AIS Customer Terms of Service
Dated: December 2017
Welcome to TrueLayer!
The TrueLayer Terms of Service is an agreement between TrueLayer Limited (“TrueLayer”, “we”, “us”, “our”) and an application (“the Customer”, “you”) that wishes to use TrueLayer’s services. The Terms of Service listed below are the fundamental provisions that will govern a legal relationship between TrueLayer and a Customer, not all the legal provisions. Should you wish to enter into an agreement with us, please email us at email@example.com, and we shall send through the full agreement including schedules and fees.
How you should read these Terms of Service (“the Agreement”)
The document has been laid out in sections. You may go to the relevant section of interest directly, by clicking on the links provided. The headings are for reference only, and while the Agreement has been formatted for ease of reading, please do ensure that you read all relevant sections of the Agreement.
- Section 1: outlines who we are and what services we provide
- Section 2: lists definitions that are applicable to these Terms of Service
- Section 3: outlines our obligations
- Section 4: outlines the Customer’s obligations
- Section 5: addresses access and security obligations on both parties
- Section 6: outlines when and how account information may be obtained by the Customer
- Section 7: gives an overview of the fees for the services used
- Section 8: outlines the Intellectual Property Rights of each party
- Section 9: warranties made by each party
- Section 10: confidentiality obligations on each party
- Section 11: privacy and data protection obligations on each party
- Section 12: how and when this Agreement may be terminated
- Section 13: liability of each party
- Section 14: anti bribery obligations of each party
- Section 15: termination of the Agreement due to circumstances beyond either party’s control
- Section 16: communication between parties
- Section 17: when might the Agreement be waived
- Section 18: when might the Agreement be severed
- Section 19: non-partnership Agreement
- Section 20: law governing this Agreement
- Schedule 1: Account Information
There are a few other relevant policies that are linked here, which may be read in conjunction with the Agreement, or as stand alone documents. These include:
- PIS Customer Terms of Service
- End-User Terms of Service
Section 1 : TrueLayer Limited
Who we are
TrueLayer Limited is a company incorporated and registered in England with company number 10278251 whose registered office is at Fleet Place House, 2 Fleet Place, London, England, EC4M 7RF (“TrueLayer”, “we”, “us”, “our”).
What Services we provide
- TrueLayer provides a tool that allows the users of our Customer’s products and services (“End-Users”) to access and share Account Information with the Customer (the "Tool");
- The Customer wishes to make the Tool accessible to End-Users through the Customer Website.
- The Agreement shall govern TrueLayer’s provision to the Customer of an application programming interface from which the Tool can be integrated into, and accessed by End-Users via, the Customer Website.
Section 2: Definitions
- Account Information” means, in relation to an End-User, information on one or more Payment Accounts held by that End-User with a Payment Service Provider or with more than one Payment Service Provider, including (but not limited to) such information set out in Schedule 1;
- “Account Information Services” has the meaning given to it in regulation 2(1) of the Payment Services Regulations;
- "Affiliate" means any corporation, entity or other business Controlled by, Controlling or under common Control with a party.
- "Agreement" means this agreement and includes the schedules to it (and the schedules shall be treated for all purposes as forming part of this agreement).
- "API" means the application programming interface provided by TrueLayer for the purposes of enabling the Tool to be integrated into, and accessed by End-Users via, the Customer Website.
"Applicable Law" means any and all:
- (i) legislation (including statute, statutory instrument, treaty, regulation, order, directive, by-law and decree) and common law;
- (ii) regulatory rules, guidance and licence conditions relating to either party or otherwise as issued by an Authority;
- (iii) judgments, resolutions, decisions, orders, notices or demands of a competent court, tribunal, regulatory body or governmental authority in each case having the force of binding law or by which either party is bound; and
- (iv) industry guidelines or codes of conduct which are mandatory,
- in each case in any jurisdiction relevant to the parties.
- "Applicable Anti-Bribery Laws" means, in relation to a party, any applicable law, rule, regulation or other legally binding measure relating to the prevention of bribery, corruption, fraud or similar or related activities, including the Bribery Act 2010 of the United Kingdom.
- "Authority" means any regulatory, administrative, supervisory or governmental agency, body or authority (whether regional, national or supranational) to whose rules, regulations or guidance any party (or any assets, resources or business of such party) is, from time to time, subject or submits including, but not limited to, the UK Information Commissioner’s Office (ICO).
- "Business Day" means any day (other than a Saturday or Sunday) on which banks are open for general business in London.
- "Commencement Date" means the date of this Agreement.
- "Confidential Information" means all non-public information, documentation and data, of whatever nature, disclosed in writing, by one party to the other or obtained by one party from the other whether before or after the Commencement Date, arising out of, or in connection with, this Agreement or its subject matter and whether or not it is marked as "confidential" but which ought to be reasonably considered to be confidential.
