartered Institute for IT, or any successor body, to nominate and appoint a person to make a determination concerning the Customer Concern in accordance with these Terms (the “Expert”);

  • c. the cost for the application under Term 8.2.b. and the resulting determination of the appointed Expert will be paid by the relevant applicant (and if the other party pays any such cost then that payment will be treated as an undisputed debt owed by the applicant to that party to be paid within five (5) days of demand);

  • d. the Expert may put in place and follow such process for considering, dealing with or reporting on the Customer Concern as he or she deems appropriate, in each case subject to the other terms of this Term 8.2;

  • e. the Expert will act as an expert and not an arbitrator;

  • f. each party will in good faith co-operate with the Expert (and each other) for the Expert to fulfil his or her role in accordance with this Term 8.2;

  • g. the Expert may request any information and/or documentation he or she deems appropriate for the resolution of the Customer Concern (provided the Expert is bound under the law or through contractual means to the parties to keep the information and/or documentation acquired by his or her confidential on terms at least as onerous as the confidentiality obligations under this Contract that apply to the parties themselves);

  • h. the order of priority for the Expert in considering the Customer Concern is: (1) mandatory requirements of the law, (2) anything confirmed or approved to the Expert by both parties in writing; (3) the express written terms of the Contract, (4) other terms of the Contract, and (5) other considerations;

  • i. the Expert will provide a final report in writing to both parties in respect of the dispute and costs; and

  • j. the findings and decision of the Expert in his or her report will be final and binding except to the extent wrong due to fraud or manifest error (in which case the parties will co-operate in good faith to repeat the process under Term 8.2).


  • 9.1 Exclusion of Liability - Nothing in this Contract is intended to exclude, limit or cap any party’s liability for fraud, death or personal injury caused by negligence or the extent of any other liability that cannot be contractually excluded, limited or capped under the law. The remainder of this Term 9 and all other aspects of the Terms and/or each Contract are subject to this Term 9.1.

  • 9.2 Limitations  The Supplier will not be liable to the Customer (or any other person whether or not claiming through the Customer) for any Detriments of any kind to the extent that such Detriment:

  • a. is caused (or contributed to) by:

  • i. any Force Majeure Event (however, if the Supplier is delayed in performing the Contract by any Force Majeure Event: (1) the Supplier will notify the Customer of the particulars concerning that Force Majeure Event as soon as reasonably practicable after the Supplier becomes aware of that Force Majeure Event; and (2) the Supplier will take commercially reasonable steps to limit the effects of the Force Majeure Event on the performance of the Services);

  • ii. the Customer agreeing to a scope of work in any applicable Work Statement that later transpires to be commercially unsuitable or insufficient for the Customer;

  • iii. the Customer’s non-compliance with the terms of the Contract for any reason;

  • iv. any deliberate, reckless, negligent or any other statements, acts or omissions of any person that is not the Supplier, a member of the same corporate or VAT group as the Supplier, their respective sub-contractors under the applicable Contract or any Consultant;

  • v. the Customer not mitigating any such Detriments that are reasonably mitigateable;

  • vi. the Supplier not achieving any minimum (or exceeding any maximum) service level or key performance indicator (if any) for which the applicable service credit (if any) is either paid by the Supplier or offered by the Supplier but rejected by the Customer for any reason; or

  • vii. any combination of the above;

  • b. is comprised of any loss of profits of any kind (it being acknowledged that this Term 9.2.b. will not prevent a claim by the Supplier for the profit element of any Contract Charges due or payable to the Supplier under the applicable Contract);

  • c. is comprised of any loss or depletion of goodwill, business, sales, contract or opportunity of any kind or business interruption;

  • d. is comprised of any indirect, consequential or special Detriment of any kind;

  • e. loss of data; or

  • f. is comprised of any Detriment that could not reasonably have been foreseen by any or both parties at the start of the applicable Contract.

  • 9.3 Implied Warranties - Any and all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute, common law, equity or otherwise are excluded from each Contract except to the extent expressly set out in that Contract.

