Great Place To Work
BLOG JOIN UP TOP-UP ABOUT

TERMS & CONDITIONS

These are our Terms & Conditions applicable to the Services provided to you through the DigitalHub Platform and/or Vision-net.ie. They were last updated on 1st October 2025. We would ask that you please read carefully.

Please be aware. If you visit or use the DigitalHub Platform and/or Vision-net.ie to purchase and receive the Services, you have to click the box on Login Web Page and therefore you are agreeing to these Terms & Conditions, which form a binding contract between you and us. Please read them carefully and keep a record of these Terms & Conditions for your future reference.

These Terms & Conditions will be updated from time to time. Each time they are amended, you will have to log on and accept the most recent updated terms and conditions. The date that these general terms and conditions were last updated shall be indicated on the Terms & Conditions page of the DigitalHub Platform and/or Vision-net.ie website and acceptance of these is mandatory.

  1. DEFINITIONS AND INTERPRETATION

    1. The following expressions are given these meanings unless the context in which they are used requires a different meaning:

      "Account"
      means any account issued to the Client by the Supplier.
      "Agreement"
      means the Terms & Conditions as may be amended from time to time;
      "Business Day"
      means a day other than a Saturday, Sunday or public holiday in the Republic of Ireland;
      "Client" or "you"
      means the entity or the individual identified in the Registration Procedure;
      "Commencement Date"
      means the date when the Client register itself with the DigitalHub Platform and/or with the Vision-net.ie through the Registration Procedure;
      "Confidential Information"
      means in respect of each Party all information whether conveyed orally, in writing, in machine readable form or otherwise which relates to a Party's business, products, software, documentation, developments, trade secrets, know-how, personnel, suppliers and customers whether or not designated as "confidential information" by the disclosing Party together with all information derived from the above and all information designated as confidential or commercially sensitive or which ought reasonably to be considered confidential or commercially sensitive but does not include information which:
      1. is or becomes public knowledge other than by breach of clause 4 (Confidentiality);
      2. is received from a third party who lawfully acquired or developed it and who is under no obligation of confidence in relation to its disclosure; or
      3. is independently developed without the use of the other Party's Confidential Information.
      "Data Controller"
      has the meaning given to it in Data Protection Law;
      "Data Processor"
      has the meaning given to it in Data Protection Law;
      "Data Protection Law"
      means the General Data Protection Regulation (EU 2016/679), the ePrivacy Directive 2002/58/EC, as amended by 2009/136/EC, and any relevant transposition, successor or replacement of those laws and any applicable guidelines or codes of practice, and the terms defined in the Data Protection Law;
      "Data Subject"
      has the meaning given to it in Data Protection Law;
      "Deposit Account"
      is the account where the Supplier holds the amounts paid in advance by the Client to the Supplier;
      "DigitalHub Platform"
      means the hardware, firmware, equipment and other electronic, computer and telecommunications devices and equipment utilised by the Supplier for the provision of the Services;
      "DORA Regulation"
      means the Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector;
      "Dora Additional Terms"
      means the additional terms and conditions applicable to the Agreement whenever the Client uses the Services and is subject to DORA Regulation;
      "Fees"
      means the fees which appear in the My Usage Page and which the Client is to pay for the Services;
      "Intellectual Property Rights"
      means (a) copyright, all rights in the nature of copyright, moral rights, patents, rights in semi-conductor chip topographic, Internet domain names and website addresses and other similar rights or obligations database rights and rights in trademarks, trade names, logos, trade dress, designs, know-how and confidential information (whether registered or unregistered); (b) applications for registration, and the right to apply for registration, for any of these rights; and (c) all other intellectual property rights and equivalent or similar forms of protection existing anywhere in the world;
      "Login Details"
      means the password and user name to access the DigitalHub Platform and/or Vision-net.ie;
      "Login Web Page"
      means the web page of the DigitalHub Platform and of the Vision-net.ie where the Client access the DigitalHub Platform and of the Vision-net.ie using the Login Details and where the Client accept these Terms & Conditions by clicking the box;
      "My Usage Page"
      means the page of the DigitalHub Platform and/or Vision-net.ie where the Fees are listed;
      "Personal Data"
      has the meaning given to it in Data Protection Law;
      "Privacy Notice"
      means the Supplier privacy notice displayed on the website https://www.vision-net.ie/privacy.jsp which covers the DigitalHub Platform and Vision-net.ie. A privacy notice for IDVerify Services will be available at https://idverify.ie/privacy.html.
      "Processing"
      has the meaning given to it in Data Protection Law, and "Process" will be construed accordingly;
      "Registration Page"
      means the web page of the DigitalHub Platform and/or of the and/or Vision-net.ie where there are the instructions for an individual or a legal entity to register itself as a client and to create an Account;
      "Registration Procedure"
      means the registration of a legal entity and/or an individual using/sending an email to the Supplier or calling the Supplier according to the instructions set forth in the Registration Page.
      "Security Incident"
      an event, defined based on CRIF methodology, that materially undermines one or more IT security requirements (confidentiality, integrity and availability) of the Service and that affects the operation of the Client's technology infrastructure and/or the information transmitted by it.
      "Services"
      means the services to be provided by the Supplier through the Digital Hub Platform and/or Vision-net.ie via the web service, API, xml gateway, bulk data download or offline by email. The Services include those described from time to time in the Special Terms & Conditions;
      "Special Terms & Conditions"
      means the special terms and conditions applicable to a particular Service as per sections II of these Terms & Conditions;
      "Subcontractors"
      means the subcontractors listed in the Special Terms & Conditions;
      "Supervisory Authority"
      has the meaning given to it in Data Protection Law;
      "Supplier" or "we" or "CRIF Vision-net"
      means CRIF VisionNet Limited, a company registered in Ireland, with registered office at 3rd Floor, Adelphi Plaza, George's Street Upper Dun Laoghaire County Dublin A96 T927;
      "Terms & Conditions"
      means these terms applicable to all Services provided by the Supplier through the DigitalHub Platform and/or Vision-net.ie, the Terms & Conditions are comprehensive of the General Terms & Conditions set forth in section I and of the Special Terms & Conditions set forth in section II;
      "VAT"
      means Revenue Irish tax and customs value added tax;
      "Vision-net.ie"
      means the website vision-net.ie, vision-net.com or any other derivatives through which the Services (or some of them) may be provided.

    2. References to "we", "us" and "our" in these Terms & Conditions, if any, are to CRIF VisionNet Limited. References to "you" and "your" are references to you, the entity or individual who purchases one of our Services.

  2. Section I
    General Terms & Conditions

  3. THE SERVICES

    1. By using the DigitalHub Platform and/or Vision-net.ie, the Client agrees to be bound by the Terms & Conditions, which form the Agreement between the Client and the Supplier. The DORA Addition Terms shall apply to the Clients qualified as financial entity according to DORA Regulation. The Client, after having been registered according to the Registration Procedure and provided with the Login Details, may access the Registration Page and click the box for the acceptance of the Terms & Conditions and then follows the instructions to purchase the Services. If the Client does not agree with any of the terms of the Agreement, the Client should stop using the DigitalHub Platform and/or Vision-net.ie immediately. The Privacy Notice is available on the website (https://www.vision-net.ie/terms.jsp) which covers the DigitalHub Platform and Vision-net.ie. The person accepting the Terms & Conditions:
      1. warrants and represents that he / she has the authority to act on the Client's behalf;
      2. acknowledges that he / she has read and understood the Terms & Conditions and any other document submitted through the DigitalHub Platform and/or Vision-net.ie;
      3. acknowledges that he / she has read and understood the Privacy Notice;
      4. is deemed to have agreed to the terms of the Agreement on the Client's behalf;
      5. warrants and represents that the information provided (about himself/herself and about the Client) is true and correct.
    2. The Supplier is entitled to cancel or modify the Services or change the Terms & Conditions at any time for any reason at its sole discretion. Should a change occur, the Supplier will notify the Client via email of the new Terms and Conditions. If the Client does not agree with any of the updated terms of the Agreement, the Client should stop using the DigitalHub Platform and/or Vision-net.ie immediately and the Agreement will be considered terminated.
    3. The Services may be purchased solely for the Client's internal business purposes. The Client is not authorised to distribute, sell, publish or otherwise make a profit or income from any Service or information made available to the Client by the Supplier. The Client cannot purchase any Service on behalf of someone else.
    4. Login Details are personal to the Client and should not be shared with third parties. The Client is responsible for the safekeeping of their Login Details. The Supplier is not responsible for any loss or damage suffered by the Client as a result of other parties accessing the DigitalHub Platform and/or Vision-net.ie using its Login Details. The Supplier will be indemnified against any loss incurred by it as a result of such use.
    5. It is the responsibility of the Client to keep its account contact details and email address up-to-date. If a Client's email address changes, the Client agrees to notify the Supplier of the new email address. The Supplier reserves the right to suppress the email address on a Client's Account if the Client's email account no longer appears to be in service or after a certain number of bounce backs occur from the Client's email address from monitoring service update notifications , or if their email domain ceases to exist. The Supplier takes no responsibility for any loss or damage incurred by the Client as a result of not receiving emails due to their email address being automatically opted-out. The Client shall notify the Supplier in writing of any change in the information provided for the Account.
    6. When the Client registers with the DigitalHub Platform and/or Vision-net.ie, it will receive marketing communications from the Supplier electronically, by email to the provided business email address. The Client may opt out at any time.
    7. Should a Client opt-out of any of the service email options, it will be given the opportunity to opt back in through an annual service email to the Account, containing a link to the Vision-net.ie were the client can review and update its Account email preferences. The Client will be given the opportunity to opt back in to email communication or continue for the year ahead with its existing settings.
    8. The Supplier will send the Client update service notices of information about the DigitalHub Platform and/or Vision-net.ie amendments and enhancements. The Supplier shall communicate with the Client in three ways, by phone, by e-mail or by posting notices on the DigitalHub and Vision-net.ie Platform. The Client agrees to receive product updates and service announcements by phone or email that might materially affect the Account or the use of the Services.
    9. The Supplier may also write to the Client in letter format. In using or visiting the DigitalHub Platform and/or Vision-net.ie, the Client is agreeing that all notices, and communications that the Supplier provides to the Client electronically or otherwise, satisfy any legal requirement that such communications be in writing. The Clients should be aware that unprotected e-mail communication via the Internet is not secure and it is subject to possible interception, loss or alteration. The Supplier is not responsible for and will not be liable to the Client or anyone else for any damages in connection with any email sent by the Client to the Supplier or an e-mail by the Supplier to the Client or anyone else at the Client request.
    10. This DigitalHub Platform and/or Vision-net.ie or any portion of this it or any information provided by the Supplier either through the DigitalHub Platform and/or Vision-net.ie, API, xml gateway, bulk data download, offline by email or through our various mobile apps may not be reproduced, duplicated, copied, sold, visited or otherwise exploited for any commercial purpose without the express written permission of the Supplier. The Client may not frame or utilize any framing techniques to enclose any trademark, logo or other proprietary information of the DigitalHub Platform and/or Vision-net.ie or of the Supplier without the Supplier express written permission. Nor may the Client facilitates any third party to do so.
    11. The Supplier reserves the right to suspend the website and/or search and/or the usage of a Service in the event of a technical difficulty without notice. The Supplier will make every effort to ensure that any disruption will be kept to an absolute minimum.
    12. The Supplier is not responsible for the content of any material in any format, furnished to or accessed by the Client, which the Client accessed through using this the DigitalHub Platform and/or Vision-net.ie.
    13. A number of third-party tools are used on this site and across our mobile applications to provide a more user-friendly experience to the User, these are detailed in our cookies policy and include but are not limited to - Google Analytics to assess global visitor trends.