- “Control” has the meaning given in section 1124 of the Corporation Tax Act 2010, and “Controlled” and “Controlling” shall be construed accordingly.
- "Customer Website" means the Customer’s website and any other subdomains of the Customer’s website.
- "Data Protection Legislation" means all Applicable Laws relating to the processing of personal data and privacy, including but not limited to (where applicable): the General Data Protection Regulation (EU) 2016/679 of the European Parliament (“GDPR”) and any laws and/or regulations of the United Kingdom that: (i) implement and/or exercise derogations under it; and/or (ii) replace or supersede it; the Data Protection Act 1998; the Data Protection Directive (95/46/EC); the Regulation of Investigatory Powers Act 2000; the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (SI 2000/2699); the Electronic Communications Data Protection Directive (2002/58/EC); the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003); and, where applicable, guidance and codes of practice issued by data protection regulators, including but not limited to the UK Information Commissioner.
- “Data Breach” means any accidental, unlawful or unauthorised destruction, loss, alteration, disclosure of, or access to the End-User Personal Data or any unauthorised or unlawful processing of the End-User Personal Data.
- “Data Subject” shall have the meaning given to it in Data Protection Legislation.
- "End-User" means an individual who wishes to obtain services from the Customer and who has agreed to the End-User Terms of Service with TrueLayer.
- “End-User Personal Data” has the meaning given to it in Section 11;
- "End-User Terms of Service" means the terms of service which End-Users are required to agree to between the End-User and TrueLayer before using the Tool and which set out the terms on which the End-User may use the Tool, as updated from time to time.
- "Fees" means the fees payable by the Customer to TrueLayer.
- "Force Majeure Event" means any circumstance not within a party's reasonable control including, without limitation: (a) acts of God, flood, drought, earthquake or other natural disaster; (b) epidemic or pandemic; (c) terrorist attack, civil war, civil commotion or riots, war, threat of or preparation for war, armed conflict, imposition of sanctions, embargo, or breaking off of diplomatic relations; (d) nuclear, chemical or biological contamination or sonic boom; (e) any law or any action taken by a government or public authority, including, without limitation, imposing an export or import restriction, quota or prohibition; (f) collapse of buildings, fire, explosion or accident; (g) any labour or trade dispute, strikes, industrial action or lockouts; (h) non-performance by suppliers or subcontractors; and (i) interruption or failure of a utility service.
- “IPR Claim” means any claim that use of the Tool, API or any TrueLayer Materials in accordance with the terms of this Agreement infringes or makes unauthorised use of any Intellectual Property Rights of any third party.
“Insolvency Event” means in respect of either party:
- other than for the purposes of a bona fide reconstruction or amalgamation, such party passing a resolution for its winding up, or a court of competent jurisdiction making an order for it to be wound up or dissolved, or that party being otherwise dissolved; or
- the appointment of an administrator of, or the making of an administration order in relation to either party, or the appointment of a receiver or administrative receiver of, or an encumbrancer taking possession of or selling the whole or any part of that party’s undertaking, assets, rights or revenue; or
- that party entering into an arrangement, compromise or composition in satisfaction of its debts with its credits or any class of them, or taking steps to obtain a moratorium, or making an application to a court of competent jurisdiction for protection from its creditors; or
- that party being unable to pay its debts, or being capable of being deemed unable to pay its debts, within the meaning of section 123 of the Insolvency Act 1986; or
- that party entering into any arrangement, compromise, or composition in satisfaction of its debts with its creditors; or
- anything analogous thereto in any other jurisdiction.
- "Intellectual Property Rights" means all patents, rights to inventions, utility models, copyright and related rights, trademarks, service marks, trade, business and domain names, rights in trade dress or get-up, rights in goodwill or to sue for passing off, unfair competition rights, rights in designs, rights in computer software, database rights, topography rights, moral rights, rights in confidential information (including know-how and trade secrets) and any other intellectual property rights, in each case whether registered or unregistered and including all applications for and renewals or extensions of such rights, and all similar or equivalent rights or forms of protection in any part of the world.
- “Licence” has the meaning given to it in Section 3;
- "Malicious Software" means any software program or code intended to destroy, interfere with, corrupt or have a disruptive effect on program files, data, other information, or any system or network, executable code or application software macros, including (without limitation) any virus, worm, Trojan horse or bot, whether or not its operation is immediate or delayed, and whether such software program or code is introduced wilfully, negligently or without knowledge of its existence.
- “Payment Account” has the meaning given to it in regulation 2(1) of the Payment Services Regulations;
- “Payment Service Provider” has the meaning given to it in regulation 2(1) of the Payment Services Regulations;
- “Payment Services Regulations” means the Payment Services Regulations 2017 (SI 2017/752);
- "Permitted Persons" has the meaning given to it in Section 10.
- "Personal Data" has the meaning given in Data Protection Legislation.
- "Processing" or "Process" has the meaning given in Data Protection Legislation.