  • 9.4 Liability Cover - Subject to Terms 9.1, 9.2 and 9.3 (in that order), the Supplier’s maximum aggregate liability limit for any and all the Supplier’s statutory, contractual, negligence or other tort based, equity based and other liabilities whatsoever under or in connection with the Contract and/or the applicable Services and/or based on any claim for contribution is as follows:


Maximum Aggregate Liability Limit

Loss or destruction of tangible property.

An amount equal to one million British pounds sterling (£1,000,000).

IPR infringement, breach of confidentiality or breach of data protection legislation (or other data related issues).

Subject to a cap of £5,000,000 (five million pounds Sterling), an amount equal to one hundred and fifty percent (150%) of the total Contract Charges in aggregate due and payable under that Contract.

For all other Detriments.

Subject to a cap of £1,000,000 (one million pounds Sterling), an amount equal to one hundred and fifty percent (150%) of the total Contract Charges in aggregate due and payable under that Contract.

  • 9.5 Insurance – The Supplier is responsible for its own insurance of its liabilities under or concerning the Contract.


  • 10.1 Term - Either party may terminate this Contract with at least thirty (30) days written notice to the other party prior to the expiry of the Initial Term or any of the Renewal Terms

  • 10.2 Default Termination - Either party may (but is not obliged to) terminate the Contract immediately on serving a written notice on the other party (the “Defaulting Party”), without liability to the Defaulting Party concerning the period after termination, if any of the following occurs in respect of the Defaulting Party:

  • a. the Defaulting Party does not remedy a Material breach in all Material respects within thirty (30) days of the Defaulting Party receiving a written notice from the other party detailing the breach and the notice serving party’s expectations;

  • b. the Defaulting Party is or becomes insolvent under the law of England and Wales (or the law of the jurisdiction in which the Customer was incorporated);

  • c. the Defaulting Party enters into any compromise or arrangement with its creditors for an aggregate amount more than five thousand British pounds sterling (£5,000) or an equivalent amount in another currency;

  • d. the Defaulting Party passes a resolution (or petitions the court or an order is made) for its liquidation, administration or any other such insolvency procedure (and/or winding up or dissolution);

  • e. any director(s) or member(s) of the Defaulting Party apply to Companies House (or any other such applicable registry/regulatory body in the jurisdiction where the Customer is incorporated) to have the name of the Defaulting Party struck off the statutory register of companies (or any other such applicable register in the territory where the Customer is incorporated or based);

  • f. Companies House (or any other such applicable registry/regulatory body in the territory where the Customer is incorporated or based) publishes a notice that it wishes to strike the name of the Defaulting Party off the statutory register of companies;

  • g. the Defaulting Party is dissolved or deemed dissolved for any reason (or any other such applicable register in the territory where the Customer is incorporated or based);

  • h. the Defaulting Party ceases, or threatens to cease, to carry on all or substantially the whole of its business;

  • i. where the Customer is the Defaulting Party, the Customer: (i) is overdue in paying Contract Charges by more than thirty (30) days for any reason, or (ii) is overdue in paying Contract Charges more than once in any rolling one hundred and eighty (180) day period.

  • 10.3 Accrued Rights - Termination of the Contract for any reason will not affect or prejudice the accrued rights or remedies of the parties as at termination concerning the period up to and including such termination (or the continuation of any provision expressly stated to survive, or implicitly surviving, termination).

  • 10.4 Termination Consequences

  • a. On termination or expiry of the Contract for any reason (without prejudice to the Supplier’s other rights and remedies):

  • i. each party will return or transfer on a specific written request (and make no further use of) any equipment, property, materials, IPR, information and other items (and all copies of them) belonging to the other party;

  • ii. in addition to any other remedies that may be available to the Supplier either under the applicable Contract or otherwise (and without prejudicing such rights) the Supplier will be entitled to immediately invoice for unpaid work; and

  • iii. the Customer will pay the Supplier all monies properly due and payable together with any monies incurred by the Company in the performance of the Services at the date of termination of the applicable Contract.

