Terms of service
RECITALS:
A. Veremark is engaged in the business of providing Background Screening Services (the “Services”).
B. The Parties intend to collaborate on using Veremark’s Services to conduct background screening checks in respect of Client’s internal employees and employees of the Client’s Related Companies (“Employees”).
C. Veremark has agreed to provide the Services to the Client during the Term (as defined below) in accordance with the terms and conditions set out in these Terms of Service (“Terms”).
IT IS HEREBY AGREED AS FOLLOWS:
1. Definitions and Interpretation
1.1 In these Terms and each Statement of Work agreed hereunder (“SOW”), unless expressly indicated otherwise, the following definitions shall apply:
Applicable Data Protection Law means all worldwide data protection and privacy laws and regulations applicable to the Client’s Personal Data in question, each as amended, supplemented and revised, including but not limited to the UK GDPR (UK General Data Protection Regulations 2018);
Applicable Laws means all laws, statutes, regulations, ordinances, and other pronouncements having the effect of law of any governmental authority that apply to: (i) the Parties; (ii) Client and Related Companies of the Client; (iii) their business; or (iv) the subject matter of these Terms and any applicable SOW (including laws of any jurisdiction where Veremark provides or will provide Services to the Client or any of its Related Companies);
Client Materials means any data (including open source data), text, drawings, software, diagrams, images or other information (together with any database or system made up of any of these) which relates to Client, a Client's user or any other person, which: (1) is developed, received, collected, stored, transferred or acquired by Veremark in the course of performing the Services; (2) is supplied to Veremark by or on behalf of the Client in connection with the Services; or (3) Veremark generates, analyses, processes, stores or transmits pursuant to the Services, and includes any Personal Data which is made available to the Company in connection with the Services. For the avoidance of doubt, all Client Materials will be deemed to be Confidential Information of Client.
Confidential Information means (i) any information of a Party or its customers which the Party identifies as confidential, or which would reasonably be regarded as confidential by a reasonable person, that is provided by or on behalf of a Party (or its Related Companies) to the other Party or its agents in connection with the Services (whether orally, in writing or in any other form); (ii) any information including the business or properties of a Party or its Related Companies, including without limitation these Terms and any SOW (which shall include any proposed terms and conditions of any amendments, renewals, or extensions of the SOW), any proposed or agreed upon terms and conditions of any other agreement executed by and between the Parties or their Related Companies, sales volumes, test results, results of marketing, reports generated by a Party or its Related Companies, trade secrets, business and financial information, source codes, business methods, procedures, know-how and other information (including Intellectual Property Rights) of every kind that relates to the business of a Party or its Related Companies; and (iii) any information relating to a Party or its Related Companies, or its respective businesses and employees, that is otherwise obtained by the other Party in connection with the Services.
Contract has the meaning given to it in clause 2.2.
Contract End Date means, in respect of each SOW, the date so specified in the SOW.
Contract Start Date means, in respect of each SOW, the date so specified in the SOW.
Deliverables means the final Report compiled from the delivery of the Services.
Dispute Notice has the meaning given to it in clause 10.3.
Effective Date means the effective date as specified in the SOW.
Force Majeure means a circumstance beyond the reasonable control of the Parties, which results in a Party being unable to observe or perform on time any obligation under these Terms. Such circumstances include, but are not limited to: acts of God, lightning strikes, earthquakes, floods, storms, explosions, fires and any natural disaster, acts of war, acts of public enemies, terrorism, riots, civil commotion, malicious damage, sabotage and revolution, global pandemics, strikes, lock-outs or other industrial disputes (whether involving the workforce of parties or any other party), failure of a utility service or transport or telecommunications network or the internet, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, or default of suppliers or subcontractors.
Intellectual Property Rights means: (i) rights in, and in relation to, any patents, registered designs, design rights, trademarks, trade and business names (including goodwill associated with any trademarks or trade and business names), copyright and related rights, moral rights, databases, domain names, utility models, and includes registrations and applications for, and renewals or extensions of, such rights, and similar or equivalent rights or forms of protection in any part of the world; (ii) rights in the nature of unfair competition rights and to sue for passing off and for past infringement; and (iii) trade secrets, confidential and other proprietary rights, including rights to know how and other technical information.
Insolvency Event means circumstances under which a Party (i) has a receiver or similar officer appointed over all or a material part of its assets or undertaking; (ii) passes a resolution for winding-up (other than a winding-up for the purpose of, or in connection with, any solvent amalgamation or reconstruction) or a court makes an order to that effect or a court makes an order for administration (or any equivalent order in any jurisdiction); (iii) enters into any composition or arrangement with its creditors (other than relating to a solvent restructuring); (iv) intends to cease carrying on all or any part of its business including, in the case of Client, intending for any of its Regulatory Authorisations to be cancelled or revoked; or (v) goes into receivership or judicial management.
Personnel means, in respect of a Party, the directors, officers, employees, contractors, sub-contractors and agents of that Party.
Personal Data means any data that is protected as “personal data”, “personally identifiable information”, “personal information”, or any comparable term as defined under Applicable Data Protection Law.
Related Company means in respect of a Party, any entity that directly or indirectly controls, is controlled by, or is under common control with another entity. For purposes of this definition, “control” means ownership, directly or indirectly, of greater than fifty percent (50%) of the voting rights in such an entity or, in the case of a noncorporate entity, equivalent rights.
Representative means any director, officer, employee or agent appointed by a Party under clause 9.1.
Regulatory Authority means national, European or local governmental, regulatory or self-regulatory authority, agency, court, tribunal, commission or other entity having jurisdiction over a Party or the subject matter of this Agreement.
Regulatory Authorisations means those authorisations, licences, permits and consents issued by a Regulatory Authority that must be obtained by any Party in order for it to be able to perform its obligations under this Agreement.
Report means the final background screening check report that Veremark provides to the Client or its Related Companies pursuant to the provision of the Services.
Service Levels means the levels of service (if any) applicable to the Services as set out in the relevant SOW.
Services means the services to be supplied by Veremark to Client as set out in a SOW.
Statement of Work or SOW means a document in the agreed sales order form (a template of which is set out in Schedule 2), approved by the Parties, that sets out Veremark’s details, the technical details of the Services and the specific commercial terms and conditions agreed, including all attachments or annexures to that SOW, sales order form and any agreed Service Levels, which are applicable to the supply of a category of Services.
Work Product shall mean the background verification Report, each Deliverable, other reports and documentation relating to the subject matter of these Terms or the applicable SOW, that are conceived, designed, practised, prepared, produced or developed by Veremark or any of its Personnel.
2. Formation of Contract
2.1 These Terms apply to all Services provided by Veremark to the Client (or, if applicable, any Related Company of the Client) and must be signed by Client (or, if applicable, any Related Company of Client) before any SOW becomes enforceable.
2.2 A legally binding contract between the Parties (or, if applicable, between Veremark and any Related Company of Client) for the supply of Services on the terms and conditions these Terms (which are deemed to be incorporated into the relevant SOW) and the terms and conditions specifically relating to the Services set out under the relevant SOW will be formed and becomes enforceable only when the parties have signed a SOW in relation to such Services engagement (a “Contract”).
2.3 Veremark enters into each Contract on its own behalf and as agent for any other entity which at any time falls within the definition of Supplier.
2.4 The Client enters into each Contract on its own behalf and, to the extent a relevant Related Company of the Client is not a party to a Contract, also enters into that Contract as agent for that Related Company of the Client.
2.5 Each Contract in relation to each Services engagement will comprise the terms and conditions of a SOW and will incorporate the terms and conditions of these Terms. Any other order, confirmation, terms and conditions or other document issued or provided by either the Client (or, if applicable, any Related Company of the Client) or by Veremark, which is not an attachment or annexure to a SOW, will not form part of the Contract.
2.6 Save where expressly stated to the contrary, if there is any inconsistency between the terms of a SOW and these Terms, these Terms shall prevail to the extent of the inconsistency.
3. Term
3.1 The SOW commences on the Effective Date and, subject to earlier termination in accordance with its terms, will remain in force for a period of one (1) year (the “Initial Term”) and then renew for subsequent one year terms (the “Renewal Term(s)”), or until the last SOW settled hereunder expires or is terminated.