  4. FEES AND PAYMENT

    1. The Client agrees to pay the Supplier the Fees for access to the Service. The Client may pay in advance a certain amount in the Deposit Account prior to the use of the Services. The payment can be made with debit or credit card or bank transfer or bank check as detailed in the My Usage Page.
    2. Further specific economic and payment conditions are included in the My Usage Page. The Fees for access to the Services via API, XML gateway, bulk data download, custom monitoring or data files delivered offline by email, will be detailed in My Usage Page.
    3. The Fees will be calculated in accordance with the rates listed in My Usage Page, as amended from time to time. The client will be given 14 days prior notice of any amendments to their fees. A rolling balance (residual amount available for accessing the Services) will be displayed for the Clients reference when the Client accesses the Service. The Client will be required to pay an activation fee in order to cover costs related to the activation of the Client.
    4. The Fees and any additional charges payable under this Agreement are exclusive of VAT.
    5. The rolling balance of the Deposit Amount will be forfeited to the Supplier at the end of any contractual year.

  5. CONFIDENTIALITY

    1. All Confidential Information given by the Supplier to the Client or otherwise obtained, developed or created by the Supplier relating to the Supplier in connection with this Agreement shall be treated by the Client, its employees, agents and subcontractors as confidential in perpetuity and shall not be used other than for the benefit of the Supplier or, subject to the provisions of this clause 4 and shall not disclosed to third parties without the prior written consent of the Supplier.
    2. The Client shall ensure that only those of its employees, agents and its subcontractors to whom disclosure of the Confidential Information is required for the performance of its obligations and/or the exercise Confidential Information may be disclosed to the extent required by laws but in those circumstances the recipient shall:
      1. where possible, give the Supplier prompt written notice of any request for or actual disclosure;
      2. where practicable comply with its obligations under (i) before any disclosure occurs, so that the Supplier may have an opportunity to prevent the disclosure through appropriate legal means;
      3. use reasonable endeavours to protect the confidentiality of the relevant Confidential Information.
    3. The Client agrees that damages may not be an adequate remedy for any breach of this clause 4 by and the Supplier shall be entitled to obtain any legal and/or equitable relief, including injunction, in the event of any breach of the provisions of this clause 4 and the Client shall not oppose the granting of that relief.

  6. DATA PROTECTION

    1. General Provisions

    2. The Client undertakes to comply at all times with all Data Protection Law and any related legislation in so far as the same relates to the provisions and obligations of the Agreement.
    3. The Client is responsible for determining a valid legal basis under Data Protection Law for its processing, including obtaining Data Subjects' appropriate consent if required or appropriate.
    4. The Supplier undertakes to comply at all times with all Data Protection Law and any related legislation in so far as the same relates to the provisions and obligations of the Agreement.
    5. Neither Party shall be liable for failures to comply with Data Protection Law by the other Party.
    6. The Supplier and the Client warrant that they have appropriate organisational and technological processes and procedures in place to safeguard against any unauthorised access, loss, destruction, theft, use or disclosure of the Personal Data.
    7. The Supplier and the Client shall ensure that only such of its employees who may be required to assist in meeting its obligations under this Agreement shall have access to the Personal Data and shall ensure that all employees with access to the Personal Data have undergone training in the law of Data Protection and in the care and handling of Personal Data.
    8. The Client recognises that the Supplier must legitimately process personal data of the Client's employees and all persons using the Services (where applicable) in order to deliver the Service. This will include the management of contracts, activation of services, provision of helpdesk services, responding to communications, administrative matters including invoicing, and recording and monitoring usage of the Service for billing purposes, and otherwise complying with the Supplier's obligations to the Client in accordance with the terms of this agreement. For such processing activities, the Supplier is the Data Controller, unless it is acting as a Data Processor on behalf of the Client or a third Party.
    9. The Client recognises that the Supplier will also process personal data because it is necessary for its legitimate interests, for example recovering money owed by the Client, seeking advice on rights and obligations or recording and monitoring the usage of the Service for security purposes, business intelligence etc. For such processing activities, the Supplier is the Data Controller.
    10. The Supplier may also share data with third parties and their advisers where those third parties are acquiring, or considering acquiring, all or part of the Supplier business.
    11. In respect of personal data for which it is the Data Controller, the Supplier may share the personal data with, or transfer it to, third parties that it engages to assist in delivering the services to the Client, including the Supplier Affiliates; professional advisers where it is necessary to obtain their advice or assistance, including lawyers, accountants, IT services and infrastructure providers, data protection and information security advisers, public relations advisers, debt collection agencies, etc. Any third parties so engaged will be subject to a data processor or data sharing agreement if required under Data Protection Law. Transfers to Third Countries will be made in compliance with Data Protection Law.
    12. The Client undertakes to notify its employees of the processing of their personal data for these purposes or obtain the employee's consent (both to the extent required by Data Protection Law).
    13. Each Special Terms & Conditions determines the roles of the Parties involved in the processing of the personal data for Services.
    14. Neither party shall be entitled to recover from or be liable to the other in respect of any administrative fine or penalty imposed on it pursuant to Articles 83 and 84 of Regulation (EU) 2016/679 of the European Parliament ("GDPR").
    15. As regards the data processing activities that fall within the scope of the GDPR, neither Party hereto limits or excludes its liability, or waives its rights, in relation to the provisions set out in article 82 of the GDPR.

    16. Data Processing Provisions

    17. When the Supplier, according to the Special Terms & Conditions, processes the Personal Data as Data Processor on behalf of the Client, the Supplier will process the Personal Data in accordance with the following terms.
    18. The duration, the subject matters, the purpose, the nature of the processing, the description of the type of Personal Data and of the categories of data subjects to be processed, shall be set forth in the Special Terms & Conditions.
    19. In relation to the processing of Personal Data under this Agreement, Data Processor shall:
      1. process the Personal Data (including when making an international transfer of the Personal Data) only to the extent necessary in order to provide the Services and then only in accordance with the terms of this Agreement and the Data Controller's written instructions from time to time unless otherwise required by law. Where Data Processor is required by law to process the Personal Data otherwise than as provided by this Agreement, it will notify Data Controller before carrying out the processing concerned (unless the law also prevents Data Processor from doing so for reasons of important public interest);
      2. implement appropriate technical and organisational measures as required by Data Protection Law to ensure a level of security appropriate to the risks that are presented by the processing, in particular protection against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed under this Agreement;
      3. take all reasonable steps to ensure that only authorised personnel have access to the Personal Data and that any persons whom it authorises to have access to the Personal Data will respect and maintain all due confidentiality in relation to the Personal Data (including by means of an appropriate Services contractual duty of confidentiality where the persons concerned are not already under such a duty under the law);
      4. save for the Subcontractors, not engage any sub-processors in the performance of the Credit Gateway Services without the prior written consent of Data Controller and otherwise in accordance with clause 5.17 at all times;
      5. not do, or omit to do, anything, which would cause Data Controller to be in breach of its obligations under Data Protection Law;
      6. within 48 hours notify Data Controller if, in Data Processor's opinion, any instruction given to Data Processor infringes the Data Protection Law;
      7. within 48 hours notify Data Controller after becoming aware of a personal data breach;
      8. where applicable in respect of any Personal Data processed under this Agreement, co-operate with and assist Data Controller in ensuring compliance with:
        1. Data Controller's obligations to respond to requests from any data subject(s) seeking to exercise its/their rights under the Data Protection Law, including by notifying Data Controller of any written subject access requests Data Processor receives relating to Data Controller's obligations under the Data Protection Law; and
        2. Data Controller's obligations under the Data Protection Law to:
          1. ensure the security of the processing;
          2. notify the relevant Supervisory Authority, and any data subject(s), where relevant, of any breaches relating to Personal Data;
          3. carry out any data protection impact assessments (each a "DPIA") of the impact of the processing on the protection of Personal Data;
          4. Consult the relevant Supervisory Authority prior to any processing where a DPIA indicates that the processing would result in a high risk in the absence of measures taken by Data Controller to mitigate the risk.
    20. Data Processor will ensure that any sub-processor it engages to provide any services on its behalf in connection with this Agreement does so only on the basis of a written services agreement which imposes on such sub-processor terms compliant with Data Protection Law. Data Processor shall be directly liable to Data Controller for:
      1. any breach by the sub-processor of any of the sub-processor data protection terms;
      2. any act or omission of the sub-processor which causes:
        1. Data Processor to be in breach of this Agreement;
        2. Data Controller or Data Processor to be in breach of the Data Protection Law.
    21. The Data Controller hereby approves the use of Subcontractors as sub-processors for provision of the Services.
    22. Where Data Controller has given a general authorisation to Data Processor to engage sub-processors, then prior to engaging a new sub-processor under the general authorisation Data Processor will notify Data Controller of any changes that are made and give Data Controller an opportunity to object to them.
    23. The Data Processor shall make available to the Data Controller reasonable information necessary to demonstrate compliance with the obligations laid down in this clause 5 and shall provide the Data Controller the right to conduct a reasonable audit and/or inspection of Data Processor's processing operations to satisfy the Data Controller that Data processor is in compliance with this clause 5 when it acts as data processor. The audit may be conducted by the Data Controller at the following conditions:
      1. any of the Data Controller's reasonable audit and inspections costs are borne by the Data Controller;
      2. the audit is conducted no more than once per year;
      3. the Data Controller has notified at least 20 Business Days in advance its intention to conduct an audit;
      4. the Data Controller uses reasonable endeavours to conduct such audits in a manner that will result in a minimum of inconvenience to Data Processor's business operations;
      5. the Data Controller has no access to documentation that is reasonably categorised as "strictly confidential" and for "internal usage only";
      6. the Data Controller does not infringe any intellectual property right of the Data Processor;
      7. the Data Controller does not have full and free access to the Data Processor's premises and records;
      8. the Parties define in advance and in writing the scope and perimeter of the audits;
      9. the Data Controller complies with the Data Processor written safety, security and confidentiality policies and internal procedures;
      In any case, the involvement of third parties engaged in activities competing with the Data Processor is excluded. Any employees, consultants, auditors, or third parties that perform audits on behalf of the Data Controller shall be informed of the existence and content of this clause and shall be required to enter into appropriate written confidentiality agreements with the Data Controller. The Data Controller shall be fully responsible with regard to the Data processor for the carrying out of the audits conducted directly or indirectly on behalf of the Data Controller and shall indemnify the Data Processor from any damage or harm resulting therefrom. The subject and scope of the audits and the areas to be audited shall be clearly defined in writing between the Parties before the start of the audits, which may, in any event, be carried out, based on the Data Controller's needs, either electronically or on-site, in accordance with the provisions of this clause.
    24. If the Data Processor transfers any Personal Data received from or on behalf of the Data Controller:
      1. outside the European Economic Area;
      2. to any third party (which shall include any affiliates of Data Processor) where such third party is located outside the European Economic Area;
      The Data Processor will ensure that such transfers are executed in accordance with the requirements of the relevant Data Protection Law
    25. Upon completion of any Service, the Data Processor will at the Data Controller's discretion:
      1. delete; or
      2. return to Data Controller;
      all Personal Data processed for the provision of that Service unless the Supplier processes such data for other purposes, except to the extent that Data Processor is required by law to retain any copies of the Personal Data.

