Terms and conditions

STANDARD TERMS AND CONDITIONS FOR THE PROVISION TO ITS CUSTOMERS OF ITS SCREENING AND FACT-CHECKING SERVICES (FOR THE PURPOSES OF THESE TERMS A "CUSTOMER")

BACKGROUND: 

A. Verifile has the necessary skill and expertise to provide the Services (as defined below).

B. The Customer wishes to appoint Verifile to provide the Services subject to the terms and conditions herein ("Agreement").
 
Each of Verifile and the Customer is a "Party" and together the "Parties".
 

The Parties agree as follows:

  1. Definitions
    1. In this Agreement, the following expressions have the following meanings: 

      “ API ” means Verifile’s Application Programming Interface, other developer Services and associated software and documentation that enable the Customer to integrate access with certain Services and obtain certain Information via the Customer's systems.
      “ Applicable Law ” means all applicable laws, legislation, statutory instruments, regulations and governmental guidance having binding force whether local, national or international in any relevant jurisdiction and relevant codes of conduct.
      “ Applicant ” means individuals and non-natural persons concerning whom checks are made pursuant to the Services.
      “ Application Information ” means information the Customer and Verifile obtain from Applicants.
      “ Bribery Laws ” means the Bribery Act 2010 and all other Applicable Laws, statutory instruments and regulations in relation to the prevention of bribery or corruption and associated guidance published by the Secretary of State for Justice under the Bribery Act 2010.
      “ Business Day(s) ” means any day other than a Saturday, Sunday, bank or public holidays in England including the period between 25 December – 31 December in any calendar year when banks generally are open for non-automated business in England.
      “ Charges ” means any fees payable in respect of any Services as agreed in writing between Verifile and the Customer from time to time.
      “ Commencement Date ” The date when Verifile accepts the online account created by the Customer.
      “ Confidential Information ” means the Information, Applicant Information, Data and Personal Data including criminal offence data obtained by Verifile from the Customer and/or the Applicant in the course of providing the Services and any information relating to a Party or the business, prospective business, technical processes including Verifile’s SSO, computer software (both source code and object code), Intellectual Property Rights or finances of a Party, commercial, financial or technical information, or compilations of two or more items of such information whether or not each individual item is itself confidential, coming into the possession of the other Party by virtue or in anticipation of this Agreement and which the disclosing Party regards or could reasonably be expected to regard as confidential, whether or not such information is reduced to a tangible form or marked in writing as "confidential" and any and all information which has been or may be derived or obtained from such information.
      “ Controller ” has the meaning given to that term in Data Protection Legislation from time to time.
      “ Customer Created IPR ” means IPR created by Verifile for the Customer’s use pursuant to the provision of the Services including but not limited to Applicant Information and Information.
      “ Customer ID ” means account numbers, identification codes and passwords (including User ID) provided by Verifile to the Customer and used by the Customer to access the Services.
      “ Customer IPR ” means the Intellectual Property Rights owned by or licensed to the Customer and/or its Related Persons and which are or have been developed independently of this Agreement entered into hereunder (whether prior to the Commencement Date or otherwise).
      “ Data ” means the information Verifile collects from a variety of sources, including but without limitation from data aggregators, public authorities and other sources.
      “ Data Protection Declaration ” has the meaning given to that term in clause 17.3.2(d) (Data Protection).
      “ Data Protection Legislation ”

      means, as binding on either Party:

      (a)     the GDPR;

      (b)     the UK Data Protection Act 2018;

      (c)     any laws which implement any such laws; and

      any laws that replace, extend, re-enact, consolidate or amend any of the foregoing, together with all Applicable Laws in any jurisdiction relating to the Processing or protection of Intellectual Property Rights and privacy.
      “ Data Subject ” has the meaning given to that term in Data Protection Legislation from time to time.
      “ Description of Processing ” means the description and other particulars of Personal Data Processed by Verifile (and/or Processed on behalf of Verifile or Verifile Related Persons) for which the Customer is a Controller, which are set out at Schedule 1 (Description of Processing).
      “ EEA ” has the meaning given to that term in clause 17.3.2 (Data Protection).
      “ GDPR ” means Retained Regulation (EU) 2016/679.
      “ Group ” means, in relation to either Party, each and any subsidiary or holding company of that Party and each and any subsidiary of a holding company of that Party.
      “ Information ” means the results, reports and the data provided by Verifile to the Customer.
      “ Initial Period ” means the period of thirty-six (36) months from the Commencement Date.
      “ Intellectual Property Rights or IPR ” means copyright, patents, know-how, trade secrets, trademarks, trade names, design rights, rights in get-up, rights in goodwill, rights in Confidential Information, rights to sue for passing off, domain names and all similar rights and in each case:
      (a)     whether registered or not;
      (b)     including any applications or right of application to protect or register such rights;
      (c)     including all renewals and extensions of such rights or applications;
      (d)     whether vested, contingent or future;
      (e)     to which the relevant Party is or may be entitled; and
      in whichever part of the world existing.
      “ MSA Offence ” has the meaning given to that term in clause 15.1.1 (Modern Slavery).
      “ Personal Data ” has the meaning given to that term in Data Protection Legislation.
      “ Portal ” means the web applications and websites used by the Customer to access the Services and by Verifile to provide the Services and the Information.
      “ Privacy Notice ” Verifile’s privacy notice and statement as published by Verifile on its website www.verifile.co.uk from time to time.
      “ Processor, Process or Processing ” has the meaning given to that term in Data Protection Legislation.
      “ Proposal ” means the document of that name signed and dated by the Customer setting out the Services to be provided by Verifile pursuant to this Agreement including any special terms and conditions applicable to additional Services specified in the Proposal.
      “ Related Persons ” means a member of the Verifile Group or Customer Group (as applicable) and any of their employees, officers, shareholders, affiliates, representatives, agents, consultants, contractors, suppliers and advisers.
      “ Renewal Period ” has the meaning given to that term in clause 12.1 (Term and Termination).
      “ Revised Description ” has the meaning given to that term in clause 17.6 (Description of Processing).
      “ Sanctioned Person ” has the meaning given to that term in clause 16.1 (Sanctions Compliance).
      “ Sanctioned Country ” has the meaning given to that term in clause 16.2 (Sanctions Compliance).
      “ Sanctions ” means any economic or trade sanctions or restrictive measures enacted, administered, imposed or enforced by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), the U.S. Department of State, the United Nations Security Council; and/or the European Union; and/or the French Republic; and/or Her Majesty’s Treasury, or any other relevant sanctions authority.
      “ Services ”

      means:

      (i) the CV verification and background check services provided by Verifile to the Customer as described in the Proposal;

      (ii) those generally available services (as detailed on Verifile’s website (www.verifile.co.uk) provided by Verifile from time to time; 

      (iii) and any bespoke and non-standard services agreed between Verifile and the Customer from time to time.

