Onfido Services Agreement (OSA)

Last updated: 16 Apr 2024

PLEASE READ THESE TERMS CAREFULLY ALONGSIDE THE APPLICABLE ENTITY SPECIFIC TERMS (LINKED IN THE ORDER FORM) AND THE ORDER FORM.

AGREED TERMS

Unless an Order Form specifically states otherwise, this Onfido Services Agreement (this “OSA”) applies to each fully executed Order Form. The Order Form, together with this OSA and its Schedules, and the Entity Specific Terms relevant to the Onfido contracting entity, collectively establish the “Agreement” between Onfido and the legal entity or individual listed in the applicable Order Form (“Client”). The order of precedence in the event of inconsistency or conflict between any terms is (i) Order Form (ii) Entity Specific Terms (iii) OSA Schedules and (iv) OSA.

1. DEFINITIONS AND INTERPRETATIONS

1.1 In this Agreement, unless the context otherwise requires, the following definitions will apply:

Accurate Volume Projections means for each individual Service purchased: (i) quarterly volume forecasts six weeks in advance to a degree of accuracy within 10% of the actual monthly volumes; and (ii) notice at least seven days in advance of any major volume spikes, i.e. where the number of checks in a given hour exceeds three standard deviations from the average number of hourly checks in a given month.

Baseline Tolerance means within 25% of the baseline volume commitment notified by the Client to Onfido as at the Effective Date, apportioned pro rata monthly over the Term.

Brand Features means the trade names, trademarks, logos and other distinctive brand features of the applicable party.

Charges means the charges for the Services set out in the Order Form.

Client means the Onfido client signing an Order Form as more particularly detailed in the Order Form. 

Client Data means information supplied by a User or the Client in connection with this Agreement (including Personal Data, and metadata), but excludes Feedback.

Confidential Information means information disclosed by (or on behalf of) one party to the other party in connection with or in anticipation of this Agreement or any Order Form (including the content of this Agreement and all Order Forms) that is marked as confidential or, from its nature, content or the circumstances in which it is disclosed, might reasonably be supposed to be confidential. It does not include information that the recipient already knew, that becomes public through no fault of the recipient, that was independently developed by the recipient or that was lawfully given to the recipient by a third party.

Content means any information, text, graphics, or other materials uploaded, downloaded or appearing as part of the Services.

Denial of Service (“DoS”) means an attack on computer systems, networks, devices, services or other IT resource causing disruption to the targeted resource and preventing legitimate users from partial or full access to that resource.

Document means the supported documents listed on the Onfido website, or such other (Service specific) list of documents as is otherwise notified to the Client from time to time, as is subject to change and update from time to time. Where new documents are added to the Documents, they may be subject to an initial service level grace period of ninety days.

Effective Date means the date on which this Agreement takes effect, as set out in the Order Form.

Entity Specific Terms means the terms linked in the Order Form set out on the Onfido website, as relevant to the specific Onfido contracting entity.

Export Control and Sanctions Laws means any applicable export control, trade or financial sanctions laws, regulations, orders, directives, licences and requirements of any governmental or other relevant authority with jurisdiction over activities undertaken in connection with this Agreement including but not limited to the United Kingdom, European Union, United Nations, and United States (each such authority being a “Sanctions Authority”).

External Data Providers means any third party, institution, organisation, corporate entity or government agency responsible for the provision of data or information in relation to the Services.

FCRA means the Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq.

Feedback means any feedback or suggestions provided by the Client under this Agreement in relation to the Services.

Go Live Date means the date set out in the Order Form as the Go Live Date.

GST means value added tax chargeable under Singapore law for the time being and any similar additional tax.

HST means harmonised sales tax, which is a combination of federal and provincial taxes on goods and services in five Canadian provinces.

IGST means the integrated goods and services tax chargeable under Indian law and any similar additional tax.

Information Security Policy has the meaning attributed to it in Clause 10.3.1.

Intellectual Property Rights means all patents, rights to inventions, utility models, copyright and related rights, trademarks, service marks, trade, business and domain names, rights in trade dress or get-up, rights in goodwill or to sue for passing off, unfair competition rights, rights in designs, rights in computer software, database rights, topography rights, moral rights, rights in Confidential Information (including Know-How and trade secrets) and any other intellectual property rights, in each case whether registered or unregistered and including all applications for and renewals or extensions of such rights, and all similar or equivalent rights or forms of protection in any part of the world.

Know-How means unpatented technical information (including information relating to inventions, discoveries, concepts, methodologies, models, research, development, and testing procedures; the results of experiments, tests, and trials; processes, techniques, and specifications; quality control data, analyses, reports, and submissions) that is not in the public domain. 

Notice has the meaning attributed to it in Clause 11.6. 

Order Form means each fully executed Onfido order form that incorporates this OSA, its Schedules, and the Entity Specific Terms and its Schedules, and describes the Services to be provided by Onfido from time to time as agreed between the parties.

Permitted Purpose means legitimate, professional, informational, internal business operations purposes and not in any event for the reselling or otherwise making the Services available to any third parties.

Personal Data has the meaning attributed to it in Clause 10.1.

Privacy Laws means any applicable rules, laws, regulations, directives and governmental requirements currently in effect and as they become effective relating to privacy or data protection.

Processing has the meaning attributed to it in Clause 10.1.

PST means provincial sales tax, which is a province specific tax that is collected separately from the GST. In Manitoba, the PST is known as Retail Sales Tax (RST); and Quebec charges Quebec Sales Tax (QST).

RBI means the Reserve Bank of India, India’s central bank established under the Reserve Bank of India Act, 1934.

Record of Processing means the records of Onfido Processing and list of third party service providers detailed in the link provided in the Order Form, or as otherwise notified to Client from time to time.

Reports means a summary at a User level containing one or more of the checks outlined in the Order Form.

Restricted Territory means a country or territory that is subject to any general financial or trade restrictions or embargoes under Export Control and Sanctions Laws, which currently comprise: Cuba, Iran, North Korea, Syria, and the occupied regions of Ukraine.