  • b. Terms 1, 2, 3, 5.3, 6 to 9 (inclusive), and 11 of these Terms in respect of the Contract will survive termination or expiry of that Contract for any reason.


  • 11.1 Governing Law & Jurisdiction - The laws of the England and Wales govern these Terms and each Contract (and any Customer Concern or disputes concerning the same) in all respects. The courts of England and Wales have exclusive jurisdiction in respect of handling any contractual or non-contractual Customer Concern, dispute and litigation whatsoever concerning these Terms or any Contract.

  • 11.2 Entire Contract - Subject to Term 11.1, the terms of the Contract supersede and replaces in full any and all previous agreements, arrangements, understandings and commitments between the parties regarding their subject matter.

  • 11.3 Variations - Any purported variation, deletion or exclusion of any provision of these Terms or the Contract will only be valid and binding if made by the express prior written consent of the Customer and Supplier (and no other variations, deletions or exclusions will be valid or binding) except where such variations are expressly provided for by this Contract

  • 11.4 Severance - The parties confirm that the terms of the applicable Contract are reasonable and fair in the context of their circumstances, and intend such Contract to be enforceable to the fullest extent permitted by law. If any part of such Contract (including this Term) is held to be invalid and/or unenforceable for any reason whatsoever then the parties will co-operate to procure that that part will be deemed changed, qualified or (as a last resort) deleted to the minimum extent necessary for it to become valid and enforceable in a manner that is consistent with the commercial intent of the parties when entering into the Contract (and the remainder of such Contract will continue to be valid and enforceable in any event).

  • 11.5 Third Party Rights – Unless expressly provided for by the terms of this Contract, a person who is not a party to the Contract cannot enforce any term, right or entitlement under that Contract under the Contract (Rights of Third Parties) Act 1999.

  • 11.6 Assignment - Each party needs the express prior written consent of the other party to assign its rights under the Contract (such consent not to be unreasonably withheld, refused, delayed or made conditional).

  • 11.7 Waivers - A purported waiver from a party will only be valid and binding if made or confirmed expressly in writing by that party.  Subject to the first sentence of this Term 11.7: (1) delays in enforcement, extra time to perform or indulgence granted will not be treated as waiver, and (2) any waiver will only apply to the specific right or remedy being waived for the specific event or circumstances only and will not restrict or prohibit or otherwise affect the further exercise of such right or remedy.

  • 11.8 Supplier Consent - Any purported representation, promise, concession, settlement, consent, approval, authority or agreement of any kind in any way about or arising from the Services or any Contract, for and on behalf of the Supplier, will only be valid and binding on the Supplier if: (1) given expressly in writing in the applicable Work Statement or these Terms; or (2) given or approved expressly in writing by (or in accordance with the express written authority of) a registered director of the Supplier

  • 11.9 Notices - The parties will keep each other informed of their respective contact details. Any notice given under the Contract must be in writing and in the English language. Each notice must be served by prepaid first class post, by email or by hand delivery to the latest postal address (to be the registered address if the intended recipient is a company) or email address of the intended recipient. Each notice will be deemed served seventy two (72) hours after dispatch (if posted), one (1) hour after confirmed dispatch (if emailed by 4 pm on a Business day), by 9 am on the Business Day after confirmed dispatch (if emailed after 4 pm on a Business Day or emailed at any time on any other day) and immediately (if delivered by hand).

  • 11.10 Status – The Supplier is an independent contractor for the purposes of each Contract and not a partner, principal, agent or representative of the Customer.

  • 11.11 Counterparts & Signatures - The parties may sign the Contract, a Work Statement or any variation to the same in any number of counterparts.  Emailed and/or faxed signature pages containing signatures that are attached to the Contract, a Work Statement or variation of the same will be just as valid as signature pages containing original ink signatures.


The following definitions and rules of interpretation apply in these Terms and the Contract (in addition to other defined terms in these Terms and the Special Terms):

Acceptance Criteria

The acceptance criteria (in respect of any Bespoke Work to be developed and delivered to the Customer under the Contract): (1) specified in writing in the applicable Work Statement, or (2) if not so specified, then any reasonable criteria applied by the Supplier.

