loading='lazy' Learn About ValidSoft’s Recommendations for Evaluating Deepfake Detection Solutions

License

THIS LICENSE AGREEMENT & TERMS (“Agreement”) is

effective from the day that you start to use the ValidSoft voice biometric services (“Effective Date”), and constitutes an agreement between you (the “Customer”) and VSFT Holdings, Inc (“ValidSoft”) a limited liability company created and existing under the laws of Delaware, USA.

ValidSoft and Customer may hereinafter be referred to individually as a “Party” and jointly as the “Parties.”

RECITALS

WHEREAS, ValidSoft wishes to provide to Customer and Customer wishes to procure from ValidSoft certain voice biometric authentication software and services pursuant to the license terms and conditions set forth in this Agreement; and   WHEREAS, Customer wishes to use and pay for the ValidSoft products, solutions, and/or services as defined herein.   NOW, THEREFORE, for and in consideration of the mutual covenants contained herein, and for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the Parties hereto do hereby covenant and agree as follows:

1.   SERVICE.

  1.1  Service. ValidSoft agrees to provide the voice biometric authentication software-as-a-service (the “Service”) as described in Schedule 1 to this Agreement, all of which Schedules are hereby incorporated herein and made a part hereof this end user license Agreement. In the event of any conflict between the terms of this Agreement and any Schedule, the provisions of the Schedule shall take precedence.

1.2  Support. In return for timely payment for the Services, ValidSoft will provide the support services in accordance with Schedule 2.

1.3   Service Description. The description of the Service(s) provided to Customer under the terms of this Agreement are set out in Schedule 1 attached hereto and made a part hereof.

2.   TERM; TERMINATION.

2.1  The term of this Agreement shall commence on the Effective Date and continue for a period of three (3) years (the “Initial Term”), or such other term as may be prescribed in your purchase order or similar agreement. Upon expiration of the Initial Term, this Agreement shall automatically renew for one (1) year term (with each such additional one-year term, together with the Initial Term, being referred to as the “Term”).

2.2  This Agreement may be terminated:

2.2.1 after the Initial Term by the Customer upon ninety (90) days prior written notice to ValidSoft.

2.2.2 on fourteen (14) days advance written notice by ValidSoft where the Customer has failed to make a payment due pursuant to this Agreement.

2.2.5 immediately by either Party if the other Party becomes the subject of a petition in bankruptcy or any other proceeding (whether voluntary or involuntary), relating to insolvency, administration, receivership, administrative receivership, liquidation, or assignment for the benefit of creditors or takes or suffers any similar or analogous procedure, action or event in consequence of debt in any jurisdiction.

3.   DEFAULT.

3.1  A Party shall be in default under this Agreement if it: (i) materially violates any applicable law, regulation, statute, ordinance, code, or other legal requirements with respect to the Service and such violation is not remedied within seven (7) days after written notice thereof, (ii) fails to perform any material obligation (including payment of fees) under this Agreement and such performance is not remedied within seven (7) days after written notice thereof, or (iii) materially breaches a representation or warranty herein and such breach is not remedied within thirty (30) days after written notice thereof.

4.   PAYMENT.

4.1   Payment Method. The customer shall pay the charges for the Services by ACH or wire transfer to the details notified to you by ValidSoft.   If Customer does not make payment of undisputed invoiced charges, ValidSoft may suspend Services after it has given Customer written notice and fourteen (14) days to cure the nonpayment. ValidSoft is not required to reinstate the Service to Customer until Customer has paid in full all undisputed charges then due, including any interest charges. At the time Customer makes payment in full of all undisputed charges, ValidSoft shall reinstate the Service within twenty-four (24) hours at no charge to Customer. If Customer fails to timely cure the nonpayment, Customer will be deemed to have canceled the Service as of the effective date of the suspension.

4.4  Late Payments. Any undisputed past due amounts are subject to a late charge in the amount of 1.5% per month compounded monthly, or the maximum rate allowable by law, whichever is less in addition to any other remedies available to ValidSoft pursuant to this Agreement.

4.5  Suspend or Discontinue Service. ValidSoft reserves the right to suspend or discontinue performance including the provision of the Service(s) at any time in the event that Customer is in default of Section 4.1 of this agreement with fourteen (14) Business Days advance written notice.

4.6  Taxes. Customer is responsible for, and shall pay, any applicable taxes, fees, or charges now in force or enacted in the future, that arise from or as a result of Customer’s subscription or use or payment for the Service other than taxes on income received by ValidSoft.

5.     REPRESENTATION AND WARRANTIES.

5.1   Representations. Each Party represents and warrants to the other, on an ongoing basis, that: (i) it has the right to provide and/or receive the Services specified herein, and that it is an entity, duly organized, validly existing, and in good standing under the laws of its country of incorporation, with all of the requisite power to enter into and perform its obligations under this Agreement in accordance with its terms.