Sanctioned Person means: (i) a person who is named on a restricted party list administered by a Sanctions Authority; (ii) a person ordinarily resident in or incorporated under the laws of a Restricted Territory; (iii) the government of a Restricted Territory; or (iv) an entity owned or controlled by, or acting on behalf of, one or more persons described in (i), (ii), or (iii) above.

Sandbox Environment means a test environment for Clients to simulate API requests and to test their integration with the Software.

Security Breach has the meaning attributed to it in Clause 10.5.

Services means the services and/or products offered by Onfido from time to time under this Agreement and as more particularly detailed in the applicable Order Form (including, as the case may be, the Reports, Content, Software, Site, and API).

Site means www.dev.onfido.xyz and its subdomains.

SLA means the Onfido service levels for the Services as set out in the Order Form.

Software means any software provided by Onfido, including the software development kit (or “SDK”)  and any Maintenance Release which is being made available to the Client as part of the Services.

Taxes or Tax means all applicable sales or consumption taxes on the Services (or goods) provided hereunder (including sales tax, use tax, excise tax, services tax, TVA, VAT, GST, PST and HST) imposed by any governmental authority having jurisdiction on all items, goods and/or Services being paid for by the Client hereunder.

Third Party Service Provider means any third party service provider appointed by Onfido to Process Personal Data on behalf of the Client for the purpose of providing the Services.

TVA means value added tax chargeable under French law for the time being and any similar additional tax. 

User means any person whose identity is being verified by the Client using the Services.

VAT means value added tax chargeable under German, Dutch or English law for the time being and any similar additional tax.

1.1   Where the words include(s), including or in particular are used in this Agreement or any Order Form, they are deemed to have the words without limitation following them.

1.2.  References to clauses are to the clauses of the Onfido Services Agreement.

1.3.  A reference to a party includes its successors and permitted assigns.

2. TERM

This Agreement will commence on the Effective Date and will continue in effect for the duration from the Go Live Date as set forth in the Order Form (the “Initial Term”), unless terminated sooner in accordance with this Agreement. If the Initial Term of this Agreement is not specified in the Order Form, then the Initial Term for this Agreement will be for twelve (12) months from the date of the last signature of the Order Form. After the Initial Term, this Agreement will automatically renew for successive twelve (12) month periods (each, a “Renewal Term”), unless written termination notice is provided by either party at least thirty (30) days prior to the expiration of the then-current term (such Notice to be effective at the end of the Initial Term or the then current Renewal Term). The Initial Term and the Renewal Terms (if any) are collectively referred to as the “Term”. 

3. COST INCREASE

Where: (i) any External Data Provider increases an existing charge and/or changes the basis on which it provides information, or confirmation of qualifications or membership; and (ii) the cost of Onfido providing a background check under this Agreement increases as a direct result (each a “Cost Increase”), Onfido may increase the agreed Charges set out in the Order Form by the Cost Increase provided that Onfido will use reasonable endeavours to notify Client of the Cost Increase prior to implementing the Cost Increase. Notwithstanding the foregoing, Client is responsible for all Cost Increases provided that these are properly incurred by Onfido.   In the event that the Client does not wish to incur to the cost increase that may arise under this provision, it will be permitted to terminate the Agreement in accordance with its terms.

4. PARTIES’ OBLIGATIONS

4.1   Onfido will, during the Term, provide the Services with reasonable skill and care and in accordance with the SLA.

4.2   The parties will provide each other with: (a) all necessary co-operation in relation to this Agreement; and (b) access to such information as may be required in order to render and receive the Services, as set out in this agreement.

4.3   Unless agreed otherwise in an Order Form, the Client: (a) may download, view, copy and print Content and use the Services for the Permitted Purpose only; (b) agrees that the Reports, Services, the Site and Content may not be sold, transferred, sublicensed, commercially exploited or otherwise made available to, or used for the benefit of, any third party other than the Client; (c) will not make the Services available or otherwise use the Services in any jurisdiction such that Onfido's provision of the Services would require Onfido to physically store data (of any kind) in that jurisdiction, without first obtaining Onfido’s prior written consent; (d) will not make the Services available or otherwise use the Services in any jurisdiction where the Services are not permitted by applicable law; and(e) agrees to provide Users with human intervention in respect of any disputed Reports or with alternative methods to dispute Reports and any other information resulting from the use of the Services.

4.4   The Client will comply with all applicable laws and regulations (including any obligation to seek prior regulatory review, approval, or similar) with respect to its use of the Services and will not: (a) use the Services to discriminate against the User or in a manner that causes damage or injury to any person or property; (b) use the Services in a manner that could be reasonably expected to bring Onfido into disrepute or otherwise harm its reputation; (c) act or omit to act in a way which interferes with or compromises the integrity or security of the Services; (d) access all or any part of the Services in order to build a product or service which competes with the Services; (e) amend or remove Onfido Brand Features or “powered by Onfido” language from the Services, Site, or Software; (f) make use of the Onfido API without prominently displaying “powered by Onfido” language in a place that is clearly visible to Users; (g) except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties: (i) attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Services (as applicable) in any form or media or by any means to any individual or entity, including without limitation, Users; or (ii) attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Services; or (h) attempt to access the Services other than through the means made available to the Client by Onfido. Any breach of this clause will be deemed to be a material breach.

4.5   Onfido will only process the Personal Data to the extent, and in such a manner, as is necessary to provide the Services and otherwise in accordance with this Agreement in order to (a) detect and prevent fraud,  (b) develop and improve Onfido’s services including machine-learning technologies; (c) pseudonymise, aggregate and, where feasible, anonymise the Personal Data to compile statistics, benchmarking and analytics regarding the Services; (d) as necessary to comply with applicable law or regulation; and/or (e) exercise legal rights or defend legal claims.

4.6   The Client will only provide Personal Data to Onfido that is complete and in a form that Onfido can Process, and Client agrees that if any Personal Data is not provided as such, any resulting impact on the quality of the Services shall not cause Onfido to be in breach of this Agreement or any SLA.