- "Purpose" means the provision of certain services to the End-User as elected by the End-User (including, but not limited to, personal finance management, data aggregation, multi-banking, lending, investments, marketplaces and/or financial services) and/or such proprietary uses of Account Information as may have been agreed between the Customer and End-User;
- “Regulatory Consents” means all licences, authorisations, permissions, approvals, consents, registrations or waivers necessary for the Customer to perform its obligations under this Agreement in accordance with Applicable Law or for the activities and services contemplated by this Agreement otherwise to be performed in compliance with Applicable Law.
- "Relevant Party" has the meaning given to it in Section 10.
- “Requesting Party” has the meaning given to it in Section 10.
- “SDK” means our software development kit that allows for the creation of applications for a certain software package, software framework, hardware platform, computer system, video game console, operating system, or similar development platform.
- "Term" means the length of the engagement, unless terminated.
- “Tool” means the tool provided by TrueLayer that allows End-Users to access and share Account Information with the Customer.
- "TrueLayer Documentation" has the meaning given to it in Section 8.
- "TrueLayer Materials" has the meaning given to it in Section 8.
- "TrueLayer Mark" means TrueLayer marks and logos.
- “TrueLayer Obligations” means the obligations of TrueLayer set out in Section 3.
- “VAT” means: means UK value added tax as defined in the Value Added Tax Act 1994
- "Year" means each twelve (12) month period from the Commencement Date or from each anniversary thereof.
Section 3: Our Obligations
Subject to the Customer’s compliance at all times with the terms of this Agreement, TrueLayer hereby grants to the Customer a limited, non-exclusive, non-transferable, non-sub licensable, revocable licence (the “Licence”) for the Term:
- to: (i) integrate the API into the Customer Website in accordance with Section 8; and (ii) to enable End-Users to access and use the Tool in order for the Customer to fulfil the Purpose, subject to Section 5; and
- to, with TrueLayer’s prior written consent and subject to Section 8, include the TrueLayer Mark on the Customer Website.
TrueLayer shall use reasonable endeavours to make the Tool available to End-Users and to transmit Account Information to the Customer, and shall give the Customer at least two (2) weeks written notice, either via email or a dedicated Slack channel, of any alterations to the API that may affect integrating the Tool into the Customer’s Website.
Subject to the above, TrueLayer:
- does not give any warranties, conditions, guarantees or other commitments to the Customer in respect of its obligations or the functionality, performance, service levels, latency or accuracy of the Tool or provision of Account Information, including, without limitation, that TrueLayer does not give any commitment that the performance of the Tool will be uninterrupted or error free, and the Customer acknowledges that the Tool may be subject to downtime due to planned or emergency maintenance, updates or modifications, and that in the event that the Tool does not maintain a 98% uptime rate, the Customer is not liable to pay for those periods of use, and in some cases, may be entitled to a reimbursement of fees paid;
- does not warrant, represent or give any guarantee or commitment that the Account Information obtained by the Customer through the End-User's use of the Tool will be accurate or complete or meet the Customer's requirements; and
- is not responsible for any delays, delivery failures, or any loss damages, costs or expenses resulting from the transfer of Account Information over communications networks and facilities, including the internet, and the Customer acknowledges that the Tool may be subject to limitations, delays and other problems inherent in the use of such communications facilities which are outside of the control of TrueLayer; and
- will not contact the End-Users for any purpose, unless the prior written consent of the Customer has been received; and
- will not use the End-Users data for any purpose, other than providing the services to the Customer as outlined in this Agreement.
Section 4: Customer Obligations
The Customer shall provide TrueLayer with:
- all necessary co-operation in relation to this Agreement and the performance of TrueLayer Obligations; and all such access to information or systems as may be required by TrueLayer in order to fully perform TrueLayer Obligations and to ensure that the Tool and the API are functioning correctly;
- only use the API in accordance with the license terms above;
- be responsible for the accuracy and completeness of the content on the Customer Website and shall ensure that such content does not: (i) infringe any Applicable Laws; or (ii) contain any material or content that is obscene, offensive, abusive, harassing, indecent, defamatory or discriminatory; or (iii) infringe the Intellectual Property Rights of any third party;
- ensure that the Customer Website shall be free from, and shall not introduce into the Tool, any Malicious Software including by using up-to-date, industry-standard and comprehensive anti-virus software to seek to prevent the introduction of any Malicious Software into the Tool;
- comply with all Applicable Laws with respect to its activities under this Agreement;
- ensure that the End-Users are aware of TrueLayer’s services and agreement with the Customer.
