If your Commencement Date (as defined below) is: (i) on or after 19 February 2024 – this version applies to you; (ii) before 19 February 2024 – the previous version applies to you until 22 February 2024; starting from 22 February 2024, the current version applies.
These Terms and Conditions, including any schedules, annexes, or appendices thereto, shall govern the mutual relationship of the Service Provider and the Customer (hereinafter collectively referred to as the “Parties” or individually as a “Party“).
By (i) proceeding with registration in the Dashboard while applying for a Pricing Plan or clicking “Sign Up” on the Website or (ii) otherwise using or accessing the System and/or Services (unless the Parties already maintain a commercial agreement with the same or substantially similar subject matter), the Customer agrees to comply with and be legally bound by these Terms and Conditions. If the Customer does not agree to these Terms and Conditions, whether in full or in part, it is not entitled to proceed with the registration in the Dashboard or to use or continue using the System and/or the Services.
Service provider
shall mean Sum and Substance Ltd, incorporated in England with registration number 09688671 and registered office at 30 St. Mary Axe, London, England, EC3A 8BF.
Service Provider’s contact:
[email protected]
Customer
shall mean any entity using or otherwise accessing the System and/or the Services on the basis of these Terms and Conditions.
1.1. In these Terms and Conditions, the following definitions shall apply:
API
means the Service Provider’s application programming interface, which is a set of functions and procedures that facilitate the submission of applications for access to the features and functionalities of the System and communication between the System and the Customer Platform.
Applicant
means an end user of the Customer Platform (whether natural person or legal entity) providing documents, images, and other input data in respect of which the Service Provider performs Checks and other Services.
Authorized User
means any member of the Customer's personnel or another individual authorized by the Customer to access and/or use the System on behalf of the Customer.
Billing Start Date
means (i) the date when the Customer indicates its payment method and billing details and activates the chosen Pricing Plan in the Dashboard; or (ii) expiry of the Trial Period, if any, whichever is later. The Services shall become chargeable as per the applicable Pricing Plan upon the Billing Start Date.
Business Purpose
means the permitted purpose for which the Customer may use the System and/or the Services. For clarity, the Customer may use the System and/or the Services for lawful purposes of remote identity verification, fraud prevention, compliance with AML/CFT laws and regulations, internal risk management and due diligence procedures, and other essentially similar purposes. The Customer is not allowed to resell, sublicense, redistribute, or otherwise make the System and/or the Services (or any materials or results derived therefrom) available to any third party without the Service Provider’s prior written consent (except for when it is required under applicable laws or regulations or a lawful request by a competent government authority).
Check
means a subcategory of the Services with the following characteristics: (i) a Check is deemed completed when the Applicant in respect of which it has been conducted is assigned a “Rejected”, “Approved”, or “Resubmission requested” status in the Dashboard; and (ii) if any Check is reiterated in respect of the same Applicant later than one calendar month from the moment when the first such Check was completed or, irrespectively of the timing, by the Customer or at the Customer's request, such reiteration shall be considered a new Check and, therefore, billed separately.
Commencement Date
means the date on which the Customer (i) expresses its consent to be bound by these Terms and Conditions via the Website or (ii) starts using or otherwise accesses the System and/or the Services in the absence of a commercial agreement in force between the Parties (whichever is the earlier).
Confidential Information
means information disclosed by (or on behalf of) the Service Provider to the Customer in connection with or in anticipation of these Terms and Conditions that is marked as confidential or, from its nature, content, or the circumstances in which it is disclosed, could reasonably be deemed confidential. It does not include information (i) that the Customer had already possessed on a lawful basis prior to the disclosure, (ii) that becomes public through no fault of the Customer, (iii) that was independently developed by the Customer, (iv) that was lawfully transferred to the Customer by a third party bearing no confidentiality obligation towards the Service Provider; or (v) that is approved for disclosure by the Service Provider in writing.
Customer Platform
means the information technology system owned and/or operated by the Customer, if any, which receives data from the Service Provider and/or the System based on these Terms and Conditions.
DPA
means the Data Processing Agreement as contained in Annex 3 to these Terms and Conditions.
Fees
means the charges payable by the Customer to the Service Provider under these Terms and Conditions, including in particular Annex 2 hereto (“Payment Terms”), as per the applicable Pricing Plan or as otherwise agreed by the Parties.
Intellectual Property Rights
means all patents, rights to inventions, utility models, copyright and related rights, trademarks, service marks, trade, business and domain names, rights in trade dress or get-up, rights in goodwill or to sue for passing off, unfair competition rights, rights in designs, rights in computer software, database rights, topography rights, moral rights, rights in Confidential Information (including know-how and trade secrets) and any other intellectual property rights, in each case whether registered or unregistered and including all applications for and renewals or extensions of such rights, and all similar or equivalent rights or forms of protection in any part of the world.
Malicious Code
means viruses, worms, time bombs, Trojan horses, and other similar malware, files, scripts, agents, or programs.
New Release
means (i) architectural changes in the System and/or Services; (ii) improvements and bug corrections of the System and/or Services; or (iii) maintenance releases not impacting the visible performance of the System and/or Services.
Pricing Plan
means the tariff as chosen by the Customer via the Dashboard (or, where it is permitted or prescribed under these Terms and Conditions, enabled by the Service Provider for the Customer), entitling the Customer to use Services of such types and volumes and on such conditions as specified in the respective Pricing Plan. Current Pricing Plans offered by the Service Provider are available at: https://sumsub.com/pricing and in the Dashboard. The Customer may at any time enable or disable any of the Services covered by the applicable Pricing Plan via the Dashboard or, if necessary, by contacting the Service Provider at [email protected]. Where the Customer enables a Service not covered by the Pricing Plan applicable to the Customer at the relevant time, the Service Provider may, at its sole discretion, (i) transfer the Customer to a Pricing Plan that includes the Service in question, and/or (ii) charge the Customer for its usage of the Service in question as per the Pricing Plan including the said Service, and/or (iii) suspend or limit the Customer’s access to the System and/or the Services. Any applicable Pricing Plan shall be considered an inherent part of these Terms and Conditions.