4.7   The Client is responsible for maintaining the confidentiality of any password(s) or other security measures used to access the Services, and is fully responsible for all activities that occur under such password(s) or other security measures. The Client will notify Onfido immediately of any suspected or confirmed unauthorised access to or use of the Services.  If Onfido reasonably believes that there has been unauthorised access to or use of the Services, or is notified of such by the Client pursuant to this clause, Onfido reserves the right to immediately withdraw or suspend access to the Services and to alter the Client’s password(s), provided that Onfido restores access to the Services and/or provides new Client password(s) (as applicable) as soon as reasonably possible.

4.8   The Client acknowledges and agrees that the veracity of any information transmitted through the Site and in relation to the Services is the sole responsibility of the originator from which the content originated (for example, data suppliers) and Onfido will not be liable for omissions in content or errors or false statements, including in respect of data provided by third parties. The Services are not intended to be used as the sole basis for any business decision (including where those business decisions concern a User). The Client agrees and acknowledges that Onfido does not monitor or police information submitted by or on behalf of the Client through its Services and has no liability for any inaccuracy, incompleteness or other error in the Services (including the Site, the Reports and the Content) which arises as a result of data provided by the Client or any third party.

4.9   The Client will indemnify, defend, and hold harmless Onfido and its respective officers, shareholders, directors, and personnel, (and keep such individuals indemnified on a full indemnity basis), from and against any third party claims, suits, hearings, actions, damages, liabilities, fines, penalties, costs, losses, judgments or expenses (including reasonable attorneys' fees) arising out of or relating to the Client’s use of the Services (collectively, “Claims”), provided and to the extent that such Claims are not due to any breach of this Agreement by Onfido.

5. CHARGES AND PAYMENT

5.1   In consideration of the provision of the Services, the Client will pay the charges set out in the applicable Order Form in the manner set out in this Agreement and/or the applicable Order Form.

5.2   All charges quoted to the Client will be exclusive of Taxes which (where applicable) Onfido will add to its invoices at the appropriate rate.  All payments due to Onfido will be in the currency set out in the Order Form.

6. PERMITTED USE AND PROPRIETARY RIGHTS

6.1   Without prejudice to clause 6.2, Onfido and its licensors own  all Intellectual Property Rights and all other rights in the Services,  Feedback, Onboarding Packages (if applicable) and/ or Beta Features and all improvements, modifications and derivative works thereof. Onfido licenses all such rights to the Client free of charge during the Term on a non-exclusive, non-transferable, royalty-free worldwide basis to such extent as is necessary to enable the Client to make use of the Services in accordance with this Agreement and the Order Form. The Client will leave in place (and not alter or obscure) all proprietary notices and licences contained in the Services. All rights in and to Intellectual Property Rights owned or controlled by Onfido not expressly granted herein are reserved. 

6.2   As between Onfido and the Client, all Intellectual Property Rights in and to Client Data will be owned by the Client.  The Client owns or has otherwise obtained all necessary rights, title and interest in and to the Client Data and grants to Onfido, its affiliates, and third party service providers a licence to copy, modify, repackage, distribute, resell, share, deliver, transfer or otherwise make available, and to create or develop derivative works from, Client Data for the purposes set out in Clause 4.5.

6.3   Any new Intellectual Property Rights which are created as a result of, or in connection with, this Agreement (“New IPR”), shall be owned by Onfido. To the extent not owned solely by Onfido, Client hereby assigns, including by present assignment of future rights, all right, title and interest in and to all Intellectual Property Rights in the New IPR to Onfido and agrees to execute such deeds or documents and do such act and things as Onfido may deem necessary or desirable to give effect to that assignment. To the extent that the foregoing assignment cannot as a matter of law be assigned, the Client hereby grants to Onfido a nonexclusive, perpetual, irrevocable, royalty free, worldwide licence to make use of New IPR and otherwise exploit without restriction.

6.4   The Client will allow Onfido to reference and/or include the Client in any advertising or promotional material, including:

       i.   using the Client's Brand Features in advertising or promotional materials, including on the Onfido Website, social media sites, external marketing powerpoints and presentations, and sales materials at conferences;

       ii.   working with Onfido on finalising a case study within 90 days following the Client's first use of the Services; and

       iii.   naming the Client in a press release, such press release to be jointly worked on with the Client within 90 days of the Effective Date and to be subject to Client’s final approval.

7. TERMINATION AND EXIT

The termination rights of the parties are set out in the Entity Specific Terms.

8. LIMITATION OF LIABILITY

8.1   SUBJECT TO THE PROVISIONS OF CLAUSE 8.2, THIS CLAUSE 8 SETS OUT THE ENTIRE FINANCIAL LIABILITY OF EITHER PARTY (INCLUDING ANY LIABILITY FOR THE ACTS OR OMISSIONS OF EITHER PARTY’S EMPLOYEES, AGENTS AND SUB-CONTRACTOR) IN RESPECT OF: (A) ANY BREACH OF THIS AGREEMENT OR ANY ORDER FORM; AND (B) ANY USE MADE BY THE CLIENT OF THE SERVICES (INCLUDING THE REPORTS, THE CONTENT AND THE SITE) OR ANY PART OF THEM; AND (C) ANY REPRESENTATION, STATEMENT OR TORTIOUS ACT OR OMISSION (INCLUDING NEGLIGENCE) OR BREACH OF STATUTORY DUTY ARISING UNDER OR IN CONNECTION WITH THE AGREEMENT AND ANY ORDER FORM.

8.2   NOTHING IN THIS AGREEMENT OR IN ANY ORDER FORMS LIMITS OR EXCLUDES EITHER PARTY'S LIABILITY: (A) FOR DEATH OR PERSONAL INJURY; OR (B) FOR FRAUD OR FRAUDULENT MISREPRESENTATION; OR (C) FOR WILFUL MISCONDUCT; (D) PAYMENT OF SUMS PROPERLY DUE AND OWING TO THE OTHER IN THE COURSE OF NORMAL PERFORMANCE OF THIS AGREEMENT AND ALL ORDER FORMS; OR (E) ANYTHING NOT PERMITTED TO BE LIMITED BY APPLICABLE LAW..