Acceptance Procedure

The acceptance procedure (in respect of any Bespoke Work to be developed and delivered to the Customer under the Contract): (1) specified in writing in the applicable Work Statement, or (2) if not so specified, then any reasonable criteria applied by the Supplier.

Additional Services

The provision by the Supplier, in consideration of the payment of the Additional Services Fees by the Customer, of the Additional Services set out in Term 3.4 of these Terms.

Additional Services Fees

Any and all fees and charges payable under the Contract by the Customer to the Supplier for the supply of Additional Services.


In respect of a party (referred to in this definition as “X”) means the following: (1) any company or partnership in the same corporate or VAT group as X;  (2) any company or partnership that has the same ultimate majority beneficial owners as X; (3) any person who is or can reasonably be considered to be a director or other officer, partner, member, employee, non-employed worker, agent, representative, nominee, trustee or principal of X or any other person mentioned above; or (v) any combination of the above.

Bespoke Work

The computer and/or smartphone and/or similar technology programs and/or applications which may be specifically developed by the Supplier for the Customer, or any other bespoke work requested by the Customer (including any and all other software or information technology evaluation, due diligence, consultancy, development, modification, monitoring, testing, inspection, supply, maintenance, support, hosting or other such services from time to time performed by or for the Supplier under that Contract as scoped under the applicable Work Statement(s) or otherwise expressly agreed in writing between the parties from time to time), and pursuant to Term 3.3.

Bespoke Work Fees

Any and all fees and charges payable under the Contract by the Customer to the Supplier for the supply of Bespoke Work.

Business Day

A day when banks are open for business in London.

Contract Charges

The SaaS Fees, the Bespoke Work Fees and the Additional Services Fees.

Confidential Information

The following information howsoever stored, recorded or preserved: (1) the terms of each Contract (and/or any drafts, communications and documents produced and/or communicated for the purposes of preparing, negotiating or entering into the Contract constituted by such Contract); (2) any communications of any kind between the parties (and/or the contents of such communications) in respect of the Contract and/or the applicable Services and/or Contract Charges (and/or any dispute or complaint concerning the same); (3) any information concerning any hardware, software, devices, products, inventions, developments, processes, drawings, know-how, technical data, proposed or actual enhancements or improvements, pricing details, third party supplier details or any other information whether of a technical, commercial or financial nature of or relating to either party’s business, commercial interests, contractual arrangements, assets, finances, staff, customers, clients, processes or affairs provided, created or established under any Contract whether designated in writing to show expressly or by necessary implication that it is imparted in confidence, or which by its nature should reasonably be considered confidential (in each case whether or not such information is reduced to a tangible form or marked in writing as “confidential”); (4) any and all information which has been or may be derived or obtained from any of the above information; or (5) any combination of the above.


The Supplier’s directors or other officers, employees, workers, self-employed consultants or other personnel who are engaged in providing the Services (subject to any specific requirements concerning such personnel in any applicable Work Statement).

Customer Associate

Any: (i) Affiliate, successor in title or permitted assignee of the Customer; or (ii), contractor or supplier (other than the Supplier), customer, client or end user of anyone falling within the scope of paragraph (i) of this definition.

Customer Concern

Any grievance, complaint, concern or dispute concerning the Services, any Deliverable(s) or the conduct or performance of the Supplier and/or any Consultant(s).


The documents, reports, Software, specifications, projects or any items of work and their equivalent to be supplied by the Supplier under the Contract as part of the Services concerning that Contract.


Any losses, damages, claims, costs, fees, charges, fines, penalties, expenses, management charges or and other detriments or liabilities whatsoever (to include, but not limited to, professional fees and expenses incurred whether or not any mediation, arbitration or litigation is involved).


Any information technology, telecommunication, operating system and other equipment of the Customer or its customers at the Site necessary, required or desirable for use in respect of the Services.