SDK
means the software code supplied by the Service Provider to be embedded into the Customer Platform and any technical documentation relating to the corresponding integration.
Security Feature
means any key, login, PIN, password, etc. as may be provided by the Service Provider to the Customer or created by the Customer for the purposes of accessing the System.
SLA
means the Service Level Agreement as contained in Annex 1 to these Terms and Conditions.
Specification
means the list and description of Services corresponding to the Pricing Plan applicable to the Customer at the relevant time. The Service Provider reserves the right to modify the Specification from time to time, subject to reasonable prior written notice to the Customer in case such modification significantly impairs the scope or quality of the Services available to the Customer according to the then-current Specification.
System
means a set of computer programs and databases owned and/or operated by the Service Provider to render the services described in the Specification (the “Services”), including API and SDK. The System includes an interactive software tool facilitating the communication between the Service Provider and the Customer and ensuring the management and processing of requests as submitted by the Customer or by its Applicants (the “Dashboard“).
Trial Period
means a period during which the Customer may be entitled to use a limited volume of Checks included in the applicable Pricing Plan free of charge and for the purposes of testing the Services and the functionality of the System.
Website
means www.sumsub.com and its subdomains.
1.2 No provision of these Terms and Conditions shall be construed against or interpreted to the disadvantage of any Party by reason of such Party having or being deemed to have structured or drafted such provision.
1.3 Any reference to "days" shall mean calendar days unless qualified by the word "business", in which instance a "business day" shall be any day other than a Saturday, Sunday, bank holiday, or a public holiday in the Service Provider’s jurisdiction of incorporation.
1.4 Any provision conferring rights or imposing obligations on a Party and contained in any of the definitions listed in clause 1.1 or elsewhere in these Terms and Conditions shall be given effect as if it were a substantive provision within the body of these Terms and Conditions.
1.5 Where figures are referred to in numerals and in words, and there is any conflict between the two, the words shall prevail.
1.6 Where the expressions “include(s)”, “including” or “in particular” are used in these Terms and Conditions, the list of words following them shall not be considered exhaustive unless explicitly indicated otherwise.
1.7 References to sections, clauses, or Annexes are to these Terms and Conditions' respective sections, clauses, and Annexes.
1.8 A reference to a Party includes its successors and permitted assigns.
1.9 The headings in these Terms and Conditions are for ease of reference only and shall not affect their interpretation.
1.10 In these Terms and Conditions, if the context so requires, references to the singular shall include the plural and vice versa.
2.1 These Terms and Conditions shall become binding between the Parties on the Commencement Date and remain in full force and effect for 12 months following the Billing Start Date (cumulatively, the “Initial Period”). Once the Initial Period expires, these Terms and Conditions shall automatically be renewed for subsequent periods of 12 months each (the “Renewal Period(s)”) unless terminated earlier by either Party pursuant to section 10 below. The Initial Period and any Renewal Periods as may follow shall together constitute the “Term”.
2.2. Notwithstanding clause 2.1, on the date when the Customer (i) fully expends any given Pre-Payment (if applicable) or (ii) changes its Pricing Plan to one including a Pre-Payment among the payable Fees, the Initial Period or then-current Renewal Period shall automatically expire, with the subsequent Renewal Period commencing on the following day.
3.1 The Service Provider shall grant the Customer full access to the System and the Services as purchased under the respective Pricing Plan immediately upon the Billing Start Date. Notwithstanding the foregoing:
3.1.1) a limited scope of the System’s functionalities (not including, in particular, any chargeable Services), determined at the Service Provider’s sole discretion, may become available to the Customer upon the Commencement Date, subject to the Customer following the instructions forwarded by the Service Provider to the email address specified by the Customer via the Website (if applicable);
3.1.2) immediately upon the Commencement Date, the Customer shall be obliged to submit to the Service Provider certain information about itself as further specified by the Service Provider via the Website, by email or otherwise for due diligence purposes (including, but not limited to, personal details of Authorized Users; billing details as required under the applicable Pricing Plan; company details, ownership and control structure, personal details of ultimate beneficial owners and senior officers, supporting corporate documents; nature of business and any required licenses, registrations, certifications, approvals (if applicable); website address; and other data as may be requested by the Service Provider). The Service Provider shall be entitled, at its sole discretion, to suspend or limit the Customer’s access to the System and/or the Services and/or terminate the Terms and Conditions as between itself and the Customer where (i) the Customer fails to timely provide the requested information (in full or in part); (ii) the information provided by the Customer is false, incomplete, or incorrect; or (iii) in the Service Provider’s opinion, the due diligence has qualified the Customer as a high-risk counterparty. The Service Provider shall not be obliged to disclose the scope or results of its due diligence procedures.
3.2 Upon the Commencement Date (but not before the Customer indicates its payment method and billing details and activates the chosen Pricing Plan in the Dashboard), the Service Provider may, at its sole discretion, grant the Customer a Trial Period, the exact duration and scope of which shall be specified in the Dashboard. The Trial Period may only be activated by the Customer. The Customer acknowledges that not all features and functionalities of the System may be available during the Trial Period. Upon the expiry of the Trial Period, the Services shall immediately and automatically become chargeable as per the applicable Pricing Plan.
3.3 For the duration of the Term, the Service Provider shall supply the Customer with (i) Services based on the Pricing Plan applicable at any relevant time and the SLA; (ii) as soon as reasonably practicable, any New Releases; and (iii) technical support, including maintaining the System up-to-date, in good working order, and free from Malicious Code, and restoring it to normal operational conditions if inaccessible.
3.4 The Customer acknowledges that for any reason, at any time, and without prior notice, the Service Provider may issue New Releases, and agrees to implement such New Releases promptly. Failure of the Customer to update its version of the System to the New Release within 60 days of written notification from the Service Provider shall be considered a material breach as per clause 10.2 of these Terms and Conditions. The Service Provider shall not be in any way liable for the System's incorrect operation, unavailability, or any other deficiencies that are due to the Customer's failure to timely comply with its obligations as set out in this clause 3.4.