8.3   SUBJECT TO CLAUSES 8.1 AND 8.2, NEITHER PARTY WILL BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT OR ANY ORDER FORM (WHETHER IN CONTRACT, TORT OR OTHERWISE) FOR ANY: (A) LOSS OF PROFIT; (B) LOSS OF ANTICIPATED SAVINGS; (C) LOSS OF BUSINESS OPPORTUNITY; (D) LOSS OF OR CORRUPTION OF DATA; (E) LOSS OF REPUTATION OR GOODWILL; OR (F) SPECIAL, INDIRECT OR CONSEQUENTIAL LOSSES; SUFFERED OR INCURRED BY THE OTHER PARTY (WHETHER OR NOT SUCH LOSSES WERE WITHIN THE CONTEMPLATION OF THE PARTIES AT THE DATE OF THIS AGREEMENT AND/OR THE APPLICABLE ORDER FORM). ONFIDO WILL NOT BE LIABLE FOR LOSS SUFFERED BY THE CLIENT TO THE EXTENT ONFIDO CANNOT INDEPENDENTLY SUBSTANTIATE A CLAIM DUE TO THE FACT THAT THE CLIENT HAS INSTRUCTED ONFIDO TO DELETE THE UNDERLYING PERSONAL DATA.

8.4   EITHER PARTY'S TOTAL AGGREGATE LIABILITY IN CONTRACT, TORT (INCLUDING NEGLIGENCE OR BREACH OF STATUTORY DUTY), MISREPRESENTATION, RESTITUTION OR OTHERWISE ARISING IN CONNECTION WITH THE PERFORMANCE OR CONTEMPLATED PERFORMANCE OF THIS AGREEMENT AND ALL APPLICABLE ORDER FORM WILL BE LIMITED TO 125% OF THE TOTAL AMOUNT PAID AND PAYABLE BY THE CLIENT UNDER THE APPLICABLE ORDER FORM FOR THE 12 MONTHS PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE FIRST CLAIM. 

8.5   SUBJECT TO CLAUSE 8.2, THE CLIENT ASSUMES SOLE RESPONSIBILITY FOR WORKFLOWS AND CONCLUSIONS DRAWN FROM USE OF THE SERVICES (INCLUDING THE REPORTS, THE CONTENT AND THE SITE).

8.6    In the event that the Client elects to access Onfido's services through a third party interface, integration or similar ("Third Party Integration"), such Third Party Integration will be outside the scope of this Agreement, and shall remain the sole responsibility of the Client. The Client will contract directly with such third party, and Onfido will (i) have no liability in respect of such third party, or Third Party Integration; and (ii) not be in breach of this Agreement to the extent such breach is caused by the Third Party Integration.

9. CONFIDENTIALITY

9.1   The recipient of any Confidential Information will not disclose that Confidential Information, except to (i) employees, affiliates and/or professional advisors who need to know it and who have agreed in writing (or in the case of professional advisors are otherwise bound) to keep such information confidential and (ii) third party service providers where and only to the extent required to fulfil the purpose of the Agreement. The recipient will ensure that those people and entities: (a) use such Confidential Information only to exercise rights and fulfil obligations under this Agreement and the applicable Order Form; and (b) keep such Confidential Information confidential. 

9.2   The recipient may also disclose Confidential Information: (i) when required by law or (ii) where reasonably required in connection with a defence of a legal claim (including any pre-action protocols (for example in response to a letter before claim) and/or settlement discussions).  Before the recipient discloses any Confidential Information pursuant to this clause 9.2 it shall, to the extent permitted by applicable law, give reasonable Notice to the discloser, such Notice to be sufficient to give the discloser the opportunity to seek confidential treatment, a protective order or similar remedies or relief prior to disclosure.

10. DATA PROTECTION

10.1    PERSONAL DATA. The Client will provide or make available to Onfido or assist Onfido with the collection of information relating to Users (such information provided under this Agreement is “Personal Data”). Such information includes but is not limited to the information described on the Order Form.  Client consents to Onfido’s collection, storage, use, disclosure, international transfer, and destruction of Personal Data (collectively, )“Process”Processing”) to provide the Services and otherwise in accordance with the Agreement. The Client represents and warrants that it has taken all required steps to ensure that Onfido may lawfully Process the Personal Data for the purpose of providing the Services and the performance of this Agreement in accordance with Privacy Laws (including by having obtained all necessary consents and provided all necessary notices, where required).

10.2 ONFIDO RESPONSIBILITIES. Onfido will:

10.2.1  Process Personal Data only for the purpose of providing the Services and otherwise in accordance with this Agreement and in accordance with the Client’s additional written instructions, including via email and the configurations in the Client’s Onfido Dashboard, or where otherwise required by applicable laws;

10.2.2   inform the Client if, in its opinion, an instruction from the Client infringes any Privacy Laws;

10.2.3  when Processing Personal Data for the purpose of providing the Services, not disclose or otherwise make available any Personal Data to any Third Party Service Provider without first (i) imposing contractual obligations on the Third Party Service Provider that are substantially similar to those imposed on Onfido under this Agreement related to the Processing of Personal Data for the purpose of providing the Services; and (ii) including the Third Party Service Provider in Onfido’s Record of Processing before sharing any Personal Data with that Third Party Service Provider. Onfido shall make the Record of Processing available to Client, and if Client objects to any third party service provider, Client may terminate this Agreement in accordance with the Entity Specific Terms. Onfido agrees to remain liable to the Client for the aforementioned Third Party Service Provider’s Processing of Personal Data;

10.2.4   cooperate and assist the Client in responding to any User’s request to exercise their rights of access, rectification, erasure, restriction of Processing, data portability, objection to Processing, or any other rights available to the User under Privacy Laws (collectively "Data Subject Rights"), and Client agrees that Onfido may disclose Client's name and contact information to any User seeking to exercise their Data Subject Rights so User may directly exercise their Data Subject Rights with the Client;

10.2.5   enable the Client to amend, correct, or delete (unless storage of any Personal Data is required for the purposes specified in Clause 4.5) Personal Data within the Services;

10.2.6   where requested by the Client and required under Privacy Laws, provide such assistance as the Client reasonably requires (taking into account the nature of the Processing and the information available to Onfido) for the Client to (i) conduct data protection impact assessments; and (ii) consult with data protection supervisory authorities;

10.2.7   take measures designed to ensure the reliability of all personnel who Process Personal Data by (i) performing background checks upon such personnel (where permissible under applicable law); (ii) assigning specific and necessity-based access privileges to such personnel; (iii) ensuring that such personnel have undergone training in data protection and privacy; and (iv) ensuring that such personnel are bound by obligations of confidentiality;

10.2.8   provide other reasonably necessary assistance for the Client to meet its compliance obligations under Privacy Laws with respect to the Services.