  7. INTELLECTUAL PROPERTY RIGHTS

    1. All Intellectual Property Rights belonging to a party prior to signing of this Agreement shall remain vested and remain the property of that party. Additional clauses on Intellectual property will be set forth in the Special Terms & Conditions.
    2. All content included on the DigitalHub Platform and Vision-net.ie is the property of the Supplier or its suppliers and is protected by copyright law.
    3. The Client authorises the Supplier to include and use the Client’s name and logo, if any, in the reference client list used by the Supplier for commercial purposes, including but not limiting to promotional material, participation of tenders and case studies in relation to the Services.

  8. TERM

    This Agreement will come into effect on the Commencement Date and will continue for one year; the term will be automatically renewed, from year to year, until terminated in accordance with the provisions of clause 8 of this Agreement.

  9. TERMINATION AND OTHER REMEDIES

    1. The Supplier may terminate this Agreement for no cause, in any moment, by giving 10 days' notice in writing to the Client.
    2. This Agreement may be terminated immediately by the Supplier upon written notice to the Client, if the Client:
      1. is in material breach of any of its substantive obligations under this Agreement and/or the Special Terms & Conditions and in the case of a breach capable of remedy has failed to remedy such breach within 30 days of delivery of the notice requiring such remedy; or
      2. the other suffers or threatens to suffer any form of liquidation or insolvency or administration in any jurisdiction or ceases or threatens to cease to carry on business, save that no such right of termination will arise by reason only of a solvent reconstruction, amalgamation or scheme of arrangement.
    3. This Agreement terminates if:
      1. The Client provides a 14 days' written notice of termination to the Supplier;
      2. the Deposit Account is exhausted, unless another payment option is chosen and activated before the Deposit account is exhausted even before the termination of a contractual year;
      3. there is no purchase on the Deposit Account for a period of 180 consecutive days and the remaining balance of the Deposit Account is lower than the amount necessary for the minimum purchase;
      4. if there is no purchase on the Deposit Account for a period of twelve (12) consecutive years;
      5. the Deposit Account annual term is expired.
    4. The termination of this Agreement shall be without prejudice to the rights of the Supplier, which have accrued prior to such termination, or to any provision of this Agreement which by its terms is intended to survive termination of this Agreement or in respect of any sums or other claims outstanding at the time of such termination.
    5. If this Agreement is terminated according to clauses 8.2, 8.3 and 8.4, Deposit Account paid by the Client will be forfeited to the Supplier.
    6. If the Agreement is terminated according to clause 8.1, the remaining balance of the Deposit Account will be returned to the Client.

  10. LIABILITY

    1. Neither the Client nor the Supplier will be liable to each other regarding this Agreement for any indirect, special or consequential loss or damages whether caused by breach of contract or tort (including negligence or breach of statutory duty) or arising in any other way.
    2. The Supplier's total aggregate liability to the Client in respect of all claims arising out of or in connection with this Agreement (including as a result of breach of contract, negligence or any other tort, under statute or otherwise) during the entire term of the Agreement for more than one event or series of linked events will be limited to no more than the fees (excluding VAT) paid by the Client to the Supplier under this Agreement in the previous contractual year or, if an event occurs in the first year of this Agreement, the value of the fees paid by the Client at the date of such event.
    3. The limits and exclusions of liability set out in Clauses 9.1 and 9.2 do not apply to:
      1. liability for death or personal injury caused by a party's negligence or that of its employees or agents;
      2. loss caused by fraud or fraudulent misrepresentation;
      3. any loss which by law cannot be excluded or limited.
    4. No responsibility can be assumed from or attributed to the Supplier regarding how the Client uses the Services provided through the DigitalHub Platform and/or Vision-net.ie. No responsibility can be assumed from or attributed to the Supplier regarding the decisions made by the Client through the use of Services. No responsibility can be accepted for any loss, damage, expense, or any delay in providing updated information or for inconvenience suffered by the Client or the Customers as a result of the Client use or interpretation of, or reliance upon, any information (be it accurate or otherwise) obtained using the Services provided by the Supplier through the DigitalHub Platform and/or Vision-net.ie.
    5. The Supplier makes no warranties or representations either express or implied in relation to the whole or part of the Services provided through the DigitalHub Platform and/or Vision-net.ie, including but not limited to implied warranties or conditions of completeness, accuracy, satisfactory quality and fitness for a particular purpose and that all such conditions, warranties, terms and undertakings, express or implied, statutory or otherwise in respect of the provision or non-provision of the Services and any other services supplied hereunder are hereby expressly excluded.

  11. FORCE MAJEURE

    1. The Supplier will be not liable for any failure or delay in its performance under this Agreement due to reasons beyond its reasonable control, including acts of war, acts of God, earthquake, flood, riot, embargo, sabotage or governmental act.

  12. NOTICES

    1. Any notice required to be given under the Agreement shall be in writing and shall be delivered by email as follows:
      1. To the Supplier at the email address helpdesk.vision-net@crif.com;
      2. To the Client at the email address the Client provides to the Supplier in the Online Registration Form
      or such other email address as either party notifies to the other party from time to time. A notice sent by email shall be deemed to have been received at the time the email enters the information system of the intended recipient provided that no error message indicating failure to deliver has been received by the sender.

  13. MISCELLANEOUS

    1. The Supplier may assign or in any way transfer or dispose of all or any of its rights (including the benefit of any licence) under or derived from this Agreement, or any part of them, to third parties.
    2. The Supplier is authorised to subcontract with any person to perform any part of this Agreement or aspect of the Services. The Supplier shall remain fully responsible and liable for the proper performance of the subcontracted obligations under the terms of the Agreement. The Supplier ensures that if the Services are provided by Subcontractors, the Subcontractors fulfil the obligations of this Agreement.
    3. This Agreement constitutes the entire agreement between the parties with respect to the subject matter of this Agreement. This Agreement supersedes and extinguishes any previous agreement between the parties relating to the subject matter thereof. Each of the parties acknowledges and agrees that in entering into this Agreement, it does not rely on, and shall have no remedy in respect of, any statement, representation, warranty or understanding (whether negligently or innocently made) other than as expressly set out in this Agreement. Nothing in this Clause 14 shall operate to exclude any liability for fraud.
    4. If any Clause (or part of a Clause) of this Agreement should be found not to be valid, lawful or enforceable by a court having proper authority or if the law changes so that it becomes invalid, unlawful or unenforceable to any extent the Clause (or part affected) will be treated as having been deleted from the remaining terms of this Agreement which will continue to be valid. In addition, the parties will use reasonable efforts to replace the deleted Clause (or part) with a valid replacement provision which is as close as possible to the one that has been deleted.
    5. If either party delays or fails to exercise its rights under this Agreement it does not prevent that party from exercising those rights at any time afterwards. In addition, if a party waives its right on one occasion this does not mean that the party has lost (or waived) these rights on a later occasion.
    6. This Agreement is governed by and construed and interpreted in accordance with law of the Republic of Ireland. The Courts of the Republic of Ireland shall have exclusive jurisdiction to settle any disputes arising out of or in connection with this Agreement.