4.1 The Customer acknowledges and agrees that all Intellectual Property Rights in the System and the Services belong to the Service Provider or its licensors (as the case may be) and the Customer shall have no rights to or interest in the System and/or Services other than those expressly granted under these Terms and Conditions. The Customer undertakes, during the Term and at any time thereafter, not to challenge the Intellectual Property Rights of the Service Provider or its licensors, nor to assist any third party directly or indirectly to do so.
4.2 Subject to clause 4.1, the Service Provider grants the Customer a worldwide, non-exclusive, non-transferable, non-sublicensable, revocable license for the duration of the Term to use the System and/or Services solely for the Business Purpose, in accordance with these Terms and Conditions, and conditional on the Customer’s compliance therewith.
4.3. The Customer is not permitted to modify, adapt, translate, process, reverse engineer, rearrange or otherwise rework or make derivative works of any elements of the System, or reproduce the results achieved from any of these acts.
5.1 For the provision of the Services and use of the System, including receipt of any New Releases, support, or maintenance as per these Terms and Conditions, the Customer shall pay the Service Provider Fees as detailed in the applicable Pricing Plan and Annex 2 hereto. The Customer may convert to another Pricing Plan at any time through the Dashboard or, if necessary, by contacting the Service Provider at[email protected].
5.2 Unless it follows otherwise from Annex 2 or the applicable Pricing Plan, any payable Fees may be automatically withdrawn from the bank account specified by the Customer in the Dashboard no later than the 10th day of the month following the reporting period (meaning the period in which the chargeable Services were actually provided). The Customer shall ensure in advance the availability of sufficient funds on its bank account. Time of payment will be of the essence.
5.3 The Service Provider shall have the right to suspend or limit access to the Services and/or the System until all payments overdue under these Terms and Conditions are received by the Service Provider in full. Additionally, the Service Provider shall be entitled to claim interest on the overdue sum from the due date until payment of the overdue sum in full, whether before or after judgment. Interest under this clause 5.3 shall be in the amount of 0,1% of the overdue sum per each day of delay.
6.1 The Customer shall: (i) maintain all Confidential Information in strict and absolute secrecy and refrain from any publication, communication, or any other disclosure of Confidential Information, in whole or in part, to any third party whatsoever; (ii) take all necessary precautions to keep Confidential Information secure and apply the same security measures and degree of care to Confidential Information as the Customer applies to its own confidential information; and (iii) immediately inform the Service Provider of any damage to or accidental loss of Confidential Information, including transfer to or use by unauthorized persons.
6.2 The Customer shall not: (i) use Confidential Information in order to build a product or service which competes with the Services; (ii) attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of Confidential Information (as applicable) in any form or media or by any means to any individual or entity; or (iii) reverse engineer, decompile or disassemble Confidential Information.
6.3 The Customer shall not be prevented from disclosing Confidential Information to members of personnel or professional advisors (“Representatives”) who need to know it and who have agreed in writing to confidentiality obligations no less restrictive than those contained herein. The Customer shall ensure that any Representatives: (i) use Confidential Information only for the purposes of these Terms and Conditions; and (ii) keep such Confidential Information secret and secure. The Customer shall remain liable for any act or omission by its Representatives as if they were its own.
6.4 In the event that the Customer or any of its Representatives are requested pursuant to any applicable law or regulation or by legal process to disclose any Confidential Information, the Customer shall give the Service Provider prompt notice of such request or legal process in order to enable the Service Provider: (i) to seek an appropriate protective order or other remedy; or (ii) to consult with the Customer with respect to taking steps to resist or narrow the scope of such request or legal process. In the event that such protective order or other remedy is not obtained, the Customer shall use commercially reasonable efforts to disclose only that portion of Confidential Information which is legally required to be disclosed and to require that all Confidential Information that is so disclosed will be accorded confidential treatment.
6.5 If so requested by the Service Provider at any time by written notice to the Customer, the Customer shall promptly: (i) destroy or return to the Service Provider all documents and materials (and any copies thereof) containing, reflecting, incorporating or based on the Confidential Information; (ii) erase all Confidential Information from its computer and communications systems, devices and other means of electronic storage; and (iii) certify in writing to the Service Provider that it has complied with the requirements of this clause 6.5.
6.6 Without affecting any other rights and remedies that the Service Provider may have, the Customer hereby agrees that damages would not be an adequate remedy for any breach of this section 6 by the Customer and that the Service Provider shall be entitled to remedies of injunction, specific performance and other equitable relief for any threatened or actual breach of this section 6. The Customer’s liability for any breach of the provisions of this section 6 shall not be subject to any liability limitation otherwise applicable under these Terms and Conditions.
6.7 Notwithstanding anything to the contrary, clauses 6.1-6.6 shall survive the expiry or termination of these Terms and Conditions indefinitely.
6.8 The Service Provider shall guarantee protection of personal data received under these Terms and Conditions as set out in Annex 3 hereto.
6.9 The Customer grants the Service Provider permission to use personal data transferred to the Service Provider under these Terms and Conditions for: (i) developing and testing the Services and/or the System to improve their capabilities for detection and prevention of fraud, including by means of artificial intelligence (e.g. machine learning models); (ii) fulfilling its commitments under the Terms and Conditions and providing a competitive service; (iii) identifying, flagging, monitoring, and reporting potentially fraudulent patterns and other signs of suspicious behaviour which could lead to or signal any illicit activity; (iv) producing anonymised and/or aggregated statistical reports and research; and (v) producing and storing audit log records and reports based on internal information security and personal data protection requirements.
6.10 Where these Terms and Conditions are terminated for any reason, the Service Provider shall, (i) subject to the Customer’s written request and unless the Customer is in breach of these Terms and Conditions as of the termination date, enable the Customer to retrieve all personal data related to its Applicants as may be stored at the relevant time in the Customer’s dedicated account in the Dashboard, free of charge, within 30 days following the termination date; and subsequently (ii) delete all such personal data (excluding any data that the Service Provider may be permitted or obliged to retain under these Terms and Conditions or the applicable laws and regulations) from the System in the absence of the Parties’ mutual agreement to the contrary.
7.1 The Customer shall not permit, enable, or provide access to the System to anyone except the Authorized Users. In particular, where the Customer uses Security Features or other credentials in relation to the System, the Customer shall keep those confidential and not share them other than with the Authorized Users.