3.2 Each SOW will commence on the Contract Start Date set out in the relevant SOW, and, subject to earlier termination in accordance with these Terms, will operate for the Initial Term and the subsequent Renewal Term(s) and end on the Contract End Date set out in the associated SOW.
3.3 If, under any fixed term set out in a SOW, the Services continue beyond the expiry of the prescribed Initial Term or Renewal Terms, both Parties must continue to comply with their respective obligations hereunder and, for so long as neither Party makes no objection, such SOW will be deemed to be extended for successive month-to-month periods, subject always to the right to terminate under clause 18.
4. Services
4.1 Veremark agrees to provide the Services to the Client (and, if applicable, any Related Company of the Client) in accordance with these Terms and the terms of each SOW.
4.2 Veremark will commence supply of each of the Services under a SOW on the Contract Start Date and complete the supply of those Services by the expected completion or delivery date(s) and during such hours (if any) specified in a SOW for the term of that SOW.
4.3 Veremark shall provide the Services in such quantities and in accordance with the specifications as prescribed in the associated SOW.
4.4 Subject to the these Terms, during the term of an applicable SOW, Client will have a non-sublicensable, non-transferrable (except with an assignment of the SOW as authorized herein), non-exclusive, worldwide, limited right to use the application programming interface(s) (“APIs”) provided by Veremark to make Veremark’s Services available to its customers (the “Veremark Platform”). The Parties agree that the provision of the API’s and Veremark Platform is subject to the following principles:
4.4.1 Security. Veremark will implement and maintain an industry-standard information security program as stipulated in Schedule 3.
4.4.2 Client’s Platform. The Services may require a connection to the Client’s proprietary or licensed API software platform (“Client Platform”). The Client will provide Veremark with all reasonably requested assistance to achieve and maintain such connection.
4.4.3 Change Management. Each party retains the right to alter its API, with the following conditions:
(a) A minimum of 60 days' notice must be given to the other party for any major changes.
(b) Changes should maintain backward compatibility whenever possible.
(c) A clear deprecation policy must be established, outlining the process for retiring older API versions, including a transition period.
(d) Urgent security or compliance updates may be implemented without prior notice.
5. Status
5.1 Veremark provides the Services as an independent contractor without authority to bind the Client by agreement or otherwise, and neither it nor any of its Personnel are an agent, employee, partner or joint-venturer of Client by virtue of these Terms or any SOW.
6. Veremark Responsibilities
6.1 Veremark shall:
6.1.1 hold all authorisations, permits and licences required to be held by it under the Applicable Laws to supply the Services;
6.1.2 perform the Services with the level of care, skill and diligence in accordance with a high level of industry practice and no less than to be expected of an appropriately qualified and competent professional in the background screening sector;
6.1.3 comply with the requirements of all Applicable Laws of any kind applying to it and the supply of the Services;
6.1.4 ensure that the Deliverables, and all materials, standards and other tools used in providing the Services are transcribed correctly from source data;
6.1.5 hold all Client Materials in safe custody at its own risk and maintain the Client Materials in good condition until returned to the Client, and not dispose of or use Client Materials other than in accordance with the Client’s written instructions or authorisations;
6.1.6 use Client Materials and Confidential Information only for the purposes of carrying out its obligations under these Terms;
6.1.7 not do or omit to do anything which may cause the Client to lose any licence, authority, consent or permission on which it relies for the purposes of conducting its business; and
6.1.8 notify the Client in writing immediately upon the occurrence of a change of control of Veremark, or about any changes in its financial position that could reasonably be expected to materially and adversely affect Veremark's ability to fulfil its obligations under these Terms.
7. Insurances
7.1 Veremark shall provide adequate insurance for the delivery of the Services up until the expiry of the SOW and for 6 months following this date. Veremark must take out and maintain those policies of insurance that are required by law. Upon request by the Client or its representative, Veremark shall provide to Client current certificates in respect of each such policy.
7.2 Veremark shall, at its sole cost and expense, continuously maintain insurance with at least the following minimum coverage in GBP:
(a) public liability insurance for an insured amount of not less than £1 million;
(b) product liability insurance for an insured amount of not less than £1 million per claim and in the aggregate;
(c) professional indemnity insurance for an insured amount of not less than £1 million per claim and not less than £5 million in the aggregate; and
(d) employers liability or workers’ compensation insurance for its Personnel, in accordance with statutory requirements.
7.3 Veremark shall provide certificates of insurance evidencing this coverage as requested by the Client.
7.4 Veremark shall indemnify and keep indemnified the Client, and its respective officers, directors, Personnel, successors and assigns for all and any liability in respect of any of the matters specified in clause 7, including without limitation:
7.4.1 any liability arising from a failure to effect such insurances; and
7.4.2 any claim under any such insurances not being honoured or available.
8. Access to Client Systems
8.1 If Veremark is given access to any of the Client’s systems to enable it to provide the Services, Veremark shall:
8.1.1 take reasonable, industry standard care in accessing those systems, including all hardware, software and applications, and observe all reasonable, industry standard security procedures and work practices;
8.1.2 not unreasonably interfere with or disrupt those systems;
8.1.3 ensure that those systems are protected from unauthorised access or use, or misuse, damage or destruction by Veremark’s Personnel.
8.2 The Client may at its sole discretion refuse Veremark or its Personnel access to any Client systems.
9. Representatives
9.1 Each Party must appoint and notify to the other Party in writing its designated Personnel representative under the SOW (“Representative”). The Representative appointed by a Party will be responsible for the day-to-day administration of these Terms, and the day-to-day administration of each SOW on behalf of that Party. The Representative for each Party initially appointed will be noted in a SOW.
9.2 Each Party must notify the other Party immediately should its Representative be removed or replaced, together with the contact details of its new Representative, or of any change to its Representative's contact details.
9.3 Each Party will be responsible for the acts, omissions and defaults of its Representative. Any direction, instruction, notice, approval or other communication made by or given to the Representative of a party will be deemed to have been made by or given to that Party.
9.4 The Representatives shall be responsible to ensure that each Party does everything required, including signature and delivery of documents, which is reasonably required by the other Party to give full effect to these Terms and each SOW.
10. Fees and Payment
10.1 Subject to clause 10.4, Client must pay all undisputed charges set out in each SOW (“Fees”) in consideration for Veremark providing the Services. All payments must be made to Veremark in accordance with the rates and charges set out in each SOW.
10.2 Invoices for Services under a SOW are payable by the Client within 30 days of the date of issuance of the invoice, unless otherwise agreed and set out in a SOW.
10.3 If any invoice is disputed by the Client (acting reasonably), it may give written notice to Veremark of the dispute, setting out in detail the reasons for the dispute (“Dispute Notice”).
10.4 If the Client has issued a Dispute Notice, it may withhold from payment those amounts that are directly related to disputed elements of the invoice.
10.5 The Parties will use all reasonable endeavours to resolve any invoice dispute within thirty (30) days after a Dispute Notice is issued. Any payment to be made following such resolution shall be paid by the Client within fourteen (14) days after such resolution.
10.6 If the Parties are unable to resolve the dispute under clause 10.5 within the thirty (30) day period, the dispute is to be resolved in accordance with the procedure set out in clause 33.
10.7 Ownership and rights to any Deliverables or other content provided by Veremark are not dependant upon the payment of Fees by the Client. The Client's rights to use the Deliverables or other content arising from the Services are granted upon delivery, and are not contingent upon the payment status in respect of those Services. For the avoidance of doubt, this does not relieve the Client’s responsibility to fulfil its payment obligations under this Agreement.
10.8 In the event that the Client fails to make payment of Fees due on a timely basis as set out in clause 10.2, Veremark shall be entitled to charge the Client such interest and charges as permitted and set out in the Late Payment of Commercial Debts (Interest) Act 1998. Any such charges levied shall be the subject of a separate invoice to the Client.
10.9 Unless expressly stated to the contrary in a SOW, Veremark shall be entitled to increase its rates and charges in respect of Services provided on the 12-month anniversary of the Effective Date and on an annual basis thereafter (“Annual Review Date”), by a percentage equal to the percentage increase (if any) in the Retail Prices Index (“RPI”) over the preceding 12-month period. The revised Fees shall take effect from the relevant Annual Review Date and Veremark shall provide the Client with written notice of the revised Fees at least 30 days prior to each Annual Review Date, together with details of the calculation.
10.10 Each Party shall pay its own expenses incurred in respect of the negotiation, execution, stamping and registration (as required) of these Terms and each SOW.