5.2  Disclaimer of Warranties.

ValidSoft warrants that it will provide the Services with good industry practice and will use its best efforts to restore Services in case of failure (“Standard of Care”).

THE WARRANTIES AND REMEDIES EXPRESSLY STATED IN THIS AGREEMENT AND IN ANY SCHEDULE ARE THE SOLE AND EXCLUSIVE WARRANTIES OFFERED BY VALIDSOFT. THERE ARE NO OTHER WARRANTIES OR REPRESENTATIONS, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, THOSE OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. THE SERVICES ARE PROVIDED TO CUSTOMERS ON AN “AS IS” AND “AS AVAILABLE” BASIS. THE CUSTOMER ASSUMES ALL RESPONSIBILITY FOR DETERMINING WHETHER THE SERVICE OR THE INFORMATION GENERATED THEREBY IS ACCURATE OR SUFFICIENT FOR THE CUSTOMER’S PURPOSES. VALIDSOFT DOES NOT WARRANT THAT USE OF THE SERVICES WILL BE ERROR-FREE OR UNINTERRUPTED. VALIDSOFT IS NOT RESPONSIBLE FOR HARDWARE OR SOFTWARE INSTALLED OR USED BY CUSTOMERS OR USERS OR FOR THE OPERATION OR PERFORMANCE OF THE INTERNET.

ValidSoft makes no representations, warranties, or claims to Customer regarding the reliability or availability of Services. Additionally, ValidSoft is not liable for any delay or failure to provide Services including, at any time or from time to time, or any interruption or degradation of call quality that is caused by, but in no way limited to, any of the following events:
(a) Act of an underlying carrier, service provider, vendor, or other third parties;
(b) Equipment, or facility failure, upgrade, or modification;
(c) Events such as (but not limited to) acts of god; power outages; strikes; fire; war; riot; or government actions;
(d) Equipment or facility shortage or relocation;
(e) Service, equipment, or facility failure caused by Customer’s loss of power;
(f) Outage of Customer’s Internet service provider or broadband service provider;
(h) Act of Customer or any person using the Service or Device provided to Customer; or any other cause that is beyond ValidSoft’s direct control, including without limitation a failure of or defect of Device and/or failure of a communication link.

ValidSoft’s liability for (i) any failure or mistake; (ii) any claim with respect to ValidSoft’s performance or nonperformance hereunder or (iii) any ValidSoft act or omission in connection with the subject matter hereof shall in no event exceed the lower of the Service charges paid pursuant to this Agreement during the Term or USD $100,000.

6.   INDEMNIFICATION.

6.1  Each Party shall indemnify, defend and hold harmless the other Party and its affiliates, employees, directors, officers, and agents, and their successors and assigns, from and against all third party claims, demands, actions, damages, liabilities, losses, and expenses (including reasonable attorney’s fees) arising from the indemnifying Party’s breach of this Agreement, willful misconduct or gross negligence. ValidSoft shall indemnify defend and hold harmless Customer and its affiliates, employees, directors, officers, agents, and their successors and assigns, from and against all claims, demands, actions, damages, liabilities, losses, and expenses (including reasonable attorney’s fees) arising from or relating to any claim by a third party that the Services or any equipment, products, hardware, software, materials, or other services provided to Customer by ValidSoft or its affiliates or subcontractors infringes upon the proprietary rights of a such third party. Upon receipt of a notice of claim, action, or demand that is subject to this Section, the Party receiving such notice shall notify the other Party promptly. In the event of a claim, action, or demand that is subject to this Section, ValidSoft shall modify the Services or any equipment, products, hardware, software, materials, or other services provided to Customer or procure rights that allow the Customer to continue using the Services or any equipment, products,   hardware, software, materials, or other services provided to Customer.

7.   LIMITATION OF LIABILITY.

  7.1  IN NO EVENT EITHER PARTY OR ITS OFFICERS, DIRECTORS, EMPLOYEES, AFFILIATES OR AGENTS, OR ANY OTHER SERVICE PROVIDER WHO FURNISHES SERVICES TO THE CUSTOMER IN CONNECTION WITH THIS AGREEMENT OR THE SERVICE BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, PUNITIVE, EXEMPLARY, OR CONSEQUENTIAL DAMAGES. THE LIMITATIONS SET FORTH HEREIN APPLY TO CLAIMS FOUNDED IN BREACH OF CONTRACT, BREACH OF WARRANTY, PRODUCT LIABILITY, TORT, AND ANY AND ALL OTHER THEORIES OF LIABILITY AND APPLY WHETHER OR NOT VALIDSOFT WAS INFORMED OF THE LIKELIHOOD OF ANY PARTICULAR TYPE OF DAMAGES.