Force Majeure Event

Subject to Term 4.10, any of the following events or circumstances whether or not known or anticipated before entering into the applicable Contract: (1) act of God, natural disaster or severe adverse weather conditions (to include, but not limited to, storms); (2) fires or floods; (3) riots, sabotage, civil commotion or civil unrest, interference by civil or military authorities, acts of war (declared or undeclared) or armed hostilities or other national or international calamity or one or more acts of terrorism; (4) failure for any reason of energy sources or any information technology or communication infrastructure or other services whatsoever provided by any person other than the Supplier, a company in the same corporate group as the Supplier or a sub-contractor of the Supplier; (5) any act or omission of any person for whom the Supplier does not have vicarious liability under the law; (6) any event, occurrence or circumstance beyond the reasonable control of the affected party; or (7) any combination of the above.

Industry Practice

Such degree of skill, care, attention and professionalism that an established information technology, software or consultancy services provider of a similar size as the Supplier in the upper quartile of the applicable market in the UK could reasonably be expected to have for the type of Services or obligations in question.

Inflationary Rate

The higher of: (1) one (1)%; (2) the inflationary rate of the retail price index (RPI) or any replacement index published by the Office of National Statistics or any successor body for the twelve (12) month period to the end of the month immediately before the month in which the applicable anniversary of the applicable Contract occurs; and (3) the inflationary rate of the consumer prices index (CPI) or any replacement index published by the Office of National Statistics or any successor body for the twelve (12) month period to the end of the month immediately before the month in which the applicable anniversary of the applicable Contract occurs.

Intellectual Property Rights or


Any and all patents, trade marks, service marks, goodwill, registered designs, utility models, design right, copyright (including copyright in computer software), semi-conductor topography rights, inventions, trade secrets and other Confidential Information, know-how, and all other intellectual and industrial property and rights of a similar or corresponding nature in any part of the world, whether registered or not or capable of registration or not and including the right to apply for and all applications for any of the foregoing rights and the right to sue for past infringements of any of the foregoing rights


A thing is “material” if a reasonably prudent person would deem that thing to be so serious, substantial, important, necessary or relevant (taking into account its cost (if any), nature, extent, impact and consequences) that that thing must not be ignored in any decision making and/or other activity concerning that person or his, her or its assets, rights, obligations, Detriments, interests or affairs – and Materially will be construed accordingly.

Renewal Payment Date

Where the Customer has agreed to pay the SaaS Fee on a:

  • monthly basis, the date falling 1 month from the previous date on which the Customer made payment to the Supplier of the relevant SaaS Fee; or
  • annual basis, the date falling 1 year from the previous date on which the Customer made payment to the Supplier of the relevant SaaS Fee.

SaaS Fees

Any and all fees and charges payable under the Contract by the Customer to the Supplier for the performance of the Services under that Contract and the applicable Work Statement under that Contract.

SaaS Services

The provision of software as a service (excluding any Bespoke Work) as scoped in paragraph 1 (Particulars) of main body of the Contract, or under the applicable Work Statement(s) (if any) or as otherwise expressly agreed in writing between the parties from time to time.


The SaaS Services, any Additional Services and any Bespoke Work.  

Software Development Kits

The programming packages or software development tools, including any application programming interfaces, libraries or sample code provided by the Supplier to the Customer for the development of applications or extensions that operate with or connect to the Services.


The Site of the Customer, any end-user or any other Site (except for Site of the Supplier or any Consultant) at or from which the Supplier is to provide any of the Services under the applicable Contract


Nivo Solutions Limited, a company registered in England and Wales under company number 10744928.


The terms and conditions contained in these Standard Terms.


The Transfer of Undertakings (Protection of Employment Regulations) 2006.


Value added tax (or any replacement or successor tax, levy or duty) at applicable rates from time to time.


Any thing or device (including any software, code, file or programme) which may: (i) prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; (ii) prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or (iii) adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices

Work Statement

Any order, statement of work, service level agreement or proposal (or request from the Customer) for the Supplier to supply Bespoke Work pursuant to Term 3.3 which is signed, approved or confirmed by a director of the Supplier and a duly authorised representative of the Customer. The format and style of the Work Statement will be determined or approved in writing by the Supplier.