10.3 SECURITY SAFEGUARDS 

10.3.1   Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons and in accordance with a comprehensive information security policy (“Information Security Policy”), Onfido will establish, maintain and comply with administrative, physical, technical and organisational safeguards designed to ensure the security and confidentiality of Personal Data and to prevent the unauthorised disclosure of, or access to, Personal Data.

10.3.2   Onfido’s Information Security Policy will: (i) implement back-up and disaster recovery systems; (ii) continuously assess risks to the security of Personal Data by (1) assessing the likelihood and potential damage of such risks, taking into account the sensitivity and risk of the Personal Data, (2) identifying internal and external threats that could result in a Security Breach, and (3) conducting penetration testing; and (iii) take appropriate steps to protect against such risks.

10.4 AUDITS

10.4.1   Onfido will keep at its normal place of business detailed, accurate and up-to-date records relating to the Processing of Personal Data by Onfido.

10.4.2   Upon sixty (60) days written Notice, once per contract year Onfido will make available to the Client such access to its books and records as is reasonably necessary for audit purposes to demonstrate Onfido’s compliance with its obligations under Privacy Laws and this Agreement. Any audit requests in excess of those set out in this Clause 10.4.2 will be at Onfido's discretion, and at the Client's sole cost (with the exception of in the event that the audit reveals a breach of Privacy Laws). All audits are subject to confidentiality obligations.

10.4.3   Onfido shall promptly resolve all data protection and security issues discovered by the Client and reported to Onfido that reveal a breach or potential breach by Onfido of any of its obligations under this Agreement or Privacy Laws.

10.5 SECURITY BREACH.     In the event Onfido confirms any breach of security involving its facilities, networks or systems and any unauthorised disclosure of, or access to, Personal Data (each, a "Security Breach"), Onfido will (i) without undue delay notify the Client of the Security Breach; and (ii) provide all reasonable help for the Client to investigate and remedy the Security Breach.

10.6 DESTRUCTION OF PERSONAL DATA. 

  1. Subject to 10.6(b), on the earlier of (i) written instructions from Client, which shall include changes to Client’s configuration within the Services, (ii) Onfido’s maximum data retention period, or (iii) a reasonable period of time after the termination or expiration of this Agreement, Onfido will cease processing and delete Personal Data processed for the provision of the Services (unless storage of any Personal Data is required for purposes specified in Clause 4.5)   
  2. All other Personal Data processed by Onfido (including Personal Data processed for backup and logging purposes) or on behalf of Onfido (including Personal Data processed by third parties) is deleted in accordance with Onfido’s Record of Processing.

10.7 INDEMNITY.   Onfido will indemnify, defend, and hold harmless the Client and its respective officers, shareholders, directors, and personnel, (and keep such individuals indemnified on a full indemnity basis), from and against any claims, suits, hearings, actions, damages, liabilities, fines, penalties, costs, losses, judgments or expenses (including reasonable attorneys' fees) arising out of Onfido’s breach of Clause 10.5.

11. GENERAL

11.1   If any provision of this Agreement or Order Form (or part of any provision) is found by any court or other authority of competent jurisdiction to be invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed not to form part of the Agreement or Order Form as applicable and (a) the parties will immediately commence good faith negotiations to remedy such invalidity; and (b) the validity and enforceability of the other provisions of the Agreement or Order Form as applicable will not be affected.

11.2   This Agreement and the applicable Order Form constitutes the whole agreement between the parties and supersedes any previous arrangement, understanding or agreement between them relating to the subject matter of this Agreement and the applicable Order Form.  Each party acknowledges that in entering into this Agreement or any Order Form it has not relied upon any oral or written statements, collateral or other warranties, assurances, representations or undertakings which were made by or on behalf of the other party in relation to the subject-matter of this Agreement or an Order Form at any time before its signature other than those which are set out in this Agreement or any Order Form.  Furthermore and for the avoidance of doubt, Client understands its business needs and has determined independently that the Services will meet its needs.

11.3   Except as expressly stated otherwise, nothing in this Agreement or any Order Form will create an agency, partnership or joint venture of any kind between the parties.  Neither party will have authority to act in the name of or on behalf of the other, or to enter into any commitment or make any representation or warranty or otherwise bind the other in any way.

11.4   Neither party may assign any of its rights or obligations under this Agreement without the prior written consent of the other such consent not to be unreasonably withheld save that either party can, provided not to a direct competitor, assign this Agreement by operation of law, or in connection with a merger, change of control, sale of assets or other similar transaction.

11.5   The Client acknowledges and agrees that the supply of the Reports and Services by Onfido and their use by the Client is governed by laws and regulatory requirements and that these laws and regulatory requirements may be altered from time to time. The Client agrees that Onfido may: (a) modify; or (b) cease to provide the Services (including the Reports, the Content and the Site) to the Client if necessary to comply with the legal or regulatory requirements, and that such modifications or a cessation will not be deemed to be a breach of this Agreement.

11.6   All notices must be in English, in writing, and sent by email to the address for Legal notices as set out in the Order Form, or such other address as either party has notified the other in accordance with this clause (a “Notice”).

11.7   The parties will: (i) comply with all applicable Anti-Corruption Laws; (ii) promptly report to the other party any request or demand for any undue financial or other advantage of any kind received by it in connection with the performance of this Agreement; (iii) cooperate regarding investigations by the other Party into any matters related to bribery and corruption in connection with this Agreement.