8.   CONFIDENTIAL INFORMATION.

8.1  Confidential Information. In the course of performing its obligations hereunder, a Party may have access to certain confidential or proprietary information of the other Party (“Confidential Information”), including but not limited to: information about products, services, business plans, trade secrets, discoveries, ideas, designs, drawings, specifications, techniques, models, algorithms, voice data, data, programs, documentation, processes, lists, know-how, marketing plans, customer information, and financial and technical information and other information known to be or should be known to be confidential information or designated by one of the Parties as confidential information.

8.2  Duty Not to Disclose. Neither Party shall disclose the other Party’s Confidential Information, directly or indirectly, under any circumstances or by any means to any third party without the express written consent of the other Party; provided, however, that the obligations of this Section do not apply to any portion of the Confidential Information that is (i) public knowledge through no fault of the receiving Party prior to the disclosure of it by the disclosing Party (as confirmed by the receiving Party’s records), (ii) is acquired from a third party without an obligation of confidentiality, (iii) disclosed pursuant to the lawful requirements or formal request of a government agency (including in response to requests from the SEC, PRA/FCA) or (iv) disclosed to the receiving Party’s agents, advisers or other representatives of a Party or a member of that Party’s group in connection with the provision of Services under this Agreement. If the receiving Party is requested or legally compelled by a governmental agency to disclose any of the Confidential Information of the disclosing Party, the receiving Party agrees that, to the extent legally permissible, it will provide the disclosing Party with prompt written notice of such requests so that the disclosing Party has the opportunity to pursue its legal and equitable remedies regarding potential disclosure.

8.3  Use, Copying, or Transmittal. Neither Party shall copy, transmit, reproduce, summarize, quote, or make commercial or other use whatsoever of the other Party’s Confidential Information, except as may be necessary to perform its duties hereunder.

8.4  Exercise of Care. Each Party shall exercise at least the same degree of care in safeguarding the other Party’s Confidential Information against loss, theft, appropriation by a third party, or inadvertent disclosure as it uses to protect its own Confidential Information and take all steps reasonably necessary to maintain such confidentiality.

8.5  Survival. The provisions of this Section 8 shall survive the termination of this Agreement.

9.   REGULATORY MATTERS; PROPER AND LAWFUL USE OF SERVICE

9.1  ValidSoft, upon reasonable notice to Customer, may cancel or suspend the provision of the whole or any part of any Service which is determined to be a violation of, or no longer permitted under, any applicable law or regulation or of ValidSoft’s license in the jurisdiction. ValidSoft will make reasonable efforts to restore the Service, or provide a permitted functionally equivalent substitute on terms and conditions to be agreed upon by the Parties. The customer shall not be responsible for any payments for such Service following the cancellation or suspension of such Service.

9.2  Customer will use the Service only for the purposes for which it is designed and provided. The customer shall not change, hack, disassemble, modify or disrupt the Service.

9.3  The Parties shall comply with all laws applicable to this Agreement.

9.4  Each Party shall obtain, file, and maintain any tariffs, permits, certifications, authorizations, licenses, or similar documentation as may be required by applicable law or any other governmental body or agency having jurisdiction over its business. Upon the request of a Party, which request shall be no more frequent than once every six months (unless based on a request or order of a government body or agency having jurisdiction over either Party), the other Party will provide copies of the such requested documentation.

9.5  ValidSoft hereby grants to Customer a personal, non-exclusive, non-transferable license during the term of this Agreement to use, in object code form, all software and related documentation owned by ValidSoft (the “Licensed Material”) which may be furnished to Customer under this Agreement and for use only with the Service ordered. Any Licensed Material furnished to Customer under this Agreement shall not be reproduced or copied in whole or in part and will be returned to ValidSoft at the conclusion of the term (or earlier termination) of this Agreement.

9.6  Customer is solely responsible for (a) content of information and communications transmitted using the Services, and (b) use and publication of communications and/or information using the Services. Customer understands and agrees that ValidSoft is only an intermediary for the transmission of Customer and third party information, that ValidSoft plays a passive role as a conduit of information for Customer and third parties, and that ValidSoft neither initiates the transmission of information, selects the receivers of the transmission, nor selects or modifies the information contained in the transmission.

10.  INTELLECTUAL PROPERTY OF VALIDSOFT.

10.1   The ValidSoft Services or software used to deliver the Service to Customer in conjunction with the information, documents, and materials on ValidSoft’s website(s) are protected by trademark, copyright, or other intellectual property laws and international treaty provisions. All websites, corporate names, service marks, trademarks, trade names, logos, and domain names (collectively the “Marks”) of ValidSoft are the exclusive property of ValidSoft and nothing in this Agreement grants Customer the right to use any of such Marks separate and apart from the Services and/or software. If Customer uses the Service through an interface device not provided by ValidSoft, Customer warrants and represents that it possesses all required rights, including software and/or hardware licenses, to use that device with the Service, and Customer shall indemnify and hold harmless ValidSoft against all liability due to Customer’s use of such interface device with the Service.