  14. Section II
    Special Terms & Conditions

  15. Credit Check Information and PEP & Sanctions Services

  16. Definitions

    "CRO"
    means Companies Registration Office.
    "Database"
    means the data content and software on the website Vision-net.ie.

  17. Object

    1. The Supplier agrees to allow the Client to access the information contained in the Database. This information is received from a variety of sources which include the Companies Registration Office, the UK Companies House, the Land Registries Online Service, www.landdirect.ie, Registry Trust Ltd. Judgment database and others. All usage is therefore governed in turn by those organisations terms and conditions of trading, which the Client is also agreeing to be bound by.
    2. The information contained in this Database has been supplied largely by the CRO, which in turn was supplied by or on behalf of companies, pursuant to statutory obligation. The CRO, UK Companies House, and NI Company Registers are some of the main suppliers of this data, they do not, and cannot, vouch for the accuracy of such information. The Supplier shall not be responsible for the consequences of any errors or omissions in the information held on its Database.
    3. The Supplier will send the Client update notices of the Client's previously searched companies.

  18. Client's obligations

    1. All data accessed from the Database will be used in accordance with the Data Protection Law.
      1. Personal data sourced from the CRO and downloaded from the CRIF Vision-net service may not be used for Direct Marketing purposes. This includes restricting the use of a Director's home address for marketing purposes.
      2. The Client must also observe the NDD directory guidelines for opt-out suppression when contacting telephone numbers accessed from the service.
    2. The Client acknowledges that records accessed through the Database will be as up to date as the date stamp within the "My Vision-net.ie" section of the DigitalHub Platform and/or Vision-net.ie. This date will also appear on the bottom of each Company Report or Business Name report.

  19. Liability

    1. The information is accurate but it is not guaranteed. The Supplier accept no responsibility for any loss, damage, expense, or any delay in providing updated information or inconvenience suffered by a customer as a result of the Client's use or interpretation of, or reliance upon, any information (be it accurate or otherwise) provided from the Database.
    2. The contents of this website are provided as an information guide only from a number of sources and partners. With regard to Company Searches, it should be noted that the information contained on the various Registers in relation to Companies or Directors, Business Names and Limited partnerships has been supplied to the relevant Company Registries by third parties. These Third parties have supplied it pursuant to statutory obligation, including the obligation not to knowingly or recklessly supply false information. As such the Supplier cannot vouch for the accuracy of the information which has been supplied by third parties. The Supplier shall not be responsible for the consequences of any error or omission in the information held on this Database.

  20. Subcontractors

    1. In providing the Credit Check Information and PEP & Sanctions Services the Supplier may subcontract some activities to its affiliates.

  21. Data Protection

    1. In providing the Credit Check Information and PEP & Sanctions Services, the Supplier and the Client will be independent Data Controllers.

  22. IDVerify Service

  23. Definitions

    "Customer(s)"
    means the customers of the Client;
    "Customer Documents"
    means the documents to be uploaded by the Customers in the DigitalHub Platform;
    "DigitalHub Web Page"
    means the web page within the DigitalHub Platform, where the Customer may upload the Customer Documents;
    "IDVerify Service"
    means the service which allows the Client to manage the digital onboarding process of its Customers, to verify the Customers' identity and to update the information relating to its Customers for the Permitted Purpose.
    "Permitted Purpose"
    mean the verification of an individual's identity, age or address information for lawful purposes of identity verification, fraud prevention or enforcement of laws designed to prevent money laundering.

  24. Object

    1. The Supplier shall provide the IDVerify Service and the Client shall pay the relevant Fees.
    2. The Client shall use the IDVerify Service solely for the Permitted Purpose.
    3. The IDVerify Service is provided solely through the DigitalHub Platform.

  25. Execution of the IDVerify Service

    1. The Supplier shall send to the Customers, in the name of and on behalf of the Client, an email containing the link of the DigitalHub Web Page where the Customer will be registered and, according to the instructions, shall upload the Customer Documents.
    2. In processing the Customer Documents, the Supplier will not be held liable for any inaccuracies or incompleteness of such Customer Documents. Under no circumstances, by accessing such Customer Documents, the Supplier shall be deemed to be the Data Controller of the personal data.

  26. Client's obligations

    1. The Client warrants and represents to the Supplier that:
      1. it is legitimised to process the Customers' personal data as Data Controller;
      2. the Customers have been informed by the Client that their personal data will be processed by the Supplier as Data processor on behalf of the Client which is the Data Controller;
      3. shall at all times conform with all applicable laws and regulations;
      4. the Client has obtained the legally required authorisations and consents, or provided any legally required notifications for any data transfer to the Supplier for the purposes of receiving the IDVerify Service;
      5. the Client has obtained the appropriate, free, active and informed consent from each Customer in accordance with the applicable law for the collection, disclosure and use of personal data prior to requesting the IDVerify Service.

  27. Liability

    1. The Supplier will not assume any responsibility with respect to the correctness, thoroughness, congruity, completeness or truthfulness of the Customer Documents and consequently will not be liable to the Client and/or third parties for any direct, indirect or consequential loss (all three of which terms include, without limitation, loss of enjoyment, loss of profits, loss of business, depletion of goodwill and like loss), costs, damages, charges or expenses caused directly or indirectly as a result of any incorrect, inaccurate or inconclusive Customer Documents. Neither party excludes or limits its liability to the other party for fraud or fraudulent misrepresentation, death or personal injury caused by negligence, or any matter in respect of which it would be unlawful for the parties to exclude such liability.
    2. The Supplier will not be liable for the integrity, completeness and correctness of the means the data extracted from the Customer Documents.

  28. Data Protection

    1. In providing the Id Verification Service, the Supplier will be Data Processor on behalf of the Client who shall be Data Controller.
    2. The processing to be carried out by the Data Processor is as follows:
      1. the subject matter of the processing is the provision of the IdVerify Service.
      2. the duration of the processing will be until the expiration of the IdVerify Service contract with the Client.
      3. the nature of the processing is the remote verification of a data subject's identity through the use of image capture, biometric identification and liveness checks, and identity document collection, and OCR data extraction. This includes the processing of Special Category data within the meaning of Data Protection Law.
      4. the purpose of the IdVerify Service is to provide the Client with the verification of a data subject's identity, age or address information for lawful purposes of identity verification, fraud prevention or enforcement of laws designed to prevent money laundering.
      5. the type of Personal Data to be processed includes:
        1. Name, surname, or company name;
        2. Address;
        3. Date of birth;
        4. Contact details- email and telephone numbers;
        5. Facial images;
        6. Customers' ID documents (e.g. driving licence; passports; national identity cards);
        7. Proof of income: e.g. payslips etc.;
        8. Proof of address: e.g. utility bills, bank statements etc.
      6. the categories of data subjects are Customers and prospective Customers of the Client

  29. Subcontractors

    1. The Subcontractors are: CRIF S.p.A. (Italy), Amazon Web Services (AWS), DNR Technologies Solutions Limited, InfoCert S.p.A. (Italy), Google Ireland Limited.

  30. Data Storage Service

  31. Definitions

    "Storage Space"
    is a space in cloud to store the Storage Content.
    "Storage Content"
    means the information purchased by the Client through the DigitalHub Platform and the documents upload by the Customers of the Client using the IDVerify Service.

  32. Object

    1. The Client may store the Storage Content in the Storage Space for a fee. The Client may access, transfer, and process the Storage Content. The Storage Service is provided solely through the DigitalHub Platform.
    2. The Storage Content will be available in the Storage Space until the Client renew the Storage Service; if the Storage Service is not renewed the client's Vision-net account is not renewed, clause 8 of the General Terms & Conditions shall apply and also clause 3 below.
    3. The Supplier shall employ reasonable industry standard security procedures for the transfer, transmission, storage, or accessing of Storage Content.

  33. Client's Obligations

    1. The Supplier will inform with a 30 days written advance notice, that the Storage Service is going to be renewed and the Client shall therefore have 30 days:
      1. to download the Storage Content or;
      2. to pay the required Fees.
    2. If the Client does not download the Storage Content or not pay the Fees for the Renewal, the Storage Content will be deleted within 60 days.

  34. Liability

    1. The Supplier is not responsible for the backup and recovery of data on the Storage Space. The Supplier is not responsible for the Client's failure to implement a working backup and recovery plan or its failure to download the Storage Content.

  35. Data Protection

    1. In providing the Data Storage Service, the Supplier will be Data processor on behalf of the Client who shall be Data Controller.
    2. The processing to be carried out by the Data Processor is as follows:
      1. the subject matter of the processing is the provision of the Data Storage Service.
      2. the duration of the processing will be until the expiration of the Data Storage Service contract with the Client.
      3. the nature of the processing is the electronic storage on behalf of the Client of Customer screening and verification documents and data purchased by the Client through the DigitalHub Platform and/or Vision-net.ie, and the documents uploaded by the Customers of the Client using the IDVerify Services.
      4. the purpose of the Data Storage is to provide the Client with the facility to electronically store data they have gathered from and about Customers and prospective Customers .
      5. the type of Personal Data to be processed includes:
        1. name, surname, company name and aliases;
        2. Date of Birth;
        3. Current and previous address;
        4. Political exposure, including the identity of the person to whom they are exposed (for example relatives or associates). This is Special Category data within the meaning of Data Protection Law;
        5. Sanctions checks;
        6. Probity checks using CRIF Vision-net's Consumer Check Individual;
        7. Customers' ID documents (e.g. driving licence; passports; national identity cards);
        8. Proof of income: e.g. payslips etc.;
        9. Proof of address: e.g. utility bills, bank statements etc.;
        10. Usage audit trails of users of the Data Storage Service.
      6. the categories of data subjects are Customers and prospective Customers of the Client and employees of the Client

  36. Subcontractors

    1. The Subcontractors are: Amazon Web Services (AWS), DNR Technologies Solutions Limited, InfoCert S.p.A. (Italy), Google Ireland Limited.