The Customer shall not, and shall not permit any person to (except to the extent that the following cannot be prohibited by Applicable Law):
- except to the extent expressly permitted under this Agreement, copy, modify, duplicate, create derivative works from, mirror, republish, download, display, transmit, or distribute all or any portion of the Tool and/or the API in any form or media or by any means;
- decipher, decompile, reverse assemble, disassemble, translate, reverse engineer or otherwise reduce to derive source code, algorithms, tags, specification, architecture, structure or other elements of the Tool and/or API, in whole or in part;
- remove any TrueLayer mark, logo, trade name, copyright notice and/or any other proprietary notice (as applicable) from the Tool or the API;
- interface or connect the API with any computer software or system, save for the Customer Website, without the prior written approval of TrueLayer;
- except as expressly permitted in this Agreement, use the Tool and/or API to provide services to third parties;
- allow access to, provide, divulge or make available the Tool and/or API to any third party except as expressly permitted in this Agreement;
- otherwise use or copy the Tool and/or API except as expressly permitted herein; or
- do or permit to be done any act or omission in relation to the performance of its obligations under this Agreement which does or may adversely materially affect the reputation, goodwill or image of TrueLayer.
Section 5: Access and Security
TrueLayer shall use reasonable endeavours to protect Account Information and ensure the End-Users’ privacy in accordance with Applicable Law.
- may only download Account Information pursuant to, and in accordance with, account information requirements set out in Section 6;
- shall not access or attempt to access any part or parts of the Tool and/or API to which it has not been granted access to by TrueLayer;
- shall notify TrueLayer immediately if it becomes aware of any unauthorised access or use of the Tool and/or API (or any part thereof) or any other actual or potential breach of security in relation to the Tool and/or API (or any part thereof) and provide such reasonable assistance to TrueLayer with regard to abating such access, use or breach as TrueLayer shall reasonably request;
- shall be responsible for any third party using the Customer's encryption key;
- shall not share with any third party the Customer's encryption key that could be used to access the Tool, API and/or any Account Information without TrueLayer's prior written consent and shall ensure that such encryption key is only used by the individual(s) nominated to access the same. If such individual(s) cease to act in an authorised capacity on behalf of the Customer for any reason, the Customer shall immediately notify TrueLayer and remove the encryption key from such individual(s); and
- shall not use the Tool or API to transfer or knowingly receive any Malicious Software or any material or content that is obscene, offensive, abusive, harassing, indecent, defamatory or discriminatory or which infringes the Intellectual Property Rights of any third party or whose transfer by the Customer would otherwise be unlawful, including under all applicable competition laws.
The Customer shall promptly notify TrueLayer and change the password(s) it uses to access the Tool and/or API in the event that any individual user has left the Customer’s organisation.
Section 6: Account Information
The transfer of Account Information through the API is subject to the following:
- the End-User’s agreement to the End-User Terms of Service;
- the End-User providing correct and accurate credentials to access the Account Information; and
- the Customer’s compliance with the terms and conditions of this Agreement.
The Customer acknowledges that an End-User may, pursuant to the End-User Terms of Service, withdraw any consent it has granted to TrueLayer to process Account Information at any time and TrueLayer shall not be liable to the Customer to the extent that it is prevented from providing the Customer with Account Information in these circumstances.
Any Account Information transferred to the Customer pursuant to this Agreement shall be owned by, and shall constitute the Confidential Information of, the relevant End-User and/or the Payment Service Provider that such Account Information relates to.
Section 7: Fees
The Customer shall pay the Fees to TrueLayer in accordance with what has been agreed between the parties, and that which is outlined in a fee schedule.
The Customer shall pay each invoice submitted by TrueLayer for the Fees within thirty (30) days of the end of the month of receipt of the invoice. The Fees shall be payable in Pounds Sterling (GBP). All payments shall be made in full without any set off, deduction or withholding whatsoever, save for such deductions or withholdings as are required by Applicable Law. If the Customer is required by Applicable Law to make any deduction or withholding from any payment to TrueLayer, the sum due in respect of such payment shall be increased so that, after the making of such deduction or withholding, TrueLayer receives a net sum equal to the sum it would have received had no such deduction or withholding been made. In the event that the Tool does not maintain a 98% uptime rate, the Customer is not liable to pay for those periods of use, and in some cases, may be entitled to a reimbursement of fees paid. A ‘usage breakdown’ line item will be noted in the invoice to reflect these instances.
The Fees payable by the Customer under this Agreement shall be exclusive of any amounts in respect of VAT. If anything done by one party under this Agreement constitutes, for VAT purposes, the making of a supply to the other party and VAT is or becomes chargeable on that supply, the party receiving the supply shall pay the other party, in addition to any amounts otherwise payable under this Agreement by the party receiving the supply, and against delivery of a valid VAT invoice to the party receiving the supply, a sum equal to the amount of VAT which is chargeable in respect of that supply.