      “ Software ” means any computer program and its related documentation owned or licensed by Verifile, which is or will be used by the Customer, its Group or its Related Persons for the delivery of the Services and Information, including but not limited to the API, Portal, Verifile App, Verifile IPR and Verifile Created IPR.
      “ SSO ” means Verifile’s standard service offering as amended from time to time including Verifile’s service level and delivery and any obligations of the Customer.
      “ Sub-contractor ” has the meaning given in clause 17.5 (Sub-contractors).
      “UK SCCs” means the standard International Data Transfer Agreement (ITDA) issued by the UK Information Commissioner’s Office pursuant to clause 119A of the UK Data Protection Act 2018 in force with effect from 21 March 2022.
      “ User ID ” means the individual identification provided by Verifile in accordance with clause 6.2 (Security) of this Agreement, to each Related Person of the Customer using the Services for the purposes of their work with Verifile.
      “ VAT ” means United Kingdom value added tax or any other tax imposed in substitution for it and equivalent or similar tax imposed outside the United Kingdom.
      “ Verifile App ” means the mobile applications created or licensed by Verifile, which the Customer may use to access the Services and the Information.
      “ Verifile Created IPR ” means the Intellectual Property Rights which are used in connection with the delivery of the Services and are owned by or licensed to Verifile and are, or have been, developed independently of this Agreement (whether prior to the Commencement Date or otherwise) including but not limited to the Portal, the Verifile App, the API and Verifile Created IPR.
      “ Verifile IPR ” means the Intellectual Property Rights which are used in connection with the delivery of the Services and are owned by or licensed to Verifile and are, or have been, developed independently of this Agreement (whether prior to the Commencement Date or otherwise) including but not limited to the Portal, the Verifile App, the API and Verifile Created IPR.
      “ Verifile Processing Activities ” means all Processing of Personal Data performed by Verifile and/or Verifile Related Persons (and/or on behalf of Verifile or Verifile Related Persons acting as Sub-contractors) on behalf of the Customer in the course of providing the Services to the Customer and carrying out the obligations under this Agreement.
    2. Unless the context otherwise requires:
      1. The headings used in this Agreement are for convenience only and do not affect the interpretation of this Agreement;
      2. references to this Agreement include its Schedules;
      3. references to "clause" or "clauses" refer to clause or clauses of this Agreement;
      4. references to "writing" or "written" include any method of reproducing word in a legible and non-transitory form including email and any other means of electronic communication including but not limited to Verifile’s online ordering platform;
      5. a reference to a gender includes each other gender;
      6. words in the singular include the plural and vice versa;
      7. any words that follow "include", "includes", "including", "in particular" or any similar words and expressions shall be construed as illustrative only and shall not limit the sense of any word, phrase, term, definition or description preceding those words;
      8. a reference to a "person" includes a natural person, corporate or unincorporated body (in each case whether or not having separate legal personality) and that person’s personal representatives, successors and permitted assigns; and
      9. references to legislation include any modification or re-enactment thereof including as a result of the United Kingdom’s withdrawal from the European Union by virtue of Article 50 of the Treaty of the European Union.
  2. THE SERVICES
    1. Verifile will provide the Services as set out in the Proposal in accordance with the SSO and subject to the terms and conditions of this Agreement and any specific terms and conditions included in the Proposal.  In particular, Verifile will give the Customer the Information in line with its standard timescales as detailed in the SSO or Portal from time to time.  Any timescales are a guide and Verifile will use all reasonable endeavours to comply with them but may not always be able to do so as they reflect the response time of the third parties Verifile contacts in the course of providing the Services.
    2. If the Customer serves written notice on Verifile that some or all of the Services do not conform with clause 2.1 and the SSO and provides sufficient detail of the nature and extent of the defects, Verifile may, at its option, remedy or re-perform the Services that do not comply with clause 2.1 and the SSO.
    3. Verifile may suspend the provision of any Service(s) at any time if (i) the Information needed to provide the Service(s) is not provided by the data providers or Sub-contractors for reasons outside of the control of Verifile or (ii) provision of the Service(s) is no longer permitted due to changes in Applicable Law.  In these circumstances Verifile will use reasonable endeavours to continue to provide the Services but where it is unable to, Verifile shall promptly notify the Customer.
    4. Verifile will provide documentation to assist the Customer with use of the Software and where applicable, the integration process with the API.  Verifile will provide reasonable assistance on integration but reserves the right to charge (with prior notice) a fee for integration assistance where the support is beyond what Verifile deems as reasonable.
  3. RESTRICTIONS OF USE

    In relation to the Customer's use of the Services and the Software either during the Term or at any time afterwards, the Customer must:

    1. only use them in compliance with all Applicable Laws;
    2. only use the Services and the Software to receive Information and Data from Verifile solely for proper and lawful business purposes and otherwise in accordance with this Agreement and Applicable Laws;
    3. only make backup copies of the Software for their lawful use.  The Customer must take all reasonable steps to prevent unauthorised copying of the Software;
    4. not modify, copy, adapt, translate or create derivative works based on the Software or any part of the Services, or attempt to discover any source code or underlying ideas or algorithms or reverse engineer, decompile or disassemble the Software or part of the Services for any purpose;
    5. not attempt to gain, or gain unauthorised access to, or disrupt the integrity or performance of the Services;
    6. not use the Services or the Software to commit, or with the intention to commit any unlawful, fraudulent, dishonest, threatening, invasive or improper behaviour;
    7. not and are not permitted to sub-license, assign, hold on trust or novate this Agreement to or on behalf of any person;
    8. provide all cooperation and information reasonably required by Verifile in relation to the Services, including all information and materials reasonably required by Verifile to make the Services available to the Customer.  The Customer must ensure that such information is up-to-date and accurate in all material respects;
    9. not use the Software or the Services to build a competitive product or service or copy its features, technology or user interface; and
    10. not act or omit to act in any way that results in damage to Verifile's business or reputation.
  4. Paying Charges
    1. Verifile will invoice the Customer for the Services in respect of the Charges incurred up to the end of each calendar month following the Commencement Date. 
    2. If a purchase order reference is required by the Customer to be quoted on an invoice, the Customer shall provide Verifile with such purchase order reference no later than three (3) Business Days prior to the last calendar day of the month. 
    3. Unless otherwise agreed between the Parties, the Customer shall pay all invoices in Pounds Sterling: 
      1. in full without delay, deduction or set-off, in cleared funds within thirty (30) calendar days of the date of each invoice; and
      2. to Verifile’s bank account, details of which have been provided by Verifile to the Customer.
    4. If payments are not received within the time specified, Verifile reserves the right to require the Customer to set up a direct debit or may at its sole discretion cease to carry out any further Services under the Agreement.  Payment may be made by credit card but may incur an additional processing fee.
    5. The Customer may dispute any invoice it believes to be erroneous within thirty (30) calendar days of receipt.  Where a dispute is ongoing under this clause 4.5 (Paying Charges), the Customer shall not be required to pay the disputed amount until such dispute is resolved.  For the avoidance of doubt, the Customer shall still be liable to pay all undisputed amounts in accordance with clause 4.3 (Paying Charges).
    6. Time of payment is of the essence.  Where sums due under this Agreement are not paid by the Customer to Verifile in full by the due date: 
      1. Verifile may without limiting its other rights, charge interest on such sums owed pursuant to the Late Payment of Commercial Debts (Interest) Act 1998 and interest shall accrue on a daily basis and apply from the due date for payment until actual payment is received in full, whether before or after judgment;
      2. The Customer will pay Verifile any reasonable costs incurred by Verifile in connection with collecting any late sums or interest on them, including but not limited to Court fees and legal costs;
      3. If payment remains unpaid for one hundred and twenty (120) calendar days, Verifile may at its sole discretion charge a monthly administration fee of twenty-five Pounds Sterling (£25) in addition to interest until payment is made in full or suspend the Customer’s access to the Services and/or terminate this Agreement.
    7. The Charges are exclusive of VAT.  The Customer shall pay any applicable VAT to Verifile in addition to the Charges on receipt of a valid VAT invoice.
    8. At any time Verifile may by notice to the Customer increase the Charges or change the terms of this Agreement to reflect any one or more of the following on which the Charges are based:​
      1. any increase in the price of third party data suppliers (e.g. DBS, Credit Agencies, DVLA); 
      2. any change in such data suppliers procedures; 
      3. any exchange rate fluctuation; or 
      4. for any other factor beyond the reasonable control of Verifile. 
      The increase in Charges shall be applied to all orders placed by the Customer following the date of the notice set out at clause 4.8 (Paying Charges). 
    9. Notwithstanding clause 4.8 (Paying Charges), Verifile may increase the Charges for the Services annually.  Verifile shall agree such price increase in writing with the Customer not less than thirty (30) calendar days prior to any increase taking effect.
    10. If Verifile considers in its reasonable opinion that it is no longer desirable or commercially viable for Verifile to continue to provide the Services or if any third party software or data becomes unavailable to Verifile, Verifile shall be entitled to either:
      1. modify the Services and Software as necessary to accommodate the changes or unavailability; or
      2. terminate this Agreement without liability to Verifile in respect of those Services which are affected by the changes or unavailability.
  5. RESTRICTIVE COVENANTS
    1. The Customer undertakes for a period of five (5) years after termination of this Agreement (whether alone or in concert with or for, or on behalf of any other person), not to do either of the following: 
      1. solicit the custom of any client of Verifile in respect of similar goods or Services to those provided by Verifile; or 

      2. solicit or employ staff employed by Verifile during the term of this Agreement except that the Customer may solicit or employ staff who are made redundant or dismissed by Verifile or who have been employed by a third party subsequent to being employed by Verifile. 
    2. Each undertaking contained in this clause 5 (Restrictive Covenants) shall be construed as a separate undertaking and if one or more of the undertakings or part thereof is held to be void or unlawful or in any way unenforceable, such undertaking or part thereof shall to that extent be disregarded and deemed not to form part of this Agreement and the remaining undertakings shall continue to bind the Customer.

    3. The restrictions contained in this clause 5 (Restrictive Covenants) are considered reasonable by the Parties and the Customer acknowledges that the provisions of this clause 5 (Restrictive Covenants) are reasonably necessary for the protection of the legitimate interests of Verifile.
    4. In the event of any breach of Clause 5.1.2 (Restrictive Covenants) by the Customer, the Customer agrees to pay Verifile a sum equivalent to fifty percent (50%) of the then current annualised salary and reasonable associated costs of employing such employee. The Parties recognise and agree that this sum represents a genuine pre-estimate of the loss likely to be suffered by Verifile as a result of such a breach.
  6. Security
    1. The Customer agrees to follow any reasonable rules and guidelines that apply to the way in which Verifile provides the Services from time to time, provided such rules and guidelines have been provided to the Customer.  Verifile will maintain appropriate technical and organisational security measures and procedures to prevent the Customer’s Customer ID being accidentally given to or used by unauthorised people.
    2. The Customer shall provide Verifile with an accurate list of its Related Persons’ authorised personnel who are permitted to order Services and receive or access Applicant Information and Information.  The Customer is responsible to update Verifile with changes to the list to enable Verifile to add or remove access rights.  Verifile will provide to each person on this list with an individual identification referred to as "User ID".  The Customer will ensure that it notifies individuals with a User ID that only the person to whom it is issued is permitted to use the User ID and will ensure that the User ID is notified that he or she is not permitted to transfer the User ID to, or allow usage of the User ID by others.
    3. The Customer is responsible for keeping its Customer ID and User IDs secure.  Verifile will not be responsible for any losses arising from unauthorised use of the Customer ID or User IDs, unless Verifile is responsible for the breach.  Verifile reserves the right to issue a new Customer ID or User ID at any time.  
    4. The Customer agrees that it will:

      1. maintain appropriate technical and organisational security measures and procedures to prevent its Customer ID and User IDs being accidentally given to or used by unauthorised people; 
      2. inform Verifile as soon as it becomes aware that any third party has found or used the Customer ID, any of the User IDs or if any equipment the Customer uses to access the Services or the Software is stolen; 
      3. be responsible for any Charges connected to the reissuing of a Customer ID or User ID, unless Verifile is responsible for the Customer ID being used by unauthorised people; 
      4. not breach or circumvent any security or authentication measures of the Software or Services;
      5. not interfere with or disrupt any part of the Software or Services; and
      6. not use a robot or other automated means to access the Software or Services.
    5. Verifile may cancel or suspend the Customer’s use of the Customer ID if either of the following circumstances occur namely: 

