Verifeye Online

Menu
Menu
Menu

Terms and Conditions

Last Updated: January 29, 2025

WHEREAS:

NOW THEREFORE IT IS HEREBY AGREED AS FOLLOWS

DEFINITIONS

In this Agreement:

“Agreement” means this agreement.

“Auto-Ident” is the verification of a government issued document plus the customer’s selfie.

“Client” means the end Client that uses our customer identity services

“Counterpart and Counterparties” means Clients of the Client

“Customer and End-customer” means the customers of the Client, i.e. the person performing the ID-verification.

“Fee” is the cost for the Services.

“Forecast” is the estimated number of new monthly Video Idents that the Client expects to onboard.

“Link” is the mechanism that allows the Client to share with its customers to start the verification process.

“Services” means the online verification of customer identity.

“Set-up Fee” is a one-time payment as indicated in Annex 1.

“Video-Ident” is a combination of Auto-Ident and an interview with a live Video Agent who will ask a series of questions provided by the Client.

    1. The Client wishes to provide services of online verification of customer identity and customer due diligence (the “Customer” or the “Customers”) to its customers or the Client’s counterparties (“Counterparties”) customers using the Services of Verifeye Online as the Client’s or the counterparties own services and under the brand name of the Client or the counterparties;
    2. Verifeye Online does not have direct access to any official registries nor other official information on the clients- or its counterparties Customers;
    3. All communication and legal relations with the Customers are maintained by the Client or its counterparties except if otherwise provided in the Agreement;
    4. Verifeye Online does not have any legal relations with the Customers.
 