11. Tax
11.1 All payments to be made under these Terms or any SOW shall be made in cleared funds, without any deduction or set-off and free and clear of and without deduction of or on account of any taxes, levies, imports, duties, charges, fees, and withholdings of any nature now or hereafter imposed by any governmental, fiscal, or other authority save as required by law. If a Party is compelled to make any such deduction, it will pay to the receiving Party such additional amounts as are necessary to ensure receipt by the receiving Party of the full amount which that party would have received but for the deduction.
11.2 The Parties warrant that they have obtained all necessary additional registrations for tax purposes and will notify the other party immediately if they cease to be registered for those purposes.
12. Indemnity
12.1 Subject to clause 13 below, Veremark shall indemnify the Client in respect of any losses, liabilities, damages, demands, suits, causes of action, judgments, costs or expenses (including court costs and reasonable attorneys' fees) directly arising out of, in connection with or relating to:
12.1.1 failure by Veremark to perform, or improper performance of, its lawful obligations under these Terms or under any SOW;
12.1.2 any damage to or loss of physical property, caused by the conduct, operations or performance of Veremark under these Terms or under any SOW;
12.1.3 any injury to or death of any person caused by the conduct, operations or performance of Veremark under these Terms or under any SOW;
12.1.4 breach by Veremark or by its Personnel of Applicable Laws or any legislation or statute;
12.2 Each Party shall indemnify the other Party in respect of any losses, liabilities, damages, demands, suits, causes of action, judgments, costs or expenses (including court costs and reasonable attorneys' fees) suffered by the other Party directly arising out of, in connection with or relating to that Party’s breach of the following provisions of these Terms: Confidentiality (clause 14), Intellectual Property (clause 15) and Privacy (clause 16).
12.3 If a third party makes a claim (including a claim brought by the Client that results from a third-party claim, suit or proceeding) against the Client that any information, design, specification, instruction, software, services, data, or material (“Material”) furnished by Veremark, and used by the Client infringes such third party’s intellectual property rights, Veremark shall, at its sole cost and expense, defend the Client against the claim and indemnify the Client in respect of any damages, liabilities, costs and expenses awarded by a court (or otherwise agreed between the parties) to the third party claiming infringement, or any settlement agreed to by Veremark.
12.4 The defence and indemnification obligations of Veremark set forth in clause 12.3 above are subject to: (a) the Client notifying Veremark in writing as soon as commercially reasonable after Client receives notice of the claim (or sooner if required by Applicable Law); (b) Veremark having sole control of the defence and all related settlement negotiations; and (c) the Client providing Veremark with such assistance, information, and authority reasonably necessary for Veremark to defend against or settle the claim. Reasonable out-of-pocket expenses incurred by Client in providing such assistance will be reimbursed by Veremark. Neither Party may settle such proceedings or claim without the prior written consent of the other Party (such consent not to be unreasonably withheld or delayed), provided that nothing in this clause shall prevent the Client from settling such proceedings or claim if it reasonably considers that any failure to settle the claim without first seeking Veremark’s consent would be materially prejudicial to the Client’s interests.
12.5 In the event that some or all of the Material is held or is believed by the Veremark to infringe third party intellectual property rights, Veremark shall be entitled at its own expense: (i) to modify the Material to be non-infringing (while substantially preserving its utility or functionality); or (ii) to obtain for the Client a license to continue using the Material. If it is not commercially reasonable to perform either of the above options, then Veremark may demand from the Client return of the infringing Material, and all rights thereto. Upon return of the infringing Material to Veremark, the Client may terminate the SOW upon ten (10) days’ written notice and Client shall be entitled to a refund of the Fees paid for the infringing Material and for any Work Product rendered unusable for their intended purpose, as a result of the return to Veremark of the infringing Material.
12.6 All Work Product supplied by Veremark to the Client is intended to be for the sole purpose of the Client’s evaluation of a candidate’s suitability for employment, is not intended for public dissemination, and the Client indemnifies Veremark from and against any claims from such candidates or other third parties in respect of the misuse of any such personal data by the Client.
12.7 This clause 12 survives the termination of the SOW.
13. Limitation of Liability
13.1 Nothing in these Terms or any SOW is or should be interpreted as an attempt to modify, limit or exclude terms or warranties which are imposed by statute and which cannot be modified, limited or excluded.
13.2 Neither Party is liable to the other Party whether in contract, tort (including negligence), breach of statutory duty, equity, misrepresentation (whether innocent or negligent), restitution or otherwise for any of the following categories of loss and damage: (i) economic loss; (ii) loss of revenue; (iii) loss of saving on overheads; (iv) loss arising from business interruption; (v) loss of data; (vi) loss of business opportunity; (vi) loss of goodwill; (vii) loss of profits; or (viii) any other category of indirect, special or consequential loss or damage, from any cause even if the other Party has been advised of the possibility of such loss or damage.
13.3 Each Party’s maximum total aggregate liability to the other party under or in connection with these Terms or any SOW(s) including for breach of contract, tort (including negligence), misrepresentation (whether tortious or statutory), breach of statutory duty or otherwise, shall be limited to 100% of the Fees paid under the relevant SOW in the 12 months preceding any claim.
13.4 Notwithstanding clause 13.3 above, there shall be no limitation on a Party’s liability for any claim or liability arising out of or in connection with any of the following: (i) breach of its obligations under clause 14 (Confidentiality); (ii) breach of its obligations under clause 15 (Intellectual Property); (iii) breach of its obligations under clause 16 (Privacy); (iv) death or personal injury caused by that Party’s negligence; (v) any other type of liability which may not be excluded or limited as a matter of law.
13.5 The Parties must each use reasonable efforts to mitigate any potential loss or damage or other adverse consequences arising from or related to the Services.
13.6 It is understood and accepted by the Client that, pursuant to the Services, Veremark creates a Report containing information legally obtained by Veremark in respect of the subject of a background screening investigation, and based on the information gathered from independent third parties such as past employers, government databases or academic institutions. This Report will then be passed on the Client. Veremark assumes no responsibility or liability regarding the use or misuse of any Reports for any purpose, nor for the accuracy or completeness of such third party-sourced information. Veremark warrants that information provided to the Client in the Report is lawfully received from governmental sources and/or third parties who are authorised to disclose such information; however, Veremark is neither the author nor the creator of that information. No responsibility will be taken by Veremark for any consequences if the Client should rely on such information from these sources. However, Veremark will undertake reasonable procedures to protect, where possible, against any false information being provided in the Report.
14. Confidentiality
14.1 The Parties acknowledge that in the course of performing their responsibilities under these Terms and any SOW, they may be exposed to or acquire Confidential Information of the other Party. The Parties agree as follows:
14.1.1 to hold such information in the strictest confidence;
14.1.2 not to copy, reproduce, sell, assign, license, market, transfer, give or otherwise disclose such information to third Parties, unless where required by Veremark in providing the Services to the Client, and only with the Client’s written consent;
14.1.3 not to use such information for any purposes whatsoever, without the express written permission of the other Party, other than for the performance of their obligations under these Terms or any SOW or as otherwise agreed;
14.1.4 to advise each of their Personnel and Representatives of their obligations to keep such information confidential; and
14.1.5 if requested to do so by the other Party, return in an electronically readable format or destroy Confidential Information of the other Party.
14.2 Clause 14.1 does not apply to any use or disclosure of Confidential Information by a receiving Party to the extent necessary to:
14.2.1 comply with any law, binding directive of a regulator or a court order;
14.2.2 comply with the listing rules of any stock exchange on which its securities are listed; or
14.2.3 obtain legal or other professional advice in relation to matters arising under or in connection with these Terms or any SOW.
14.3 Clause 14.1 does not apply to any Confidential Information:
14.3.1 which is in or becomes part of the public domain otherwise than through breach of an obligation of confidence;
14.3.2 which was already known to a receiving Party at the time of disclosure, unless such knowledge arose through breach of an obligation of confidence; or
14.3.3 which a receiving Party acquires from a third party where that third party was entitled to disclose it.
14.4 Each Party must ensure that its Personnel do not do, or omit to do anything, which if done or omitted to be done by such Party, would breach this clause 14.
14.5 Each Party must use reasonable efforts to assist the other Party in identifying and preventing any unauthorised use or disclosure of the other Party’s Confidential Information.