7.2 Where an Authorized User requires a separate set of Security Features or other credentials to access the System, a request for these shall only be submitted to the Service Provider by another Authorized User.
7.3 All and any actions carried out in the System with the use of Security Features or other credentials previously issued by the Service Provider to the Customer or its Authorized Users or created by the Customer or its Authorized Users shall be regarded as performed by Authorized Users. The Service Provider shall not be in any way liable for the consequences of such actions.
7.4. The Customer shall be responsible and liable for any acts or omissions of its Authorized Users (and any third parties that may be regarded as Authorized Users under clause 7.3) as if they were its own.
8.1 SUBJECT TO CLAUSE 8.2, THIS SECTION 8 SETS OUT THE ENTIRE FINANCIAL LIABILITY OF THE SERVICE PROVIDER (INCLUDING ANY LIABILITY FOR THE ACTS OR OMISSIONS OF ITS EMPLOYEES, AGENTS AND SUB-CONTRACTORS) IN RESPECT OF: (i) ANY BREACH OF THESE TERMS AND CONDITIONS (EXCLUDING SLA PROVISIONS); (ii) ANY USE MADE BY THE CUSTOMER OF THE SERVICES OR ANY PART THEREOF; AND (iii) ANY REPRESENTATION, STATEMENT OR TORTIOUS ACT OR OMISSION (INCLUDING NEGLIGENCE) OR BREACH OF STATUTORY DUTY ARISING UNDER OR IN CONNECTION WITH THE TERMS AND CONDITIONS.
8.2. NEITHER PARTY EXCLUDES OR LIMITS LIABILITY TO THE OTHER PARTY FOR: (i) FRAUD OR FRAUDULENT MISREPRESENTATION; (ii) PAYMENT OF SUMS PROPERLY DUE AND OWING TO THE OTHER PARTY IN THE COURSE OF NORMAL PERFORMANCE OF THESE TERMS AND CONDITIONS; (iii) ANY INDEMNITIES UNDER THESE TERMS AND CONDITIONS; OR (iv) ANY MATTER FOR WHICH IT WOULD BE UNLAWFUL FOR THE PARTIES TO EXCLUDE OR LIMIT LIABILITY.
8.3 SUBJECT TO CLAUSE 8.2, THE SERVICE PROVIDER SHALL NOT IN ANY CIRCUMSTANCES BE LIABLE, WHETHER IN CONTRACT, TORT (INCLUDING FOR NEGLIGENCE AND BREACH OF STATUTORY DUTY HOWSOEVER ARISING), MISREPRESENTATION (WHETHER INNOCENT OR NEGLIGENT), RESTITUTION OR OTHERWISE, FOR: (i) ANY LOSS OF PROFITS, INCOME, GOODWILL, REVENUE, REPUTATION, OR BUSINESS OPPORTUNITIES; (ii) ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES NOT COVERED UNDER SUBCLAUSE 8.3(i); (iii) ANY LOSS OR CORRUPTION OF DATA OR INFORMATION, EXCEPT IF IT WAS CAUSED BY A BREACH OF THESE TERMS AND CONDITIONS BY THE SERVICE PROVIDER.
8.4 SUBJECT TO CLAUSE 8.2, THE SERVICE PROVIDER’S TOTAL AGGREGATE LIABILITY IN CONTRACT, TORT (INCLUDING NEGLIGENCE AND BREACH OF STATUTORY DUTY HOWSOEVER ARISING), MISREPRESENTATION (WHETHER INNOCENT OR NEGLIGENT), RESTITUTION OR OTHERWISE, ARISING IN CONNECTION WITH THE PERFORMANCE OR CONTEMPLATED PERFORMANCE OF THESE TERMS AND CONDITIONS OR ANY COLLATERAL CONTRACT SHALL IN ALL CIRCUMSTANCES BE LIMITED TO: (i) 100% OF THE TOTAL FEES PAID BY THE CUSTOMER TO THE SERVICE PROVIDER DURING THE 3-MONTH PERIOD IMMEDIATELY PRECEDING THE DATE ON WHICH THE CAUSE OF ACTION FIRST AROSE; OR (ii) 5,000 (FIVE THOUSAND) USD, WHICHEVER IS LESS. THIS LIABILITY LIMITATION IS CUMULATIVE AND THE EXISTENCE OF MORE THAN ONE CLAIM WILL NOT ENLARGE IT.
8.5 THE CUSTOMER ASSUMES SOLE RESPONSIBILITY FOR ANY CONCLUSIONS DRAWN FROM USE OF THE SERVICES.
8.6 THE CUSTOMER SHALL INDEMNIFY, DEFEND, AND HOLD HARMLESS THE SERVICE PROVIDER, ITS AFFILIATES AND THEIR RESPECTIVE OFFICERS, SHAREHOLDERS, DIRECTORS, AND PERSONNEL (AND KEEP THEM INDEMNIFIED ON A FULL INDEMNITY BASIS) FROM AND AGAINST ANY THIRD PARTY CLAIMS, SUITS, HEARINGS, ACTIONS, DAMAGES, LIABILITIES, FINES, PENALTIES, COSTS, LOSSES, JUDGMENTS OR EXPENSES (INCLUDING REASONABLE ATTORNEY FEES) ARISING OUT OF OR IN CONNECTION WITH THE CUSTOMER’S USE OF THE SERVICES OR THE CUSTOMER’S PERFORMANCE UNDER THESE TERMS AND CONDITIONS (COLLECTIVELY, “CLAIMS”), PROVIDED AND TO THE EXTENT THAT SUCH CLAIMS ARE NOT DIRECTLY ATTRIBUTABLE TO ANY BREACH HEREOF BY THE SERVICE PROVIDER.
8.7 IT IS EXPRESSLY UNDERSTOOD AND AGREED THAT EACH AND EVERY PROVISION OF THESE TERMS AND CONDITIONS WHICH ESTABLISHES A LIMITATION OF LIABILITY, DISCLAIMER, WARRANTY OR EXCLUSION OF DAMAGES IS INTENDED BY THE PARTIES TO BE SEVERABLE AND INDEPENDENT OF ANY OTHER PROVISION AND SHALL BE ENFORCED AS SUCH.