  37. Neos Service (assessment of Customers)

  38. Definitions

    "Application Processing Solution"
    means the application processing solution utilised by the Supplier, for automated management of the process of assessing the creditworthiness of a Customer.
    "Bank Account Data"
    means the Customer's financial account data from one or more Customer's online bank accounts collected according to the Customer's written instructions to a RAISP including:
    1. financial account details (such as, by way of example, account number, type, currency, balance); and
    2. transaction details (such as, by way of example, transaction amount, date, description, currency); and, if available;
    3. Customer's data (such as name, surname –or company name- address, telephone).
    "Customer"
    means a sole trader, legal entity and/or an individual which are customers of the Client.
    "End User License Agreement"
    means the agreement entered into between the Customer and a RAISP for the access to the Customer's Bank Account Data.
    "NEOS (New Evaluation Open Suite) Service"
    means the online service provided by the Supplier that allows the Client the right to use the Application Processing Solution, for automated management of the process of assessing the creditworthiness of a Customer, according to the following features that the Client can select. In particular, the service allows the Client: (i) to collect the Bank Account Data of the Customer in order to elaborate the Output and (ii) to develop specific key performance indicator ("KPI") based on the Bank Account Data in order to, by way of example, categorize the expenses, to set spending target, all through the use of the Supplier's algorithms.
    "Output"
    means the Customer evaluation based on the Bank Account Data.
    "RAISP"
    means CRIF RealTime Ireland Limited, acting as a duly Registered Account Information Service Provider as per the UE Directive 2015/2366 on payment services in the internal market and the Payment Services Regulation 2017 n. 752/2017.

  39. Purpose and Description of the NEOS Service

    1. The Supplier undertakes to supply the NEOS Service to the Client, who accepts and undertakes to pay the Supplier the consideration for the NEOS Service, in accordance with all the following agreed terms and conditions. In providing the NEOS Service, the Supplier shall provide the Client with the Output.

    2. The Supplier undertakes to make available to the Client the access to the NEOS Service by electronic means in the way and under the conditions provided hereof.

    3. The Client acknowledges that:

      1. the NEOS Service is not an automatic decision-making or valuation system;

      2. the decisions taken by the Client are adopted in complete autonomy under its liability;

      3. it is not obliged to accept the recommendations set forth in the Output;

      4. the evaluations resulting from the NEOS Service are based on the Bank Account Data provided by the Client, through the RAISP. In carrying out the formal logic checks on the recorded information, the Supplier has the right to adopt interpretations of this information based on its knowledge and experience.

    4. Through the NEOS Service, the Supplier does not give any suggestion to the Client or does take any decision on behalf of the Client.

    5. No responsibility can be assumed and/or attributed to the Supplier as to the decisions taken by the Client, according to what is set out in clause 4 below.

  40. Access to the NEOS Service

    1. The Client acknowledges that the processing of Customer Bank Account Data and the provision of the NEOS Service are subject to the execution of the End User License Agreement. By signing the End User License Agreement, the Customer expressly authorizes the RAISP to access Customer Bank Account Data, to collect and return them, among other things, to the Client. For the purposes set out above, the Client guarantees that it can lawfully receive the Customer Bank Account Data and process them for the purposes of the NEOS Service. The Client declares that it wishes to receive these Customer Account Data directly at the Supplier.

    2. The Supplier shall send to the Customer, on behalf of the Client, an e-mail containing the link of the RAISP web site where the Customer shall sign the End User License Agreement. The Client is aware that the supply of the NEOS Service shall begin after the execution of the End User License Agreement.

    3. The Client acknowledges that all rights, title and interest in the software, process and in the documentation related to the NEOS Service shall remain with the Supplier and that the Client has not through this Agreement acquired any right, title, interest, copyright, trade secret, trademarks, patent or other proprietary rights in such software, process and documentation or in any change and updates.

    4. The Supplier reserves the right to select the most suitable technical and organisational methods and procedures for the provision of the NEOS Service and carries out constant monitoring of the NEOS Service, reserving the right to accordingly modify or upgrade it as the case may be. The Supplier shall notify in writing the Customer of any such changes with adequate notice.

    5. The Supplier makes no guarantees and shall have no liability or obligation whatsoever in relation to the content or use of, or correspondence with the RAISP or any transactions completed, and any agreement entered into by the Client with the RAISP.

    6. In processing the Bank Account Data, the Supplier will not be held liable for any inaccuracies or incompleteness of such Bank Account Data. In no circumstances, by accessing such Bank Account Data, the Supplier shall be the Data Controller of the personal data.

    7. The Client agrees to hold harmless the Supplier from any claims of third parties in relation to the access to the RAISP, including, without limitation, in case this Agreement terminates for any cause.

  41. The Supplier liabilities

    1. The Supplier accepts no responsibility in terms of accuracy, completeness, consistency or truthfulness of the Bank Account Data as well as for any other deliverable provided within the NEOS Service on the basis of such information. In particular, the Supplier shall have no responsibility for the decisions and/or evaluations made by the Client on the basis of the Output and other information provided through the NEOS Service, which shall be considered as mere indications supporting the Client.

    2. The Supplier undertakes to comply with any laws, rules and regulations which refer to the activities subject to this Agreement, it being understood that the Supplier, in the pursuit and constant maintenance of this compliance, may introduce legally necessary and appropriate variations to the structure of the Output supplied, notwithstanding any opposition or claims by the Client.

    3. The Client acknowledges that the NEOS Service cannot satisfy every need of the Client and it is the Client's responsibility to verify that the NEOS Service satisfies its own needs. The Supplier does not warrant that the NEOS Service will be uninterrupted or error free.

    4. The Supplier is not responsible for any delays, failures, or any other loss or damage resulting from the interruption of the communications networks, including the internet, and the Client acknowledges that the NEOS Service may be subject to limitations, suspension due to the problems inherent in the use of such communications networks where those are not under the Supplier's control.

    5. In case of any claims, disputes arising from any Customer and/or other persons in connection with the processing by the Supplier of the Bank Account Data under this Agreement, the Client shall be responsible for such claims, disputes and is obliged to reimburse the Supplier with the amount of any costs and expenses incurred as a result of such claims, disputes provided that the Supplier processed the Bank Account Data in full compliance with all applicable laws and fully in line with Client's instructions.

    6. The Output is not a credit rating and has not been issued by a credit rating agency regulated by the European securities and market authority (ESMA) and should not be interpreted or relied upon as such.

  42. The Client's liabilities and obligations

    1. The Supplier shall not be liable for any use the Client may make of the Output and for the data and evaluations obtained through the NEOS Service should such use violate the rights of any Customer, or any interested third party and/or conflict with the aims of this Agreement and Data Protection Law as well as any other applicable laws.

    2. The Client is authorized to use the NEOS Service to satisfy its internal business purposes only. The Client is not authorized to use the Output and or the NEOS Service to provide to any third party, including any Client affiliate, any form of service-bureau, time-sharing services or services of any other kind, either free of charge or for payment. It is understood that "internal business purposes" means that the NEOS Service can be used only to evaluate its own Customers.

    3. The Client undertakes not to use, either directly or through third-party or affiliated companies, the information and/or documents of any type or by any means received from the Supplier within the NEOS Service, to independently develop or commission to third parties' systems or services similar to those provided under this Agreement, even if intended for internal use only.

    4. The Client shall maintain the confidentiality of any information originating from the NEOS Service and to put in place the appropriate measures and controls so that these confidentiality obligations are respected by its employees.

    5. In case the Client has appointed a technical processor to technically connect to the Application Processing Solution and/or to receive the e-mail containing the link of the RAISP website, the Client will inform the Supplier about such appointment and will be liable for all the activities performed by such technical processor; the Client shall indemnify the Supplier for any damage causes by such technical processor to the Supplier.

  43. Warranties

    1. The Client warrants and represents to the Supplier, that:

      1. it has full capacity and authority and all necessary consents to enter into and to perform this Agreement and that the Agreement is executed by a duly authorised representative of the Client;

      2. it shall perform its responsibilities set out in this Agreement using reasonable skill and care;

      3. it shall comply with all Data Protection Law, all applicable laws and regulations;

      4. when required by the applicable law, it is authorised to deliver the Bank Account Data to the Supplier;

      5. no part of the data and information provided, nor the provision of such data shall be in breach of any applicable law, regulation, standard or code of conduct (as varied from time to time) including, without limitation, any such law, regulation, standard or code of conduct relating to data protection;

      6. the usage of the NEOS Service and the processing of the Personal Data obtained through the NEOS Service are in compliance with the Data Protection Law

      7. the data and information shall not infringe the Intellectual Property Rights of any third party, nor be obscene, libellous or defamatory of any third party.

    2. The Client further warrants and represents to the Supplier that:

      1. the Bank Account Data, made available by the Client to the Supplier for further processing by the Supplier on the Client's behalf, have been collected legally and are not subject to any limitations under the applicable laws, including Bank Secrecy and Data Protection Law;

      2. the Client has obtained the legally required authorisations and consents, or provided any legally required notifications for any data transfer to the Supplier for the purposes of receiving the NEOS Service.

    3. Except as expressly set forth in this Agreement, the Supplier makes no warranties or representations either express or implied in relation to the whole or part of the NEOS Service, including but not limited to implied warranties or conditions of completeness, accuracy, satisfactory quality and fitness for a particular purpose and that all such conditions, warranties, terms and undertakings, express or implied, statutory or otherwise in respect of the provision or non-provision of the NEOS Service and any other services supplied hereunder are hereby expressly excluded.

  44. Liabilities

    1. No responsibility can be assumed from or attributed to the Supplier regarding how the Client uses the NEOS Service. No responsibility can be assumed from or attributed to the Supplier regarding the decisions made by the Client through the use of NEOS Service. No responsibility can be accepted for any loss, damage, expense, or any delay in providing updated information or for inconvenience suffered by the Client or the Customers as a result of the Client use or interpretation of, or reliance upon, any Output (be it accurate or otherwise) provided by the Supplier.