14.6 Each Party agrees to notify the other immediately if it learns or has reason to believe that any person who has had access to the other Party’s Confidential Information has violated or intends to violate the terms of these Terms or any SOW, and to reasonably cooperate with the other Party in seeking injunctive relief and/or other available remedies against any such person.
14.7 Each Party acknowledges that a breach of the confidentiality obligations set out in this clause 14 by it may cause the other Party irreparable damage for which monetary damages would not be an adequate remedy. Accordingly, in addition to a claim for damages and any other remedies available at law or in equity, such Party may seek specific performance and/or injunctive relief (as appropriate) against any breach or threatened breach by the other Party, or the Personnel of the other Party.
14.8 All obligations of confidentiality set out in this clause 14 continue in full force and effect after the expiry or termination of the SOW.
15. Intellectual Property
15.1 The Client acknowledges and agrees that:
15.1.1 all Intellectual Property Rights in the Veremark Platform and APIs are and shall remain the exclusive property of Veremark or its licensors;
15.1.2 nothing in these Terms transfers any Intellectual Property Rights in the Veremark Platform or APIs to the Client; and
15.1.3 the Client acquires no rights in or to the Veremark Platform or the APIs other than the limited right to use the same in accordance with the express terms of these Terms.
15.2 The Client shall not, and shall procure that its Personnel, employees, contractors, and agents shall not:
15.2.1 copy, reproduce, or duplicate the Veremark Platform, the APIs, or any part thereof (except as expressly permitted by these Terms or only as strictly necessary for backup purposes);
15.2.2 reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code, algorithms, or structure of the Veremark Platform or the APIs or any part thereof;
15.2.3 modify, adapt, translate, or create derivative works based upon the Veremark Platform or APIs;
15.2.4 remove, alter, or obscure any proprietary notices (including copyright and trademark notices) contained in or on the Veremark Platform or APIs;
15.2.5 sublicense, rent, lease, loan, distribute, sell, assign, or otherwise transfer the Veremark Platform or APIs, or any rights therein to any third party;
15.2.6 use the Veremark Platform or the APIs to develop, build, test, or support any product or service that competes with Veremark's products or services;
15.2.7 use the Veremark Platform or the APIs to provide services to third parties (including on a service bureau, time-sharing, or application service provider basis);
15.2.8 access or use the Veremark Platform or the APIs for benchmarking purposes or to build a competitive product or service;
15.2.9 probe, scan, or test the vulnerability of the Veremark Platform or the APIs, or breach any security or authentication measures;
15.2.10 access the Veremark Platform or the APIs in order to monitor its availability, performance, or functionality, or for any other benchmarking or competitive purposes; or
15.2.11 frame or mirror any content forming part of the Veremark Platform or the APIs.
15.3 Without limiting clause 15.2, the Client expressly agrees that it shall not, whether directly or indirectly, and whether by itself or through any third party:
15.3.1 examine, study, or analyse the Veremark Platform or the APIs with a view to understanding its design, structure, organisation, operation, or internal workings;
15.3.2 use any manual or automated means to reverse compile, reverse assemble, reverse engineer, or otherwise translate the Veremark Platform or the APIs into human-readable form;
15.3.3 derive or attempt to derive any trade secrets, algorithms, processes, or methods embodied in or used by the Veremark Platform or the APIs;
15.3.4 bypass, circumvent, or disable any technological protection measures, security features, access controls, or usage rules implemented in the Veremark Platform or the Software; or
15.3.5 combine or integrate the Veremark Platform or the APIs with any other software, hardware, or service in a manner that would require the disclosure or licensing of any part of the Veremark Platform or the APIs.
15.4 The Client acknowledges that the Veremark Platform and the APIs (including their structure, sequence, organisation, source code, algorithms, and interface designs) constitute Confidential Information of Veremark and shall be protected in accordance with clause 14 (Confidentiality) of these Terms.
15.5 The Client acknowledges that the Veremark Platform or the APIs may incorporate or be supplied with third-party software that is subject to separate licence terms. The Client shall comply with all applicable third-party licence terms.
15.6 Veremark may monitor the Client's use of the Veremark Platform and the APIs to ensure compliance with these Terms. The Client shall provide Veremark with reasonable assistance and access to information as may be required to verify compliance with this Clause 15.
15.7 The Client acknowledges and agrees that:
15.7.1 any breach of this Clause 15 may cause Veremark irreparable harm for which monetary damages would be an inadequate remedy;
15.7.2 in addition to any other rights or remedies available to it, Veremark shall be entitled to seek equitable relief, including injunctive relief and specific performance, without the requirement to post bond; and
15.7.3 Veremark reserves all rights to take legal action to protect its Intellectual Property Rights, including seeking damages, injunctions, and recovery of legal costs.
15.8 Veremark warrants that through the performance of its obligations under these Terms and any SOW, the use of any Services by the Client will not infringe, misappropriate or contribute to the infringement of any Intellectual Property Rights (including rights to patents, designs, copyright, trade marks, trade names and circuit layouts) conferred under statute, common law or equity in any country.
15.9 Veremark retains ownership of any Intellectual Property Rights in any of its materials, Work Product and software owned by it and/or its third-party licensors, created by it and/or its third-party licensors prior to or outside the scope of these Terms.
15.10 The Client shall keep and own its existing Intellectual Property Rights as of the Effective Date of the SOW and any and all Intellectual Property Rights in any materials or subject matter created by it thereafter which relate to its own existing Intellectual Property Rights.
16. Privacy
16.1 The Client will disclose Personal Data to Veremark for the purpose of Veremark providing Services, including background checks, on third parties, such as candidates, to the Client (“Client Personal Data”). In order to provide Services, Veremark will also engage directly with third parties, and may collect Personal Data, including Sensitive Personal Data.
16.2 Veremark shall comply with the Applicable Data Protection Laws, when processing Personal Data, including Personal Data which is not Client Personal Data.
16.3 Veremark warrants to Client that:
16.3.1 any Personal Data that it discloses to the Client in relation to the Services, including any Sensitive Personal Data, has been collected in accordance with the Applicable Data Protection Laws;
16.3.2 the individual to whom the information relates has been made aware of the recipient's identity; and
16.3.3 Veremark is authorised to collect the information for the disclosure and use the information for the purposes of these Terms.
16.4 Veremark shall ensure that it adopts, documents, implements and maintains appropriate physical, technical and organisational measures designed to protect any Personal Data and to preserve the security, confidentiality, availability and integrity of such Personal Data. Such measures shall have regard to the state of the art, the costs of implementation and the nature, scope, context and purposes of data processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
16.5 In relation to any Client Personal Data, the Parties shall:
16.5.1 comply with the Data Protection Addendum executed between the parties in the form set out in Schedule 1;
16.5.2 if requested, provide the other Party with information necessary to demonstrate its compliance with obligations under Applicable Data Protection Laws and these Terms.
16.6 Veremark shall allow for data protection-related audits at the Client’s reasonable request and at the Client’s sole cost provided that, if any audit reveals a material breach by Veremark of its obligations under these Terms or the Data Protection Addendum, Veremark shall bear the reasonable costs of that audit. Such audits are limited to once a year and during business hours except in the event of a Personal Data breach.
17. Acceptance and Warranties
Acceptance
17.1 Upon completion of the Services, the Client shall receive automatic notifications and reports from Veremark. Relevant users of the Client Platform shall receive notifications and emails with status updates and links to the completed Work Product, which shall be available on the Client Platform. In no event shall Veremark edit or change any data it has received, and Veremark will present the data the way it was found and shall reflect the same in the Work Product. The Work Product shall be deemed to be accepted if the Work Product fulfils the requirements set out in the SOW.