9.1 The Customer warrants, represents and covenants that: (i) it is duly incorporated, organized and validly existing under the applicable law; (ii) it has good and sufficient capacity, power, authority and right to enter into, execute and deliver these Terms and Conditions, to complete the transactions contemplated hereby and to duly observe and perform the covenants and obligations contained herein; and (iii) all necessary corporate action has been taken by it to authorize and approve the execution and delivery of these Terms and Conditions, the completion of the transactions contemplated hereby and the observance and performance of the covenants and obligations contained herein.
9.2 The Customer warrants, represents and covenants that it will not: (i) use the System and/or the Services to discriminate against any Applicant or in a manner that causes damage or injury to any person or property or is otherwise incompatible with any applicable law or regulation; (ii) use the System and/or the Services for any purposes other than the Business Purpose; (iii) use the System and/or the Services in a manner that could be reasonably expected to bring the Service Provider into disrepute or otherwise harm its reputation; or (iv) act or omit to act in a way that interferes with or compromises the integrity or security of the System and/or the Services.
9.3 No conditions, warranties or other terms apply to the System and/or any Services supplied by the Service Provider under these Terms and Conditions other than those expressly set forth herein. The Service Provider hereby disclaims any implied warranties whether arising under law, through course of dealing, or otherwise, including any implied warranties of non-infringement, title, satisfactory quality, fitness for purpose, merchantability or conformance with description. In addition, the Service Provider does not warrant or enter into any other term to the effect that any technology provided in connection with these Terms and Conditions will be entirely free from defects or that its operation will be entirely error-free. The Customer acknowledges that the Services are provided on an “as is” basis. The Services are not intended to be used as the sole basis for any business decision (including where those business decisions concern Applicants). The Customer agrees that the Service Provider has no liability for any inaccuracy, incompleteness or other error in the Services which is attributable to data provided by the Customer or any third party, including cases where the provision of a Service may be limited, suspended or discontinued due to a deficiency and/or unavailability of data submitted by an external third-party source the Service Provider may engage to provide the relevant Service.
10.1 Either Party may terminate these Terms and Conditions at any time for convenience by giving the other Party written notice at least 7 days prior to the purported termination date. In addition, the Customer may at any time suspend the provision of Services (without prejudice to the effect of the provisions of these Terms and Conditions unaffected by such suspension) via the Dashboard.
10.2 Either Party may terminate these Terms and Conditions with immediate effect by giving written notice to the other Party if: (i) the other Party is in material breach of these Terms and Conditions where the breach is incapable of remedy; or (ii) the other Party is in material breach of these Terms and Conditions where the breach is capable of remedy and fails to remedy that breach within fourteen (14) days after receiving written notice of such breach; (iii) the other Party is in violation of any applicable law or legal regulation; or (iv) the other Party enters into an arrangement or composition with or for the benefit of its creditors, goes into administration, receivership or administrative receivership, is declared bankrupt or insolvent or is dissolved or otherwise ceases to carry on business, or any analogous event happens to the other Party in any jurisdiction in which it is incorporated or resident or in which it conducts business or has assets.
10.3 Any provision of these Terms and Conditions that expressly or by implication is intended to come into or continue in force on or after the termination of these Terms and Conditions shall remain in full force and effect. Termination of these Terms and Conditions for any reason shall not affect the accrued rights, remedies, obligations or liabilities of the Parties that may have accrued by the termination date.
10.4 The Service Provider reserves the right, at its sole discretion, to limit or suspend the Customer’s or any Authorized User’s access to the System and/or the Services and/or terminate these Terms and Conditions with immediate effect where it knows or reasonably suspects that: (i) the Customer is in breach of any warranties or representations set out in clauses 9.1-9.2; (ii) the Customer (including any of its affiliates and their respective ultimate beneficial owners, directors, officers, agents, or employees) is in breach of any applicable laws or regulations or is subject to any local or international sanctions or restrictions; (iii) the Customer infringes on the Intellectual Property Rights of the Service Provider or its counterparties; (iv) the Customer has disclosed any Confidential Information in a manner not permitted under these Terms and Conditions; (v) a third party has gained unauthorised access to the System and/or the Services as a result of the Customer’s actions or omissions or by using the Security Features or other credentials previously issued by the Service Provider to the Customer or its Authorized User; or (vi) the Customer’s actions may, in the Service Provider’s reasonable opinion, be detrimental to the legitimate interests or business reputation of the Service Provider or its counterparties.
10.5. Where the Service Provider is permitted to suspend or limit the Customer’s access to the System and/or the Services under these Terms and Conditions, it shall be entitled to do so with immediate effect and no prior notice in all cases.
11.1 A Party shall not be considered to be in breach of these Terms and Conditions, and shall be excused from performance or liability for damages to the other Party (or any third party), if and to the extent it is delayed in or prevented from performing or carrying out any of the provisions of these Terms and Conditions due to a labor disturbance, sabotage, act of the public enemy, war, invasion, insurrection, riot, fire, storm, flood, earthquake, explosion, epidemic, or any other cause beyond such Party’s reasonable control, including, but not limited to, any curtailment, order, regulation, or restriction imposed by governmental, military or lawfully established civilian authorities, or by making of repairs necessitated by an emergency circumstance not limited to those listed above upon the property or equipment of the Party or property or equipment of others which is deemed under the operational control of the Party (“Force Majeure”). Any Party claiming a Force Majeure event shall use reasonable diligence to remove the condition that prevents performance and shall not be entitled to suspend performance of its obligations in any greater scope or for any longer duration than is required by the Force Majeure event. Each Party shall use its best efforts to mitigate the effects of the Force Majeure event, remedy its inability to perform, and resume full performance of its obligations hereunder. Either Party shall be entitled to terminate these Terms and Conditions with immediate effect by giving the other Party written notice if the Force Majeure event remains unremedied for a period of 60 consecutive days.