11.  FORCE MAJEURE.

11.1     NEITHER PARTY SHALL BE IN BREACH HEREOF BY REASON OF ITS DELAY IN THE PERFORMANCE OF ITS OBLIGATIONS HEREUNDER IF THAT DELAY IS CAUSED BY FIRE, FLOOD, EARTHQUAKE, THE ELEMENTS, LIGHTNING, EXPLOSION, WAR, ACT OF TERRORISM, STRIKES, EMBARGO, LABOR DISPUTE, UTILITY CURTAILMENTS, POWER FAILURES, GOVERNMENT REQUIREMENT, ACTS OF GOD OR NATURE, RIOTS, INCENDIARIES, INTERFERENCE BY CIVIL OR MILITARY AUTHORITIES, COMPLIANCE WITH GOVERNMENTAL PRIORITIES FOR MATERIALS, ACT OR OMISSION OF CARRIERS OR SUPPLIERS (OTHER THAN THE PARTIES THEMSELVES), COMPUTER VIRUSES OR WORMS, ‘DENIAL OF SERVICE ATTACKS, HACKING ATTACKS (PROVIDING THAT THE PARTIES HAVE TAKEN REASONABLE STEPS TO PREVENT SUCH COMPUTER VIRUSES OR WORMS, ‘DENIAL OF SERVICE ATTACKS AND HACKING ATTACKS) AND ANY OTHER CAUSES BEYOND ITS REASONABLE CONTROL, WHETHER OR NOT SIMILAR TO THE FOREGOING. FAILURE OF EITHER PARTY TO PERFORM UNDER THIS AGREEMENT, BECAUSE OF THE OCCURRENCE OF AN EVENT OF FORCE MAJEURE LASTING LONGER THAN FORTY-FIVE DAYS WILL, UPON TWENTY-FOUR HOURS WRITTEN NOTICE TO THE OTHER PARTY, REPRESENT A GROUND FOR TERMINATION ONLY OF THE SERVICE AFFECTED BY SUCH EVENT.

12.  DATA PROTECTION & PRIVACY

12.1   If applicable to the data processing contemplated by the Services, the Parties hereby agree to comply in full with ValidSoft’s standard data protection (GDPR) contractual clauses which are at Schedule 3 and form an integral part of this Agreement.

13.  MISCELLANEOUS.

13.1  Notices. All notices, demands, or requests made pursuant to, under, or by virtue of this Agreement must be in writing and sent to the Party to which the notice, demand, or request is being made by (i) by nationally recognized overnight courier delivery for next business day delivery, or (ii) by hand delivery, or to such other street address to which hand deliveries may be made as is specified by a Party by not less than five (5) days prior notice to the other Party given in accordance with the provisions of this Section. Any notice given in accordance with the provisions of this Section shall be deemed given on the date of the initial delivery or initial attempted delivery in the event of rejection or other refusals to accept or inability to deliver because of changed address of which proper notice was not given shall be deemed to be receipt of the notice, request, demand or other communication, provided that such delivery or attempted delivery at the addresses listed below must be on a Business Day between 8:30 a.m. and 5:30 p.m. in the time zone in which such address is located. Legal counsel for the respective Parties may send to the other Party any notices, requests, demands, or other communications required or permitted to be given hereunder by such Party.

Notices to ValidSoft:

Attention: Legal Department VSFT Holdings, Inc. 100 Pearl Street, Hartford, CT, USA [email protected]

13.2  Entire Agreement; Modification. This Agreement contains all of the terms and conditions agreed upon between these Parties with respect to the subject matter hereof, and all prior agreements, understandings, representations, and statements, oral or written, with respect to the subject matter hereof are merged into this Agreement. This Agreement shall not be modified or amended in any respect except by a written instrument executed by or on behalf of the Parties in the same manner as this Agreement is executed, specifically referencing that such written instrument is a modification or amendment of the Agreement.

13.3  Binding Effect. This Agreement shall be binding upon, and shall inure to the benefit of, the Parties hereto and their respective legal representatives, successors, and permitted assigns.

13.4  No Waiver. No consent or waiver, express or implied, by any Party hereto or of any breach or default by another Party in the performance by the other of its obligations hereunder shall be valid unless in writing, and no such consent or waiver shall be deemed or construed to be a consent or waiver to or of any other breach or default in the performance by such other Party of the same or any other obligations of such Party hereunder. Failure on the part of any Party to complain of any act or failure to act of another Party or to declare another Party in default, irrespective of how long such failure continues, shall not constitute a waiver by such Party of its rights hereunder. The granting of any consent or approval following the Effective Date in any one instance by or on behalf of a Party shall not be construed to waive or limit the need for such consent or approval in any other or subsequent instance.