  • a. If any content of these Terms, a Work Statement or the Contract (in each case in English) is translated into any other language, the English language text will prevail and apply.

  • b. Any phrase or list introduced by the expressions including, include, in particular or any similar expression will be construed as illustrative and will not limit the sense of the words preceding them.

  • c. Headings and sub-headings in the Terms, any Work Statement or other document comprised within the Contract are only for convenience. They do not affect the interpretation of the Terms, Work Statement or other contractual document (as the case may be).

  • d. The words in singular include the plural (and the reverse also applies).

  • e. A reference to one gender includes all other genders and entities with no gender.

  • f. A reference to writing or written includes emails and/or faxes with confirmed dispatch.

  • g. A reference to a person includes a natural person, body corporate or unincorporated body, association, organisation, society, agency, office or department (whether or not having a separate legal personality).

  • h. A reference to any document by name or otherwise is a reference to that document as varied or novated at any time (in each case, not contrary to the applicable Contract).

  • i. A reference to a particular legislation or legislative provision is a reference to it as it is in force for the time being taking account of any amendment, extension, re-statement or re-enactment (and includes any subordinate legislation for the time being in force made under it).

  • j. The expression “will” refers to a mandatory obligation and not a mere intention.

Schedule 2 – Data Protection

  • 1 For the purposes of this Schedule 2, the following terms shall have the following definitions:
  • 1.1 "Controller", "Processor", "Personal Data", "Data Subject", "Personal Data Breach" and "Processing" have the meanings given under the Data Protection Act 2018 (and "Process", "Processed" and "Processes" shall be construed accordingly); and
  • 1.2 Data Protection Legislation means all laws that relate to data protection, privacy, the use of information relating to individuals, and/or the information rights of individuals and all laws implementing them in the United Kingdom, in each case as may be replaced, extended or amended, including, without limitation, the General Data Protection Regulation (EU) 2016/679, the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
  • 1.3 References to paragraphs in this Schedule 2, shall refer to the corresponding numbered paragraphs of this Schedule 2.
  • 2. The Parties agree that:
  • 2.1 the Customer shall be the sole Controller of the Customer Data;
  • 2.2 the Supplier shall be the sole Controller of the Nivo Data; and
  • 2.3 the Supplier shall Process the Customer Data as a Processor on behalf of the Customer.  
  • 3. Annex 1 sets out the scope, nature and purpose of processing by the Supplier, the duration of the processing and the types of Personal Data and categories of Data Subject.
  • 4. Where a party is processing Personal Data in their capacity as a separate and independent Controller, each party shall at all times comply with the Data Protection Legislation and shall not, by its act or omission, cause the other party to breach the Data Protection Legislation. The Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Supplier and/or lawful collection of the Personal Data by the Supplier on behalf of the Customer for the duration and purposes of this agreement.  
  • 5. Where the Supplier Processes Personal Data on behalf of the Customer in connection with the delivery of the Services, the Supplier shall:
  • 5.1 Process the Personal Data only on the documented instructions of the Customer, except to the extent that any Processing of Personal Data is required in order to comply with any applicable laws unless those applicable laws prohibit the Supplier from so notifying the Customer;
  • 5.2 notify the Customer where the Supplier reasonably believes any documented instructions from the Customer in respect of the Processing of Personal Data infringe any Data Protection Legislation;
  • 5.3 ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the Customer, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);
  • 5.4 ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and
  • 5.5 not transfer any Personal Data outside of the UK and European Economic Area unless the following conditions are fulfilled:
  • i. the Customer or the Supplier has provided appropriate safeguards in relation to the transfer;
  • ii. the data subject has enforceable rights and effective legal remedies;
  • iii. the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred;
  • 5.6 immediately notify the Customer if it receives a request pertaining to the exercise of a data subject right pursuant to the Data Protection Laws, including without limitation, subject access rights, rights to rectification, restriction of processing, data portability, the right to object to processing and automated decision-making. The Supplier shall not respond to a data subject request without the Customer's prior written consent;
  • 5.7 assist the Customer, at the Customer's reasonable cost, in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
  • 5.8 notify the Customer without undue delay on becoming aware of a Personal Data Breach;
  • 5.9 at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer on termination of the agreement unless required by applicable law to store the Personal Data; and
  • 5.10 maintain complete and accurate records and information to demonstrate its compliance with this Schedule 2 and, at the Customer’s reasonable expense allow for audits by the Customer or the Customer's designated auditor, at no more than 12 monthly intervals.
  • 6. Where Processing Customer Data, the Supplier shall not sub-contract its Processing of such Personal Data to a third party without the Customer's prior specific or general written authorisation (not to be unreasonably withheld, conditioned or delayed).  Where any sub-contracting of Processing of Personal Data is based on the Customer's general written authorisation, the Supplier shall inform the Customer of any intended changes concerning the addition or replacement of any sub-contractors and the Customer shall notify the Supplier of any objections it has to any such changes in writing within five (5) Business Days, after which any such changes which the Customer has not objected to shall be deemed to be accepted. Existing sub-processors are deemed to be authorized and listed in Annex 2
  • 7. Where the Supplier sub-contracts its Processing of Personal Data to a third party in accordance with paragraph above, the Supplier shall:
  • 7.1 ensure that any such third party is subject to the same data protection obligations as the Supplier;        
  • 7.2 obtain sufficient guarantees from any such third party that they will implement appropriate technical and         organizational measures in such a manner that the Processing of Personal Data by such third party will         meet the requirements of Data Protection Legislation; and
  • 7.3 remain liable to the Customer for any Processing of Personal Data by any such third party.
  • 8. Each party shall co-operate with the ICO on the request of the other party in respect of the performance of its tasks under this Contract.
  • 9. In the event that the Customer transfers Personal Data from the Supplier to a country outside of the EEA and the UK, the Supplier shall upon request make available details of how the Supplier will ensure an adequate level of protection and adequate safeguards in respect of the Personal Data that will be transferred outside of the EEA and the UK so as to ensure compliance with the Data Protection Legislation.
  • 10. Where the Supplier processes the Customer Data as a Processor on behalf of the Customer, Supplier shall only be entitled to Process any such Personal Data as set out in Annex 1 of this Schedule.