Without prejudice to any other remedy available to TrueLayer under this Agreement or under Applicable Law, if any invoice (or part thereof) or other amount which is due and payable under this Agreement to TrueLayer is not paid by the Customer to TrueLayer by the due date for payment:
- TrueLayer shall not be obliged to perform the TrueLayer Obligations until the date of actual payment of any such amounts in full by the Customer; and/or
- the Customer shall be liable to pay interest to TrueLayer on the outstanding sum from the relevant due date for payment until the date of actual payment in full (both before and after any judgment) at the rate of four per cent (4%) per annum above the Bank of England base rate for the period in question.
Section 8: Intellectual Property Rights
Save as expressly set out in this Agreement, neither party shall receive any right, title or interest in or to any Intellectual Property Rights owned by the other party. All rights not expressly granted in this Agreement are reserved by the parties or their licensors. For the avoidance of doubt, the Customer shall not under any circumstances have or be entitled to hold any Intellectual Property Rights in the Tool or the API except for the licence granted pursuant to Section 2.
Customer shall use the TrueLayer Mark only in accordance with the terms of this Agreement and TrueLayer’s trademark usage policy, as notified to the Customer from time to time.
TrueLayer shall make available to the Customer its API integration and user guides and SDKs, as amended by TrueLayer from time to time (collectively "TrueLayer Documentation"). The Customer shall comply with the TrueLayer Documentation in connection with the integration and use of the API. The Customer shall keep all user IDs, passwords and other access codes pertaining to the API confidential and secure from all unauthorised persons in accordance with the provisions of Section 5.
All Intellectual Property Rights in the Tool and API and all supporting documentation (including, but not limited to, the TrueLayer Mark and TrueLayer Documentation, but excluding any Account Information) (the "TrueLayer Materials"), together with any goodwill in or attaching to them, shall be the property of TrueLayer and the Customer shall not acquire any rights or interests in the TrueLayer Materials including any additions, developments modifications, updates and new versions thereof and other derivative works thereto. Such rights shall vest in TrueLayer or its licensors automatically upon their creation irrespective of whether they are made by TrueLayer, Customer or third-party providers. To the extent that such rights do not vest automatically in TrueLayer or its licensors, Customer shall and (to the extent possible pursuant to Applicable Law) hereby does assign and shall procure the assignment of all such rights to TrueLayer and shall at TrueLayer’s cost execute and deliver (including procuring execution and delivery by its employees, agents and contractors) all such instruments and take such further actions that may be needed to perfect such assignment and to secure and protect TrueLayer’s rights therein. Furthermore, the Customer forever waives and agrees never to assert any and all moral rights it may have in or with respect to any such rights and shall procure that its employees, agents and contractors do the same.
The Customer shall ensure that all Intellectual Property Rights notices contained in the Tool, API and TrueLayer Materials are reproduced in full.
Customer shall not use, apply to register, register or cause or knowingly assist any other person to use, register or apply to register the TrueLayer Mark or any mark, name, sign or logo which is or is likely to be confused or associated with the TrueLayer Mark or any translation thereof (including, without limitation, any internet domain name including any of the foregoing in any language) otherwise than as is agreed in writing by TrueLayer.
All goodwill in and to the TrueLayer Mark arising in connection with the use by Customer shall vest in TrueLayer. Customer undertakes that it will make no claim to any goodwill in or to the TrueLayer Mark.
If during the Term, any infringement or wrongful use of the TrueLayer Materials occurs by a third party, immediately upon learning thereof, the Customer shall notify TrueLayer in writing, setting forth the facts in reasonable detail. The Customer agrees to cooperate in good faith, and to assist TrueLayer, to the extent reasonably possible, in any case of infringement affecting the TrueLayer Materials.
Subject to Section 13 and the Customer complying with its obligations under this Agreement, TrueLayer shall indemnify the Customer in respect of all losses, liabilities, costs (including legal costs and VAT), charges, expenses, actions, procedures, claims, demands and damages (including the amount of damages awarded by a court of competent jurisdiction) suffered and/or incurred by the Customer in connection with any IPR Claim excluding any IPR Claim to the extent relating to any modification or addition to the Tool, API or TrueLayer Materials made other than by TrueLayer.
- give TrueLayer full written details of the IPR Claim without undue delay but in any event no later than five (5) Business Days of it first being made;
- not make any admission or take any other action in respect of the IPR Claim, which might be prejudicial thereto without the prior written consent of TrueLayer;
- give TrueLayer conduct of any proceedings, suit or action which may ensue and all negotiations for a settlement of the IPR Claim; and
- give to TrueLayer, at TrueLayer’s request and expense, all reasonable assistance in connection with any such IPR Claim.
The provisions set out TrueLayer’s sole and exclusive obligations, and TrueLayer’s sole and exclusive remedies, with respect to infringement or misappropriation of Intellectual Property Rights, whether in contract, tort or otherwise (including, but not limited to, liability for any negligent act or omission).
Section 9: Warranties
Each party warrants at the date of this Agreement that:
- it has full capacity and authority to enter into and perform its obligations under this Agreement;
- this Agreement is executed by a duly authorised representative;
- it is not subject to an Insolvency Event; and
- it is not aware of any of the events referred to in clause 8.1(c).
