General terms and conditions

The Chapters [1, 2, 4 and 7] of the Nederland ICT (ICT ~Office) terms and conditions are applicable as General Terms and Conditions for all Verifai's products and services. 

Payment terms and conditions

Last version: 17 November 2020

PLEASE, READ THESE PAYMENT TERMS AND CONDITIONS VERY CAREFULLY. BY DOWNLOADING, ACCESSING, OR USING VERIFAI PRODUCTS AND SERVICES, INCLUDING BUT NOT LIMITED TO THE MOBILE SDKS FOR IOS AND ANDROID, WEB SDK, THE VERIFAI APP FOR IOS AND ANDROID, YOU AGREE TO BE BOUND BY THESE PAYMENT TERMS AND CONDITIONS AND ALL TERMS INCORPORATED BY REFERENCE. IF YOU DO NOT AGREE TO ALL OF THE FOLLOWING TERMS, DO NOT PURCHASE OR PROCURE ANY VERIFAI PRODUCTS AND/OR SERVICES.

Chapter A: Definitions

Article 1: Definitions

 1.1 Terms & Conditions (hereinafter referred to as “Terms”): any agreement between Verifai and the other party to which these payment terms & conditions are applicable. These General Purchase Terms and Conditions are deemed to constitute part of such an agreement.

 1.2 Verifai (hereinafter referred to as “Verifai”, “us”, “we”, “Supplier”): the legal entity Verifai B.V. and/or companies that are affiliated with this legal entity.

 1.3 Customer (hereinafter referred to as “Customer” or “you”, “other party”): the user of the Verifai Products and Services

1.4 Verifai Products and Services: all products and services that are offered by Verifai via the website, dashboard, or other sources (including but not limited to Github, Play Store, and App Store):

1.5 General Terms and Conditions: Chapters [1, 2, 4 and 7] of the Nederland ICT (ICT ~Office) terms and conditions.

1.6 Successful scan: one scan is the complete verification of an ID, including any additional document authenticity checks you would like to perform. Only completed scans are counted. If a document has two sides (front and back), the verification of the entire document is counted as one scan.

1.7 SMS Service: Verifai sends a unique link or token by SMS to continue the identity verification procedure.    

Chapter C: Payment Terms and Conditions

Article 2: General terms

2.1 The customer shall remain responsible and liable for the provision of up-to-date and accurate information about the customer’s business, including: company name, billing email address, country, company website, (mobile) phone number, contact details, billing address, VAT/GST number, chamber of commerce number, and payment details.

2.2 The customer shall pay per successful scan (pay per scan), which includes one (1) side of a passport or two (2) sides of other identification documents.

2.3 The customer shall pay per successful sms (pay per sms) when using the SMS service. The pricing may change at any time, unless Verifai and Customer have a formal written agreement for a certain amount per successful sms. Thereby, the price per SMS may vary per country. 

2.4 The customer agrees that payment liabilities shall start the moment the Verifai license for the implementation or solutions is changed by the customer, or by Verifai upon written request of the customer, to the ‘paid’ status.

2.5. The Customer shall complete the payment of an invoice in one go, unless agreed in writing to pay in instalments, where each expired term is deemed to constitute a separate payment.

2.6 Only the pricing as displayed on the Verifai DashboardVerifai website, and Verifai App for iOS and Android are valid pricing schemes and are applicable to all Verifai products and services. The customer cannot derive any rights under any circumstances from different pricing that is communicated via other channels than the Verifai DashboardVerifai Website, and Verifai App for iOS and Android.

Article 3: Monthly billing

3.1 The paid Verifai license shall start immediately after the customer changed the Verifai license to ‘paid’ in the Verifai dashboard. The day you changed your Verifai license into a ‘paid’ license is the day the customer originally signed up for the ‘paid’ Verifai license.

3.2 An invoice shall be created on a monthly billing plan, starting on the day you originally signed up for the ‘paid’ Verifai license and the customer performed at least one (1) successful scan.