11.8   Charges specified in this Agreement are exclusive of any Tax. The Client will be responsible for, and agrees to pay, Tax on all items, goods and/or Services being paid for by the Client hereunder. If the Client is based in Canada and does not provide a valid GST (or HST) number, Onfido will include GST, PST, and HST in invoices if applicable. Any and all payments or reimbursements made hereunder shall be made free and clear of and without deduction for any and all taxes, levies, imports, deductions, charges or withholdings. If the Client is required by law to deduct such Taxfrom or in respect of any sum payable hereunder to Onfido then the sum payable hereunder shall be increased as may be necessary so that, after all deductions are made, the Onfido receives an amount equal to the sum it would have received had no such deductions been made. The Parties will cooperate and take all steps reasonably and lawfully available to them to minimise such Tax and to obtain double taxation relief. If the Client withholds any such amounts from the fees, the Client will provide Onfido with a statement of withholding tax within 30 days from the withholding. Unless otherwise agreed, the party that is liable for payment of any tax upon which interest and penalties are imposed shall bear such interest and penalties. In the event Onfido suffers any fines, penalties or charges due to the Client's non-compliance with this Clause, or the Client fails to comply with the relevant tax legislation and regulations in respect of the Charges, the Client will indemnify Onfido for such costs.

11.9   Except in respect of any transfer of staff pursuant to applicable law, neither party shall (except with the prior written consent of the other party) directly or indirectly solicit or entice away (or attempt to solicit or entice away) from the employment of the other party any person employed or engaged by such other party in the provision of the Services or (in the case of the Client) in the receipt of the Services at any time during the Term or for a further period of 3 months after the termination of this Agreement other than by means of a national advertising campaign open to all comers and not specifically targeted at any of the staff of the other party.

11.10   The Client shall: (i) comply with Export Control and Sanctions Laws; (ii) not engage in any conduct or permit the use of, or access to, the Services by a user who is a Sanctioned Person or otherwise in such a way that would constitute a violation of Export Controls and Sanctions Laws; (iii) not do, or omit to do, any act that would cause Onfido to provide services to a user who is a Sanctioned Person or otherwise breach Export Controls and Sanctions Laws; and (iv) have and enforce its own procedures and controls to ensure compliance with Export Control and Sanctions Laws. The Client will immediately notify Onfido if, during the term of this Agreement: (i) it has breached the terms of this clause 11.10. Any breach of this clause by the Client will be deemed to be a material breach of this Agreement and in the event of such a breach Onfido reserves the right to immediately terminate this contract without notice or penalty. Onfido reserves the right to implement geo-blocking or such other measures as it deems necessary to ensure that the Services are not provided to Sanctioned Persons or otherwise in violation of Export Control and Sanctions Laws.

11.11   Each party warrants that, in connection with this Agreement, it: (i) will comply with all applicable anti-corruption laws adopted by countries where the Services are being performed, including provisions of the United States Foreign Corrupt Practices Act 1977, the United Kingdom Bribery Act 2010, and any amendments thereto; and (ii) has not been found by a court in any jurisdiction to have violated any such laws. Each party will promptly report to the other party any request or demand for any undue financial or other advantage of any kind received by it in connection with this Agreement.

11.12   Any and all claims for loss arising under this Agreement will be subject to a general obligation of the parties to use all reasonable efforts to mitigate such losses.

11.13   Onfido may modify this OSA or the Entity Specific Terms at any time by posting a revised version on the Site or by otherwise notifying you in accordance with clause 11.6; provided, however, that we will provide advance notice in accordance with clause 11.6 for material adverse changes to the OSA or Entity Specific Terms. Subject to the advance notice requirement with respect to such material adverse changes, the modified terms will become effective upon posting or, if we notify you by email, as stated in the email message. By continuing to use the Services after the effective date of any modifications, you agree to be bound by the modified terms. It is your responsibility to check the Site regularly for modifications to the OSA and Entity Specific Terms. We last modified these on the date listed at the beginning of them.

SCHEDULE 1 

TECHNICAL SPECIFICATION FOR ONFIDO PLATFORM

Onfido will provide support in order to solve incidents and make coding modifications required for the Services to function as intended in accordance with the escalation procedure and severity of the issue set out below, provided always that the Client must provide substantiation by means of screenshots, use cases and as much information as reasonably possible, including a description of a scenario leading up to the problem being encountered so that Onfido can understand how the incident occurred.

Client can view system metrics, incident history and subscribe for real time updates here https://status.dev.onfido.xyz/ 

Escalation procedures & severity levels: Service response times and definitions are as follows:

Definition Item Response Time
(from the point of Client notifying Onfido)
Notification Contact
Normal (P2) A non-critical component of the Services is not performing as expected. The issue has no or limited impact on the Client’s business.

Acknowledge: Twenty four hours to acknowledge and respond to the notification.

Resolution: Will be dependent on the nature of the problem and the availability of development resources.

Via Portal: 

https://public.support.dev.onfido.xyz

Or Email: 

[email protected]

Urgent (P1) Some aspects of the Services are slow or intermittent in producing an expected response. The issue has a moderate or intermittent impact on the Client’s business.

Acknowledge: Five hours to acknowledge and respond to the notification.

Resolution: All reasonable efforts will be taken to restore Services in ten calendar days.

Via Portal:

https://public.support.dev.onfido.xyz

Or Email:

[email protected]

Critical (P0) There is no response coming from the Services. Critical outage where the impact on the Client’s business is severe. Acknowledge: Three hours to acknowledge and respond to the notification. Regular updates to be provided by Onfido until resolved.

Via Portal:

https://public.support.dev.onfido.xyz

Or Email:

[email protected]

 

System Performance, Assumptions & Uptime: The API will have availability of 24 hours a day, 7 days a week, 365 days per year with performance as follows:

Services Uptime (measured monthly)
Onfido Services 99.5%

 

All performance indicators are subject to and dependent on adherence to the API documentation. Performance indicators are exclusively related to Onfido’s performance and Onfido does not assume responsibility for the performance of any External Data Providers. Service uptime is exclusive of maintenance windows and emergency maintenance as described below.  Response times in this Schedule and for the SLA exclude any internet latency, internet outage, DoS, or other reasons outside of Onfido’s control.