The Customer warrants that all Regulatory Consents have been obtained by it and remain in full force and effect, all conditions to any such Regulatory Consents have been complied with, and it is not aware of any circumstance which indicates that any Regulatory Consent may be varied, revoked or not renewed.
Save as expressly set out in this Agreement, TrueLayer does not give any representation or warranty (express or implied) in respect of the subject matter of this Agreement and all warranties and representations which may be implied (by statute or otherwise) are hereby excluded to the maximum extent permitted by Applicable Law.
Section 10: Confidential Information
Each party undertakes to the other party:
- to keep all Confidential Information received from the other party or otherwise pursuant to this Agreement strictly confidential;
- not to disclose such Confidential Information in whole or in part to any third party;
- to use such Confidential Information solely for the purpose of: (i) in respect of the Customer, receiving the benefit of the Licence; and (ii) in respect of TrueLayer, granting the Licence, and not otherwise for its own benefit or the benefit of any third party; and
- not to copy or reproduce such Confidential Information other than in connection with, and only to the extent necessary for, the purposes set out above or which is automatically archived or backed up by that party's systems. For the avoidance of doubt, each party shall continue to be bound by the obligations under this Section in respect of any Confidential Information which is automatically archived or backed-up.
Each party may disclose the Confidential Information referred to above:
- to its Affiliates and such of its Affiliates' employees, directors, officers, agents, professional advisers and subcontractors ("Permitted Persons") as have a legitimate need to know or see the same for the purposes set out above. Each party will ensure that any Permitted Person to whom a disclosure is made is subject to equivalent obligations of confidentiality as those that bind the party under this clause. Each party shall be liable for the acts or omissions of such Permitted Persons that lead to a breach of that party's obligations under this Section.
- in compliance with the legal requirements of a competent legal or other Authority or government agency, or as otherwise required by Applicable Law, provided that:
- the party to which the Confidential Information relates has been notified by the party intending to disclose it of the intended disclosure prior to the disclosure taking place (where permitted to do so by Applicable Law); and
- the party intending to disclose the Confidential Information has provided such assistance as has been reasonably requested by the party to which the Confidential Information relates in order to restrict the scope of the intended disclosure to the maximum extent.
The obligations of confidentiality under this Agreement shall not apply (or shall cease to apply as the case may be) to any Confidential Information:
- which becomes public knowledge other than as a result of a breach of this Agreement;
- already in the receiving party's possession without an obligation of confidentiality prior to disclosure by the disclosing party in connection with this Agreement;
- lawfully obtained by the receiving party without any obligation of confidentiality from a third party who was entitled to disclose it; or
- which the receiving party can demonstrate was independently created by the receiving party without the use of any of the disclosing party's Confidential Information.
Following a party's written request (the "Requesting Party") or termination of this Agreement for any reason, the other party (the "Relevant Party") shall as soon as reasonably practicable (and in any event, within (seven (7) days) return to the Requesting Party or, if requested by the Requesting Party, securely destroy (including, without limitation, by erasing any electronically held information stored on magnetic media) all Confidential Information, or such portion of that Confidential Information as is specified by the Requesting Party, in the Relevant Party's possession or control that relates to, or was disclosed to, the Relevant Party by or obtained by the Relevant Party from, the Requesting Party save:
- to the extent that it is required to be retained by Applicable Law; or
- in respect of Confidential Information which is automatically archived and/or backed up by the Relevant Party's systems in a manner that the retrieval and return or destruction of such Confidential Information would not be technically feasible or would require an unreasonable expenditure of costs or resources by the Relevant party.
For the avoidance of doubt, the Relevant Party shall continue to be bound by the obligations of confidentiality under this Agreement in the event that any such Confidential Information described above is not retrieved, returned or destroyed. If requested in writing by the Requesting Party, the Relevant Party shall provide a written confirmation signed by a duly authorised representative of the Relevant Party confirming that the Relevant Party has returned or securely destroyed such Confidential Information, or if some or all of such Confidential Information has not been returned or securely destroyed, the Relevant Party shall provide reasonable written details of that Confidential Information and the reasons for such failure to return or securely destroy.
This Section shall survive termination of this agreement for any reason.
Section 11: Data Protection
Each party shall comply with its obligations under the Data Protection Legislation and shall co-operate with the other party in order to assist that party to comply with its own obligations under Data Protection Legislation.
The Customer acknowledges and agrees that:
- (a) the Account Information it receives through use of the API comprises Personal Data relating to the relevant End-User (“End-User Personal Data”); and
- (b) the Customer shall be the data controller of such End-User Personal Data from the moment it receives it and shall only process such End-User Personal Data to the extent that it is lawfully entitled to do so pursuant to Data Protection Legislation.