3.3 Verifai shall send the customer an invoice based on the successful scans performed in the previous month, immediately after the 1-month period has ended.

3.4 If the customer does not perform any successful scans within the 1-month period, no invoice will be send to the customer.

3.5 1-month periods automatically renew every month, on the day the customer originally signed up for the ‘paid’ Verifai license.

Article 4: Credit card

4.1 The customer shall remain responsible and liable for the provision of up-to-date and accurate information about credit card details, including the credit card number, CVC-code, expiry date, and name of the credit card holder.

4.2 Verifai only accepts credit card payments made with a valid credit card.

4.3 Verifai only supports the following credit cards: Visa, Mastercard, American Express, Discover, Diners Club, and JCB. Other payment methods are available upon request.

4.4 The Verifai license can only be changed to ‘paid’ if valid credit card details are provided by the customer and payment with credit card is selected in the Verifai dashboard, unless other agreements are made between Verifai and the customer.

Article 5: Wire transfer

5.1 Verifai shall not accept wire transfer payments without written permission. If the customer pays the invoiced amount via wire transfer, Verifai shall, under any circumstances, transfer the unsolicited payment back to the originating bank account number. The payment obligation of the Customer remains enforced until payment of the invoiced amount has been fulfilled by credit card. 

5.2 Only if Verifai and Customer agree on Wire Transfer, both in writing and in an official agreement upon changing the Verifai license to ‘paid’, an invoice will be send to the billing email address specified by the customer within the agreed time frequency (monthly or annually). After receiving the invoice, payment needs to be made within 30 working days. The received value date as stated on the bank account of Verifai is regarded as the date of payment.

5.3 If payment is not performed in time, Verifai shall suspend the provision of all Verifai products and Services until the customer has fulfilled all the payment obligations.

5.4 The customer is not allowed to perform a wire transfer payment that causes additional bank charges for Verifai, unless otherwise agreed. In such a case, Verifai has the right to recover the additional costs from the customer. 

Article 6: Non-chargeable paid program

6.1 Verifai offers specific customers a partner program to give these customers the opportunity to implement Verifai products and services in demo applications. Upon written agreement from Verifai, the Verifai ‘paid’ license can be changed to a ‘non-chargeable paid’ Verifai license, based on a ‘fair use policy’. 

6.2 If the customer misuses the fair use policy of the ‘non-chargeable paid’ Verifai license based on demonstrable grounds, the Verifai ‘non-chargeable paid’ license will immediately be withdrawn, and the Verifai account will be suspended.

Article 7: Refunding

7.1 The fees for any plan are billed on a periodic basis and are non-refundable unless otherwise agreed. Therefore, no refunds will be given to the customer. 

7.2 If a customer cancels a subscription mid-month, then no refunds are given for the successful scans that have already been performed in the bill cycle. The customer receives an invoice of the outstanding bill at the end of the billing cycle.

Article 8: Subscription cancellation

8.1 The customer is allowed to cancel the subscription at any time by using the Verifai Dashboard or by contacting Verifai directly. No refunds are given for scans that have already been performed in the billing cycle. 

8.2 Subscription cancellation results in a license withdrawment. No other scans can be performed by products using the disabled license.

8.3 The customer is still required to pay for the outstanding bills and invoices when a subscription is cancelled. 

8.4 In case of abuse or fraudulent behaviour based on demonstrable grounds, Verifai is allowed to withdraw the corresponding license immediately. 

Article 9: Account inactivity

9.1 In the case of long license inactivity, Verifai has the right to withdraw the Verifai license. Verifai will never withdraw a license due to inactivity without first contacting the customer several times. 

9.2 Verifai considers a license inactive when no scans are performed with the license for 12 months. 

Article 10: Laws and jurisdiction

10.1 These Terms are construed under and governed by the laws of The Netherlands without regard to conflicts of law provisions thereof. The parties irrevocably agree that the District court Noord-Nederland, location Groningen, the Netherlands shall have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection to this agreement.