    2. The Supplier will not assume any responsibility with respect to the correctness, thoroughness, congruity, completeness or truthfulness of the Output and consequently will not be liable to the Client and/or third parties for any direct, indirect or consequential loss (all three of which terms include, without limitation, loss of enjoyment, loss of profits, loss of business, depletion of goodwill and like loss), costs, damages, charges or expenses caused directly or indirectly as a result of any incorrect, inaccurate or inconclusive Output. Neither party excludes or limits its liability to the other party for fraud or fraudulent misrepresentation, death or personal injury caused by negligence, or any matter in respect of which it would be unlawful for the parties to exclude such liability.

    3. The Supplier has not carried out any due diligence and has not audited the Data and information furnished by Client and/or by the RAISP. Because of the possibility of human and mechanical error as well as other factors all information and data are provided "AS IS" without warranty of any kind, and the SUPPLIER, IN PARTICULAR, MAKES NO REPRESENTATION OR WARRANTY, EXPRESS OR IMPLIED, TO CLIENT OR ANY OTHER PERSON OR ENTITY AS TO THE ACCURACY, TIMELINESS, COMPLETENESS, MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OF THE OUTPUT.

  45. Indemnities

    1. The Client hereby indemnifies and holds harmless the Supplier against all losses, costs, damages, demands, liabilities, expenses and claims incurred by the Supplier (including without limitation, in relation to any third party claim and the Supplier's expenses in defending and/or settling such third party claim) to the extent that they result directly or indirectly from:

      1. a breach by the Client of its representation, warranties and obligations under this Agreement;

      2. any claims from the Client, or other third party, arising out of any reliance on the NEOS Service and the Output.

    2. In addition, the Client shall indemnify the Supplier and/or discharge the Supplier from any responsibility in the case of legal actions, criminal, civil and/or administrative proceedings, claims, damages, losses, expenses and costs caused to or faced by the Supplier as a result of the Client's breach of its representations, warranties and obligations under this Agreement.

  46. Data protection

    1. Where the Bank Account Data contains Personal Data, the Supplier becomes a Processor in respect of such Personal Data.

    2. The processing to be carried out by the Processor is as follows:

      1. the subject matter of the processing is the provision of the NEOS Service.

      2. the duration of the processing will be until the expiration of the NEOS contract.

      3. the nature of the processing is the electronic calculation of a Customer's behavioural score based on the Bank Account Data received from the RAISP on behalf of the Client.

      4. the purpose of the NEOS Service is to provide the Client with the Output.

      5. the type of Personal Data to be processed includes:

        1. financial account details (such as, by way of example, account number, type, currency, balance); and

        2. transaction details (such as, by way of example, transaction amount, date, description, currency); and, if available;

        3. customer's data (such as name, surname –or company name- address, telephone); and possibly

        4. special data eventually referenced in the transaction description;

      6. the categories of data subjects are Customers and other data subjects identifiable from the transaction details.

    3. The Client warrants that it has been authorised by the Customers to receive the Bank Account Data for their processing pursuant to the purposes of this Agreement.

    4. The Processor is authorised to generate anonymous data derived from or based on the Bank Account Data so that the results are no longer personally identifiable with respect to any individual and/or to generate synthetic data; the Supplier is authorized to utilize the anonymous/synthetic information for its own purposes.

  47. Intellectual Property

    1. The Supplier and/or its Subcontractors shall retain all the Intellectual Property Rights in the Application Processing Solution. The Client acknowledges it has and will have no ownership in the Application Processing Solution.

    2. The Output may not be copied or otherwise reproduced, repackaged, further transmitted, transferred, disseminated, distributed, redistributed, sold, resold, leased, rented, licensed, sublicensed, altered, modified, adapted, or stored for subsequent use for any such purpose, in whole or in part, in any form or manner or by any means whatsoever, by client or any other person or entity, without the Supplier prior written consent.

    3. The Client agrees and acknowledges that the Output is and shall remain the valuable intellectual property owned by, or licensed to, the Supplier that no proprietary rights are being transferred to the Client in such materials or in any of the information contained therein or in the Output. The Client agrees that misappropriation or misuse of such materials shall cause serious damage to the Supplier (and the Subcontractors) and that in such event damages may not constitute sufficient compensation to the Supplier; the Client agrees that in the event of any misappropriation or misuse, the Supplier shall have the right to obtain injunctive relief in addition to any other legal or financial remedies to which the Supplier may be entitled.

  48. Subcontractors

    1. The Subcontractors are: CRIF S.p.A. and Amazon Web Services (AWS).

  49. Neos Service (self assessment)

  50. Definitions

    "Application Processing Solution"
    means the application processing solution utilised by the Supplier, for automated management of the process of assessing the creditworthiness of the Client.
    "Bank Account Data"
    means Client's financial account data from one or more Client's online bank accounts collected according to the Client's written instructions to a RAISP including:
    1. financial account details (such as, by way of example, account number, type, currency, balance); and
    2. transaction details (such as, by way of example, transaction amount, date, description, currency); and, if available;
    3. Client's data (such as name, surname –or company name- address, telephone).
    "End User License Agreement"
    means the agreement entered into between the Client and a RAISP for the access to the Client's Bank Account Data.
    "NEOS (New Evaluation Open Suite) Service"
    means the online service provided by the Supplier that allows the Client the right to use the Application Processing Solution, for automated management of the process of assessing its creditworthiness, according to the following features that the Client can select. In particular, the service allows the Client: (i) to collect its Bank Account Data in order to elaborate the Output and (ii) to develop specific key performance indicator ("KPI") based on the Bank Account Data in order to, by way of example, categorize the expenses, to set spending target, all through the use of the Supplier's algorithms.
    "Output"
    means the Client evaluation based on the Bank Account Data.
    "RAISP"
    means CRIF RealTime Ireland Limited, acting as a duly Registered Account Information Service Provider as per the UE Directive 2015/2366 on payment services in the internal market and the Payment Services Regulation 2017 n. 752/2017.

  51. Purpose and Description of the NEOS Service

    1. The Supplier undertakes to supply the NEOS Service to the Client, who accepts and undertakes to pay the Supplier the consideration for the NEOS Service, in accordance with all the following agreed terms and conditions. In providing the NEOS Service, the Supplier shall provide the Client with the Output.

    2. The Supplier undertakes to make available to the Client the access to the NEOS Service by electronic means in the way and under the conditions provided hereof.

    3. The Client acknowledges that:

      1. the NEOS Service is not an automatic decision-making or valuation system;

      2. the decisions taken by the Client are adopted in complete autonomy under its liability;

      3. it is not obliged to accept the recommendations set forth in the Output;

      4. the evaluations resulting from the NEOS Service are based on the Bank Account Data made available by the Client, through the RAISP. In carrying out the formal logic checks on the recorded information, the Supplier has the right to adopt interpretations of this information based on its knowledge and experience.

    4. Through the NEOS Service, the Supplier does not give any suggestion to the Client or does take any decision on behalf of the Client.

    5. No responsibility can be assumed and/or attributed to the Supplier as to the decisions taken by the Client, according to what is set out in clause 4 below.

  52. Access to the NEOS Service

    1. The Client acknowledges that the processing of Customer Bank Account Data and the provision of the NEOS Service are subject to the execution of the End User License Agreement. By signing the End User License Agreement, the Client expressly authorizes the RAISP to access its Bank Account Data, to collect and return them, among other things, to the Client. For the purposes set out above, the Client guarantees that it can lawfully receive its Bank Account Data and process them for the purposes of the NEOS Service. The Client declares that it wishes to receive its Account Data directly at the Supplier.

    2. The Supplier shall send to the Client, an e-mail containing the link of the RAISP web site where the Client shall sign the End User License Agreement. The Client is aware that the supply of the NEOS Service shall begin after the execution of the End User License Agreement.

    3. The Client acknowledges that all rights, title and interest in the software, process and in the documentation related to the NEOS Service shall remain with the Supplier and that the Client has not through this Agreement acquired any right, title, interest, copyright, trade secret, trademarks, patent or other proprietary rights in such software, process and documentation or in any change and updates.

    4. The Supplier reserves the right to select the most suitable technical and organisational methods and procedures for the provision of the NEOS Service and carries out constant monitoring of the NEOS Service, reserving the right to accordingly modify or upgrade it as the case may be. The Supplier shall notify in writing the Client of any such changes with adequate notice.

    5. The Supplier makes no guarantees and shall have no liability or obligation whatsoever in relation to the content or use of, or correspondence with the RAISP or any transactions completed, and any agreement entered into by the Client with the RAISP.

    6. In processing the Bank Account Data, the Supplier will not be held liable for any inaccuracies or incompleteness of such Bank Account Data. In no circumstances, by accessing such Bank Account Data, the Supplier shall be the Data Controller of the personal data.

    7. The Client agrees to hold harmless the Supplier from any claims of third parties in relation to the access to the RAISP, including, without limitation, in case this Agreement terminates for any cause.

  53. The Supplier liabilities

    1. The Supplier accepts no responsibility in terms of accuracy, completeness, consistency or truthfulness of the Bank Account Data as well as for any other deliverable provided within the NEOS Service on the basis of such information. In particular, the Supplier shall have no responsibility for the decisions and/or evaluations made by the Client on the basis of the Output and other information provided through the NEOS Service, which shall be considered as mere indications supporting the Client.

    2. The Supplier undertakes to comply with any laws, rules and regulations which refer to the activities subject to this Agreement, it being understood that the Supplier, in the pursuit and constant maintenance of this compliance, may introduce legally necessary and appropriate variations to the structure of the Output supplied, notwithstanding any opposition or claims by the Client.

    3. The Client acknowledges that the NEOS Service cannot satisfy every need of the Client and it is the Client's responsibility to verify that the NEOS Service satisfies its own needs. The Supplier does not warrant that the NEOS Service will be uninterrupted or error free.

    4. The Supplier is not responsible for any delays, failures, or any other loss or damage resulting from the interruption of the communications networks, including the internet, and the Client acknowledges that the NEOS Service may be subject to limitations, suspension due to the problems inherent in the use of such communications networks where those are not under the Supplier's control.