Each party shall implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to the risk (taking into account the nature, scope, context and purposes of processing End-User Personal Data), including from unauthorised or unlawful processing of such End-User Personal Data, or accidental loss or destruction of, or damage to, such End-User Personal Data.
The Customer shall:
- have in place procedures so that any third party it authorises to have access to End-User Personal Data, including processors, will respect and maintain the confidentiality and security of such End-User Personal Data and at all times act in accordance with Data Protection Legislation;
- assist TrueLayer in fulfilling its obligations to respond to requests for exercising Data Subjects rights under the Data Protection Legislation, including by implementing appropriate technical and organisational measures to enable such assistance;
- promptly provide to TrueLayer such assistance as TrueLayer may from time to time reasonably require to enable it to comply with its security, breach notification, impact assessment, prior consultation, record keeping and audit responsibilities under the Data Protection Legislation;
- notify TrueLayer without undue delay if it becomes aware of any a Data Breach;
- assist TrueLayer with making any mandatory notifications to any relevant Authority and/or affected Data Subjects in the event of a Data Breach; and
- identify to TrueLayer a contact point within its organisation authorised to respond to enquiries concerning processing of End-User Personal Data, and will cooperate in good faith with TrueLayer, the End-Users and any relevant Authority concerning all such enquiries within a reasonable time.
The Customer will not disclose or transfer End-User Personal Data to a third party data controller located outside the European Economic Area (EEA) unless:
- the third party data controller processes the End-User Personal Data in accordance with an EU Commission decision finding that a third country provides adequate protection: or
- the third party data controller becomes a signatory to the standard contractual clauses or another data transfer agreement approved by a competent authority in the EU: or
- End-Users have been given the opportunity to object, after having been informed of the purposes of the transfer, the categories of recipients and the fact that the countries to which End-User Personal Data is exported may have different data protection standards: or
- with regard to onward transfers of End-User Personal Data that comprises sensitive data, End-Users have given their unambiguous consent to the onward transfer.
Section 12: Term and Termination
This Agreement shall start or be deemed to have started on the Commencement Date and shall continue, subject to earlier termination in accordance with its terms, until terminated by the Customer or TrueLayer pursuant to this Section.
TrueLayer may terminate this Agreement for convenience at any time on giving not less than thirty (30) days prior written notice to the Customer.
The Customer may terminate this Agreement for convenience at any time on giving not less than two (2) months’ prior written notice to TrueLayer.
Either party may terminate this Agreement with immediate effect by giving notice to the other party if the other party:
- materially breaches this Agreement (save for payment obligations which shall be governed by Section 12) if such breach is not capable of remedy or, where such breach is capable of remedy, where that party fails to remedy the breach within ten (10) Business Days of being notified of the breach in writing; or
- is subject to an Insolvency Event.
TrueLayer may terminate this Agreement immediately by notice in writing to the Customer:
- Except in the case of a payment dispute that cannot be resolved in thirty (30) days, where the Customer fails to pay to TrueLayer any invoice (or part thereof) or any other amount due and payable to TrueLayer under this Agreement on or before the due date for payment if TrueLayer has sent a fifteen (15) day written notice to the Customer requiring such payment and such payment is not made in cleared funds on or before the expiry of such fifteen (15) day written notice;
- if, in TrueLayer's reasonable opinion, it is required to prevent any imminent threat to the security of the Tool and/or API; or
- if TrueLayer has reasonable suspicions that the Customer is misusing any Account Information or is in breach of any Applicable Law.
On termination of this Agreement, the Customer's rights under this Agreement will immediately terminate and TrueLayer shall, as soon a reasonably practicable, remove the Tool and/or prohibit End-Users from accessing the Tool and the Customer shall immediately remove the interface to the Tool and the TrueLayer Mark from the Customer Website.
Termination of this Agreement shall be without prejudice to any rights and remedies which may have accrued up to the date of such termination.
Section 13: Liability
Nothing in this Agreement shall limit or exclude either party's liability in respect of any claims: for death or personal injury caused by the negligence of such party;
- resulting from the wilful default of such party; or
- to the extent that such liability may not otherwise be limited or excluded by Applicable Law.
Neither party shall be liable to the other (whether in contract, tort (including negligence), misrepresentation, breach of statutory duty (including strict liability) or otherwise arising out of, or in relation to, this Agreement ) for any:
- loss of profits or revenue (whether direct or indirect);
- loss of opportunity or anticipated savings (whether direct or indirect);
- loss of goodwill or reputation (whether direct or indirect);
- loss or corruption of data (whether direct or indirect); or
- special, indirect or consequential loss or damage,
- suffered by that other party.
TrueLayer's maximum aggregate liability to the Customer under or in connection with this Agreement (whether in contract, tort (including negligence), misrepresentation, breach of statutory duty (including strict liability) or otherwise, including in respect of any indemnity, shall not exceed in any Year the greater of: (i) an amount agreed between the two parties; and (ii) the total Fees paid and/or payable by the Customer to TrueLayer in that Year.