  • 1. SUBJECT OF THE AGREEMENT
    • 1.1. The Client shall conclude agreements with its customers to provide online verification services as defined further in this Agreement in the Clients’ own name providing for the rights and obligations of the Client.
    • 1.2. Verifeye Online provides online verification of customer identity services by carrying out an online verification of identification documents, bank account identification and video identification call and other information provided by the Customer as described in Annex 1 of the Agreement (“Services”).
    • 1.3. Verifeye Online shall provide the following Services to the Client and or the Client’s Counterparty if so instructed by the Client:
      • 1.3.1. At the request by the Client or the Counterparty provide with a link (the “Link”) that can be used by the Customers to initiate an online document verification and video identification call for the Customer as described in this Annex 1.
      • 1.3.2. Ensure that the Link effects the sequence of online document verification (Auto-Ident), bank account identification (Konto-Ident) and video identification call (Video-Ident) steps for the Customer as described in the Annex No. 1 to this Agreement.
      • 1.3.3. Verifeye Online shall send the identification document, photo, bank account holder information and answers to the questions collected during the video identification call together with a video and audio record of the call with the Customer and the results of the Customer’s identification document verification to the Client as quickly as possible after the provision of the Services has been completed out as described in Section 1.2. in respect of a specified Customer.
    • 1.4. Verifeye Online shall provide the Services only with regards to such Customers who hold identification documents of the countries whose requirements to their issued identification documents can be checked by Verifeye Online. The list of such countries is indicated in Annex No. 3.
    • 1.5. The Client or the counterpart shall pay Verifeye Online for the Services in accordance with Section 4 of the Agreement.
    •  
  • 2. RIGHTS AND OBLIGATIONS OF VERIFEYE ONLINE
    • 2.1. Verifeye Online undertakes to:
      • 2.1.1. All contractual terms, user agreements, the provisions of Regulation (EU) 2024/1183, and relevant national laws are strictly followed.
      • 2.1.2. Only technologies that guarantee system reliability, as well as technical and cryptographic security, are utilized throughout our processes.
      • 2.1.3. Any information related to identity verification and system performance is securely stored and maintained.
      • 2.1.4. Ensure the provision of the Services for the number of document examination and verification requests that have been paid for by the Client or its counterpart as provided in Section 4 of this Agreement.
      • 2.1.5. Ensure the availability of the Services as follows: Auto-Ident: 24 hours, 365 days of the year. Video-Ident will be offered 08:00 – 22:00 365 days a year, CET.
      • 2.1.6. Encrypt the data transferred to the Client as referred in Annex 4 of the Agreement.
      • 2.1.7. Ensure the processing of personal data in accordance with Annex No. 4 to this Agreement.
      • 2.1.8. Comply with all instructions of the Client or the counterparties regarding Services, limited to the extent required by public supervisory regulations.
      • 2.1.9. Necessary operational procedures and both technical and physical security measures are consistently upheld.
      • 2.1.10. Immediate action is taken in response to any technical security issues.
      • 2.1.11. Clients are informed of their responsibilities and the care when using our services as displayed in Section 3.0
      • 2.1.12. Liability insurance with sufficient coverage, as outlined in Article 24 (2) (c) of Regulation (EU) 2024/1183, is maintained throughout the duration of the Services.
      • 2.1.13. Employ reliable personnel with the appropriate expertise, experience and qualifications who receive constant training according to BaFin regulations.
      • 2.1.14. Regular internal audits and independent external audits are conducted to ensure compliance and performance.
    • 2.2. Verifeye Online is entitled to:
      • 2.2.1. Submit to the Client information on the unsuccessful attempts of providing the Services if the Customer has accessed the Services through the Link and the provision of the Services in respect of a specific Customer cannot be completed for any technical reason not caused directly by the Customer (for example, a verification session is interrupted due to problems with internet connection).
      • 2.2.2. Store audit trails related to the Services at least for 10 (ten) years.
    • 2.3. Verifeye Online shall provide information to the Client and its counterparties in the following cases without undue delay:
      • 2.3.1. If there is a change of control of Verifeye or insolvency threatens, and the services can no longer be provided.
      • 2.3.2. Opening of an official public prosecution proceeding against Verifeye Online.
      • 2.3.3. If substantial violations of data protection regulations by employees or subcontractors have become known to Verifeye Online.
      • 2.3.4. If official proceedings for data breaches have been opened (or complaints have already been filed against Verifeye Online),
      • 2.3.5. If substantial data theft by third parties or employees becomes known to Verifeye Online.
      • 2.3.6. If the license for Verifeye Online is to be revoked.
      • 2.3.7. If there are any enquiries from authorities about the Client’s or its counterparties customers or transactions, if permitted by law and before giving an answer to the requesting authority.
      • 2.3.8. Planned release changes and / or updates should be notified to the Client and its counterparties at least fourteen (14) days in advance and should be carried out outside normal office hours from 08:00 to 22:00. The notification should at least include the date schedule and the changes. If a release change and / or update takes longer than scheduled, the Client must be informed immediately about the delay.
      • 2.3.9. Information about system malfunctions should be sent directly to the Client and its counterparties including the expected duration of the malfunction and how and when it will be solved. After solving the malfunction, an immediate information has to be provided to the Client and its counterparties.
      • 2.3.10. If processing errors (software bugs, video not saved, server down etc.) occur at Verifeye Online enabling the Client or its counterparties to contact the customer for re-conduction the identification request.
      • 2.3.11. The respective identification procedure will be performed in accordance with the German Money Laundering Act and the resulting requirements for securities institutions and institutions under the German Banking Act.