10.2 These Terms  are published in Dutch and in English. In the event of differences of interpretation, the Dutch version shall prevail and shall be binding between the Parties. 

10.3 The terms as mentioned in the Payment Terms & Conditions are strict deadlines according to the Dutch Law (Article 6:83 part a BW). 

10.4 The customer is legally in default if payment is not made within the agreed payment term. Verifai is legally entitled, without prejudice to its other rights, to claim the entire payment due, including trade interest, from the due date of the relevant invoice up to and including the day of full payment. In that case, all extra judicial and judicial costs are at the expense of the customer. The amount of extrajudicial and judicial costs is calculated with a minimum of € 350 conform the Dutch Bar Association. All costs that are included in Verifai bookkeeping will be used as proof related to its course. 

10.5 Verifai reserves the right to change any of the information stated above. In such a case, no right can be derived from previous payment terms and conditions.

 

Addendum Data Processing Agreement

Last version: 17 November 2020

PLEASE, READ THIS DATA PROCESSING AGREEMENT VERY CAREFULLY. BY DOWNLOADING, ACCESSING OR USING THE VERIFAI CLOUD PRODUCTS AND SERVICES, YOU AGREE TO BE BOUND BY THIS DATA PROCESSING AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE BELOW TERMS, DO NOT USE THE VERIFAI CLOUD PRODUCTS AND SERVICES.

Chapter A: Definitions

Article 1: Definitions

In this Data Processing Agreement a number of definitions is used with a capital letter. Contrary or in addition to these definitions, the following definitions in this Data Processing Agreement are understood:

1.1 Verifai (hereinafter referred to as “Verifai”, “us”, “we”, “Supplier”, “Verifai”): The legal entity Verifai B.V. and/or the companies that are affiliated with this legal entity

1.2 Customer (hereinafter referred to as “Customer” or “you”, “other party”, “Customer”): the user of the Verifai Services.

1.3 Parties: Verifai and Customer

1.4 Data Subject: the natural person to whom the Personal Data relates.

1.5 Verifai Cloud Services: all Verifai products and Services which are hosted on the servers of Verifai and allows the user to support and perform identity verification. 

1.6 Personal Data Breach: a breach of the security which accidentally or unlawfully leads to the destruction, the loss, the alteration or the unauthorized disclosure of or the unauthorized access to transmitted, stored or otherwise processed data. 

1.7 Personal Data: all information concerning an identified or identifiable natural person that Verifai processes in the context of the Agreement in the interest of the Customer.

1.8 Regulation: Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons in connection with the processing of personal data and concerning the free movement of this data and the repeal of the Directive 95/46/EG (General Data Protection Regulation).

1.9 Agreement: this Data Processing Agreement including considerations and accompanying appendices.

1.10 Criminal Activities:  unlawful activity, such as, but not limited to: (identity) fraud, scam and Anti-Money Laundering. 

1.11 Processing: an operation or set of operations pertaining to the Agreement with reference to Personal Data, or a set of Personal data, whether executed or not via automatized processes, such as collecting, recording, organizing, structuring, storing, updating or changing, requesting, consulting, using, supplying through transmission, disclosure or otherwise making available, aligning or combining, protecting, deleting or destroying.

1.12 General Terms and Conditions: Chapters [1, 2, 4, and 7] of the Nederland ICT (ICT ~Office) terms and conditions apply.

Article 2: Considerations

2.1 · Insofar as Verifai processes Personal Data in the interest of Customer within the context of the Agreement, Customer qualifies as Customer of the Processing of Personal Data and Verifai as Verifai pursuant to article 4, section 7 and section 8 of the Regulation.

2.2 · In executing the Principal Agreement, Verifai shall process data for which the Customer is and remains responsible. This data includes personal data as defined in the General Data Protection Regulation (EU 2016/679), hereinafter referred to as “GDPR”.

2.3 · Parties in this Data Processing Agreement, as described in article 28 (3) of the Regulation, wish to lay down their agreements concerning the Processing of Personal Data by Verifai.

Chapter B: General Clauses

This chapter with general provisions applies to all Verifai Cloud Services.