Warranties
17.2 Veremark represents and warrants, in addition to any statutory warranty relating to the Services, that:
17.2.1 it has the power and authority to enter into and perform its obligations under these Terms and each SOW;
17.2.2 it has taken all necessary steps, including any corporate action necessary, to authorise its entry into and performance of its obligations under these Terms and any SOW and to carry out the transactions contemplated by them;
17.2.3 it holds the necessary licences, permits, consents and authorisations required under any Applicable Laws in relation to the provision of the Services and will continue to do so at all times during the term of these Terms;
17.2.4 it will comply with the requirements of all Applicable Laws of any kind applying to it and the supply of the Services and it will provide each of the Services in a manner consistent with industry standards applicable to the provision of the Services;
17.2.5 the Services will be provided in a reasonably accurate, competent and professional manner and will meet the agreed specifications and requirements outlined in these Terms and relevant SOW;
17.2.6 not do or omit to do anything which may cause the Client to lose any license, authority, consent or permission upon which it relies to conduct its business, and Veremark acknowledges that Client may rely or act on the Services;
17.2.7 ensure it has at all times a sufficient number of qualified and skilled personnel to perform and complete the Services, and Veremark shall take reasonable measures to ensure that all of its personnel performing Services are properly trained in performing their duties;
17.2.8 it shall use defined and statutory compliant methodologies in the collection, compilation and processing of data, including Personal Data, to provide the Services; and
17.2.9 that through the performance of its obligations under these Terms and any SOW the use of any Services by Client will not infringe, misappropriate or contribute to the infringement of any Intellectual Property Rights conferred under statute, common law or equity in any country.
18. Termination
18.1 Without prejudice to any other rights which the Parties may have under these Terms or at law, either Party may terminate any SOW(s) immediately by notice in writing if the other Party is in breach of any term and such breach is not remedied within five (5) business days of receiving written notice to do so.
18.2 Either Party may terminate any applicable SOW(s) for convenience by providing thirty (30) days’ prior written notice to the other Party.
18.3 Either Party may terminate any applicable SOW(s) with immediate effect by giving written notice to the other Party if:
18.3.1 the other Party commits a breach (or a series of breaches) of these Terms and/or any applicable SOW(s) which when taken together, have the impact, or effect of, or otherwise amount to, a material breach) and if such breach(es) is remediable, fails to remedy such breach(es) within fourteen (14) days of that Party being notified in writing to do so;
18.3.2 a regulatory authority imposes restrictions or makes a decision with the effect that any Party is, or will be, unable to perform any applicable SOW(s) in compliance with a legal or regulatory requirement, or in accordance with Applicable Laws (provided that any applicable SOW(s) shall not terminate until the date of such restriction/decision);
18.3.3 the other Party suspends, or threatens to suspend, or ceases or threatens to cease to carry on all or a substantial part of its business;
18.3.4 the other Party’s financial position deteriorates to such an extent that in the terminating Party’s reasonable opinion, that Party's capability to adequately fulfil its obligations under these Terms and/or any applicable SOW(s) has been placed in jeopardy;
18.3.5 the other Party becomes subject to an Insolvency Event; or
18.3.6 any act of omission of the other Party causes, or could reasonably cause, that Party to breach any terms imposed by any regulatory authority.
18.4 If notice is given by the Client to Veremark to terminate a SOW pursuant to clauses 18.1 or 18.3 above, the Client may, in addition to terminating the SOW, recover any sums paid to Veremark on any account or for Services which have not been fulfilled or performed together with interest on such sums calculated from the date those sums were paid until the date of refund.
19. Effect of Termination
19.1 Termination of a SOW does not affect any accrued rights or liabilities of either Party under that SOW, nor does it affect any provision of that SOW which is expressly or by implication intended to operate after termination.
19.2 Each Party shall destroy or return to the other Party within 30 days of the termination or expiration of the SOW, unless a longer period is agreed upon in writing by both parties: (i) any materials, documentation and other items (and all copies of the same) belonging to the other Party; and (ii) all documents and materials (and any copies) containing, reflecting, incorporating or based on the other party’s Confidential Information, unless it is required to maintain such information in accordance with Applicable Laws. All Personal Data relating to the Client’s customers in Veremark’s possession shall be deleted by Veremark either within 30 days of termination, or at the earliest point permitted by any legal record retention requirements applicable to Veremark.
19.3 Any provision of these Terms that expressly or by implication is intended to come into or continue in force on or after termination or expiry of the SOW shall remain in full force and effect.
19.4 In no event shall either Party make any public statement or communication regarding the termination of the SOW without the express prior written approval of the other Party, which approval shall not be unreasonably withheld or delayed.
19.5 With respect to any Fees for the Services which have been pre-paid by the Client, Veremark shall refund to the Client a pro rata portion of any amounts paid in advance attributable to the Services not yet rendered as of the date of termination of the SOW.
19.6 Termination Assistance. If any SOW is terminated prior to completion of Services, for a period of at least thirty (30) calendar days, Veremark shall, upon the Client’s request, provide to the Client or its designee reasonable termination assistance to allow the Services to continue without interruption or adverse effect and to facilitate the orderly transfer of the Services to another supplier. Veremark will make available to the Client such information as the Client may reasonably request for procuring services similar to the Services from a third party. Notwithstanding the foregoing, such termination assistance is conditional upon: (i) all undisputed invoices having being settled in full; and (ii) the SOW has not terminated by Veremark in accordance with clauses 18.1 or 18.3.
20. Audit
20.1 The Client and its respective authorised representatives, agents, and regulatory authorities (each an “Auditing Party”) shall upon request and at their sole cost have the right to inspect and audit all the books and records of Veremark relating to the provision of the Services, on a frequency of no more than once every 12 months, to ensure compliance with these Terms. Such records shall be available at their place of keeping for audit by the Client or its designated representative on 30 days' advance written notice to Veremark, during the Term of the SOW.
20.2 All audits shall be conducted during normal business hours at Veremark’s offices and in such a manner as not to interfere with Veremark’s normal business activities. The Client or its designated representative shall not have the right to make and keep such copies of Veremark’s records, but may request such records. If in Veremark’s opinion, these records are necessary and appropriate in the conduct of such audit copies will be made available, subject to the Client or its designated representative keeping such information confidential, except pursuant to the enforcement of Client’s rights or disclosure required by law.
20.3 In the event of an audit, Veremark shall prepare a written response to the relevant Auditing Party (a “Response to Audit Letter”) within 30 days to all criticisms, recommendations, deficiencies, any alleged violations of Applicable Law or these Terms identified in reviews, conducted by or on behalf of the relevant Auditing Party (“Audit Findings”). The Response to Audit Letter shall include, at a minimum, a detailed discussion of corrective action plans or remedial actions needed, and a specific time frame for such actions. If Veremark and the relevant Auditing Party cannot agree on how to remedy the Audit Findings, the Client may suspend the program and/or the Services contemplated by the SOW(s).
21. Anti-corruption
21.1 Both Parties represent and warrant that they and their Personnel are currently complying, and have at all times complied, with all relevant anti-bribery laws including the Foreign Corrupt Practices Act of 1977, as amended, and the rules and regulations, and any other law of any non-United States jurisdiction relating to anti-corruption or bribery, including the United Kingdom Bribery Act of 2010, as amended (collectively “Anti-Corruption Laws”).
21.2 Both Parties warrant that:
21.2.1 they have established and implemented an anti-corruption compliance program that includes internal controls, policies, and procedures, as well as appropriate management, monitoring, governance and training, to ensure compliance with the Anti-Corruption Laws;
21.2.2 neither that Party or its personnel, have (a) taken any direct or indirect action that would result in a violation of Anti-Corruption Laws, including, without limitation, making, offering or authorizing any bribe, payment, gift, entertainment, rebate, or any other thing of value to any government official or employee (foreign or otherwise), political party or official, or candidate, a public international organization, a commercial entity or individual, regardless of form, to obtain favourable treatment in obtaining or retaining business, for such favourable treatment already obtained, for other unlawful expenses relating to political activity, or made any other unlawful payment to any of the foregoing; nor (b) been under, nor is there any basis for, an administrative, civil or criminal investigation, indictment, information, or audit by any third party, in connection with alleged or possible violations of Anti-Corruption Laws; nor (c) received notice from, or made a voluntary disclosure to, any governmental entity regarding alleged or possible violations of any Anti-Corruption Laws; and
21.2.3 the financial records of that Party are accurate and complete, represent actual bona fide transactions, and have been maintained in accordance with sound business practices, including the maintenance of adequate internal accounting controls.
21.3 Both Parties acknowledge that:
21.3.1 In the event of a breach of this clause, the other Party may suffer damage to its reputation and loss of business which is incapable of accurate estimation. As a result, thereof, both Parties agree to defend, indemnify and hold harmless the other Party from all claims, demands, causes of action, damages, losses, fines, penalties or costs, including reasonable attorney's fees that a Party may suffer by reason of violation of the Anti-Corruption Laws by the other Party; and
21.3.2 That any breach of this Clause 21 would constitute a material breach of these Terms.
22. Assignment
22.1 No SOW may be assigned, sublicensed or otherwise transferred by either Party, whether by operation of law or otherwise, without the other Party’s prior written consent, such consent not to be unreasonably withheld or delayed.