      1. the Customer fails to comply with any of its security obligations pursuant to clause 6.4 (Security); or 
      2. Verifile is advised or becomes aware of any unauthorised or improper use of the Customer’s Customer ID or User IDs (either by the Customer or by any third party), or that any equipment the Customer uses to access the Software or Services has been stolen; and  
      3. either of those circumstances may in Verifile’s reasonable opinion have a detrimental or potentially detrimental effect on Verifile’s business.  Verifile may choose not to suspend the Customer’s use of the Customer ID or User IDs, or may reinstate it if the Customer demonstrates to the reasonable satisfaction of Verifile that the Customer has rectified the issue.
    6. Verifile undertakes to issue the Customer with a new Customer ID or User IDs as soon as possible provided that the Customer is not in breach of the provisions of this Agreement. 
    7. Verifile will take instructions from authorised personnel by email or phone.
    8. In the event of any breach or attempted breach of security, either Party shall take reasonable steps to prevent a recurrence thereof and to mitigate the effects of such breach.  Verifile shall be entitled to fully investigate such breach and the Customer shall give Verifile its full cooperation with such investigation or audit. 
  7. INSURANCE
    1. Verifile shall at its own cost have in place contracts of insurance with reputable and solvent insurers to cover its obligations under this Agreement.  Upon request, Verifile shall supply (insofar as is reasonable) evidence of the maintenance of the insurance and all of its terms applicable from time to time.
  8. Liability
    1. Verifile shall use all reasonable skill and care to provide the Services. In circumstances where Verifile has elected to re-perform any Services pursuant to clause 2.2 this will be the Customer’s sole remedy and Verifile shall have no further liability.
    2. The Customer hereby acknowledges that the Information it will receive from Verifile is based on Data which may also contain advice or opinions of third parties that are not maintained or controlled by Verifile.  As such, Verifile cannot guarantee that the Data provided from these sources is absolutely accurate, up-to-date, error free or comprehensive in breadth or depth.  Verifile does and will have in place appropriate quality procedures designed to ensure at all times the accuracy (to the extent reasonably possible) of the Information and to provide to the Customer all Data that it does receive from third parties.
    3. Each Party will not be liable to the other Party, whether such liability arises in tort (including negligence), breach of contract, or in any other way for:​
      1. loss of actual or anticipated profit;
      2. loss of use or corruption of software, data or information;
      3. loss or damage to goodwill;
      4. loss of business or loss of business use, including but not limited to loss of sales;
      5. loss of agreements or contracts;
      6. loss of anticipated savings;
      7. losses arising from enforcement action by regulators, including any fines;
      8. loss of opportunity; or 
      9. any consequential, indirect, incidental or special losses.
    4. Subject to clause 8.3 and clause 8.7, each Party’s total liability to the other Party in any one (1) year (starting on the Commencement Date and each anniversary thereof) for all claims for negligence, breach of contract, or another liability or obligation is limited to one hundred thousand Pounds Sterling (£100,000) or the Charges paid by Customer in that year, whichever is the lesser. 
    5. Each Party shall indemnify and hold harmless the other Party, each member of its Group, and their Related Persons, and, at the other Party's request defend the other Party, from and against any costs, damages and fees (including legal and other professional fees) attributable to any of the following: (i) claims that the Services, on their own or in combination with other services and products or the use by Customer, infringe any third party's intellectual property rights; (ii) any breach of data protection obligations under this Agreement by either Party; and (iii) any breach of confidentiality obligations under this Agreement by either Party.
    6. To the extent permitted by law, Verifile excludes all representations, guarantees or conditions that: 
      1. the Services or the Information (or both) are fit for a particular purpose; or
      2. the Services or Information (or both) will meet the Customer’s requirements; or
      3. that the Information will be free from errors or omissions.
    7. Nothing contained in this Agreement will operate to exclude or limit loss or damage in any way in respect of the following:
      1. liability for death or personal injury arising out of a Party’s negligence;
      2. liability for fraud or fraudulent misrepresentation; or 
      3. any other losses that cannot be excluded or limited by Applicable Law.
  9. Intellectual Property
    1. Verifile is the absolute, legal and beneficial owner of Verifile IPR.  All IPR in Verifile IPR shall at all times be and remain the exclusive property of Verifile or its third party licensors. 
    2. The Customer is the absolute, legal and beneficial owner of the Customer IPR and Customer Created IPR.  All IPR in the Customer IPR and the Customer Created IPR shall at all times be and remain the exclusive property of the Customer or its third party licensors.
    3. Verifile grants the Customer a royalty free non-exclusive worldwide, revocable licence to:
      1. use the Verifile IPR for the purposes of obtaining the benefit of the Services provided by Verifile pursuant to the terms of this Agreement; and
      2. use its name and logo on all of its recruitment publications to deter misleading Applicants from applying for vacancies, for so long as and provided that Verifile is providing the Service(s) to the Customer.
    4. The Customer grants Verifile a royalty free non-exclusive licence to use its name and logo on Verifile’s website for the purposes of delivering the Services so long as and provided that Verifile is providing the Services to the Customer.
    5. The Customer shall not and shall not permit its Related Persons or any third party to reverse engineer, decompile, disassemble,modify, attempt to discover or extract the source code or algorithms, merge or combine with any software, adapt, translate or copy any portion of the Verifile IPR or any of the computer code in the Software, except as authorised under this Agreement.
    6. The Customer shall not and shall ensure that its Related Persons shall not sell, transfer, sub-license, distribute, commercially exploit or otherwise make available to or use for the benefit of any third party any of the Services or Verifile IPR.
  10. Confidentiality
    1. Each Party shall protect, treat secret and confidential and shall procure that its Related Persons shall protect, treat secret and confidential the Confidential Information of the other Party, using at least the same degree of care as it takes to preserve and safeguard its own Confidential Information of a similar nature and in any event at least a reasonable degree of care.
    2. Confidential Information may be disclosed by the receiving Party to its Related Persons on a "need to know" basis in order to provide or receive the Services (as applicable), provided that the recipient is bound in writing to maintain the confidentiality of the Confidential Information received.
    3. The obligations set out in this clause 10 (Confidentiality) shall not apply to Confidential Information which the receiving Party can demonstrate:
      1. is or has become publicly known other than through a breach of this clause 10 (Confidentiality); or
      2. was in possession of the receiving Party prior to disclosure by the other Party; or
      3. was received by the receiving Party from an independent third party who has full right to the disclosure; or
      4. was independently developed by the receiving Party; or
      5. was required to be disclosed by a governmental authority, stock exchange or regulatory body, provided that, where permitted by Applicable Law, the Party subject to such requirement to disclose gives the other Party prompt written notice of the requirement.
    4. The obligations of confidentiality in this clause 10 (Confidentiality) shall not be affected by the expiry or termination of this Agreement.
    5. Each Party undertakes not to use the Confidential Information for any other purpose except for the purpose of providing or receiving the Services and as authorised by this Agreement.
    6. The Customer will not publish or release any benchmarking or performance data applicable to the Services, Information or Software.
  11. Customer Obligations
    1. At the Customer’s cost and expense, the Customer agrees to co-operate with Verifile and provide Verifile with such information and assistance as may be required in order for Verifile to perform its obligations in relation to the Services.
    2. The Customer agrees to comply with its reasonable obligations under the SSO which is amended from time to time. Verifile will endeavour to bring to the Customer’s attention any changes to the SSO which are relevant to the Services provided to the Customer. The Customer shall be bound by those changes to the SSO by continuing to buy Services from Verifile after notification of such changes.
  12. TERMS AND Termination
    1. This Agreement will commence on the Commencement Date for a minimum term equal to the Initial Period and unless otherwise terminated in accordance with this Agreement, the Agreement shall automatically renew for successive one (1)-year terms (each being a "Renewal Period").
    2. This Agreement may be terminated after the Initial Period by either Party upon service of at least six (6) months’ written notice to be served on the other Party prior to the expiration of the Initial Term or prior to the commencement of each Renewal Period.  Notwithstanding the foregoing, any Services still in progress at the date of termination shall be completed by Verifile notwithstanding such termination.
    3. This Agreement may be terminated with immediate effect by either Party giving the other Party notice in writing in the event that the other Party:
      1. is in material breach of this Agreement and the breach cannot be remedied; or
      2. is in material breach of this Agreement and the breach is capable of remedy but has not been remedied within thirty (30) calendar days of notification of the breach; or
      3. the Customer has failed to pay any undisputed amount as defined in clause 4.5 (Paying Charges), due under this Agreement on the due date and such amount remains unpaid for one hundred and twenty (120) days after Verifile has given notification that the payment is overdue.
    4. Either Party may terminate the Agreement at any time by giving notice in writing to the other Party if the other Party:
      1. stops carrying on all or a significant part of its business, or indicates in any way that it intends to do so;
      2. is unable to pay its debts either within the meaning of section 123 of the Insolvency Act 1986 or if Verifile reasonably believes that to be the case; 
      3. becomes the subject of a company voluntary arrangement under the Insolvency Act 1986;
      4. has a receiver, manager, administrator or administrative receiver appointed over all or any part of its undertaking, assets or income;
      5. has a resolution passed for its winding up;
      6. has a petition presented to any court for its winding up or an application is made for an administration order or any winding-up or administration order is made against it;
      7. is subject to any procedure for the taking control of its goods that is not withdrawn or discharged within seven (7) days of that procedure being commenced;
      8. has a freezing order made against it;
      9. is subject to any recovery or attempted recovery of items supplied to it by a supplier retaining title in those items;
      10. is subject to any events or circumstances analogous to those in clauses 12.4.1 to 12.4.9 (Term and Termination) in any jurisdiction;
      11. any representations or warranties made by the other Party prove to be inaccurate or false;
      12. the other Party breaches any Applicable Law; or
      13. either Party doing anything that may bring the other Party into serious disrepute.
    5. Terminating the Agreement will not affect:
      1. any rights accrued to either Party prior to termination; or
      2. any part of this Agreement that will continue to apply notwithstanding termination.
    6. Upon termination of this Agreement, both Parties agree to return to the other Party all Confidential Information and all copies of it.  In the event that copies cannot be returned, they will be destroyed and certification of destruction will be provided to the owner of the Confidential Information.
  13. Legal Compliance
    1. Each Party shall at all times comply with and shall procure that its Related Persons at all times comply with all Applicable Laws in the performance of its obligations under this Agreement.
    2. Each Party shall not do or permit anything to be done which might cause or otherwise result in a breach of Applicable Law by the other Party and/or its Related Persons.
  14. Anti-BribEry.
    1. For the purposes of this clause 14, the expressions "adequate procedures" and "associated with" shall be construed in accordance with the Bribery Act 2010 and legislation or guidance published under it.
    2. Each Party shall comply with applicable Bribery Laws including ensuring that it has in place adequate procedures to prevent bribery and use all reasonable endeavours to ensure that:
      1. all of that Party’s personnel;
      2. all others associated with that Party; and
      3. all of that Party’s sub-contractors