      •  
  • 3. RIGHTS AND OBLIGATIONS OF THE CLIENT and its counterparties
    • 3.1. The Client and its counterparties undertake to:
      • 3.1.1. Familiarize themselves with, and adhere to, the terms of the contract, the general terms and conditions (GTC), and this service description.
      • 3.1.2. Agree to all terms and conditions as outlined in their contract with Verifeye.
      • 3.1.3. Provide the verification link for natural persons and/or the designated representative using Verifeye’s Services.
      • 3.1.4. Pay to Verifeye Online remuneration as described in this Agreement.
      • 3.1.5. Promptly provide the Link to the correct Customers or Counterparties customer in its own or its counterparties name and ensure the availability of the Link. If the Client or its counterparty fails to provide said Link to any Customer, Verifeye Online shall not be responsible and liable for performing the Agreement.
      • 3.1.6. Initiate and maintain communication with the Customers and the Counterparties customers its own or the counterparties name and provide information to the Customers with regards to providing the Services, carrying out document and personal verification of the Customers, providing its Services to the Customers and responding to any requests and complaints of the Customers.
      • 3.1.7. Operate in such a way that is in full compliance with good business practices, including ethics, morals and decency norms, and is not related to any illegal activity, including anti-bribery norms and will not anyhow compromise the software and other part of the solution necessary for the Services.
      • 3.1.8. Ensure that the client and the Counterparties grant to Verifeye Online a limited, royalty-free, worldwide, revocable license to use the Client’s or the counterparties name and logo for the purpose of performing the Agreement or ensure that the Client’s or the counterparties own logo and name is available for the provision of the Services.
      • 3.1.9. Keep their company IDs, company data, and all access credentials associated with Verifeye’s services secure from unauthorized third parties, and never share this information with anyone not authorized.
      • 3.1.10. Provide all necessary data and documents required for the fulfilment of contractual obligations and services promptly before the service delivery begins.
      • 3.1.11. Ensure that data is scanned for viruses before transmission and utilize up-to-date antivirus programs. Furthermore, the client and their counterparty must inform Verifeye of any cyber-attacks, potential threats, or unauthorized access attempts during data transmission.
      • 3.1.12. Protect Verifeye’s Admin Client access credentials and private keys used for secure authentication against unauthorized access according to the latest security standards and notify Verifeye immediately if unauthorized access is suspected.
      • 3.1.13. Implement appropriate technical and organizational measures to ensure that only authorized personnel and IT systems have access to the Admin Client.
      • 3.1.14. When applying for an EV (Extended Validation) SSL certificate, provide all required information accurately and truthfully, ensuring that only authorized representatives are listed. If any information is found to be inaccurate or incomplete, the customer is liable for any resulting damages, including costs related to the revocation and reissuance of certificates. Any direct or indirect damages caused to the platform or third parties.
      • 3.1.15. Ensure the EV SSL certificate is renewed promptly and validated according to current standards.
      • 3.1.16. Confirm data received from Verifeye Online matches the person listed as the authorized person in the EV SSL certificate by automated response.
      • 3.1.17. Refrain from attempting, either personally or through unauthorized third parties, to access information or systems without permission, interfere with Verifeye’s programs, or unlawfully enter Verifeye’s data networks.
      • 3.1.18. Additionally, the client and their counterparties are responsible for staying informed about current IT security threats and best practices to effectively protect both their own data and the platform. They must take appropriate steps to secure access to data and any information transmitted, including regularly updating security software, following recommended security protocols, and educating employees on security matters. The customer is also encouraged to implement cryptographic methods and key lengths as recommended for example by the Federal Office for Information Security (BSI).
    • 3.2. The Client and the counterparties are entitled to:
      • 3.2.1. Request Verifeye Online to stop providing the Services with respect to specific Customers until the provision of the Services to a specific Customer has been performed in full.
      •  
  • 4. REMUNERATION AND PAYMENT TERMS
    • 4.1. Within 10 (ten) business days after the respective Party have executed the Agreement and after receiving a correct invoice, the Client and/or the Counterpart shall pay to Verifeye Online the setup fee as indicated in the Annex No. 1 (the “Setup Fee”).
    • 4.2. The Client is granted a free testing period for using the Services for the first 20 (twenty) Customer verification requests. The testing period starts when the Client receives the test link(s).
    • 4.3. By the 15th (fifteenth) date of each consecutive month, the Client or its counterparty shall provide Verifeye Online in writing (email is sufficient) with the number of the Customers Auto-Ident verification, and Video-Ident call requests for performing the Services for the following month or any other term that exceeds one month (the “Forecast”).
    • 4.4. For the provision of the Services with respect to each Customer, the client or its counterparty shall pay to Verifeye Online the remuneration in the amount indicated in the Annex No. 1 (the “Fee”).
    • 4.5. A proportion of the forecast (80 %) shall be paid by the client or its counterparty to Verifeye Online in advance to the month in which the Services are provided by Verifeye Online. Verifeye Online shall issue an invoice to the Client or its counterparty at the end of the particular month for the Services provided in this month (reduced by the amount of the pre-payment). The client or its counterparty shall settle the invoice issued by Verifeye Online within 10 (ten) business days after receipt of the invoice.
    • 4.6. Verifeye Online shall provide the Services to the Client or its counterparty only if the Client or its counterparty has settled in full the invoice issued.
    • 4.7. Verifeye Online shall have the right to change the Fees and request any other additional remuneration from the Client or its counterparty if the Client or its counterparty requests a written modification to any of the Services.