Article 3: Subject of this Data Processing Agreement 

3.1 This Data Processing Agreement regulates the Processing of Personal Data by Verifai in the context of all Verifai Cloud Services.

3.2 Chapters [1, 2, 4, and 7] of the Nederland ICT (ICT ~Office) terms and conditions apply to this Agreement.

3.3 In all situations, Verifai will reject any supplementary and/or deviating conditions made by the Customer, unless both parties have expressly agreed in writing. If a conflict occurs between this Data Processing Agreement and any other written agreement between the Customer and Verifai, including the General Terms and Conditions, the Terms described in this Data Processing Agreement shall always prevail.

3.4 Only Verifai has the right to make changes to the Data Processing Agreement. The changes will take effect immediately, and users will be informed.

3.5 The nature and the purpose of the Processing, the type of Personal Data and the categories of the Data Subjects are detailed in Appendix 1.

3.6 Verifai guarantees the compliance with appropriate technical and organisational measures to ensure that the Processing fulfils the requirements of the Regulation and warrants the protection of the rights of the Data Subject.

3.7 Verifai guarantees to fulfil the requirements of the applicable legislation and regulations concerning the processing of Personal Data.

Article 4: Subject of this Data Processing Agreement 

4.1 This Data Processing Agreement comes into force when the Customer creates a new Verifai Cloud Services implementation in the Verifai Dashboard.

4.2 This Data Processing Agreement ends after and to the extent that Verifai has erased or returned all Personal Data in accordance with article 11.

4.3 Neither Parties can terminate this Data Processing Agreement before the end of the term.

Article 5: Extent Processing Authority Verifai  

5.1 Verifai processes the Personal Data exclusively by the order of Customer with the exception of legal provisions that apply to Verifai.

5.2 If at the discretion of Verifai an order or instruction as referred to in the first paragraph is in contradiction with a legal provision concerning data protection, Verifai notifies the Customer prior to the processing, unless a legal provision prohibits this notification.

5.3 In case Verifai must provide Personal data in accordance with a legal obligation, he notifies the Customer immediately, and if possible prior to the provision.

5.4 Verifai has no control over the purpose for the Processing of Personal Data. Customer uses Verifai Cloud Services only for the purpose of performing and or facilitating identity verification services regarding the Data Subjects.

5.5 Customer uses the available Verifai Cloud Services as is for the Processing of Personal Data.

5.6 Customer never uses Verifai Services for the purpose to perform Criminal Activities, only to prevent Criminal Activities, failing to do so obligates Customer to be due a fine of €5,000 (in words: five thousand euros) per day.

Article 6: Security of the Processing

6.1 Verifai takes the technical and organisational security measures as described in Appendix 2.

6.2 Parties acknowledge that warranting an appropriate security level may continually obligate them to take additional security measures. Verifai guarantees a security level adjusted to the risk.

6.3 Verifai informs Customer without undue delay as soon as Verifai learns about unlawful Processing of Personal Data or breaches to security measures as mentioned in clauses 6.1 and 6.2.

6.4 Verifai provides assistance to Customers to achieve compliance with the obligations under articles 32 through 36 of the Regulation.

6.5 Any form of Personal Data is confidential in nature. Verifai ensures that persons, including, but not limited to, employees, who participate in Processing with Verifai are bound by a non-disclosure agreement (NDA) in the context of the Personal Data.

Article 7: Sub-processors

7.1 Customer provides Verifai hereby with a general authorization to engage sub-processors. Verifai shall impose the same data protection obligations on the Sub-processor as set out in this Data Processing Agreement, especially in relation to the implementation of appropriate technical and organizational measures.

7.2 When Verifai engages another sub-processor to perform processing activities in the interest of the Customer, this other sub-processor will be subjected to the same obligations regarding data protection in case of an agreement as those detailed in this Data Processing Agreement.