11.2 The Service Provider may update these Terms and Conditions occasionally from time to time at its sole discretion. The Service Provider shall use reasonable endeavours to notify the Customer of such updates by email and/or via the Dashboard and/or via the Website. The Customer is solely responsible for ensuring it has read, acknowledged, and agreed to the updated version of these Terms and Conditions. The Customer’s continued usage of the System and/or the Services shall be regarded as acceptance of the updates.
11.3 Failure or delay of either Party in exercising any right or remedy under these Terms and Conditions shall not constitute a waiver of such (or any other) right or remedy.
11.4 If any provision of these Terms and Conditions (or part of any provision) is found by any court or other authority of competent jurisdiction to be invalid, illegal or unenforceable, that provision or part-provision shall, to the extent required, be deemed not to form part of these Terms and Conditions. The Parties shall immediately commence good faith negotiations to remedy such invalidity, and the validity and enforceability of the other provisions of these Terms and Conditions as applicable shall not be affected.
11.5 These Terms and Conditions constitute the whole agreement between the Parties and supersede any previous arrangement, understanding or agreement between them relating to the subject matter of these Terms and Conditions (unless expressly agreed otherwise by the Parties). Each Party acknowledges that in entering into these Terms and Conditions, it has not relied upon any oral or written statements, collateral or other warranties, assurances, representations or undertakings which were made by or on behalf of the other Party in relation to the subject matter of these Terms and Conditions other than those which are set out herein (or those which the Terms and Conditions explicitly refer to).
11.6 Except as expressly stated otherwise, nothing in these Terms and Conditions shall create or confer any rights or other benefits in favour of any person other than the Parties. Except as expressly stated otherwise, nothing in these Terms and Conditions shall create an agency, partnership or joint venture of any kind between the Parties. Neither Party shall have authority to act in the name of or on behalf of the other, or to enter into any commitment or make any representation or warranty or otherwise bind the other in any way.
11.7 The Customer may not assign any of its rights or obligations under these Terms and Conditions without the prior written consent of the Service Provider, such consent not to be unreasonably withheld. If permitted under the applicable laws and regulations, the Service Provider may assign its rights and/or obligations to one of its affiliates (meaning entities controlled by, controlling, or under common control with the Service Provider) without the Customer’s consent. Notwithstanding the foregoing, either Party may assign its rights or obligations under these Terms and Conditions to an acquirer of all or substantially all of the assets of such Party without the consent of the other.
11.8 The Customer is only permitted to make public announcements and/or publish written materials concerning the Service Provider and/or the existence and nature of the business relationship between the Parties subject to the Service Provider’s prior written consent, except as required by law, any governmental or regulatory authority (including, without limitation, any relevant securities exchange), any court or other authority of competent jurisdiction. The Service Provider may freely use the Customer’s trademarks (including logos) in its promotional or marketing materials, on the Website, etc., for the purpose of publicly identifying the Customer as its counterparty.
11.9 Unless specified otherwise in these Terms and Conditions, any notice or communication required or permitted to be given hereunder shall be in writing and in English. It may be delivered: (i) by hand to a responsible person during ordinary business hours at the then current physical address as indicated by the receiving Party and shall be deemed received on the day of delivery; (ii) by email to the receiving Party’s chosen email address and shall be deemed received on the date and at the time recorded by the recipient’s email server (unless there is evidence to the contrary that it was delivered on a different date or at a different time); (iii) via Dashboard or via other means mutually agreed upon by the Parties and shall be deemed received by written or automated receipt or electronic log (as applicable). The Parties may update their email and physical addresses for notices or communication at any time by notice in writing, or through the Dashboard, or as otherwise provided under this clause 11.9.
11.10 The Parties shall: (i) comply with all applicable laws, statutes and regulations relating to anti-bribery and anti-corruption including to the Bribery Act 2010 (Relevant Requirements); (ii) not engage in any activity, practice or conduct which would constitute an offence under sections 1, 2 or 6 of the Bribery Act 2010 if such activity, practice or conduct had been carried out in the UK; (iii) promptly report to the other Party any request or demand for any undue financial or other advantage of any kind received by it in connection with the performance of these Terms and Conditions.
11.11 All disputes arising out of or in connection with these Terms and Conditions shall be governed by the laws of England and Wales and referred to and finally resolved by an arbitration administered by the International Court of Arbitration of the International Chamber of Commerce (“ICC”) in accordance with the Rules of Arbitration of the ICC and, where available, on the expedited procedure basis. The number of arbitrators shall be 1 (one). The law governing this arbitration clause shall be the laws of England and Wales. The seat of the arbitration shall be London, England. The language of the arbitration shall be English.
No award or procedural order made in the arbitration shall be published. The Parties shall at all times treat all matters relating to the proceedings and any arbitral award as confidential.
Service Level Agreement
1.1 This Service Level Agreement (“SLA”) is a policy governing the use of the Service Provider’s API and/or SDK (hereinafter “Sumsub Service”) by the Customer.
1.2 Except as otherwise provided herein, this SLA is subject to the Terms and Conditions. Terms not otherwise defined herein shall have the meaning given to them in the Terms and Conditions.
1.3 “Service Availability” means Sumsub Service may be accessed and used by the Customer for the Business Purpose and in accordance with the Terms and Conditions.
1.4 “Uptime Commitment” means the Service Availability shall be at least ninety-nine and five tenths percent (99.5%) in each calendar month.
1.5 Uptime measurement: the Service Provider shall measure uptime by checking the response of Sumsub Service. Every one (1) minute, a third-party service will attempt to access Sumsub Service. If the service does not receive a successful HTTPS response – that is, a HTTPS response code of 2XX or 3XX – that will count as one minute of downtime. The unavailability of Sumsub Service shall be calculated from the time that such unavailability is reported by the Customer to the Service Provider at [email protected].
1.6 Exclusions: The calculation of Uptime Commitment excludes instances of: Force Majeure events, Scheduled Maintenance, or Emergency Maintenance. Scheduled Maintenance means the Service Provider may allocate up to five (5) hours per calendar month to performing maintenance on the System or installing upgrades, fixes or reconfigurations. Emergency Maintenance means the Service Provider may conduct emergency maintenance with no prior notice in order to resolve server security issues or other emergency issues. The Service Provider will use best endeavours to notify the Customer at the beginning and end of such Emergency Maintenance, and will provide details on the nature of the work being performed.