    • 4.8. Invoices issued by Verifeye Online are prepared electronically and shall be valid without a signature. All messages related to invoices shall be sent to the e-mail address indicated in this Agreement.
    • 4.9. The Parties agree that the Fee and other amounts indicated in the Agreement are indicated net of VAT and other taxes.
    • 4.10. If the Client or its counterparty delays the settlement of invoices issued by Verifeye Online to for more than 15 (fifteen) Latvian business days, the Client or its counterparty shall pay to Verifeye Online a penalty in the amount of 0.04% (zero point zero four per cents) from the amount of the outstanding amount due to Verifeye Online for each day of delay. The overall amount of the penalty shall not exceed 10% (ten per cent) of the total outstanding amount.
    • 4.11. The Parties agree that the payment of the penalty does not release the Parties from the complete fulfillment of all obligations under this Agreement.
    •  
  • 5. RESPONSIBILITY
    • 5.1. The Party shall compensate direct losses caused to the other Party in relation to the delay of fulfillment of obligations, full or partial failure to fulfil, improper fulfillment of obligations under this Agreement. Any limitation of Verifeye Online towards the Counterparties of the Client is expressly excluded by this Agreement and the Client cannot require Verifeye Online to compensate for any damages or costs claimed by the Counterparties from the Client. This Agreement is the sole document describing liability and obligations of Verifeye Online towards the Client.
    • 5.2. Verifeye Online shall not be liable and/or responsible for not fulfilling the requirements of this Agreement in full or in part if this is caused by the failure of the Client or its counterparties to perform its obligations referred to in the Agreement or caused by the failure of the Client to perform its obligations towards the Counterparty.
    • 5.3. Verifeye Online shall not be liable and/or responsible for the quality of the information provided by the Counterparties, Customers and third-party databases used to provide the Services. (In particular this means that we are not responsible for the accuracy of the Meta-Data we receive from the Clients or Counterparties.)
    • 5.4. Verifeye Online shall not be liable and/or responsible for any violations of legal acts performed by the Customer, Counterparty or Client as well as for any interruptions related to the performance of the Services that are caused by the Customer, Counterparty or the Client or any third party.
    • 5.5. Verifeye Online shall not be responsible and/or liable for the Client’s or the Counterparties compliance with the law including in the area of know your customer and anti-money-laundering. However, Verifeye is responsible for ensuring that the respective procedure is compliant with the legal requirements, in particular the German Money Laundering Act.
    • 5.6. The Client acknowledges that any request to alter the user experience or workflow of the Verifeye Online platform and the Services constitutes a personal data controller mandate to Verifeye Online as personal data processor to change its online customer identification process. Such a request grants Verifeye Online a complete waiver of all regulatory enforcement and third-party liability, and the Client, by signing this Agreement, confirms this and is now so informed of this fact.
    • 5.7. The Client acknowledges that Verifeye Online does not have any legal relationships with the Client’s Customers and shall not be subject to any claims by the Customers. The terms and conditions and privacy policy under which the Customers use the Verifeye Online platform shall be drafted by the Client or by the Counterparties. The Client or the Counterpart is responsible for providing its terms and conditions and privacy policy to Verifeye Online at the time the Setup Fee is paid as referred to in Section 4.1.
    • 5.8. If the Video-Ident call referred to in Annex 1 of the Agreement is carried out by the Client or its Counterparties, Verifeye Online shall not be liable and/or responsible for any actions or omissions of the Client or its counterparties while carrying out the video identification call.
    • 5.9. The Client acknowledges that Verifeye Online only collects, encrypts and sends Customers’ personal data without storing it (unless otherwise required by the Client as controller), and has therefore adopted and implemented all required security measures for protection of the Customer’s, Counterparties and Client’s information.
    • 5.10. Verifeye Online is strictly a personal data processor under the terms of the GDPR and will store Customers’ data only under specific mandate by the Client or the Counterparty as personal data controller as described in the Annex No. 4 of the Agreement. The Client will ensure that the relevant legal documentation is in place with respect the Counterparties to permit such lawful storage by the Verifeye Online. The Client acknowledges the Services’ GDPR Customer rights disclosures presented at the start of the identity verification process described in this Agreement are compliant with the instructions of the Client and the GDPR.
    • 5.11. The Client acknowledges that only Verifeye Online’s call center agent and other personal data sub-processors engaged in accordance with the relevant regulatory obligations and the personal data protection agreement annexed to this Agreement process the Customers’ personal data, and that Verifeye has a confidentiality policy in place with the call center agents. The Client shall ensure that the Counterparties acknowledge the same.
    • 5.12. In case of operations outside the EU, Verifeye Online as personal data processor will transfer or transmit the Client’s or its counterparties Customers’ personal data outside the European Union only under specific mandate by the Client or the Counterparty acting as personal data controller as described in Annex No. 4 of the Agreement.
    • 5.13. As personal data processor Verifeye Online has the right to use a sub-processor as defined by the GDPR if, in its judgement, such sub-processor is necessary to perform the Client’s mandate to Verifeye Online as personal data processor. The Client agrees that Verifeye Online’s use of sub-processors does not change Verifeye Online’s status as a personal data processor acting under the mandate of the personal data controller. Verifeye Online’s sub-processor processes the Customer personal data only under mandate by the Client to Verifeye Online.