The Customer shall indemnify and keep indemnified TrueLayer from and against any and all losses, liabilities, costs (including legal costs and VAT), charges, expenses, actions, procedures, claims, demands and damages (including the amount of damages awarded by a court of competent jurisdiction) suffered and/or incurred by TrueLayer arising out of or in connection with:
- any breach by the Customer;
- any content, information or materials the Customer has provided to TrueLayer (including but not limited to any claim by any third party that such content, information or materials infringes or makes unauthorized use of that third party's Intellectual Property Rights);
- breaches of Applicable Law by the Customer (including fines or other financial penalties imposed by an Authority);
- the services offered by the Customer to End Users; and/or
- the Customer's use of the Account Information.
Section 14: Anti Bribery
Each party shall during the Term:
- comply with all Applicable Anti-Bribery Laws;
- implement and maintain adequate procedures designed to promote and achieve compliance with Applicable Anti-Bribery Laws;
- where permitted by law, promptly report to the other party any request or demand for any undue financial or other advantage of any kind received by it in connection with its rights and/or obligations under this Agreement;
- if requested by the other party and where permitted by law, provide the other party with any reasonable assistance, at the other party's reasonable costs, to enable the other party to perform any activity required by any Authority for the purpose of compliance with any Applicable Anti-Bribery Laws to the extent that such compliance relates to or is in connection with its rights and/or obligations under this Agreement; and
- at the other party's reasonable request, confirm in writing that it has complied with its obligations under this clause 13 and provide any information reasonably requested by the other party in support of such compliance.
Each party warrants and represents on an ongoing basis during the Term that it: has not been convicted of violating any Applicable Anti-Bribery Laws or any offence involving corruption, fraud or dishonesty; and so far as it is aware, has not been and is not the subject of any investigation, inquiry or enforcement proceedings by any Authority regarding any offence or alleged offence under any Applicable Anti-Bribery Law.
Breach of this Section shall be deemed a material breach of this Agreement.
Section 15: Force Majure
If TrueLayer is prevented, hindered or delayed in or from performing any of its obligations under this Agreement by a Force Majeure Event, TrueLayer shall not be in breach of this Agreement or otherwise liable for any such failure or delay in the performance of such obligations. The time for performance of such obligations shall be extended accordingly.
- as soon as reasonably practicable after the start of the Force Majeure Event, notify the Customer of the Force Majeure Event, the date on which it started, its likely or potential duration and the effect of the Force Majeure Event on its ability to perform any of its obligations under this Agreement; and
- use all reasonable endeavours to mitigate the effect of the Force Majeure Event on the performance of its obligations.
If the Force Majeure Event prevents, hinders or delays TrueLayer's performance of its obligations for a continuous period of more than thirty (30) days, the Customer may terminate the Agreement by giving thirty (30) days' written notice to TrueLayer.
Section 16: Notices
Any notice required to be given under this Agreement shall be in writing and shall be sufficiently served if sent:
- by hand;
- by registered first class post or recorded delivery if the sender and recipient are both based within the United Kingdom;
- by a reputable international courier if one or more of the sender or recipient is based outside of the United Kingdom; or
- by e-mail.
Section 17: Waivers
A waiver of any right or remedy under this Agreement or by law is only effective if given in writing and shall not be deemed a waiver of any subsequent breach or default.
A failure or delay by either party to exercise any right or remedy provided under this Agreement or by law shall not constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict any further exercise of that or any other right or remedy. No single or partial exercise of any right or remedy provided under this Agreement or by law shall prevent or restrict the further exercise of that or any other right or remedy.
No variation of this Agreement shall be valid unless agreed in writing and signed by TrueLayer and the Customer.
Section 18: Severance
If any provision or part-provision of this Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of this Agreement.
Section 19: Partnership
Nothing in this Agreement and no action taken by Customer or TrueLayer under this Agreement shall constitute a partnership, association, joint venture or other co-operative entity between Customer and TrueLayer.
Section 20: Governing Law and Jurisdiction
This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of England and Wales.
Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims).
Schedule 1: Account Information
Account Information shall include, but not be limited to, the following financial and personal information:
- Personal information: name, date of birth, full address(es), email address, phone number, gender;
Bank account information:
- Account type (e.g. current, saving, investment, credit card);
- Account name;
- IBAN/Account number/Sort code/SWIFT;
Account balance information:
- Current balance;
- Available balance (credit cards);
- Interest rate;
- Payment due date (credit cards);
- Next closing date (credit cards);
- Minimum payment due (credit cards);
- Meta data (arbitrary data that banks associate with a transaction e.g. category); and/or
Additional data which TrueLayer may collect in the future (as confirmed in writing from time to time):
- Loans data;
- Insurance data; and/or
- Investments data.