    5. In case of any claims, disputes arising from other persons in connection with the processing by the Supplier of the Bank Account Data under this Agreement, the Client shall be responsible for such claims, disputes and is obliged to reimburse the Supplier with the amount of any costs and expenses incurred as a result of such claims, disputes provided that the Supplier processed the Bank Account Data in full compliance with all applicable laws and fully in line with Client's instructions.

    6. The Output is not a credit rating and has not been issued by a credit rating agency regulated by the European securities and market authority (ESMA) and should not be interpreted or relied upon as such.

  54. The Client's liabilities and obligations

    1. The Supplier shall not be liable for any use the Client may make of the Output and for the data and evaluations obtained through the NEOS Service should such use violate the rights of the Client, or any interested third party and/or conflict with the aims of this Agreement and Data Protection Law as well as any other applicable laws.

    2. The Client is authorized to use the NEOS Service to satisfy its internal business purposes only. The Client is not authorized to use the Output and or the NEOS Service to provide to any third party, including any Client affiliate, any form of service-bureau, time-sharing services or services of any other kind, either free of charge or for payment. It is understood that "internal business purposes" means that the NEOS Service can be used only to evaluate itself.

    3. The Client undertakes not to use, either directly or through third-party or affiliated companies, the information and/or documents of any type or by any means received from the Supplier within the NEOS Service, to independently develop or commission to third parties' systems or services similar to those provided under this Agreement, even if intended for internal use only.

    4. The Client shall maintain the confidentiality of any information originating from the NEOS Service and to put in place the appropriate measures and controls so that these confidentiality obligations are respected by its employees.

    5. In case the Client has appointed a technical processor to technically connect to the Application Processing Solution and/or to receive the e-mail containing the link of the RAISP web site, the Client will inform the Supplier about such appointment and will be liable for all the activities performed by such technical processor; the Client shall indemnify the Supplier for any damage causes by such technical processor to the Supplier.

  55. Warranties

    1. The Client warrants and represents to the Supplier, that:

      1. it has full capacity and authority and all necessary consents to enter into and to perform this Agreement and that the Agreement is executed by a duly authorised representative of the Client;

      2. it shall perform its responsibilities set out in this Agreement using reasonable skill and care;

      3. it shall comply with all Data Protection Law, all applicable laws and regulations;

      4. when required by the applicable law, it is authorised to make available the Bank Account Data to the Supplier;

      5. no part of the data and information provided, nor the provision of such data shall be in breach of any applicable law, regulation, standard or code of conduct (as varied from time to time) including, without limitation, any such law, regulation, standard or code of conduct relating to data protection;

      6. the usage of the NEOS Service and the processing of the Personal Data obtained through the NEOS Service are in compliance with the Data Protection Law;

      7. the data and information shall not infringe the Intellectual Property Rights of any third party, nor be obscene, libellous or defamatory of any third party.

    2. The Client further warrants and represents to the Supplier that the Bank Account Data, made available by the Client to the Supplier for further processing by the Supplier on the Client's behalf, have been collected legally and are not subject to any limitations under the applicable laws, including Bank Secrecy and Data Protection Law.

    3. Except as expressly set forth in this Agreement, the Supplier makes no warranties or representations either express or implied in relation to the whole or part of the NEOS Service, including but not limited to implied warranties or conditions of completeness, accuracy, satisfactory quality and fitness for a particular purpose and that all such conditions, warranties, terms and undertakings, express or implied, statutory or otherwise in respect of the provision or non-provision of the NEOS Service and any other services supplied hereunder are hereby expressly excluded.

  56. Liabilities

    1. No responsibility can be assumed from or attributed to the Supplier regarding how the Client uses the NEOS Service. No responsibility can be assumed from or attributed to the Supplier regarding the decisions made by the Client through the use of NEOS Service. No responsibility can be accepted for any loss, damage, expense, or any delay in providing updated information or for inconvenience suffered by the Client as a result of the Client use or interpretation of, or reliance upon, any Output (be it accurate or otherwise) provided by the Supplier.

    2. The Supplier will not assume any responsibility with respect to the correctness, thoroughness, congruity, completeness or truthfulness of the Output and consequently will not be liable to the Client and/or third parties for any direct, indirect or consequential loss (all three of which terms include, without limitation, loss of enjoyment, loss of profits, loss of business, depletion of goodwill and like loss), costs, damages, charges or expenses caused directly or indirectly as a result of any incorrect, inaccurate or inconclusive Output. Neither party excludes or limits its liability to the other party for fraud or fraudulent misrepresentation, death or personal injury caused by negligence, or any matter in respect of which it would be unlawful for the parties to exclude such liability.

    3. The Supplier has not carried out any due diligence and has not audited the Data and information furnished by Client and/or by the RAISP. Because of the possibility of human and mechanical error as well as other factors all information and data are provided "AS IS" without warranty of any kind, and the SUPPLIER, IN PARTICULAR, MAKES NO REPRESENTATION OR WARRANTY, EXPRESS OR IMPLIED, TO CLIENT OR ANY OTHER PERSON OR ENTITY AS TO THE ACCURACY, TIMELINESS, COMPLETENESS, MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OF THE OUTPUT.

  57. Indemnities

    1. The Client hereby indemnifies and holds harmless the Supplier against all losses, costs, damages, demands, liabilities, expenses and claims incurred by the Supplier (including without limitation, in relation to any third party claim and the Supplier's expenses in defending and/or settling such third party claim) to the extent that they result directly or indirectly from:

      1. a breach by the Client of its representation, warranties and obligations under this Agreement;

      2. any claims from the Client, or other third party, arising out of any reliance on the NEOS Service and the Output.

    2. In addition, the Client shall indemnify the Supplier and/or discharge the Supplier from any responsibility in the case of legal actions, criminal, civil and/or administrative proceedings, claims, damages, losses, expenses and costs caused to or faced by the Supplier as a result of the Client's breach of its representations, warranties and obligations under this Agreement.

  58. Data protection

    1. Where the Bank Account Data contains Personal Data, the Supplier becomes a Processor in respect of such Personal Data.

    2. The processing to be carried out by the Processor is as follows:

      1. the subject matter of the processing is the provision of the NEOS Service.

      2. the duration of the processing will be until the expiration of the NEOS contract.

      3. the nature of the processing is the electronic calculation of a Client's behavioural score based on the Bank Account Data received from the RAISP on behalf of the Client.

      4. the purpose of the NEOS Service is to provide the Client with the Output.

      5. the type of Personal Data to be processed includes:

        1. financial account details (such as, by way of example, account number, type, currency, balance); and

        2. transaction details (such as, by way of example, transaction amount, date, description, currency); and, if available;

        3. Client's data (such as name, surname –or company name- address, telephone); and possibly

        4. special data eventually referenced in the transaction description;

      6. the categories of data subjects is the Client and other data subjects identifiable from the transaction details.

    3. The Processor is authorised to generate anonymous data derived from or based on the Bank Account Data so that the results are no longer personally identifiable with respect to any individual and/or to generate synthetic data; the Supplier is authorized to utilize the anonymous/synthetic information for its own purposes.

  59. Intellectual Property

    1. The Supplier and/or its Subcontractors shall retain all the Intellectual Property Rights in the Application Processing Solution. The Client acknowledges it has and will have no ownership in the Application Processing Solution.

    2. The Output may not be copied or otherwise reproduced, repackaged, further transmitted, transferred, disseminated, distributed, redistributed, sold, resold, leased, rented, licensed, sublicensed, altered, modified, adapted, or stored for subsequent use for any such purpose, in whole or in part, in any form or manner or by any means whatsoever, by client or any other person or entity, without the Supplier prior written consent.

    3. The Client agrees and acknowledges that the Output is and shall remain the valuable intellectual property owned by, or licensed to, the Supplier that no proprietary rights are being transferred to the Client in such materials or in any of the information contained therein or in the Output. The Client agrees that misappropriation or misuse of such materials shall cause serious damage to the Supplier (and the Subcontractors) and that in such event damages may not constitute sufficient compensation to the Supplier; the Client agrees that in the event of any misappropriation or misuse, the Supplier shall have the right to obtain injunctive relief in addition to any other legal or financial remedies to which the Supplier may be entitled.

  60. Subcontractors

    1. The Subcontractors are: CRIF S.p.A. and Amazon Web Services (AWS)

    61. Technical and Organisational Security Measures:

    The Supplier has implemented the following technical and organisational measures as required by Article 32 of the GDPR to ensure a level of security appropriate to the risks that are presented by the processing:

    • Access is limited to authorised Data Controller staff who have individualised accounts.
    • All access and logins are over secure encrypted connections.
    • Access limited to relevant CRIF Vision-net staff only (subject to background checks and confidentiality obligations)
    • Data stored in an encrypted Virtual Private Cloud (at Amazon Web Services) with firewalled access and segregated network zones
    • Data encrypted in transit
    • Network traffic monitoring and logging
    • Intrusion Detection Systems

DORA ADDITIONAL TERMS

  1. Obligation to comply with DORA

    1. The Parties undertake to comply with all material DORA Regulation.

    2. The Parties undertake to regularly review the status of implementation of these measures and to ensure that the DORA requirements are complied with in line with evolving legal and regulatory requirements.

    3. Due to the nature of the Services, it is understood between the Parties that the Services shall not be subject to threat-led penetration testing ("TLPT"), as per art. 26, c. 2, DORA Regulation.

  2. Cooperation and Information Obligations

    1. The Parties undertake to cooperate closely in implementing the requirements of the DORA Regulation, in particular with regard to carrying out risk analyses, tests and emergency drills.

    2. Each Party shall inform the other Party immediately if it becomes aware of non-compliance or relevant deviations from the requirements specified in clause 1 of this clause.

    3. The Parties will regularly inform themselves about changes to the DORA Regulation and relevant regulatory requirements and integrate these into their respective processes.

  3. Location

    1. The Supplier will carry out the Service from its or Subcontractor's premises located within EU. The Supplier declares that the data - including Personal Data - provided by the Client for the execution of the Services, if any, will be processed and/or stored within EU. Notwithstanding the foregoing, the Supplier reserves the right to employ cloud providers and/or third-party providers of other services related to the cloud ("Cloud Providers"), which may carry out a transfer and/or process of personal data outside the EEA, pursuant to Chapter V of the GDPR.