    • 5.14. Verifeye Online shall conclude the contracts with the sub-processors in accordance with the provisions of this Agreement (including the Annexes thereto). The sub-processors shall provide the Client and the supervisory authorities with the inspection, auditing and control rights provided in Section 12 of this Agreement in such a way that the Client can exercise these rights directly against the respective sub-processor. Upon request, Verifeye Online shall provide the Client with proof of the fulfilment of the obligations mentioned in sentences 2 – 4 by presenting a copy of the contract; Verifeye Online is entitled to redact contractual provisions in the contract with the sub-processor, which are irrelevant for the proof of fulfilment of the obligations mentioned in sentences 2-4 (e.g. remuneration). The Client is entitled to provide the contracts with the sub-processors to the German Federal Financial Supervisory Authority at their request. Any further use of sub-processors by sub-processors used by Verifeye Online is not permitted.
    • 5.15. The Parties shall not be responsible for losses caused to the other Party in relation to the delay of fulfillment of obligations, full or partial failure to fulfil, improper fulfillment of obligations under this Agreement, if it has occurred due to conditions that the respective Party could not affect or prevent by exercising due care, including but not limited to: a natural disaster, fire, flood, storm, snowstorm, earthquake, war, acts of war, strike, blockade, prohibition by an act of public authority, government, court instance activity, other contractual partner nonfulfillment/improper fulfillment of obligations, as well as any other extraordinary circumstances, which Parties could not foresee or prevent by acting with due care (“Force Majeure”).
    • 5.16. If any of Force Majeure circumstances take place, a Party influenced by such Force Majeure circumstances that cannot perform the Agreement, shall at least within 5 (five) Latvian business days inform the other Party on such Force Majeure circumstances. If such Force Majeure circumstances do not have an effect on the fulfilment of the Party’s obligations, the Party should proceed with the fulfilment of the Agreement and inform the other Party that the Force Majeure circumstances ceased to exist within 3 (three) Latvian business days after the influence on the Party ceased to exist.
    • 5.17. If Force Majeure circumstances are present for more than 30 (thirty) calendar days, each of the Parties shall have the right to terminate the Agreement without compensating any losses caused by Force Majeure circumstances. Such termination does not release the Parties from paying all outstanding amounts, if the obligation to pay them arose before Force Majeure circumstances started to influence the fulfilment of the Agreement.
    •  
  • 6. NOTICES
    • 6.1. Any notice, claim, invoice, or any other communication, case, material, which one Party sends to the other Party in relation to or in accordance with the Agreement, shall be regarded as duly delivered and received, if it has been sent according to the Parties’ contact details indicated in Agreement by mail, delivered by courier, submitted personally to the other Party’s representative against a signature, sent via e-mail, or in any other way agreed by the Parties. The delivery shall be considered to have been received: a) at the date of dispatch – if the communication is delivered by e-mail and the date is a Latvian business day, b) at the date on which any of the Parties’ representative (employee, officer, other person, who is considered in normal circumstances as the Parties’ employee or representative) has received the delivery. When communication is delivered by courier or delivered in person, this shall be deemed to have occurred on the date that the delivery is actually received. In the case of delivery rendered by the postal service, the communication shall be deemed delivered on the 5th (fifth) business day if dispatched within the European Union and on the 10th (tenth) business day if sent to any other country.
    • 6.2. Any communication under this Agreement shall be carried out by the Parties by using the following contact information of the Parties:
    •  
    • Verifeye Online
    • representative: Christopher Gray
    • e-mail: cg@verifeye.online
    • postal address: Lāčplēša iela 20A, LV-1011, Riga, Latvia
    •  
    • 6.3. The Party shall notify in advance the other Party within 5 (five) Latvian business days about any change in its contact details. Until receipt of such notice, all payments and notices under the Agreement are to be delivered using the previously notified contact details of the Party and shall be considered as properly sent and received.
    •  
  • 7. INTELLECTUAL PROPERTY
    • 7.1. Verifeye Online hereby grants a limited license entitling the Client to access software and other intellectual property of Verifeye Online (the “Intellectual Property”) under the Agreement exclusively for the purpose of performing the obligations of the Client according to the Agreement, if such access has been granted by Verifeye Online to the Client. If requested by the Client, such access can also be granted to the Counterparty.
    • 7.2. Any intellectual property rights related to the Services shall remain the exclusive intellectual property of Verifeye Online.
    • 7.3. The Client shall not modify, copy, decompile or in any way infringe the exclusive rights of Verifeye Online to the Intellectual Property and any objects related to it. Verifeye Online shall not be liable and/or responsible for any modifications, use, copies and infringements of the Intellectual Property and related objects introduced by the Client.
    • 7.4. The Client acknowledges and understands that it does not obtain any other rights in respect of Intellectual Property. The Client also acknowledges that it may not license nor sub-license any Services and/or Intellectual Property objects.
    •  
  • 8. CONFIDENTIALITY
    • 8.1. Any information referred to in this Agreement and/or arising from and/or is related to this Agreement or its execution, is received during the term of execution of this Agreement, and in particular information about remuneration stipulated in this Agreement, payment terms, technologies and methods used by Verifeye Online, as well as any other notice/document/information that is not publicly and without restriction available to third parties, shall be regarded as confidential (including under the interpretation of competition law) and may be distributed or disclosed to any third party only for the purpose of the proper fulfillment of the obligations under this Agreement, or with prior consent of the interested Party, or upon the request of competent persons/authorities in cases and terms provided by the laws of the Republic of Latvia or of any other jurisdiction affected by the performance of this Agreement.
    • 8.2. The Parties shall observe confidentiality as described in Section 8.1. of the Agreement during the term of the Agreement and for an unlimited period of time thereafter.
    •  
  • 9. GRANTING OF INSPECTION AND CONTROL RIGHTS