      involved in performing the Agreement so comply.

    3. Without limitation to clause 14.2 (Anti-Bribery), neither Party shall make or receive any bribe (as defined in the Bribery Act 2010) or other improper payment or allow any such bribe or improper payment to be made or received on its behalf either in the United Kingdom or elsewhere and shall implement and maintain adequate procedures to ensure that such bribes or improper payments are not made or received directly or indirectly on its behalf.
    4. Each Party shall immediately notify the other as soon as it becomes aware of a breach or possible breach of any of the requirements in this clause 14 (Anti-Bribery).
  15. Modern Slavery

    Verifile undertakes, warrants and represents that:

    1. neither Verifile nor any of its Related Persons has: 

      1. committed an offence under the Modern Slavery Act 2015 (an "MSA Offence"); or
      2. been notified that it is subject to an investigation relating to an alleged MSA Offence or prosecution under the Modern Slavery Act 2015; or
      3. is aware of any circumstances within its supply chain that could give rise to an investigation relating to an alleged MSA Offence or prosecution under the Modern Slavery Act 2015;
    2. it shall comply with the Modern Slavery Act 2015; and 

    3. it shall notify the Customer immediately in writing if it becomes aware or has reason to believe that it or any of its Related Persons have breached or potentially breached any of its obligations under clause 15 (Modern Slavery).  Such notice to set out full details of the circumstances concerning the breach or potential breach of Verifile’s obligations.
  16. Sanctions Compliance

    Verifile warrants and represents that it and each of its Sub-contractors and Related Persons, direct or indirect beneficial owners or shareholders and/or any other person acting on behalf of Verifile, is not or is not owned or controlled by an individual or entity that is:

    1. the target of any Sanctions (a "Sanctioned Person"); or
    2. located, organised or resident in a country or territory that is or whose government is the subject of Sanctions broadly prohibiting dealings with such government, country or territory (a "Sanctioned Country").
    3. Any breach by Verifile of this clause 16 (Sanctions Compliance) shall be deemed to be a material breach of this Agreement not capable of remedy.
  17. Data Protection
    1. Each Party shall be responsible for its own compliance obligations imposed by the Data Protection Legislation

    2. The Parties acknowledge that Verifile shall act as the Customer’s Processor in respect of all Processing of Personal Data pursuant to the provision of the Services under this Agreement and in respect of the Verifile Processing Activities and the Customer shall act as Controller in respect of Personal Data Processed by Verifile.  If this analysis is subsequently determined by a competent body in a manner inconsistent with this view, this clause shall not apply.
    3. Processing and Transfer of Data – Article 28(3)(a) GDPR (Unless Stated Otherwise)