Payment Terms
1. Fees
1.1 Subject to the chosen Pricing Plan and the respective Specification, the Customer may be obliged to pay the Service Provider Pre-Payment, Commitment, Check Charges, Service Charges, Subscription Fees, and/or Installation Fee (“Fees”). For the avoidance of doubt, all Fees shall be non-refundable.
1.1.1 Pre-Payment is paid regularly (upon the Billing Start Date and upon the commencement of each Renewal Period). THE CUSTOMER FULLY ACKNOWLEDGES, ACCEPTS AND AGREES THAT THE PRE-PAYMENT IS NON-CANCELLABLE, NON-REFUNDABLE, AND NON-RECOUPABLE AND PAID ON AN UNCONDITIONAL BASIS (IRRESPECTIVELY OF WHETHER ANY SERVICES WERE RENDERED WITHIN THE INITIAL PERIOD OR THE GIVEN RENEWAL PERIOD, AS THE CASE MAY BE). FOR CLARITY, ONCE THE INITIAL PERIOD OR THE GIVEN RENEWAL PERIOD (AS THE CASE MAY BE) ENDS OR IS TERMINATED, THE UNUSED PART OF THE RESPECTIVE PRE-PAYMENT AUTOMATICALLY EXPIRES AND IS NOT SUBJECT TO REFUND. Notwithstanding this, subject to paying the Pre-Payment, the Customer shall be entitled to use a volume of Checks and/or other Services corresponding to the amount of the Pre-Payment within the Initial Period or the given Renewal Period, as the case may be, such volume to be calculated based on the price of an individual Check / other Services as set out in the chosen Pricing Plan. Once the Pre-Payment is exceeded and until another Pre-Payment is paid, any additional Checks and other Services are billed separately.
Should the Customer fail to pay any Pre-Payment, THE CUSTOMER ACKNOWLEDGES AND AGREES THAT THE SERVICE PROVIDER MAY, AT ITS SOLE DISCRETION, TRANSFER THE CUSTOMER TO ANOTHER PRICING PLAN AND/OR LIMIT OR SUSPEND THE CUSTOMER’S ACCESS TO THE SYSTEM AND/OR THE SERVICES.
1.1.2 Commitment is paid regularly (once in a reporting period) and on an unconditional basis (irrespectively of whether any Services were rendered within the given reporting period). Once the Commitment is exceeded (as a result of deduction of the other Fees payable and deductible from the Commitment as per the applicable Pricing Plan), any additional Services are billed separately. For clarity, once the respective reporting period ends, the unused part of the Commitment automatically expires and is not subject to refunds. Where the Commitment and the Pre-Payment are included in a Pricing Plan simultaneously, the Commitment could be deductible from the Pre-Payment as stated in the respective Pricing Plan.
1.1.2 Check Charges and Service Charges are paid separately for each Check conducted and for other Services rendered during a reporting period and, by default, are deducted from the Commitment or the Pre-Payment.
1.1.3 Subscription Fees are paid for the provision of specific Services regularly (once in a reporting period) and on an unconditional basis. They are not deductible from the Commitment but may be deductible from the Pre-Payment as indicated in the respective Pricing Plan.
1.1.4 Installation Fee is paid once for the activation of a given Service. The Installation Fee is not deductible from the Commitment but may be deductible from the Pre-Payment as indicated in the respective Pricing Plan.
1.2 The Fees do not include any applicable taxes, levies, duties, or other similar exactions imposed by a legal, governmental, or regulatory authority in any relevant jurisdiction, including, without limitation, sales, use, value-added, consumption, communications, or withholding taxes. Any amounts of such taxes are not to be deducted by Customer from amounts payable to the Service Provider. Furthermore, the Fees do not include any charges or commissions imposed by any bank.
1.3 The Service Provider reserves the right to adjust any Fees payable by the Customer under these Terms and Conditions as follows:
a) provided that any external third-party source engaged by the Service Provider increases an existing charge and/or changes the basis on which it provides information necessary for the provision of any particular Service(s) to the Customer, which results in the Service Provider incurring additional costs in order to keep providing the said Service(s), the Service Provider may, in relation to such Service(s) only, increase the Fees payable under the Agreement by the said additional costs;
b) provided that any increase in the Fees other than the one described in clause 1.3(a) above may only be executed once in 12 months and shall not exceed fifteen percent (15%) of the Fees that were in effect prior to such adjustment, the Service Provider may additionally adjust any Fees, effective as of the commencement of the following Renewal Period.
The Service Provider shall notify the Customer of above-mentioned adjustments no later than 15 days prior to the prospective date of their enforcement. In the event that the Customer does not wish to accept the adjustments and the Parties fail to resolve the issue by negotiations within 7 business days, the Customer may terminate the Terms and Conditions with immediate effect by giving written notice to the Service Provider.
1.4. In case of a conflict between this Annex 2 and any applicable Pricing Plan, the latter shall prevail.
2.3 The Fees shall be charged as follows:
2.3.1 the Pre-Payment, if any, shall be payable by the Customer as reasonably practicable upon the Billing Start Date and upon the commencement of any given Renewal Period. The Service Provider may either invoice the Customer for a Pre-Payment or automatically withdraw the corresponding amount from the bank account specified by the Customer at the relevant time;
2.3.2 the Commitment, Check Charges and/or Service Charges, and Subscription Fees, if any, shall be automatically withdrawn from the bank account specified by the Customer at the relevant time no later than the 10th day of the month following the reporting period.
2.4. A reporting period shall constitute one calendar month.
2.5. Any undisputed invoices are to be paid within 10 days of receipt from the Service Provider.
Data processing agreement
Agreed terms
The Agreement includes the following Annexes:
Provided that an adequacy decision/regulation of the EC or the ICO is amended or withdrawn, resulting in the inability to rely on it as a data transfer mechanism by the Parties, such transfer shall be conducted as provided in clause 7.2.