    • 9.1. It is agreed between the Parties that the provision of the Services by Verifeye Online shall not interfere with the Client’s management and control. Verifeye Online enables the Client to monitor and assess the provision of the Services according to the following regulations.
    • 9.2. Verifeye Online hereby grants to the Client’s departments responsible for inspection, external auditors working at the Client’s premises and supervisory authorities full and unrestricted right of inspection, testing and control as well as a right of information and access regarding the Services to be provided by Verifeye Online and limited to the extent required by regulatory provisions. To this end, Verifeye Online shall provide such persons with all information and documents they need for their respective activities, and which relate to the Services provided by Verifeye Online to the Client. The right of inspection, examination and control includes the right to make copies of relevant documents. Verifeye Online grants such persons access to all premises, documents, data carriers and systems upon request and during normal business hours, insofar as these relate to the Services provided by Verifeye Online to the Client in accordance with the Agreement.
    • 9.3. Persons who perform internal auditing functions at the Client’s premises or perform external audits required by law or regulatory authorities are hereby released from any confidentiality obligation towards Verifeye Online and its auditors to the extent necessary for the exercise of the Client’s auditing and control rights in accordance with the preceding section. The Confidentiality obligation, however, applies to these persons to full extent in respect to use of obtained information to any other extent.
    • 9.4. All audit and control rights shall continue for a period of two years after termination of the Agreement between the Client and Verifeye Online, commencing at the end of the Client’s fiscal year in which the Agreement ends. Verifeye Online will keep the relevant documents that Verifeye Online is not required to delete or hand over to the Client available for the same period of time, without prejudice to longer retention periods required by Latvian law.
    • 9.5. Verifeye Online will inform the Client to the extent required by regulatory authorities of developments that may affect the proper performance of the Services. In particular, Verifeye Online will carry out regular internal checks and inspections of the Services, document them to the extent required and inform the Client of any abnormalities/disturbances to the extent required.
    •  
  • 10. REQUIREMENTS FOR SUITABILITY AND RELIABILITY
    • 10.1. Verifeye Online shall carefully select, instruct and monitor the personnel employed to perform the Services.
    • 10.2. Verifeye Online shall always ensure that the employed personnel have the qualifications required for the provision of Services and shall provide the Client at its request with suitable documentation to prove this. In particular, the required reliability shall be denied if there are relevant criminal convictions in relation to the Services.
    • 10.3. Verifeye shall inform the Client without undue delay if an employee who has identified the Client’s or its counterparties Customers has been dismissed due to a criminal conviction or data breach related to the Services; this information shall include a list of the identified Customers by this dismissed employee.
    •  
  • 11. AMENDMENTS DUE TO REGULATORY REQUIREMENTS
    • 11.1. Verifeye Online undertakes to agree to an amendment of the provisions contained in this Agreement at the request of the Client if this is necessary due to changed regulatory requirements.
    •  
  • 12. TERM OF THE AGREEMENT
    • 12.1. The Agreement shall enter into force as of the date stated above when it is executed by both Parties. The Agreement shall remain effective until the earlier termination of the Agreement in accordance with the Agreement.
    • 12.2. The termination of the Agreement does not release the Parties from the fulfilment of all outstanding responsibilities under the Agreement that have arisen prior to the termination date.
    • 12.3. If neither Party notifies the other Party in writing of its intention to terminate the Agreement by 3 (three) calendar months prior to expiration of the Agreement term, the Agreement shall be automatically renewed each year until either Party cancels the Agreement.
    • 12.4. The Parties shall be entitled to terminate the Agreement unilaterally, by informing the other Party thereof in writing at least 3 (three) calendar months in advance, via e-mail notification to the addresses indicated in this Agreement, unless otherwise provided in the Agreement.
    • 12.5. Each Party shall be entitled to terminate the Agreement unilaterally without immediate effect, if the other Party is subject to (i) bankruptcy or (ii) insolvency proceedings or (iii) liquidation or (iv) if Services have not been provided pursuant to agreed service levels in three cases within a period of six months and if the Client has at least issued one written notice about non-conducted services before.
    •  
  • 13. OTHER PROVISIONS
    • 13.1. This Agreement may at any time be amended only by mutual agreement of the Parties. Any amendments shall be effective only if in writing and signed by both Parties. Any amendments shall be an integral part of the Agreement.
    • 13.2. Any annexes to the Agreement executed by both Parties shall be considered an integral part of the Agreement.
    • 13.3. Nothing in this Agreement shall be deemed in any way or for any purpose to constitute a partnership between or joint venture by the Parties or constitute an employment or agency relationship.
    • 13.4. If any provision of this Agreement is or becomes invalid or void, this shall not affect the effectiveness of the remaining provisions under the Agreement. In such cases, the Parties shall make all efforts to replace the invalid provision with a new one, reflecting the intention and content of the replaced provision. If such a remedy is not possible, the Parties agree on the addition of a new provision to the Agreement, which, to the extent possible, shall govern the same relations and/or issues.
    • 13.5. The Agreement is constructed under and governed by the laws of Latvia.
    • 13.6. All claims and disputes arising from or in relation to this Agreement shall be resolved by negotiation. If the Parties fail to resolve such a dispute by negotiations within one month, any dispute, controversy or claim arising out of or relating to this contract, or the breach, termination or invalidity thereof shall be finally settled in the courts of Latvia applying Latvian law.
    • 13.7. The titles of the provisions under the Agreement are used only for convenience, and they cannot be used for the interpretation of the Agreement.
    • 13.8. All obligations under this Agreement shall be binding on the Parties’ successors.