13.5  Third Parties. This Agreement is solely for the benefit of and shall be enforceable only by the Parties hereto and their respective legal representatives, successors, and permitted assigns. No Person other than the Parties shall be entitled to bring any action to enforce any provision of this Agreement.

13.6  Severability. Each provision of this Agreement is intended to be severable. If any term or provision hereof shall be determined by a court of competent jurisdiction to be illegal or invalid for any reason whatsoever, such provision shall be severed from this Agreement and shall not affect the validity of the remainder of this Agreement.

13.7 No Assignment; Sub-Contracting. No Party to this Agreement shall be entitled to transfer, assign or sub-contract any of such Party’s rights or obligations under this Agreement without the prior written consent of the other Parties which consent may be withheld in the sole discretion of such other Parties. Notwithstanding the foregoing either Party may freely assign this Agreement to a group affiliate Company, such as a subsidiary. Any assignment, transfer, sub-contracting, or other disposition which is in violation of this Section is void and of no force and effect.

13.8  Section Headings. All section headings, sections, subsections, paragraphs, subparagraphs, letters, and other reference captions are solely for the purpose of facilitating convenient reference to this Agreement, shall not supplement, limit, or otherwise vary the text of this Agreement in any respect, and shall be wholly disregarded when interpreting the meaning of any provisions hereof.

13.9  Gender; Person or Persons; Party or Parties. Words of any gender used in this Agreement shall be held and construed to include any other gender, and words of a singular number shall be held to include the plural, and vice-versa, unless the context requires otherwise. “Person” or “Persons” where used in this Agreement refers to individuals, individuals acting in a fiduciary capacity, corporations, limited partnerships, limited liability companies, general partnerships, joint stock companies, joint ventures, associations, companies, trusts or other organizations, whether or not they are recognized as separate legal entities. “Party” or “Parties” where used in this Agreement refers to any Person or Persons who or which are signatories to this Agreement.

13.10  Exhibits and Schedules. Each and every exhibit and schedule referred to or otherwise mentioned in this Agreement that is attached to this Agreement is and shall be construed to be made a part of this Agreement by such reference or other mention at each point at which such reference or other mention occurs, in the same manner, and with the same effect as if each exhibit and schedule were set forth in full at length every time it is referred to or otherwise mentioned.

13.11  References. All references to a particular section, subsection, paragraph, and subparagraph numbers refer to the text of the section, subsection, paragraph, and subparagraph so numbered in this Agreement. Unless otherwise specified in this Agreement, the terms “herein,” “hereof,” “hereinafter,” “hereunder” and other terms of like or similar import, shall be deemed to refer to this Agreement as a whole, and not to any particular section, subsection, paragraph or subparagraph hereof.

13.12  Rights Cumulative. Except as expressly limited by the provisions of this Agreement, all rights, powers, and privileges conferred hereunder shall be cumulative and not restrictive of those provided at law or in equity.

13.13  Business Day. “Business Day” shall mean any day other than (i) a Saturday or a Sunday, (ii) a national holiday, or (iii) a day on which banks are required to be closed for business in England, and the United Kingdom. In the event that any date or any period provided for in this Agreement by reference to Business Days shall end on a non-Business Day, the applicable date or period shall be extended to the first Business Day following such date or period.

13.14  Survival. The provisions of this Agreement that, by their nature, are not fulfilled upon the expiration or earlier termination of this Agreement shall survive such expiration or earlier termination and shall remain in full force and effect.

13.15  Counterparts and Electronic Signatures. This Agreement may be executed in any number of counterparts, each of which is an original, and all such counterparts shall constitute one and the same agreement. Any Party using an electronic signature may execute this Agreement, and such signature shall be binding and enforceable to the same extent as an original signature.

13.16  Time of Essence. Time is of the essence in this Agreement.

13.17  Relationship of the Parties. No joint venture, partnership, or agency of any kind shall be deemed created by this Agreement. The Parties are independent contractors and shall not have, nor hold themselves out as having, the power or authority to bind or create liability on behalf of the other Party.

13.18  Publicity. Neither Party will publish or use any advertising, sales promotions, press releases, or other publicity which uses the name, logo, trademarks, or service marks of the other Party without prior written approval, provided either Party may list the other as a supplier/Partner of the Services provided hereunder.

13.19  Choice of Law; Designation of Exclusive Forum. This Agreement and the obligations of the Parties hereunder shall be interpreted, construed, and enforced in accordance with the laws of New York, USA, and the courts in New York, USA, will have exclusive jurisdiction to determine any dispute arising in connection therewith.