7.3 When Customer engages another (sub-)processor to perform processing activities in the interests of the Customer, whereby the other (sub-)processor uses the Verifai products and services for processing activities, the Customer is fully liable and responsible for drafting and signing a Data Protection Agreement in accordance with the Regulation. The Customer shall indemnify and defend Verifai against all claims, fines and costs that are indirectly or directly caused by violating the provisions under this Article.

Article 8: Assistance due to rights of the Data Subject

8.1 Verifai provides assistance to the Customer for the compliance with his duty to answer requests concerning the execution of the rights of the Data Subject as determined in Chapter III of the Regulation.

Article 9: Breach concerning Personal Data

9.1 Verifai notifies Customer without delay as soon as he learns about a Personal Data Breach.

9.2 Verifai is obligated to notify Customer after a report on grounds of the first section of this clause about any developments pertaining to the Personal Data Breach.

9.3 Parties themselves bear the costs associated with the report as mentioned in the second section of this clause, including those associated with notifying the competent supervising authorities and Data Subject.

Article 10: Return of Personal Data

10.1 Customer can terminate the Agreement only, by terminating the Verifai Customer account. The Verifai Customer account can be terminated by sending a request to privacy@verifai.com. All requests will be processed within 30 (thirty) days.

10.2 After termination of the Agreement, Verifai takes responsibility for the return of the Personal Data to the Customer or for destroying all Personal Data, depending on the decision of the Customer. Verifai is obligated to destroy any copies, notwithstanding deviating legal obligations.

10.3 Verifai subsequently returns and erases the lawful Personal data within 30 (thirty) days after the end of the Agreement.

10.4 Personal Data are returned in the format and manner as determined by Verifai.

Article 11: Information disclosure and audit

11.1 Verifai makes all data available that is required to prove that the obligations as detailed in this Data Processing Agreement are and will be fulfilled.

11.2 Verifai shall have the right to commission an independent registered auditor to perform an audit or similar type of check in respect of the compliance of the ‘Regulation’.

11.3 Verifai shall provide the Customer with appropriate urgency information about compliance with the aforesaid ‘Regulation’. 

11.4 If Customer uses the right to perform an audit of Verifai, Customer will bear the direct costs of the auditor.

Article 12: Liability 

12.1 Amongst other things, Customer bears the responsibility and is in that respect fully liable for (the determined purpose of) the Processing, the use and the content of the Personal Data, the provision of data to third parties, the duration of storage of the Personal Data, the manner of Processing and the use of resources for this purpose.

12.2 This Data Protection Agreement shall be seen as Instructions from Customer to Verifai for the processing of Personal Data. Customer is fully responsible for ensuring that the Instructions it provides  to Verifai to Process the Personal Data are in accordance with any applicable laws and regulations (including the General Data Protection Regulation Laws). In case of infringement of such laws and regulations, Customer shall indemnify and hold Verifai harmless for any claims or complaint from a Data Subject following therefrom. Customer shall notify Verifai as soon as it believes that an instruction from Customer in this Data Protection Agreement might violate the General Data Protection Regulation or any Data Protection laws. Any failure by Verifai to notify Customer shall not affect Customer’s responsibility and liability for its instructions.

12.3 The Customer shall indemnify Verifai under all circumstances for all third-party claims regarding defective or incompleteness of Verifai Cloud Services, and the loss and/or theft of all data processed and/or stored by Verifai Cloud Services,  within the meaning of the product liability provisions contained in the Dutch Civil Code.

Article 13: Other Conditions

13.1         Only Verifai is entitled to make changes to the Data Processing Agreement. The amendments will come immediately into effect, and users will be informed by providing an in-app notice, and in-dashboard notice,  sending the user an email to the provided email address, or by updating Verifai Cloud Services to the “Last Version”. If you continue to use Verifai Cloud Services, you automatically confirm your acceptance of the revised terms in this Agreement.

13.2         Verifai shall revise this agreement according to altered or additional regulations, additional instructions of the relevant authorities and advancing developments in the application of the GDPR (for example by, but not limited to, legal precedents or reports), the introduction of standard provisions and/or other events or developments that require such a revision.