Schedule 2 - Annex 1: Details of Data Processing

  • 1. Subject matter: The subject matter of the data processing under this Contract is an identity verification and secure messaging service
  • 2. Duration of processing: Nivo will process Customer data only for the length of the contract, after which will be archived for a further 5 years, for the exclusive access of the Customer unless otherwise agreed in writing, or instructed otherwise by UK law
  • 3. Nature and Purpose of processing: (i) processing as necessary to provide the Service in accordance with the Contract; (ii) processing initiated by Customer in its use of the Service (iii) Archiving of data on behalf of the Customer
  • 4. Categories of data being processed: The Customer and its customers and prospective customers may submit and receive any data or files when using the Services. This may include Personal Data, the extent of which is determined and controlled by Customer in its sole discretion. ID Verification data will include biometric data.
  • 5. Categories of data subjects: The Customer and its customers and prospective customers may submit Personal Data to the Service, the extent of which is determined and controlled by Customer in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:
  • The Customer’s prospective customers
  • The Customer’s customers

Schedule 2 - Annex 2: List of existing Sub-processors

Name of processor


Type of data processed

Derogation for international transfer



Customer Data and Nivo Data


Twilio Inc


SMS message data and mobile phone numbers of End Users

Standard contractual clauses + due diligence



Images, videos and data from identity reports




Bank transactional data and End User authentication data for use of the Open Banking Account Information Service


Lunaweb GmbH


HEIC image files sent for conversion




It’s quick to get started with Nivo. See for yourself how we make financial services fast, simple, and secure.

Request Demo