22.2 Notwithstanding clause 22.1 above, a Party shall have the right, at any time, to novate, assign or transfer part or all of its rights and obligations under these Terms or any SOW to a Related Party of that Party; provided that in the event of such a novation, transfer or assignment by the Client to a Client Related Party, that Related Party does not provide similar services to the Services provided by Veremark.
23. Force Majeure
23.1 Neither Party shall be in breach of these Terms nor liable for delay in performing, or failure to perform, any of its obligations under these Terms if such delay or failure result from an event of Force Majeure.
23.2 If an event of Force Majeure is in effect for more than 30 days, the non-affected Party may terminate this Agreement with immediate effect by giving written notice to the other Party.
24. Non-solicitation
24.1 Both Parties agree to refrain from soliciting (or attempting to solicit) for employment, or engagement as a contractor, any Personnel employed or contracted by the other Party involved directly in relation to the provision and receipt of the Services during the term of the SOW, for the duration of the SOW(s) and until the first anniversary following the expiry of the SOW(s), without the prior written consent of the other Party.
24.2 The Parties agree this clause shall not apply to bona fide replies to general job advertisements for available employment positions advertised in the public domain.
25. Publicity
25.1 Each Party may use the other Party’s name and identify it as a supplier or customer, in advertising, publicity, or similar materials or on their website, unless they are in receipt of written notice from the other Party which expressly prohibits this.
26. Entire Agreement
26.1 These Terms, together with each SOW, constitutes the entire understanding between the parties and supersedes all previous and contemporaneous communications, representations, or agreements with respect to Veremark’s supply, and Client’s access to and use of, the Services.
27. Change Control
27.1 Neither these Terms nor any SOW may be modified, interpreted, supplemented or amended or in any way revised or altered, except pursuant to written agreement signed by duly authorised representatives of the Parties.
27.2 A Party may request a change to the Services provided under these Terms or a SOW (“Change”) by submitting to the other Party a change control note (“CCN”) in the format set out in clause 27.3 below and in sufficient detail to allow the other Party to respond in accordance with this change control procedure.
27.3 Each CCN shall contain (but need not be limited to) the following: (a) The date of the request or recommendation for the Change; (b) the reason for the Change; (c) full details of the Change, including any specifications; (d) any other information as a Party may reasonably request.
27.4 Within ten (10) business days of the issue by the Client of a CCN, Veremark shall provide a written estimate of costs for or cost implications (as applicable) and time involved in carrying out or incorporating the Change referred to in the CCN, (which in relation to both the costs for and time involved in carrying out the Change shall be reasonable in all the circumstances) and any implications the Change will have on the Services.
27.5 The Parties shall negotiate in good faith to implement such Change, and if such Change is agreed, the parties shall sign the CCN as a written variation to these Terms or the relevant SOW as appropriate.
28. Severability
28.1 If any provision of these Terms or a SOW is held to be unenforceable, the Parties agree to substitute the affected provision with an enforceable provision that approximates the intent and economic effect of the affected provision.
28.2 If any one or more of the provisions of these Terms or a SOW are for any reason held to be invalid, illegal or unenforceable by a court of competent jurisdiction or a mediator, the remaining provisions of these Terms or that SOW will be unimpaired and will remain in full force and effect.
29. Waiver
29.1 No failure or delay of either Party in exercising any right, power, or privilege under these Terms or a SOW (and no course of dealing between the Parties) operates as a waiver of any such right, power or privilege. No waiver of any default on any one occasion constitutes a waiver of any subsequent default. No single or partial exercise of any right, power, or privilege precludes the further or full exercise of such right, power or privilege.
30. Survival
30.1 Subject to any provision to the contrary, these Terms and each SOW will inure to the benefit of and be binding on the Parties, and their successors, trustees, permitted assigns or receivers, but will not inure to the benefit of any other persons.
30.2 The provisions of these Terms which are capable of having effect after the expiry of any applicable SOW will remain in full force and effect following the expiry of such SOW.
31. Notices
31.1 All notices required to be given under these Terms and each SOW must be given in writing in the English language. A notice may be delivered to a Party by hand, mail or courier to the other Party’s address as set out in the SOW.
31.2 A notice will be taken to be duly given and received:
31.2.1 if posted by hand or sent by courier, on the date actually delivered;
31.2.2 if sent by mail within the United Kingdom, within 3 business days after posting;
31.2.3 if sent by email, at the time of transmission, or if sent after 5:00 pm or on a day that is not a business day, at 9:00 am on the next business day.
32. Counterparts
32.1 Each SOW may be signed in any number of counterparts with the same effect as if the signatures on each counterpart were on the same instrument.
33. Governing Law and Jurisdiction
33.1 These Terms and all SOWs settled hereunder shall be governed by and construed exclusively under the laws of England and Wales. Any dispute arising out of or in connection with these Terms, including any question regarding the existence, validity, or termination of a SOW, shall be referred to and resolved exclusively by the courts of England and Wales.
SCHEDULE 1 – DATA PROTECTION ADDENDUM
This Data Processing Addendum (DPA) forms part of the Terms and SOW between the Parties (Agreement) for the provision of background screening services (Services).
In the event of any conflict between the terms of this DPA and the Agreement, the terms of this DPA shall prevail to the extent of such conflict in relation to the Processing of Personal Data.
1. DEFINITIONS AND INTERPRETATION
1.1 In this DPA, the following terms shall have the following meanings:
Applicable Data Protection Law means all applicable laws and regulations relating to privacy and the Processing of Personal Data, including: (a) the UK GDPR and the Data Protection Act 2018; (b) the EU GDPR and any implementing laws of EU member states; and (c) any other applicable privacy or data protection laws;
Controller, Processor, Data Subject, Personal Data, Processing and Special Category Data shall have the meanings given to them in Applicable Data Protection Law;
Client Personal Data means Personal Data Processed by Veremark on behalf of the Client in connection with the Services;
Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Client Personal Data;
EU GDPR means Regulation (EU) 2016/679;
Sub-processor means any Processor engaged by Veremark to Process Client Personal Data;
UK GDPR means the EU GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018.
1.2 The terms Client and Veremark shall have the meanings given to them in the Agreement.
2. PROCESSING OF PERSONAL DATA
2.1 The Parties acknowledge that for the purposes of Applicable Data Protection Law, the Client is the Controller and Veremark is the Processor of Client Personal Data.
2.2 The subject matter, nature, purpose and duration of the Processing, and the types of Personal Data and categories of Data Subjects, are set out in Annex 1 to this DPA.
2.3 Veremark shall:
(a) Process Client Personal Data only on documented instructions from the Client (including with regard to transfers of Personal Data to a third country or international organisation), unless required to do so by applicable law;
(b) ensure that persons authorised to Process Client Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
(c) implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, as described in Schedule 3 to the Terms;
(d) taking into account the nature of the Processing, assist the Client by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Client's obligations to respond to requests for exercising Data Subject rights under Applicable Data Protection Law;
(e) assist the Client in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of Processing and the information available to Veremark;
(f) at the choice of the Client, delete or return all Client Personal Data to the Client after the end of the provision of Services, and delete existing copies unless applicable law requires storage of the Personal Data; and
(g) make available to the Client all information necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, including inspections, conducted by the Client or another auditor mandated by the Client, subject to clause 7.
2.4 Veremark shall immediately inform the Client if, in its opinion, an instruction from the Client infringes Applicable Data Protection Law.
3. SUB-PROCESSORS
3.1 The Client provides general written authorisation for Veremark to engage Sub-processors to Process Client Personal Data, provided that:
(a) Veremark maintains a list of approved Sub-processors (the current list being set out Annex 2 to this DPA), which it shall make available to the Client;
(b) Veremark provides the Client with written notice of the addition or replacement of any Sub-processor; and
(c) the Client may object to the appointment of a new Sub-processor on reasonable data protection grounds by notifying Veremark in writing within fourteen (14) days of receipt of notice under clause 3.1(b).
3.2 Where the Client objects to a new Sub-processor in accordance with clause 3.1(c), the parties shall work together in good faith to find a commercially reasonable solution. If no such solution can be found within thirty (30) days, either party may terminate the affected Services on thirty (30) days' written notice.