DATA PROTECTION AGREEMENT

  • WHEREAS:
    • (A) According to the Agreement the Data Controller has engaged the Data Processor for the processing of the Customers’ personal data on behalf of the Data Controller;
    • (B) All terms, unless specifically defined herein, are imparted with the same meaning as defined in the Agreement and the EU General Data Protection Regulation No 2016/679 (the “GDPR”).
    •  
  • 1. PERSONAL DATA PROCESSING
    • 1.1. The Parties agree that the Data Processor as personal data processor carries out the processing of the personal data (the “Personal Data”) on behalf of the Data Controller acting as personal data controller as referred in the Exhibit No. 1 to this DPA.
    • 1.2. The performance of any Data Controller’s request by the Data Processor shall constitute a full waiver of all regulatory and third-party liability for the Data Processor.
    • 1.3. The responsibilities of the Data Processor referred in this DPA are applicable only to such specific Personal Data that is actually processed and held by the Data Processor at a specific moment of time.
    •  
  • 2. RIGHTS AND OBLIGATIONS OF THE DATA PROCESSOR
    • 2.1. The Parties hereby agree that the Data Processor as the Personal Data processor:
      • 2.1.1. Shall have access only to the Personal Data that has been made available or accessible to the Data Processor by the Customer or collected by the Data Processor as indicated in the Section 1.1. of the DPA.
      • 2.1.2. Shall process the Personal Data on behalf of the Data Controller only as required to provide the Services under the Agreement.
      • 2.1.3. Shall process the Personal Data only based on the documented instructions given and received, from time to time, from the Data Controller, including with regard to transfers of the Personal Data to a third country, unless otherwise provided by the applicable law of the EU or the EU Member State. In such a case, the Data Processor shall inform the Data Controller of that legal requirement before processing, unless that aforementioned applicable law prohibits it on important grounds of public interest. The DPA shall be considered a part of the documented instructions issued to the Data Processor by the Data Controller.
      • 2.1.4. Has the right to transfer or make available the Personal Data to any entities and countries located outside the EU only with the prior written authorisation of the Data Controller, unless required to do so by applicable EU or EU Member State applicable law to which the Data Processor is subject to. In the latter case, the Data Processor shall notify the Data Controller of that legal requirement before such transfer or access takes place, unless the applicable rules prohibit such notifications on grounds of public interest.
      • 2.1.5. Shall take measures required pursuant to Article 32 of the GDPR, meaning that the Data Processor shall implement the appropriate technical and organizational measures to ensure a level of security appropriate to the risks related to processing of the Personal Data and to avoid alteration, loss or non-authorized processing thereof or access thereto, taking into account the current state of technology, nature of the stored data and the risks to which they are exposed. The introduction of all measures by the Data Processor as described in the Exhibit No. 3 to the DPA shall be considered a full compliance of the Data Processor with the requirements of Article 32 of the GDPR.
      • 2.1.6. Shall ensure that the persons authorized to process the Personal Data as described in the Agreement and DPA are bound by appropriate confidentiality requirements.
      • 2.1.7. Shall assist the Data Controller by implementing the appropriate technical and organisational measures, as far as this is possible, for the fulfilment of the Data Controller’s obligation to respond to requests for exercising the Personal Data subject’s rights laid down in Chapter III of the GDPR. If the requests for the assistance of the Data Controller are manifestly unfounded or excessive, or have a repetitive character, the Data Processor shall have the right to request a remuneration for performing the requests as referenced in Annex 1 of the Agreement.
      • 2.1.8. Agrees to comply with the requests of the Data Controller in the event that the Data Controller requests the Data Processor to take appropriate or necessary steps or measures after receiving a corresponding request from any of its Personal Data subjects concerning exercise of any of the rights of the Personal Data subject. If the requests of the Data Controller are manifestly unfounded or excessive, or have a repetitive character, the Data Processor shall have the right to request a remuneration for performing the requests as referenced in Annex 1 of the Agreement.
      • 2.1.9. Shall assist the Data Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, considering the nature of processing and the information available to the Data Processor. If the requests of the Data Controller are manifestly unfounded or excessive, or have a repetitive character, the Data Processor shall have the right to request a remuneration for performing the requests as referenced in Annex 1 of the Agreement.
      • 2.1.10. Shall forward any requests received from the relevant Personal Data subjects for exercising any of their rights regarding the Personal Data to the Data Controller not later than within 72 (seventy-two) hours after the receipt of such a request.
      • 2.1.11. Shall provide all the necessary information to the Data Controller and contribute to audits conducted by the Data Controller or another auditor mandated by the Data Controller to demonstrate the compliance of the Data Processor’s processing activities with the DPA. The scope of the information subject to disclosure pursuant to this clause shall not include commercial secrets of the Data Processor and other information that cannot be disclosed by the Data Processor due to confidentiality requirements. If the informational requests of the Data Controller (including within the audits) are manifestly unfounded or excessive, or have a repetitive character, the Data Processor shall have the right to request a remuneration for performing the requests.
      • 2.1.12. Has the right to ensure the compliance of the Personal Data processing with the DPA within 3 (three) calendar months if the Data Controller has found any material violation of the DPA within the audit referred in the Section 2.1.11. of the DPA. Otherwise, the Data Controller shall have the right to unilaterally terminate the Agreement and DPA.
      • 2.1.13. Shall transfer all the Personal Data to the Data Controller as described in the Section 1.1. of the DPA and the Section 1.2. of the Agreement and delete the Personal Data after the transfer has been performed except for the audit trails as referred in the Section 1.1. of the DPA.
      • 2.1.14. Shall notify the Data Controller within 72 (seventy-two) hours after becoming aware of a breach related to the Personal Data.
      • 2.1.15. Shall have the right to engage a sub-processor based on a general written authorisation of the Data Controller. This DPA shall be considered such general written authorisation to engage sub-processors granted by the Data Controller to the Data Processor. In this case, the Data Processor shall inform the Data Controller of any intended changes concerning the addition or replacement of other sub-processors, thereby giving the Data Controller the opportunity to object to such changes. If the Data Controller objects against a sub-processor and the Data Processor does not consider possible and/or feasible to replace it, the Data Processor shall have the right to terminate the Agreement and the DPA unilaterally, by informing the Data Controller thereof in writing at least 2 (two) calendar weeks in advance. In case a new sub-processor is engaged, then the Data Processor is obliged to ensure that there exists an appropriate written agreement between such sub-processor and the Data Processor. The terms of the agreement shall provide that the sub-processor is subject to the same conditions regarding the processing of the Personal Data as expressed in this DPA. The Data Processor acknowledges that in the case of non-compliant conduct on part of the sub-processor, the Data Processor will remain fully liable in respect of the Data Controller for the violations of the DPA caused by the sub-processors.