Maintenance Window

A maintenance window will be used for corrective maintenance. Onfido reserves the right to perform three hours of maintenance per month, but from time to time may require longer. Onfido will use reasonable endeavours to notify the Client in advance of any upcoming maintenance windows. The service may not be available at all or in part during the time of the maintenance window. The maintenance window will only be utilised if Onfido considers this necessary or desirable to maintain the performance of the Services. 

Onfido may conduct emergency maintenance to its network or servers with no prior notice in order to resolve server security issues or other emergency issues. Onfido will notify the Client at the beginning and end of such maintenance, and will provide details on the nature of the work being performed.

Fraud Information Sharing

The Client may provide timely feedback and information to Onfido in relation to the Services or Beta Features, in particular, reporting to Onfido via the API or (if agreed) the Onfido Dashboard any: (1) fraud not identified by Onfido in its provision of the Services that is later identified by the Client ; (2) Users or checks identified as fraudulent by Onfido which are not fraudulent ; and (3) Users who commit fraud against the Client (“Fraudulent Users”). Onfido shall use the reported information and associated fraud data to improve the services in accordance with Clause 4.5.

Test Environment

Any tests, automated scans and/or probing or penetration tests, or attempts to breach any security or authentication measures used by Onfido (“Testing”) performed by the Client, will be conducted against the Onfido test environment, subject to 48 hours notice. The Client is not permitted to conduct Testing against Onfido’s live production environment. 

To the extent that the Client elects to use the Sandbox Environment, the Client understands that Onfido does not review any data uploaded or transferred into the Sandbox Environment, and Client agrees (i) to only use the Sandbox Environment to test Client's integration with the Software; (ii) to not upload or transfer any Personal Data into the Sandbox Environment and (iii) Onfido shall have no obligations or liability as to any data uploaded or transferred to the Sandbox Environment.

Beta Features

From time to time, Onfido may invite the Client to participate in a new version or service feature that Onfido has not made generally available to clients for production use and that is designated as beta, pilot, limited release, pre-release, non-production, evaluation or similar designation which does not form part of the Services (“Beta Features”), free of charge in return for the Client providing Onfido with Feedback. This invitation will be communicated to the Client through the Onfido Dashboard and the Client may accept or decline the invitation in its sole discretion. Beta Features are for Onfido evaluation and testing purposes, not for production use, not supported, not subject to availability or security obligations and may be subject to additional terms. Unless otherwise agreed, Onfido will have no liability for any harm, damage or losses of any kind arising out of or in connection with Beta Features, and the Client uses them at its own risk. Onfido may discontinue Beta Features at any time in its sole discretion and may choose not to make them generally available.

SCHEDULE 2

ONFIDO STANDARD SDK LICENCE

1. INTERPRETATION

1.1   The definitions and rules of interpretation in this paragraph apply in this licence. Terms not specifically defined in this license will have the meaning given to them in the Onfido Services Agreement, provided that for the purposes of this Schedule 2, “Software” shall mean the SDK.

App: the application owned and developed by the Client into which the Client will integrate the Software.

Maintenance Release: a release of the Software that corrects faults, adds functionality or otherwise amends or upgrades the Software.

Source Code Materials: the source code of the Software, and all technical information and documentation required from Onfido to enable the Client to integrate the Software into the App.

Unless expressly specified otherwise, this licence will be governed by the terms of the Order and the Agreement.

2.   DELIVERY AND INSTALLATION

2.1   Onfido will make available one copy of the Software electronically to the Client. The Client will be responsible for the integration of the Software into the App and all compatibility issues between the Software and the App.  Onfido will provide the Client with reasonable, limited assistance and guidance with the integration.

2.2   The Client will carry out appropriate testing and satisfy themselves with the results before making the App available in a live environment.

3.   LICENCE

3.1    In consideration of the Charges paid by the Client to Onfido, Onfido grants to the Client a limited scope, non-exclusive, non-transferable licence for the Term to use the Software in the App for the Permitted Purpose provided that:

3.1.1   use of the Software will be restricted to use of the Software in object code form for the purpose of running document and facial recognition checks as part of the App;

3.1.2   the Client may not use the Software other than as specified in paragraph 3.1.1 and this 3.1.2 without the prior written consent of Onfido.

 3.1.3   except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties, the Client will not make backup copies of the Software; 

3.1.4   except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties, the Client has no right (and will not permit any third party) to copy, adapt, reverse engineer, decompile, disassemble, modify, adapt or make error corrections to the Software in whole or in part.

3.1.5   to the extent the Software includes components covered by open source software (“OSS”) licenses (a) the terms of such OSS license(s) are available at https://github.com/onfido or such other location notified by Onfido from time to time and will, in the event of any conflict with the terms and conditions set out herein, prevail in respect of the Client’s use of such OSS; and (b) any restrictions prohibited by such OSS license that are contained within this Agreement will not apply to the applicable OSS.

3.2   The Client will not use any information in relation to the integration or use of the Software to create any software whose expression is the same as or substantially similar to that of the Software nor use such information in any manner which would be restricted by any copyright subsisting in it.

3.3   The Client will not: (1) sub-license, assign or novate the benefit or burden of this licence in whole or in part; (2) allow the Software to become the subject of any charge, lien or encumbrance; or (3) deal in any other manner with any or all of its rights and obligations under this Agreement, without the prior written consent of Onfido.

3.4   The Client will: (1) ensure that the Software is integrated with the App only; and (2) notify Onfido in writing as soon as it becomes aware of any, or suspects any unauthorised use of the Software by any person;

3.5   The Client will permit Onfido to inspect and have access to any records kept in connection with this licence, for the purposes of ensuring that the Client is complying with the terms of this licence, provided that Onfido provides reasonable advance notice to the Client of such inspections, which will take place at reasonable times.

4.   MAINTENANCE AND SUPPORT

4.1   Onfido will provide the Client with all Maintenance Releases generally made available to its Clients. Onfido warrants that no Maintenance Release will adversely affect the then existing facilities or functions of the Software but will not be responsible for any necessary integration or re-integration with the App following a Maintenance Release, or any incompatibility issues. The Client will install all Maintenance Releases as soon as reasonably practicable after receipt, but in any event within 9 months of Maintenance Release (the ‘Upgrade Obligation’). Onfido will not be in breach of any clause of this agreement to the extent that the Client breaches its Upgrade Obligation. 