3.3 Where Veremark engages a Sub-processor, Veremark shall:
(a) enter into a written agreement with the Sub-processor imposing data protection obligations no less onerous than those set out in this DPA; and
(b) remain fully liable to the Client for the performance of the Sub-processor's obligations.
4. DATA SECURITY
4.1 Veremark shall implement and maintain the technical and organisational measures set out in Schedule 3 to protect Client Personal Data against unauthorised or unlawful Processing and against accidental loss, destruction, damage, alteration or disclosure.
4.2 Veremark may amend the security measures set out in Schedule 3 from time to time, provided that Veremark shall not materially decrease the overall level of security.
4.3 Veremark’s use of Artificial Intelligence (AI) in respect of Client Personal data shall be limited to the purposes set out in Annex 3 to this DPA.
5. DATA BREACH NOTIFICATION
5.1 Veremark shall notify the Client without undue delay, and in any event within forty-eight (48) hours, after becoming aware of a Data Breach.
5.2 Such notification shall, to the extent possible, include:
(a) a description of the nature of the Data Breach including, where possible, the categories and approximate number of Data Subjects and Personal Data records concerned;
(b) the likely consequences of the Data Breach; and
(c) a description of the measures taken or proposed to be taken to address the Data Breach.
5.3 Veremark shall cooperate with the Client and provide such reasonable assistance as the Client may require in order to enable the Client to comply with its obligations under Applicable Data Protection Law in relation to the Data Breach.
6. DATA SUBJECT RIGHTS
6.1 Veremark shall, to the extent legally permitted, promptly notify the Client if it receives a request from a Data Subject to exercise their rights under Applicable Data Protection Law in relation to Client Personal Data (Data Subject Request).
6.2 Veremark shall not respond to a Data Subject Request without the Client's prior written consent, except to confirm that the request relates to the Client.
6.3 Taking into account the nature of the Processing, Veremark shall provide reasonable assistance to the Client to enable the Client to respond to any Data Subject Request.
7. AUDIT RIGHTS
7.1 Veremark shall, on reasonable prior written notice and during normal business hours, allow the Client (or its appointed third-party auditors) to audit Veremark's compliance with its obligations under this DPA, provided that:
(a) such audits shall not be conducted more than once per year unless required by a supervisory authority or in response to a Data Breach;
(b) the Client shall provide at least thirty (30) days' prior written notice of any audit (or such shorter period as may be required by a supervisory authority);
(c) any auditors must be independent, qualified and subject to confidentiality obligations; and
(d) audits shall be conducted in a manner that does not interfere unreasonably with Veremark's business operations.
7.2 As an alternative to an audit under clause 7.1, Veremark may provide the Client with copies of relevant third-party audit reports or certifications (such as ISO 27001, SOC 2, or similar) that evidence Veremark's compliance with this DPA.
7.3 The Client shall bear its own costs in relation to any audit. If an audit reveals non-compliance with this DPA, Veremark shall bear the reasonable costs of the audit.
8. INTERNATIONAL TRANSFERS
8.1 Veremark shall not transfer Client Personal Data outside the United Kingdom or the European Economic Area without the Client's prior written consent.
8.2 Notwithstanding clause 8.1 above, the Client understands and accepts that any orders for background screening checks in respect of candidates who currently reside or who have previously resided in countries based outside the United Kingdom or European Economic Area will necessitate the transfer of Client Personal Data to Sub-processors in such countries, who will undertake the checks on Veremark’s behalf. Veremark’s current list of approved international Sub-processors is set out in Annex X. The Client hereby gives consent to international transfers to such Sub-processors for this specific purpose.
8.3 Where the Client consents to a transfer under clause 8.1, the parties shall ensure that appropriate safeguards are in place in accordance with Applicable Data Protection Law, including (as applicable) the Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner's Office.
8.3 Veremark shall provide such information and assistance as the Client may reasonably require in relation to any data transfer risk assessment or impact assessment.
9. RETURN AND DELETION OF DATA
9.1 Upon termination or expiry of the Agreement, or upon the Client's written request, Veremark shall (at the Client's election):
(a) return a complete copy of all Client Personal Data to the Client in a commonly used, structured, machine-readable format; and/or
(b) securely delete or destroy all Client Personal Data.
9.2 Veremark shall certify to the Client in writing that it has complied with clause 9.1.
9.3 Veremark may retain Client Personal Data to the extent required by applicable law, provided that Veremark shall ensure the confidentiality of such Personal Data and shall only Process such data as required by law.
10. LIABILITY AND INDEMNITY
10.1 Each party's liability arising out of or related to this DPA, whether in contract, tort or under any other theory of liability, shall be subject to the limitations and exclusions of liability set out in the Agreement.
10.2 Notwithstanding clause 10.1, nothing in this DPA shall limit either party's liability for:
(a) death or personal injury caused by its negligence;
(b) fraud or fraudulent misrepresentation; or
(c) any other liability that cannot be excluded or limited by applicable law.
11. GENERAL
11.1 This DPA shall be governed by and construed in accordance with the governing law of the Agreement.
11.2 The courts specified in the Agreement shall have exclusive jurisdiction to settle any dispute arising out of or in connection with this DPA.
11.3 This DPA may only be amended or modified by written agreement of both parties.
Annex 1 – Details of Processing
Subject Matter of Processing
The Supplier shall Process Client Personal Data for the purpose of providing background screening services to the Client in accordance with the Agreement.
Nature and Purpose of Processing
The Supplier will Process Client Personal Data for the following purposes:
(a) Conducting background checks and screening services on candidates and employees identified by the Client;
(b) Verifying identity, employment history, educational qualifications, professional credentials, and references;
(c) Conducting criminal records checks, credit checks (where permitted), and other regulatory compliance checks;
(d) Generating and providing screening reports to the Client;
(e) Providing customer support and administration in relation to the Services.
Duration of Processing
The Supplier shall Process Client Personal Data for the duration of the Agreement or any SOW settled thereunder and for such period thereafter as may be necessary to comply with legal obligations or as instructed by the Client in writing.
Types of Personal Data
The Personal Data Processed may include:
(a) Personal identifiers (name, date of birth, address, contact details, national insurance number or equivalent, passport/identity document details);
(b) Employment history and professional qualifications;
(c) Educational records and academic qualifications;
(d) Criminal records and convictions data (Special Category Data);
(e) Credit history and financial information (where permitted);
(f) References and recommendations from previous employers;
(g) Any other information provided by the Client or the Data Subject for the purposes of the background screening.
Categories of Data Subjects
The categories of Data Subjects whose Personal Data may be Processed include:
(a) Prospective employees and job applicants;
(b) Current employees and workers;
(c) Contractors and consultants;
(d) Volunteers (where applicable);
(e) Referees and previous employers providing references.
Annex 2 – List of approved Sub-processors
To request a list of Veremark's data sub-processors please contact us at privacy@veremark.com.
Annex 3 – Artificial Intelligence Policy
The Supplier may use Operational Data in line with the Supplier’s AI policy as set out below.
For the purposes of this Annex 3, “Operational Data” means the data generated, recorded, or otherwise processed during the performance of background screening, compliance, or verification services under the Agreement, including but not limited to:
- Check Name – the descriptive name or category of the background check or verification process (e.g., identity check, criminal record check);
- System Assigned Candidate ID – a unique numeric identifier automatically generated by the system to track the candidate;
- Turnaround Time (TAT) – the elapsed time from the initiation of the check to its completion;
- Location of Check Ordered – the country or jurisdiction where the check has been requested or carried out;
- Service Level Agreement (SLA) for Check Completion – time-series data capturing the agreed timeframe and actual performance metrics relating to the completion of the specific check or service.
The Supplier shall not use Client Personal Data for model training or share or permit sharing of any Client Personal Data with any generative AI tool under arrangements which do not restrict use of Client Personal Data for the purpose of training the relevant generative AI tools’ underlying models, LLMs (large language models) or algorithms or similar purposes, and, where necessary to give effect to this Annex 3, opt-out (and maintain opt-out throughout the Term) of any such data sharing.