In relation to transfers of Personal Data protected by the EU GDPR and processed per clause 2.1.(b) of this Agreement, the SCCs shall apply, completed as follows:
In relation to transfers of Personal Data protected by the UK GDPR, the SCCs, as implemented under sub-paragraphs (a) and (b) above, will apply with the following modifications:
The Customer grants Sumsub general authorisation to engage any subprocessor by selecting a set of services for which this subprocessor needs to be involved when signing the Terms and Conditions. Sumsub will maintain the list of engaged subprocessors, which will be updated in the Dashboard notifications and which the Customer shall read and review to receive the updated information. If the Customer objects to the engagement of the specified subprocessor and provides legitimate reasons for the objection, Sumsub, may (i) cease to use the new subprocessor with regard to Personal Data (if possible, to continue providing service without using a particular subprocessor, and it will not affect SLA and quality of service), (ii) taking into account the costs and state of the art, consider providing another subprocessor, or (iii) If it is impossible to provide another subprocessor or if the Customer objects to any subprocessor, Sumsub may cease to provide or the Customer may agree not to use (temporarily or permanently) the particular aspect of a Sumsub Service that would involve the use of the subprocessor to process Personal Data. Sumsub or the Customer may terminate this Agreement in accordance with clause 11.4. hereto.
This clause does not apply to the processing of Personal Data carried out in accordance with clause 2.1.(b).
This agreement has been entered into on the date stated at the beginning of it.
Personal Data Processing Purposes and Details
The Customer's Purpose of Processing:
CDD and AML/CFT rules compliance for KYC, if applicable
Business Purpose:
Execution of the Terms and Conditions
Nature of Processing:
Remote identity verification and other CDD procedures
Duration of Processing:
Term of the Terms and Conditions or any other term indicated in line with clause 12 of this Agreement
Data subjects categories:
the Customer's customers
Categories of data for Processing:
The Personal Data processing is based on the products or services selected in ANNEX 2 of the Terms and Conditions, which may include, but are not limited to the categories of Personal Data specified below.
For clarity, geolocation data (e.g. IP address) and technical data (e.g. (software and hardware attributes (camera and device name)) are strictly necessary to the extension of detection of fraud patterns as well as provision the correct risk score to the Customer.
KYC (A-Z)
KYB (A-Z)
Extras (A-Z)
KYT
Frequency of transfers in case of international transfers: on a continuous basis, in accordance with the Customer’s purpose(s) and Business purpose.
Subject matter, nature and duration of the processing by (sub-) processor: The subject matter, nature and duration of the processing is indicated and specified in the relevant Agreement with the subprocessor that Sumsub engages for Business purpose. More details are provided in Annex E.
Consent and Privacy Notice Wording
The Customer shall ensure that, where applicable, it collects each Data Subject’s consent for Sumsub (as a third-party processor) to process Personal Data, including biometric data, related to this Agreement in accordance with the applicable Data Protection Legislation (particularly Article 9 of the EU GDPR and the UK GDPR) by complying with either point (a) or (b) below:
Description of Processing / Transfer
Modules 2 and 3 (controller/processor to processor transfers)
A. List of Parties
Data exporter(s)
Name: Party identified as ‘Customer’ in the Agreement.
Address: as defined in the Agreement.
Contact person’s name, position and contact details: As provided in clause 18 of the Agreement.
Activities relevant to the data transferred under these Clauses: Provisioning data for the Business purpose.
Role: Controller/Processor
Data importer(s)
Name: Party identified as ‘Sumsub’ in the Agreement.
Address: as defined in the Agreement.
Contact person’s name, position and contact details: Sumsub’s DPO, email: [email protected]
Activities relevant to the data transferred under these Clauses:
Role: Processor
B. Description of Transfer
As specified in Annex A of the DPA.
C. Competent Supervisory Authority
The competent supervisory authority will be determined in accordance with the criteria set forth in Clause 13 of the SCCs, provided that if the data exporter is not established in an EU Member State and has not appointed a representative, the Cyprus Supervisory Authority shall act as the competent supervisory authority.
ANNEX II: Technical and organisational measures including technical and organisational measures to ensure the security of the data is to be required by the Customer additionally.
ANNEX III: List of Subprocessors: As specified in Dashboard System.
Description of Processing / Transfer
Module 1 (controller-to-controller transfers)
A. List of Parties
Data exporter(s)
Name: Party identified as ‘Customer’ in the Agreement.
Address: as defined in the Agreement.
Contact person’s name, position and contact details: As provided in clause 18 of the Agreement.
Activities relevant to the data transferred under these Clauses: Provisioning data for the Business purpose.
Role: Controller
Data importer(s)
Name: Party identified as ‘Sumsub’ in the Agreement.
Address: as defined in the Agreement.
Contact person’s name, position and contact details: Sumsub’s DPO, email: [email protected]
Activities relevant to the data transferred under these Clauses: Improvement of Services
Role: Controller
B. Description of Transfer
As specified in Annex A of the DPA.
C. Competent Supervisory Authority
The competent supervisory authority will be determined in accordance with the criteria set forth in Clause 13 of the SCCs, provided that if the data exporter is not established in an EU Member State and has not appointed a representative, the Cyprus Supervisory Authority shall act as the competent supervisory authority.
ANNEX II: Technical and organisational measures including technical and organisational measures to ensure the security of the data is to be required by the Customer additionally.
ANNEX III: List of Subprocessors: As specified in the Dashboard System.
International Data Transfer Addendum to the EU Commission Standard Contractual Clauses - UK
PART 1. TABLE
Table 1. Parties
Commencement date: when the restricted transfer is to be conducted
The Parties' details:
Exporter: Customer
Importer: Sumsub
Key Contact: as specified in DPA
Table 2. Selected SCCs, Modules and Selected Clauses
Addendum EU SCCs: The version of the Approved EU SCCs (stated in Annexes C-1 and C-2) to which this Addendum is appended, detailed below, including the Appendix Information.
Table 3. Appendix Information
ANNEX IA: List of Parties: As specified in the preamble of the SCCs (stated in Annex C-1 and/or Annex C-2).
ANNEX IB: Description of Transfer: As specified in Annex A to the DPA.
ANNEX II: Technical and organisational measures including technical and organisational measures to ensure the security of the data is to be required by the Customer additionally.
ANNEX III: List of Subprocessors: As specified in the Dashboard System.