    2. If the Supplier intends to change any of the above locations, the Supplier will notify the Client in advance of any of such planned change. Notwithstanding the foregoing, any amendment to the location of the processing of personal data by the Cloud Providers is intended as authorized in advance by the Client. By Client's request, the Cloud Providers' sub-processors list may be shared by the Supplier.

  4. Data Protection and data security

    1. The Supplier shall at all times ensure the availability, authenticity, integrity and confidentiality of all Client's data (including personal data).

    2. The Supplier undertakes (i) to comply with Data Protection Law especially with regard to the processing and storage of data and (ii) to monitor compliance with Data Protection Law on an ongoing basis.

    3. For this purpose, the Supplier shall use appropriate technical and organisational measures, in compliance with the Agreement, applicable laws and information security policies previously agreed between the Parties (if any).

    4. The terms "availability, authenticity and integrity" shall refer to the state/condition of the Client's data as they have been received and/or acquired by the Supplier and, therefore, they should be interpreted as the Supplier's right to require their restitution without any loss, alteration and/or manipulation.

  5. Ensuring Access to personal and no-personal data

    1. In the event of termination of the Agreement for any reason, including cases of termination due to insolvency, resolution or discontinuation of the business operations of the Supplier, according to the applicable laws, the Client shall have the right to the restitution of all Client's data, including Personal Data, provided by such Client for the execution of the Services, if any. In such cases, the Supplier shall at all times ensure the recoverability of all Client's data, and upon Client's request, return, within reasonable time, to the Client all Client's data, assets and other property and material entrusted to the Supplier in connection with the Agreement in an agreed easily accessible format.

    2. Clause 5.1 is not applicable with regard to the personal data processed by the Supplier as Controller, pursuant to art. 4, n. 7 of GDPR.

  6. Description of the quality of the Services

    1. If applicable to the Services, the Supplier continuously monitors the proper execution of the agreed Services and manages the risks associated with any outsourcing.

    2. Upon request, the Supplier shall support the Client to a reasonable extent in fulfilling its obligations under DORA Regulation. The Client will share its experience and knowledge with the Supplier in order to achieve and maintain an appropriate level of digital operational resilience.

  7. Security Incident

    1. The Supplier will cooperate in good faith with the Client whenever the Services are subject to a Security Incident.

    2. The Supplier shall make its best efforts to identify the cause of a Security Incident and take all such steps as necessary to remediate the cause of a Security Incident, to the extent such Security Incident is attributable solely to the Supplier and within its control. The Supplier shall provide such assistance at no additional cost to the Client.

    3. If a Security Incident is not attributable to the Supplier the Supplier shall, at Client's request, provide such assistance on time and material basis, subject to payment of additional fees to be agreed between the Parties.

    4. With specific regard to any Security Incident which represents, or may represent, a data breach, pursuant to articles 33-34 of GDPR, clause 5.17, point (7) of the Agreement shall apply.

  8. Obligation to cooperate

    1. Upon written request, the Supplier will cooperate in good faith with the Client and the Supervisory Authority in relation to legal or regulatory requirements applicable to the Services. The obligations of collaboration provided for in this section shall in no way entail additional costs for the Supplier and/or jeopardise its activities.

  9. Termination rights and minimum notice period

    1. In the event the Supervisory Authority instructs the Client to terminate the Agreement in whole or in part ("Termination Instruction"), the Client may, according to the Supervisory Authority instructions, terminate the Agreement, clause 8.3, letter (a) of the Agreement shall apply, unless the Supervisory Authority expressly requires a different term. Prior to any termination in accordance with this clause, the Parties will use reasonable efforts to attempt to resolve the grounds for termination specified in the Termination Instruction; in such case, the effects of the termination shall remain suspended until the Supervisory Authority has confirmed the Termination Instruction. Otherwise, in the event that the authority withdraws the Termination Instruction, the Agreement shall remain effective.

    2. The Agreement may be terminated by the Client upon written notice in writing to the Supplier if the Supplier commits any material breach of any term of the Agreement, including the following cases:

      1. significant breach of applicable laws and regulations;

      2. circumstances identified throughout the monitoring of IT security risk related to the Supplier that are actually capable of altering the performance of the Services provided by the Supplier under the Agreement, including material changes that affect the Supplier's capacity to execute its obligations in accordance to the Agreement;

      3. Supplier's breach of its obligations related to IT security risk management under the Agreement, in particular those concerning the availability, authenticity, integrity and confidentiality of data, whether personal or otherwise sensitive data, or non-personal data, as defined above in clause 4.4;

      4. where the Supervisory Authority can no longer effectively supervise the Client as a result of the Supplier's breach of its obligations under the Agreement.

    3. The termination shall have effect solely in case the Supplier has failed to remedy the breach within 30 (thirty) calendar days from the receipt of a written request from the Client to do so (such request to contain a warning of the Supplier's intention to terminate and evidence of the relevant ground for termination as per the cases listed above).

  10. Participation to programs to raise awareness of ICT security

    1. If requested by the Client, the Supplier agrees that its employees, involved in the provision of the Services, may participate in the Client's security awareness and digital operational resilience training programs, subject to agreement between the parties on scope/object of training and the relevant time-plan, it being understood that: (i) the qualification, role, identity and number of employees to be involved will be defined by the Supplier; (ii) the Client shall guarantee the possibility to participate in the training sessions also remotely; (iii) the training activities shall be concentrated in maximum 1 session per year and shall be carried out during office hours, so as not to disturb the normal functioning of Supplier's activities; (v) the costs for such training activities, including possible travel expenses, must be borne by the Client.

    2. The Parties agree that the Supplier shall not be obliged to participate in the abovementioned Client's training sessions, if the Supplier provides the Client with: (i) a third party's certification that covers the same topics (including a certification released by other financial entities); and/or (ii) a list of mandatory training sessions on the same topics organized internally by the Supplier itself for its employees.

  11. SLA

    1. The Services will be provided in accordance with the following service level agreement ("SLA"): The DigitalHub Platform and/or Vision-net.ie are monitored by the Supplier internal team of specialists and at least one independent third party monitoring application. The uptime SLA per calendar month is 99.5%. If the Client utilises the Supplier API, then the response time for 95% of the Client monthly requests will be under 4.6 seconds. Scheduled maintenance is performed between 01:30 and 03:30 UTC on Sunday mornings, but downtime is limited to 60 minutes per quarter.

    2. The Supplier shall without undue delay notify the Client of any event that has a material impact on the Supplier's ability to effectively provide the Service in line with agreed SLA.

  12. Audit

    1. The Client reserves the right to conduct audit activities, including on-site at Supplier's premises, at its own expense, in order to verify compliance with contractual security and confidentiality obligations, agreed service levels, and any other appropriate aspect to determine the proper performance of the Services under this Agreement (hereafter "Audits"), in accordance with the following:

      1. The Audits may be carried out by the Client only once over a 12-month period to be communicated to the Supplier 20 working days in advance. The Audits can be carried out directly or indirectly, or through the acquisition of certifications and/or third-party reports if they are already held by the Supplier or the results of the Supplier Audits, made available to the Client. In any case, the involvement of third parties engaged in activities competing with the Supplier is excluded. It is also understood that any employees, consultants, auditors, or third parties that perform Audits on behalf of the Client shall be informed of the existence and content of this clause and shall be required to enter into appropriate written confidentiality agreements with the Client. The Client shall be fully responsible with regard to the Supplier for the Audits conducted directly or indirectly on behalf of the Client and shall indemnify the Supplier from any damage or harm resulting therefrom.

      2. the subject of the Audits and the areas to be audited must be clearly specified by the Client in writing within the 20-day period referred to in clause 12.1, it being understood that, where the Client uses several Services, it will carry out a single Audit for all Services. The Audits may, in any case, be carried out electronically or on-site, according to the Client's needs, in compliance with the provisions of this clause;

      3. In the case of on-site Audits, the Client shall comply with the safety and security regulations in force at the Supplier premises. The Audits shall be carried out during office hours, in accordance with the schedule agreed between the Parties, so as not to disturb the normal functioning of Supplier's activities, as well as in compliance with Supplier's intellectual and industrial property rights and Data Protection Law;

      4. at the request of the Client, the Supplier will make a summary of the results of its internalsuppliers audits available, it being understood that it will not be required to share detailed operational results;

      5. during the Audits, the Client, as well as its employees, agents, consultants and/or partners, shall have the right to access and view the documentation and contents relating to the Service, to the extent strictly necessary for the performance of the Audits, in full compliance with the Supplier policies aimed at ensuring the confidentiality, integrity, and availability of the Supplier personal or confidential data and/or the data of its other clients.

  13. Exit Strategies

    1. Upon termination of the Agreement, unless the termination is due to Client's breach of the Agreement, the Supplier, if requested by the Client, will continue to provide the Service for maximum period of 12 months (the "Transition Period") in order to support the Client to (i) reduce the risk of disruption of the Service or (ii) allow the Client to migrate to another third-party service provider or change to in-house solutions. During this Transition Period, the Supplier will continue to provide the Service under the same conditions of the Agreement, including the payment of the fees. The Transition Period can be reduced by mutual agreement of the Parties. Any Client's request for a Transition Period shall be made at the latest 30 days before the date of termination of the Agreement. The Parties will agree upon an additional agreement to govern any potential additional services requested by Client during this Transition Period, subject to payment of applicable fees.

    2. For the Transition Period's purposes, the Supplier shall not be required to transfer to the Client and/or any third party provider engaged by the Client - and the Client shall refrain to transfer to such third party - Supplier's confidential information, technical standards, specifications, procedures, know how or similar right (including any rights in any invention, patent, methodology, software, discovery or improvement), as well as any information on Supplier's utility models, copyrights, designs, databases, software, trade secrets and all other intellectual property rights of whatsoever nature.


Copyright

All content included on this site is the property of CRIF VisionNet Limited or its suppliers and is protected by Copyright law.