BY USING THE SERVICES YOU EXPRESSLY CONSENT TO THE TERMS CONTAINED IN THIS END-USER LICENSE AGREEMENT.
Attachments:

Schedule 1: Service Description (Please ask your ValidSoft Account Manager)

Schedule 2: Support Levels (Please ask your ValidSoft Account Manager)

Schedule 3: Data Protection Conditions (below)

Schedule 3: Data Protection Conditions

INTRODUCTION

This data protection schedule (the “Schedule”) prescribes the legally binding data protection obligations with which clients of ValidSoft that are subject to Data Protection Legislation and ValidSoft itself must comply in order to ensure that the Customer’s use of ValidSoft’s Multi-Factor User Authentication™ Product, which includes telephonic user authentication (the “Software”) for the purpose of strong customer authentication (the “Purpose”) complies with Data Protection Legislation. ValidSoft has provided Guidance Notes which set out how the warranties can best be implemented by these parties in practice, which will be made available to Customers on request (subject to terms and conditions). However, those notes do not constitute legal advice and are not binding. Customers are advised to obtain such advice from their own lawyers and legal advisers. They should refer to the official text of the GDPR in relation to any of the GDPR articles etc. mentioned in this Schedule or in the Guidance Notes.

I. DEFINITIONS

“ValidSoft” means ValidSoft Limited, registered in the Republic of Ireland (Company Number 377068), which provides the Software to the Customer to allow the Customer to securely authenticate the data subjects.

VS Labs” means VS Labs Limited, registered in the United Kingdom (Company Number 11000361), a wholly-owned subsidiary of ValidSoft Limited, which provides technical support to Customers in the setting up and use of the Software.

“Customer” means the company that obtains the Software from ValidSoft under a license for the purpose of securely authenticating the data subjects.

“Party” or “parties” means ValidSoft and/or Customer as the context requires, as party or parties to the Master Services Agreement under which the Software is provided by ValidSoft to the Customer.

“Data subjects” means natural persons to which the personal data is processed in the context of the use of the Software related, typically customers of the Customer who enroll in the Multi-Factor authentication provided through the Software.

“Software” means ValidSoft’s Multi-Factor VoiceID™, VIP®, and/or User Authentication™ products, which include voice-based user authentication.

Data Protection Legislation” means: (i) unless and until the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) is no longer in force, all applicable data protection legislation including the GDPR; the Data Protection Act 2018 and any other applicable EU or national legislation relating to personal data which applies to a party relating to the use of Personal Data; and then (ii) any successor legislation to the GDPR, the Data Protection Act 2018 and any other applicable national legislation relating to personal data which applies to a party relating to the use of Personal Data.

All terms defined in the GDPR shall be given the same meaning in this Schedule as they are given in the GDPR. References to Articles of the GDPR in this schedule are for so long as the GDPR is applicable in the UK and then, the references shall read as references to any successor legislation to the GDPR in the UK.

II. STATUS OF THE PARTIES/ENGAGEMENT OF A PROCESSOR AND A SUB-PROCESSOR
  1. The parties agree that in relation to the processing of any personal data on the data subjects in connection with the use by the Customer of the Software (including the data subjects’ raw Multi-Factor Authentication data (and, if voice biometrics is used, any voice-prints derived from the raw data) (“the processing”), the Customer shall at all times be the sole controller of the processing and the data; ValidSoft shall at all times only be a processor in relation to this processing and those data, and VS Labs shall at all times only be a sub-processor acting under the instructions of ValidSoft. They confirm that this determination of their respective status in relation to the processing and the data reflects the actual, real relationship between them in connection with the provision and use of the Software. Specifically, the Customer hereby specifically authorizes ValidSoft to engage VS Labs as a sub-processor in relation to the processing of personal data in connection with the use of the Software by the Customer and more specifically authorizes ValidSoft to instruct VS Labs to provide it (the Customer) with technical support in the setting up and managing of the Software.
    Note: The above stipulations, read together with the Master Services Agreement and the remainder of this Schedule, all being binding on the parties, constitute the contract or other binding legal act between the controller and a processor required by Article 28(3) GDPR, and the “prior specific … authorization of the controller” under which a processor may engage another processor (i.e., a sub-processor), envisaged in Article 28(2) GDPR.
  1. The Customer warranties set out at III.A, below, seek to ensure that in the use of the Software the Customer will fully comply with the requirements of the Data Protection Legislation applies to the Customer as a controller.
  2. ValidSoft and VS Lab’s warranties set out at III.B, below, seek to ensure that in the carrying out of any tasks related to the use of the Software by the Customer, ValidSoft and VS Labs will fully comply with the requirements of the Data Protection Legislation applicable to them as a processor and a sub-processor.
III. DATA PROTECTION WARRANTIES
A. Customer Warranties
  1. The Customer warrants and represents that in the use of the Software it will fully comply with all the requirements of any applicable Data Protection Legislation, both generally and more specifically in relation to the following specific matters:

4.1  Purpose-specification and -limitation:

  1. The Customer will only use the personal data it obtains or creates in relation to the use of the Software to securely authenticate the data subjects in relation to specific service(s) or product(s) to which the data subjects have signed up and of which they were informed.
  2. The Customer will not use the “Result” of any authentication in any way incompatible with the in-principle prohibition on the taking of fully automated “significant” decisions, contained in Data Protection Legislation (Article 22 GDPR, or with the rules in any national law of the kind mentioned in para. (2)(b) of that article).