13.3       The provisions in this agreement remain valid for as long as necessary for the finalisation of this agreement and insofar as they are intended to survive the end of this agreement. To this last category belong, amongst other things, without being limited to these, provisions regarding secrecy and disputes.

13.4         This agreement prevails above all other agreements between Customer and Verifai.

13.5 This Agreement shall be construed under and governed by the laws of The Netherlands without regard to the conflicts of law provisions thereof. The parties irrevocably agree that the District court Noord-Nederland, location Groningen, the Netherlands shall have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection to this agreement.

Appendix 1. The Processing of Personal Data

This appendix details the Processing of Personal Data as mentioned in clause 3.5 of this Agreement.

The subject/nature and goal of the Processing:  Performing identity verification Services
Description categories Personal Data:
  • Personal data retrieved from identity documents;
  • Digital footprint
  • Biometric data (if applicable)
  • Contact details  (if applicable)
Description categories Data Subjects: Direct or indirect customers of Customer 
Description categories receivers of Personal Data:
  • Verifai
  • Data center/hosting provider
  • Credit check agencies (if applicable)
  • Background check agencies (if applicable)
  • Biometric verification providers (if applicable)
  • OCR service providers (if applicable)
  • SMS verification provider (if applicable)
Reasons for Processing:  Know your customer, customer due diligence, identity verification.

 

Appendix 2. The Processing of Personal Data

Verifai bears responsibility for ensuring the following technical security measures:

Security of computers and systems:

 The computer system of Verifai with which Customer applications are approached are to be sufficiently protected to guarantee the impossibility of data leakage of Personal Data.

Recommendation: sufficient protection of a computer starts with being up-to-date:

1. Operating system which is supported by its supplier and which contains the latest patches and updates. 

2. Standard antivirus software which regularly performs a complete scan of the system.

Storage period Personal Data:

Personal Data shall not be stored any longer than necessary for its intended purposes. This means that, within a reasonable period of time after termination of the contract and payment of all due bills, Verifai will irreversibly destroy all Personal Data.

Prevention of unauthorized access to computer systems:

Preventing unauthorized persons from accessing computer systems which are used for Processing Personal Data;

Control over Personal Data carriers:

Prevention of unauthorized persons from reading, copying, altering or destroying Personal Data carriers;

Digital property:

Prevention of employees from copying, altering or destroying digital property such as pictures, videos, chat logs, e-mails etc. from Personal Data carriers.

Control over storage: 

Prevention of unauthorized input of Personal Data and unlawful viewing, altering or destruction of stored Personal Data;

Control over user: 

Prevention of unauthorized individuals from accessing systems intended for Processing of Personal Data;

Control over access to data: 

Ensuring that authorized individuals can only access Personal Data stored on systems used for Personal Data Processing within the scope of their authority; 

Control over communication: 

Ensuring the possibility of ascertaining the identity of the natural or legal persons who have been, or could have been, the recipient of Personal Data as well as the identity of the person(s) to whom Personal Data has been made available;

Control over input:   

Ensuring the possibility of ascertaining which Personal Data has been entered into automated systems, as well as when and by whom this data has been entered;

Control over transport: 

Prevention of unauthorized individuals from reading, copying, altering or destroying Personal Data during transport of Personal Data carriers;

Recovery:

Ensuring that installed systems can be recovered within a reasonable amount of time after malfunctioning;

Reliability:

Ensuring that the features of the system used for Personal Data Processing are operational and that any errors within the systems are duly reported;

Integrity:

Ensuring that stored Personal Data cannot be damaged due to malfunctions in the system;

Necessity:

Ensuring that stored or sent Personal Data is protected from unauthorized or unintended Processing, including storage, access, disclosure, alteration, loss or destruction;

Employees:

Ensuring that employees are authorized and sufficiently qualified to perform the tasks entrusted to them and to ensure that employees are sufficiently instructed by Verifai when it comes to the procedures and legal requirements pertaining to the obligations of Verifai derived from this appendix.