        The Data Controller authorizes the Data Processor to engage the sub-processors referred to in the Exhibit 2 of the DPA.

      • 2.1.16. Is not in legal relationships with the Personal Data subjects and shall not be liable and/or responsible for complying with statutory requirements imposed on personal data controllers and entities who are in legal relationships with personal data subjects.
    • 2.2. The Data Processor shall have the right to use the audit trails not only for the purposes set by the Data Controller but also for its own purposes and for protecting its rights and interests. In the latter case the Data Processor acts as a separate controller of the audit trails.
    •  
  • 3. RIGHTS AND OBLIGATIONS OF THE DATA CONTROLLER
    • 3.1. The Data Controller:
      • 3.1.1. Confirms that the Data Processor has the right to transfer the Personal Data outside the EU according to Section 2.1.4. of the DPA if the Data Processor ensures the Personal Data protection as provided in the Chapter V of the GDPR. If the Data Processor ensures that the measures required in this paragraph, it shall be considered that the Data Processor has performed all of its obligations related to transferring the Personal Data outside the EU as set forth by the applicable law and cannot be held liable and/or responsible for such transfer.
      • 3.1.2. Warrants that the Data Controller has fulfilled all of the obligations of a personal data controller referred to in the GDPR and applicable laws to ensure that the Data Processor has the right to process the Personal Data in accordance with the DPA and Agreement before the Personal Data has become available to the Data Processor. This shall include but is not limited to ensuring the legal basis for the Personal Data processing, the Personal Data processing purpose limitation, informing the Personal Data subjects on the processing of their Personal Data, complying with lawful retention terms of the Personal Data and ensuring proper safeguards for the Personal Data transfers.
      • 3.1.3. Shall provide the Personal Data subjects with a privacy notice and terms of providing the Services for the Customers that describe the Personal Data processing and provide the Customers with the information on the Services as required by the applicable law.
      • 3.1.4. Shall draft a privacy notice and terms of providing Services and submit them to the Data Processor at the time the Setup Fee is paid as referred to in the Section 4 of the Agreement.
      • 3.1.5. Confirms that the Data Processor ensures the Personal Data protection measures that are enough to comply with this DPA and requirements of the GDPR if the Data Processor adopts the Personal Data protection measures referred in the Exhibit No. 3 to the DPA.
      • 3.1.6. Shall have the right to perform the audit of the Data Processor’s processing activities referred in the Section 2.1.11. of the DPA once a year or in a case where the Data Controller has reasonable and documented evidence that the Data Processor is in breach of the DPA or GDPR. The audit shall not prevent the Data Processor from continuing its current business operations. The auditors or any third parties engaged by the Data Controller to carry out the audit should be bound by the same level of confidentiality as set in the DPA. The audit shall be conducted within the term agreed upon by the Parties. The audit may be conducted only on working days from 9:00 a.m. to 4:00 p.m., in the place where the Personal Data is processed. The Data Controller shall make the audit provide the Data Processor with the audit report.
      • 3.1.7. Confirms that if due to the requests of the Data Controller the performance of the Agreement and/or DPA is interrupted, the time limits for the Data Processor to perform its obligations under the Agreement and/or DPA, the performance of which has become impossible, postponed or hindered, are automatically prolonged for the corresponding term.
      • 3.1.8. Is in the legal relationships with the Personal Data subjects and shall comply with all regulatory requirements imposed on the Data Controller.
      •  
  • 4. NOTICES
    • 4.1. Any notices regarding this DPA including on engaging new Personal Data sub-processor should be delivered as indicated in the Agreement.
    •  
  • 5. RESPONSIBILITY
    • 5.1. The Data Processor shall not have the obligation to compensate the lost profits of the Data Controller or any third party to the Data Controller.
    •  
  • 6. TERM AND TERMINATION
    • 6.1. This DPA becomes effective once it is signed by both Parties and is valid until the termination of the Agreement.
    • 6.2. The termination of this DPA does not exempt the Parties to fulfil their obligations as data controller and data processor, as specified in the GDPR.
    •  
  • 7. GOVERNING LAW AND DISPUTE RESOLTION
    • 7.1. This DPA is governed by the laws of the Republic of Latvia and is an integral part of the Agreement. The Parties agree that any disputes arising from this DPA will be solved as stipulated in the Agreement.
    • 7.2. If the provisions of the DPA are in conflict with the provision of the Agreement, the provisions of the DPA shall prevail.

Your Partner in Identity Verification

Contact Us

Have questions or ready to book a demo? Our team is ready to help!

  • info@verifeye.online
  • Lāčplēša iela 20A, LV-1011 Riga, Latvia