4.2   Onfido has a Software deprecation policy, under which Onfido provides support (including bug fixes) for each Maintenance Release for a period set therein. Thereafter Onfido will no longer provide support for that Maintenance Release.

5.   EXPORT

5.1   Neither party will export, directly or indirectly, any technical data acquired from the other party under this Agreement (or any products, including software, incorporating any such data) in breach of any applicable laws or regulations (Export Control Laws), including United States export laws and regulations, to any country for which the government or any agency thereof at the time of export requires an export licence or other governmental approval without first obtaining such licence or approval. 

6.   USE OF THE SOFTWARE

6.1   The Client accepts responsibility for the selection of the Software to achieve its intended results and acknowledges that the Software has not been developed to meet the individual requirements of the Client or any particular App.

6.2   Onfido does not (1) provide any warranties in relation to the performance of any third party software (including the App) and will not be liable in the case of a fault caused in relation to the Software that arises from the App, any other third party software, or any actions of the Client or a third party (2) warrant that the use of the Software will be uninterrupted or error-free.

6.3  In the event of a fault or defect in the Software, Onfido will provide support and incident resolution in accordance with the escalation procedures and severity levels set out in Schedule 1.

6.4   Client will only use the Software for the purpose of receiving the Services and not for any other purpose without Onfido's prior written consent. The Client agrees no other party (including the Client) will use the Software in connection with the provision of services materially similar to the Services during the Term, or at any time thereafter. In the event of a breach of this provision, Client will indemnify Onfido for all associated losses.

7.  INTELLECTUAL PROPERTY RIGHTS

7.1   The Client acknowledges that all Intellectual Property Rights in the Source Code Materials, the Software and any Maintenance Releases belong and will belong to Onfido, and the Client will have no rights in or to the Software other than the right to use it in accordance with the terms of this licence.

8.   DURATION AND TERMINATION

8.1   This Licence will terminate on termination of the Order Form or in accordance with the terms of the Agreement, upon which (1) all rights granted to the Client under this licence will cease; (2) the Client will immediately pay to Onfido any sums due to Onfido under this licence; and (3) the Client will immediately destroy or return to Onfido (at Onfido's option) all copies of the Software and related documents then in its possession, custody or control and, in the case of destruction, certify to Onfido that it has done so.

SCHEDULE 3

CUSTOMER SUCCESS PACKAGES

The Customer Success Packages (“Success Packages”) in Table 1, are provided by Onfido to assist the Client with the successful adoption and operation of Onfido Services during the lifetime of the overall Agreement.

Client agrees that it will work with Onfido to coordinate on the agreed activities as part of each purchased Success Package by collaborating with the Onfido Customer Success Manager when required.

Table 1

Success Package Typical Activities
Standard

A named Customer Success Manager providing:

  • Proactive Service Monitoring
    • Helping identify progress and issues
  • Service and Technology Query Management
    • Assistance on How To questions
  • Service Escalation Point
    • Point of contact for ongoing issues
  • Monthly Meetings & Reports
    • Service Checkpoint reporting
  • Standard Workflow & KPI Analysis
    • Assistance with general service improvement
  • Quarterly Business Reviews
    • Formal Senior Stakeholder reporting
  • Change Release Schedules
    • Information on Onfido releases and adoption help
  • Best Practice Sharing
    • Boost team knowledge with market know-how
Premium

A named Customer Success Manager providing:

  • Proactive Service Monitoring
    • Helping identify progress and issues
  • Service and Technology Query Management
    • Assistance on How To questions
  • Service Escalation Point
    • Point of contact for ongoing issues
  • Monthly Meetings & Reports
    • Service Checkpoint reporting
  • Standard Workflow & KPI Analysis
    • Assistance with general service improvement
  • Quarterly Business Reviews
    • Formal Senior Stakeholder reporting
  • Change Release Schedules
    • Information on Onfido releases and adoption help
  • Best Practice Sharing
    • Boost team knowledge with market know-how
  • Early View Roadmap Updates
    • Provision of technology roadmap deep dives
  • Line of Business Expansion Assistance
    • Help with new IDV applications
  • Weekly / Daily Checkpoint meetings
    • When required, more frequent checkpoints
  • Custom Workflow & KPI Analysis
    • Bespoke data analysis to drive deeper improvements
  • Executive Sponsor
    • Provision of an Onfido Executive to ensure senior engagement from Onfido
No Package

Service and Technology Query Management

  • Assistance on How To questions

SCHEDULE 4

ONBOARDING PACKAGES

The Onboarding Packages (“Onboarding Packages”) in Table 1, are advisory in nature to allow Onfido to assist the Client with the Client’s implementation of Onfido. Overall control for timelines, scope and the delivery is the sole responsibility of the Client.

Client agrees that it will work with Onfido to carry out the agreed activities as part of each purchased Onboarding Package by providing timely support and reasonable assistance to Onfido.

Table 1

Onboarding Package Example Activities
Standard

Integration kick-off session (1 hour duration)

Up to two additional sessions, each of up to 2 hour duration, for example:

  • Solutions(s) deep dive
  • Process flow implementation for Onfido results 
  • Launch readiness
  • Check Results - review and actions
Enterprise

Initiate

  • Kick-off session
  • Define success criteria, resources and timelines
  • Create high-level ‘to-be process’ 

Design and Build

  • Documentation walkthrough and review
  • Testing approach, assurance and validation

Launch

  • User Acceptance Testing and early beta support
  • Deployment planning
  • Training
  • Integration review and go/no-go
Custom

Initiate

  • Kick-off session
  • Define success criteria, resources and timelines
  • Create high-level ‘to-be process’ 

Design and Build

  • Documentation walkthrough and review
  • Testing approach, assurance and validation

Launch

  • User Acceptance Testing and early beta support
  • Deployment planning
  • Training
  • Integration review and go/no-go

Early Life Support

  • Priority support as determined by Onfido on a case by case basis
  • Regular and frequent reporting
  • Optimisation and improvement support

Adoption

  • Regular Management Information reporting
  • Service Improvement Planning
No Package

Integration documentation provided

Customer Support queries