SCHEDULE 2 – STATEMENT OF WORK (SOW) TEMPLATE
Statement of Work
Sales Order Form
This Statement of Work/Sales Order Form is an offer by Veremark Ltd (“Veremark”), Registered Company Number 11681510 of Registered Address 85 Great Portland Street London, England, W1W 7LT, United Kingdom, and the Client (“Client”) as defined in this executed Sales Order Form.
The Parties agree as follows:
- Any terms not defined in the Sales Order Form or the Master Services Agreement will have the meaning ascribed to them in the Terms of Service available at link https://www.veremark.com/legal/terms-of-service. “Territory” means England and Wales.
- Client will purchase or has the stated intent to purchase the Services as per the Appendix to this Sales Order Form, and by signature of this Sales Order Form accepts the terms set out in this Sales Order Form and the Terms of Service.
- In each case the documents are as posted at the date of signature of this Sales Order Form.
- Client hereby confirms that they have received and read all parts of this Sales Order Form, the Master Services Agreement and (where relevant) the Terms of Service and will comply with and adhere to all such terms and conditions.
- An invoice for Services shall be delivered to the Client shortly after the end of each month. All amounts invoiced shall be due and payable seven (7) days from the date of the invoice.
IN AGREEMENT WHEREOF the Client has caused this Agreement to be executed by its authorised representatives.
Appendix
The pricing outlined below (excluding VAT) reflects a x% discount and is contingent upon meeting the following conditions:
- Agreement Execution: The agreement must be signed on or before [DATE].
- Onboarding Commencement: Onboarding must begin on or before [DATE].
- First Check Order: The first check must be ordered on or before [DATE].
- Quarterly Spend Commitment: On an expected annual spend of £X, a minimum quarterly spend of £X.
If any of the above conditions are not met, the pricing will revert to the standard platform pricing for each unmet condition.
INSERT PRICING TABLES - EXAMPLES BELOW
Background Check Prices
Package Prices
*All prices in XXX and valid until DD MMM YYYY
Prices of background checks not listed above will follow a la carte pricing listed under Veremark platform’s Criteria Settings.
Client agrees to pre-approve a budget of up to USD $50 (or the local currency equivalent) per case outside of the USA (USD $100) per case in the USA) to cover additional pass-through costs before requiring notification from Veremark.
Additional Value Added Services may be added at any time.
Billing Details
Service Level Agreement - Turnaround Times and Expedited Service
The expected turnaround time for the business-as-usual service, from the date of receipt of the required data from the candidate until completion of the delivery of the Services, is up to 15 business days, depending on the type and the country/jurisdiction of the search. Turnaround times are quoted as business days and are subject to the following:
- The complete subject/candidate information for screening being supplied by the Client
- Education verifications being conducted during educational institutesʼ term times
- Employment verifications being conducted during employersʼ business hours
Veremark will use its best efforts to provide the requested information. However, circumstances beyond Veremarkʼs control may arise that prevent a search from being completed. For instance, if a company has ceased operations or declines to release the information. In these cases, Veremark shall only be obliged to make reasonable efforts to complete employment verifications.
However, if expedited service is requested, a surcharge of an additional 50% of the Price shall be applied. Expedited service is when a report is prioritised ahead of other cases or the follow-up process is accelerated to every business day rather than every alternate business day. Where the Client has credits on the system, this surcharge will be deducted from their account.
A. Screening Commencement
Veremark will commence verifications on receipt of the requested information within one 1) business day.
Where a data subject has not provided supporting documentation or complete information, the data subject will be emailed/telephoned with three (3) reminder requests.
On day seven (7) after receipt of the screening request, the Client will be contacted for further instruction if there is no response from the data subject. The turnaround time calculation however, will not commence until all correct information has been received from the candidate.
The cancellation timeframe applies as below on checks where the candidate has not provided the information.
B. Database/Public Record Searches
Veremark will conduct database/public record searches, subject to local market availability, when an individual has lived in any jurisdiction within the last 7 years. Veremark will commence the database/public record search automatically and pass any charges involved onto the Client in line with the expense agreement agreed hereunder.
If the subject/candidate has more than one (1) name, Veremark will, at the Clientʼs request, conduct searches on the data subjectʼs additional name(s) and pass any additional costs onto Client, as per the terms of the SOW.
C. Qualification & Professional Memberships Verifications
Veremark will verify the subjectʼs/candidateʼs highest qualification obtained unless otherwise directed by the Client. Charges and availability are as per the SOW.
Copies of the subjectʼs/candidateʼs academic transcripts and/or diploma and/or degree certificates may be required to initiate a verification.
Standard Verifications – Definition
Veremark will make a maximum of five 5) valid attempts within 10 business days to verify the employment history details based on the information provided by the candidate. Candidates are requested to provide artefacts supporting their education history (e.g. grade transcripts, graduation certificates etc). Should the 5 valid attempts not be successful, then the check may be closed based on the provision of supporting documents by the candidate.
Mitigation Process Cost - $3
If Veremark has difficulty in obtaining the verification or the client needs additional re-verification, the subject/candidate can be contacted for further information and Veremark will seek for an alternative method to complete the verification. Any additional two (2) valid attempts within 5 business days will be made at an additional cost of $3.
D. Employment History & Reference Verifications
Veremark will not contact the current employer of a subject/candidate unless we have specific permission from the subject/candidate to do so.
If a subject/candidate has previously been employed by any Client office, Veremark will verify the employment history. If the previous employer is unresponsive after five (5) valid attempts, then the check will be closed with supporting documents provided by the Client.
Standard Verifications – Definition:
Veremark will make a maximum of five 5) valid attempts within 10 business days to verify the employment history details based on the information provided by the candidates. Candidates are requested to provide artifacts supporting their employment history (e.g. employment contract, pay slips or tax records etc).
Mitigation Process Cost - $3
If Veremark has difficulty in obtaining the verification or the client needs additional re-verification, the subject/candidate can be contacted for further information and Veremark will seek for an alternative method to complete the verification. Any additional (2) valid attempts within 5 business days will be made at an additional cost of $3 for each process undertaken.
E. Professional references
Professional references will be requested from the direct manager(s) and co-worker (s) whose contact information has been provided by the candidate. In the event that direct manager(s) and/or co-worker(s) are unresponsive to our requests for references, the service will be closed as “unverified, no response from reference”.
F. Personnel
Veremark will have a support team available for the Clientʼs day-to-day enquiries. The Client will maintain an accurate list of authorised Personnel who are permitted to receive or access information on subjects/candidates/employees from the Veremark Platform (“Authorised Users”). Authorised User credentials and user permissions are required to access and use the Veremark Platform.
The Client will be provided with usernames and passwords for each Authorised User. Authorised Users will be provided
training and supporting documentation for using the Veremark platform. Authorised Users with appropriate permissions have the option to manage account user settings within the platform. Veremark will only take instructions and respond to queries from Authorised Users with valid Veremark user credentials. Instructions and queries can be submitted to Veremark by fax, post or electronic mail.
G. Reporting and account management
At the conclusion of the background screening process, Veremark will provide the Client with a report that can be accessed within the Veremark Platform.
For Client accounts, where an assigned Veremark account manager or client success manager has been allocated, for each period where the usage does not meet the agreed threshold to warrant the agreed price per check, then a $250 services fee for each month will be applied and reconciled at the end of each quarter.
H. General
If Veremark is required to amend the scope and or fees for services it provides under this Service Level Agreement, (with the exception of fees from courts, government agencies, educational institutions, third-party verification services and other data sources), Veremark will give not less than thirty (30) days’ prior notice in writing to the Client specifying the nature of the proposed amendment.
If such amendment is likely to result in any adverse change to the Services, the Client shall be entitled to reject the proposed amendment by notifying Veremark in writing no later than the expiry of the thirty (30) day notice period. The rejection of the amendment may not result in the reinstatement of the original scope.
All extra charges will have approval sought in line with the Terms/SOW terms.
I. Escalation Matrix
In the event of an incident that requires escalation, the Parties agree the following proposed SLA escalation steps:
First line – Account Management
For initial queries on quality and feedback of background verification results that can be addressed by the Veremark Personnel who completed the initial report, for example, typographical, name, grammatical errors, etc.
Second line – Head of Customer Success
For overall quality issues and missing daily deadlines on the agreed project schedule.
Final and arbitration – Global Head of Account Management
For project implementation, resourcing and management issues pertaining to QA and daily return rates that cannot be resolved at the second line.
SCHEDULE 3 – INFORMATION SECURITY POLICY