4.2 Informing of the data subject: The Customer will provide the data subjects, before any of the data subject’s personal data are obtained for use in connection with the Software, with all the information that must be provided under Data Protection Legislation (Article 12 and 13 GDPR).

4.3 Data subjects’ rights: The Customer will fully permit and facilitate the free exercise by any data subjects of their rights under the Data Protection Legislation, including the rights of access to their data, rectification or erasure of data or restriction of processing, or to object to processing and not be subject to automated individual decision-making, as well as the right to data portability, as provided for in Data Protection Legislation (Article 15 to 22 GDPR, subject only to such restrictions as are provided for in Article 23 GDPR).

4.4 Data security and confidentiality:

4.5 The Customer will adopt appropriately high levels of data security in relation to the processing of any personal data in connection with the use of the Software, including in relation to any transmission of data including to or from ValidSoft or VS Labs, and impose strict duties of confidentiality on all its staff that process or can access those personal data, in accordance with Data Protection Legislation (Article 32 GDPR) and the documentation relating to the Software.

4.6 Data breach notification/communication:

  1. The Customer will notify the competent supervisory authority (data protection authority) of any personal data breach that may pose a risk to the rights and freedoms of natural persons, and in particular of the data subjects, in accordance with Data Protection Legislation (Article 33 GDPR).
  2. The Customer will communicate to the data subjects any personal data breach that may result in a high risk to the rights and freedoms of natural persons, and in particular of the data subjects, in accordance with Data Protection Legislation (Article 34 GDPR).

4.7 Transfers of personal data to non-EU/EEA countries (“third countries”):
The Customer will only transfer any of the personal data processed in connection with the use of the Software to any non-EU/EEA country (“third country”) that has not been held by the European Commission to ensure adequate protection of the data, on the basis of appropriate safeguards as recognized in Data Protection Legislation (as listed in Article 46 GDPR, or in exceptional cases to the extent permitted under Articles 48 or 49 GDPR).

4.8 Accountability and formalities:

  1. The Customer will take appropriate measures to be able to demonstrate compliance with all Data Protection Legislation; with the principles relating to the processing of personal data, set out in Data Protection Legislation (Article 5 GDPR, in particular (“accountability”)); and with this Schedule.
  2. The Customer will comply with any formal requirements imposed by Data Protection Legislation in relation to the processing of personal data in connection with the use of the Software, such as any requirement to appoint a representative (Art. 27 GDPR) and/or a data protection officer (Art. 37 GDPR); maintain records of processing operations (Art. 30 GDPR); carry out a Data Protection Impact Assessment (art. 35 GDPR), or to consult the relevant data protection authority (Art. 36 GDPR) or obtain the authority’s prior authorization (Art. 36(5) GDPR).

4.9  Cooperation with the supervisory authorities The Customer will fully cooperate with any competent supervisory authority (data protection authority), as defined in Data Protection Legislation (Articles 55 and 56 GDPR), in the exercise of any such authority’s tasks or powers under Data Protection Legislation (as listed in Articles 57 and 58 GDPR).

B. ValidSoft warranties issued on its own behalf and on behalf of its sub-processor, VS Labs
  1. ValidSoft warrants and represents that it, and its sub-processor, VS Labs, will implement all appropriate technical and organizational measures to ensure that the processing they will carry out on behalf of the Customer in connection with the Customers’ use of the Software will meet all the requirements of Data Protection Legislation and will ensure the protection of the rights of the data subject. More specifically:

5.1  Processing instructions and parameters:

  1. Processing on the instructions of the Customer: Subject to subclauses (ii) and (iii), below, ValidSoft and VS Labs will only process any personal data on behalf of the Customer in connection with the Customer’s use of the Software in order to enable the Customer to use the Software effectively and in accordance with the Master Services Agreement and this Schedule. They will only process such personal data (in particular, raw Multi-Factor Authentication data, voice prints (if applicable), and authentication “Results”, in Proof-of-Concept [PoC] trials and in any actual deployment) insofar as necessary for this purpose; and will not retain any such personal data for longer than necessary for this purpose. In particular, to the extent that they may process or have access to raw Multi-Factor Authentication data during PoC trials or later, for a short period after the enrolment of the data subjects in the particular authentication scheme (to train the system and improve its performance), they will securely destroy or erase those raw data as soon as they are no longer needed for those purposes. Neither ValidSoft nor VS Labs will use any of the personal data concerned in any personally identifiable format for its own purposes, but it may use those data in a de-personalized format in order to improve the Software.