      Subject to clause 17.2 (Data Protection) above, in respect of any Personal Data which Verifile Processes as a Processor in relation to the Services and in respect of all Verifile Processing Activities, Verifile shall (and shall procure that all Verifile Related Persons shall):

      1. only Process that Personal Data for the purposes of supplying the Services (except to the extent the laws of the UK require Verifile to do otherwise) and at all times in accordance with the Customer’s documented instructions from time to time and the Description of Processing; 
      2. not transfer or otherwise directly or indirectly disclose or make available any Personal Data to (or access those data from) any location outside the UK or the European Economic Area ("EEA") except where one or more of the following applies: 

        (a) the Processor has in place with the non-UK/non-EEA receiving entity the UK SCC, or any alternative version of those clauses issued by the Information Commissioner’s Office from time to time;

        (b) the transfer is to a non-UK country that is deemed to have an adequate level of protection from time to time by the Information Commissioner’s Office

        (c) there is an approved code of conduct in place by an association or other body representing the Controller or Processor that applies to the non-UK/non-EEA territory or territories to which the Personal Data is to be transferred;

        (d) the Data Subject has provided their prior written explicit consent, which shall be obtained by the Customer either directly or indirectly (through Verifile) in an appropriate form and include all information as required by Article 49(1)(a) of the GDPR. The Customer shall ensure it has in place robust mechanisms and systems to be able to demonstrate and evidence such explicit consent through the provision of a data protection declaration signed by the Data Subject and containing a declaration to that effect ("Data Protection Declaration"). In the event that a Data Subject (i) withdraws their explicit consent by informing the Customer, the Customer will notify Verifile in writing immediately, providing details of the nature, scope and extent of the explicit consent withdrawal; or (ii) withdraws their explicit consent by informing Verifile, Verifile will notify the Customer immediately and Verifile’s cessation of the Processing of such Data Subject’s Personal Data and/or supply of Services shall not be a breach of this Agreement;

        (e) the transfer is necessary for the performance of a contract between the Data Subject and the Customer or the implementation of pre-contractual measures taken at the Data Subject’s request (Article 49(1)((b)); or 

        (f) the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the Data Subject between the Customer and another natural or legal person (Article 49(1)(c)); 

      3. on the expiry or termination of the Agreement at the Customer’s option, either return at the Customer’s cost all of the Personal Data and Confidential Information (and copies of it) or securely dispose of the Personal Data and Confidential Information. If the Customer insists on deletion, Verifile shall agree to the deletion on condition that the Customer irrevocably waives and foregoes any right to complain to Verifile about the Services or Charges associated with the deleted Personal Data and Confidential Information; and 

      4. comply with all Data Protection Legislation imposed on Verifile as Processor that is relevant to the Processing of Personal Data under the provision of the Services to the Customer. Verifile shall inform the Customer in writing if in Verifile’s opinion, any instruction provided by the Customer in relation to the Processing of Personal Data will or is likely to breach any Data Protection Legislation. 

    4. Verifile Personnel – Article 28(3)(b) GDPR  Subject to clause 17.2 (Data Protection) above in respect of any Personal Data which Verifile Processes as a Processor in relation to the Services and in respect of all Verifile Processing Activities, Verifile shall (and shall procure that all Verifile Personnel shall):
      1. ensure that access to the Personal Data is limited to those of the Verifile Personnel or Sub-contractors who need access to them to supply the Services and only in accordance with the terms and conditions of this Agreement (Article 28(3)(b) GDPR); 
      2. ensure that all Verifile Personnel and Sub-contractors are informed of the confidential nature of the Personal Data and are always subject to enforceable obligations of confidentiality by Verifile in relation to Personal Data (Article 28(3)(b) GDPR); 
      3. ensure that all Verifile Personnel and Sub-contractors are assessed by Verifile to ensure their reliability (Article 28(3)(b) GDPR). 
    5. Sub-contractors – Articles 28(2) and 28(3)(d) GDPR (Unless Stated Otherwise) 

      Verifile’s cohort of record checking partners has been built up over many years and represents a core and confidential part of the Verifile’s intellectual property.  Verifile has carefully selected and vetted all of its Sub-contractors.  Verifile fully recognises its responsibilities under the Data Protection Legislation, specifically Article 28 of the GDPR, to correctly control and manage the Processing activities of these partners and the Customer recognises the commercial confidentiality of the relationship between Verifile and these partners.  In light of this, the Customer hereby generally authorises Verifile to engage agents and Sub-contractors or other third parties ("Sub-contractors") in the Processing of Personal Data for the provision of the Services without requiring individual prior written authorisation of the Customer, subject to (i) Verifile remaining fully liable for the acts and omissions of all Sub-contractors that it is required to be liable for under the GDPR (and Verifile will be deemed to be in breach of this Agreement if the Customer suffers or incurs any liabilities arising from such acts or omissions) and (ii) any such Sub-contractor agreeing in writing with Verifile to comply with the same terms and conditions as those imposed on Verifile under this Agreement.  If there is any change to the categories of Sub-contractors that Verifile makes use of in providing the Services, Verifile shall update the list of categories of Sub-contractors within its Privacy Notice accordingly and the Customer shall be notified of this updated Privacy Notice (Article 28(4) GDPR).  If Verifile wishes to materially alter the selection criteria used by Verifile to select Sub-contractors, Verifile shall notify the Customer and invite the Customer to comment or object in writing within fourteen (14) calendar days of notification.

    6. Description of Processing – Article 28(1) GDPR 

      The Customer shall regularly review and maintain the Description of Processing in Schedule 1 (Description of Processing) to ensure that it is up to date at all times and that it accurately and fully reflects the Customer’s instructions and Processing of Personal Data in relation to all Services.  The Customer shall, following any change to the Description of Processing, provide such amended version ("Revised Description") to Verifile in writing.  Following the provision of such amended version to Verifile, the Description of Processing shall be deemed replaced with the Revised Description and this Agreement shall be deemed amended accordingly.  For the avoidance of doubt, if the nature of the Processing under this Agreement changes in such a way as to change the scope of the Services, the costs for the Services shall change accordingly.

    7. Security – Technical and Organisational Measures – Articles 28(3)(c) and 32 GDPR 

      Taking into account the state of technical development and the nature of Processing, Verifile shall implement appropriate technical and organisational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration or damage and unauthorised disclosure, access, use, removal, copying, modification or other misuse.  

    8. Data Subject Rights – Articles 28(3)(e) and 33 GDPR 

      1. Subject to clause 17.2 (Data Protection) above, in respect of any Personal Data which Verifile Processes as a Processor in relation to the Services and in respect of all Verifile Processing Activities, Verifile shall (and shall procure that all Verifile Personnel shall) notify the Customer without undue delay in writing of any notices received by it from Data Subjects or any competent supervisory authority relating to the Processing of Personal Data, including any requests, complaints or correspondence and provide such information, co-operation and assistance as the Customer may require in relation to such notices (at the Customer’s cost) including in connection with any approval of any supervisory authority to any Processing of Personal Data or any request, action, notice or investigation by such supervisory authority.  For the avoidance of doubt, in no event shall Verifile or any of Verifile Personnel respond directly to any such notices without the Customer’s prior written consent unless and to the extent required by law.

      2. Verifile shall, taking into account the nature of the Processing, assist the Customer (by appropriate technical and organisational measures and at the Customer’s cost where such measures fall outside the scope of the Services)insofar as this is possible, in relation to any request from any Data Subject for access, rectification or erasure of Personal Data or any objection to Processing.
    9. Data Security, Breach Reporting and DPIAs – Articles 28(3)(f), 32, 33, 35 and 36 GDPR 

      1. Verifile shall notify the Customer without undue delay and in writing if any Personal Data has been disclosed in breach of this Agreement (Article 33 GDPR). 

      2. Verifile shall notify the Customer without undue delay if it becomes aware of a breach of security of Personal Data, such notices shall include full and complete details relating to such breach (Article 33(2) GDPR). 

      3. Verifile shall provide such assistance (at the Customer’s cost) as the Customer may reasonably require in relation to (a) the need to undertake a data protection impact assessment as such term is defined in the Data Protection Legislation in accordance with Data Protection Legislation and (b) any approval of the Information Commissioner’s Office or other data protection supervisory authority to any Processing of Personal Data (Articles 35 and 36 GDPR). 

      4. Verifile undertakes to not take any steps in relation to a data breach, including but not limited to contacting any Data Subject except in accordance with clause 17.9 (Data Security, Breach Reporting and DPIAs). 

    10. ​​Audit – Article 28(3)(h) GDPR 

      1. At the Customer’s cost (including without limitation for any fees charged by any auditor appointed by the Customer to execute any such audit), Verifile shall allow for an audit (no more than once per annum, unless and to the extent additional audits are required by the Information Commissioner’s Office or other relevant supervisory authority) by the Customer and any auditors appointed by it in order for Verifile to demonstrate its compliance with the Data Protection Legislation.  For the purposes of such audit upon reasonable notice, Verifile shall make available to the Customer and any appointed auditors all information that the Customer deems necessary (acting reasonably) to demonstrate Verifile’s compliance with the Data Protection Legislation.  If access is required to Verifile’s premises, such access shall be subject to compliance with Verifile’s relevant policies.
      2. In Verifile’s reasonable opinion, to the extent that it believes that any instruction received by it in accordance with clause 17.10 (Audit) is likely to infringe Data Protection Legislation or any other Applicable Law, Verifile shall promptly inform the Customer and shall be entitled to withhold its permission for such audit and/or perform the relevant obligations under the Agreement until the Customer amends its instruction so as not to be infringing.
      3. With respect to the Customer’s rights under clause 17.10.1 (Audit): 

        (a) the Customer must provide reasonable prior written notice of its need to conduct an audit (unless a shorter timeframe is mandated by the Customer’s competent supervisory authority) and the Parties shall mutually cooperate in good faith to establish an audit date. Verifile will contribute to such audits by providing the Customer or the Customer’s competent supervisory authority with the information and assistance reasonably necessary to conduct the audit, including any relevant records of Processing activities applicable to the Services; 

        (b) if a third party is to conduct the audit, Verifile may object to the auditor if the auditor is in Verifile’s reasonable opinion not suitably qualified or independent, a competitor of Verifile, or otherwise manifestly unsuitable. Verifile will require the Customer to appoint another auditor or conduct the audit itself; 

        (c) the audit is conducted during regular business hours at the applicable facility and in accordance with Verifile’s health and safety policies and may not unreasonably interfere with Verifile’s business activities; 

        (d) the Customer will notify Verifile of any non-compliance discovered during the course of an audit and provide Verifile with any audit reports generated in connection with any audit under this clause, unless prohibited by the GDPR, other applicable Data Protection Legislation or otherwise instructed by a competent supervisory authority. The Customer may use the audit reports only for the purposes of meeting the Customer’s regulatory audit requirements and/or confirming compliance with the requirements of this Agreement. The audit reports are Confidential Information of the Parties under the terms of the Agreement. 

    11. Customer’s Obligations 

      1. The obligations and rights of the Customer as the applicable Controller of the Personal Data shall be Processed in accordance with this Agreement are set out in this Agreement and in Data Protection Legislation.  The Customer shall ensure that all instructions it issues to Verifile comply with Data Protection Legislation.  For the avoidance of doubt, the Customer shall be solely responsible for determining the legal basis and conditions for the Processing of Personal Data under this Agreement and shall make available to Verifile all information reasonably necessary to demonstrate compliance with its obligations in this clause. 
      2. To the extent permitted by law, Verifile accepts no liability for any inaccurate Information provided to the Customer as part of the Services to the extent such inaccuracy comes from incorrect data provided by the Customer, the Data Subjects or any of Verifile’s sources which are not sub-processors for the purpose of the GDPR. Verifile further excludes to the extent permitted by law, all representations, guarantees or conditions that the Services or the Information (or both) are fit for a particular purpose or will meet the Customer’s requirements.
      3. Verifile acknowledges that the Customer Related Persons may receive and Process Personal Data relating to Verifile personnel in connection with Verifile’s performance and the Customer’s and Verifile’s administration or management of this Agreement.  Verifile acknowledges and agrees that the Customer or its Related Persons shall Process such data as part of the Customer’s own Processing activities acting as Controller.
  18. ANNOUNCEMENTS

    Verifile may with the prior written consent of the Customer (such consent not to be unreasonably withheld or delayed) announce or publicly disclose (whether or not by a press release) any matters concerning this Agreement or any case studies arising from the Services.

  19. FORCE MAJEURE 

    1. If either Party cannot carry out its obligations because of events beyond their control for a period of at least thirty (30) calendar days, the Party that cannot perform its obligations will notify the other Party as soon as it is practical to do so.  The defaulting Party’s obligations will be suspended immediately and it must do all it can to rectify the situation as soon as possible.
    2. Events beyond the control of either Party include the following acts or circumstances which neither Party can prevent, including but not limited to acts of God, epidemics, pandemics, strikes, lockouts or other industrial disturbances, wars, blockades, riots, epidemics, landslides, lightning, earthquakes, fires, storms, civil disturbances and terrorism, governmental regulations and directions. 
    3. Verifile will use all reasonable endeavours to continue to provide the Services but in the event that it is prevented from doing so, the Services may be deferred until such time as Verifile is able to resume performance of the Services.
    4. If either Party cannot carry out its obligations due to events beyond its control for a period of more than one hundred and eighty (180) days, the other Party will be entitled to terminate this Agreement immediately upon written notice.
  20. TRANSFERRING RIGHTS
    The rights granted by virtue of this Agreement are personal.  Neither Party can transfer or grant any of these rights to anyone else without the permission in writing of the other.  This permission must not be unreasonably withheld or delayed.

  21. WAIVER AND VARIATION 

    1. If either Party fails to exercise any right or solution available under this Agreement, any failure or delay will not prevent either Party from relying on those rights or solutions in the future. 
    2. Unless otherwise expressly permitted by any provision, a variation of this Agreement is valid only if it is in writing, making express reference to this Agreement and signed by a duly authorised representative of each Party.
  22. SEVERANCE
    1. If a court finds any part of the Agreement to be invalid, it will be deleted and the rest of the Agreement will stay in full force. 

    2. The Agreement cancels and supersedes any prior oral or written commitments relating to the Services.
  23. LAW

    Both Parties agree that this Agreement will be governed by English law.  The courts of England will have the exclusive jurisdiction to settle any disagreement that may arise out of, under or in connection with this Agreement.

  24. NOTICES
    1. All notices or other communication given by a Party under this Agreement shall be: 

      1. in writing and in English; 

      2. signed by or on behalf of the Party giving it (except for notices sent by email); and 

      3. sent to the relevant Party at the address set out in clause 24.3 (Notices). 

    2. All notices are deemed to have been received: 

      1. by hand, on delivery; 

      2. by first-class Royal Mail Signed For post, at 9:00am on the second (2nd) Business Day after posting; 

      3. by international tracked and signed post, at 9:00am on the third (3rd) Business Day after posting; 

      4. by email, on receipt of a delivery email from the correct address or twenty-four (24) hours from delivery if sent to the correct email address and no notice of delivery failure is received.  

        Notices and other communications shall be sent to: 

        Verifile: 

        Customer: 

        Address: Verifile Limited, 5 Franklin Court, Stannard Way, Priory Business Park, Bedford, MK44 3JZ 

        Address: Address: Verifile shall use such addresses as are provided as part of the online registration process for the purposes of any notices to the Customer 

        Email: info@verifile.co.uk; Service@verifile.co.uk and Accounts@verifile.co.uk 

        Email: Verifile shall use such email addresses as are provided as part of the online registration process for the purposes of any notices to the Customer 

  25. RELATIONSHIP

    The relationship of Verifile to the Customer shall be that of an independent contractor and nothing in this Agreement is intended to, or should be constructed to create a partnership, agency, joint venture or employment relationship. 

  26. THIRD PARTY RIGHTS

    Only the Customer and Verifile have legal rights under this Agreement.  Under the Contract (Rights of Third Parties) Act 1999, no-one else will be able to enforce any part of this Agreement.

  27. DISPUTE AND MEDIATION CLAUSE 

    1. Should a dispute arise relating to this Agreement or the Services under it, the Parties shall use all reasonable endeavours to resolve it by a discussion between their duly authorised senior management, negotiation and mediation before legal proceedings are brought.
    2. This Agreement has been entered into on the date stated at the beginning of it

       

SCHEDULE 1 - DESCRIPTION OF PROCESSING

[AS REQUIRED BY ARTICLE 28(3) GDPR]

Description of the Processing Activities including the subject matter, nature and duration of Processing

The Processing of Personal Data is as follows:

The Personal Data shall be Processed as necessary for Verifile to provide the Services (as described in the Agreement and updated from time to time in writing).  Verifile Processes the Personal Data using its web-based platform, email servers and where applicable in hard copy format as well.  Processing of Personal Data shall take place for the duration of this Agreement, unless otherwise directed by the Customer.

Data Subjects

The Personal Data relate to the following categories of Data Subjects:

  • Individuals about whom Customer requires background checks carried out or references obtained for the Customer’s business purposes.
Purposes of the Processing

The Processing is necessary for the following purposes:
  • Completion of background checks and/or the obtaining of references for the Data Subjects noted above.
Categories/types of Personal Data

The Personal Data Processed fall within the following categories of Personal Data:
  • Personal details of the Data Subject, including name (current and former), date and place of birth, gender or sex, address history, contact information, nationality, fingerprints, photograph, documents to prove identity or address, government issued identity numbers, immigration status;
  • Criminal, court and police records, including barred and watchlists;
  • Financial history, including credit reports, bankruptcy, court records, tax information, salary and income, real estate ownership, shareholding, financial sanctions, bank accounts;
  • Employment (including volunteering) and self-employment history, including employer’s name, period, job title, status, location, duties, performance, compensation, disciplinary or sanctions, supervisor, conduct, reason for leaving, opinions about you;
  • Education history, including institution’s name, period, status, location, performance, exam results, qualifications awarded, disciplinary or sanctions, supervisor, conduct, opinions about you;
  • Gap history, including activities you have undertaken, period, documents to prove these, character referees, opinions about you;
  • Professional credentials, designations, licences, memberships, associations, awards, sanctions or reprimands;
  • Health information, including results from occupational health assessment, drug test and GP letter;
  • Driving records, including driving licence details and copy, status, points, convictions, sanctions, restrictions, medical history, insurance;
  • Media coverage, including social media, politically exposed persons, press articles, press releases, internet activity (e.g. blogs, forums etc.);
  • Other public record information;
  • Associations to other people and groups including family and household members, professional, political and others;
  • Telephone call recordings;
  • Your opinions about your experience with Verifile.
Sensitive Personal Data including special categories of Personal Data and Personal Data relating to actual or alleged Criminal Offences or Convictions

The Personal Data Processed fall within the following special categories of Personal Data:
  • Health information;
  • Biometric information, including fingerprints.
The Personal Data Processed fall within its own category of Personal Data:
  • Relating to criminal convictions and offences;

The obligations and rights of the Customer as the Controller of the Personal Data Processed in connection with this Agreement are set out in this Agreement and in the Data Protection Legislation.

 

Change Record

Version Date Modified Modified by Modification
4.1 18 July 2022 Eyal Ben Cohen Revised and updated version.
4.0  7 January 2022 Eyal Ben Cohen

Revised and updated version. 
For version 4 click here.

3.0  16 April 2019  Eyal Ben Cohen

Revised and updated version including GDPR compliance.
For the version 3 click here.

2.0 2005  Eyal Ben Cohen For version 2 click here.