Note: The above stipulation, read together with the Master Services Agreement and the remainder of this Schedule, and this section III.B in particular, constitute the “documented instructions” to be given to the processor by the controller, referred to in Article 28(3)(a) GDPR.

  1. Processing required by the law of the EU or of the Republic of Ireland (re ValidSoft) or the United Kingdom (re VS Labs), or under an enforceable court- or administrative order of any EU- or Irish or UK court of the body: In accordance with Data Protection Legislation (Article 28(3)(a) GDPR), ValidSoft and VS Labs will process the personal data generated or processed in connection with the Customer’s use of the Software other than as provided for in sub-clause (i), above, if required to do so by the law of the EU or of the Republic of Ireland (re ValidSoft) or the United Kingdom (re VS Labs), or under a court- or administrative order of any EU- or Irish or UK court or body that is enforced against them, but will in such cases inform the Customer of the relevant legal requirement, judgment or order before carrying out the processing, unless the law, judgment or order prohibits such information on important grounds of public interest.iii.  Processing required by the law, or a court judgment or administrative decision, of a country that is not an EU Member State: In accordance with Data Protection Legislation (Article 48 GDPR), ValidSoft and VS Labs will not disclose, transfer or otherwise process any of the personal data they process on behalf of the Customer in relation to the Customer’s use of the Software on the basis of the law of a non-EU Member State. ValidSoft and VS Labs will only comply with any judgment of a court or tribunal or any decision of an administrative authority of a third country requiring them (or either of them) to transfer or disclose personal data to that third country or a recipient in that third country, if the judgment or administrative order is based on and executed in accordance with an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the EU or the Republic of Ireland (re ValidSoft) or the United Kingdom (re VS Labs). In such cases, too, they will inform the Customer of the relevant legal requirement, judgment, or order before carrying out the processing, unless the relevant international agreement, judgment, or order prohibits such information on important grounds of public interest.iv. ValidSoft will not appoint a further sub-processor to VS Labs without the prior written consent of the Customer.

5.2 Data security and confidentiality: ValidSoft and VS Labs will adopt appropriately high levels of data security in relation to the processing of any personal data in connection with the use of the Software by the Customer and/or the support provided to the Customer by ValidSoft and VS Labs, including in relation to any transmission of data including to or from the Customer, or between ValidSoft and VS Labs, and impose strict duties of confidentiality on all their staff that process or can access those personal data, in accordance with Data Protection Legislation (Articles 28(3)(b) and (c) and 32 GDPR).

5.3 Data subjects’ rights: ValidSoft and VS Labs will fully cooperate with and assist the Customer, insofar as possible, in relation to the exercise by any data subjects of any of their rights under Data Protection Legislation in respect of any of the personal data processed by them on behalf of the Customer in relation to the Customer’s use of the Software.

5.4 Data breach notification/communication: In accordance with Data Protection Legislation (Article 33(2) GDPR), ValidSoft and VS Labs will notify the Customer and each other without undue delay after becoming aware of any personal data breach involving any of the personal data processed by them on behalf of the Customer in relation to the Customer’s use of the Software.

5.5 Transfers of personal data to non-EU/EEA countries (“third countries”):

  1. Neither ValidSoft nor VS Labs will transfer any of the personal data processed in connection with the Customer’s use of the Software to any non-EU/EEA country (“third country”) unless instructed to do so in writing by the Customer, or with the written agreement of the Customer.
  2. In case ValidSoft or VS Labs have been instructed or authorized to transfer any of the personal data processed in connection with the use of the Software by the Customer to any non-EU/EEA country (“third country”) that has not been held by the European Commission to ensure adequate protection to the data, they will only do so on the basis of appropriate safeguards as recognized in Data Protection Legislation (as listed in Article 46 GDPR (as provided for by the Customer or by themselves), or in exceptional cases to the extent permitted under Articles 48 or 49 GDPR).

5.6  Accountability and formalities:

  1. ValidSoft and VS Labs will take appropriate measures to be able to demonstrate compliance with all Data Protection Legislation; with the principles relating to the processing of personal data, set out in GDPR (Article 5 GDPR more in particular (“accountability”)); and with this Schedule.
  2. ValidSoft and VS Labs will comply with any formal requirements imposed by Data Protection Legislation in relation to the processing of personal data in connection with the use of the Software, such as any requirement to appoint a representative (Art. 27 GDPR) and/or a data protection officer (Art. 37 GDPR); maintain records of processing operations (Art. 30 GDPR); carry out a Data Protection Impact Assessment (art. 35 GDPR), or to consult the relevant data protection authority (Art. 36 GDPR) or obtain the authority’s prior authorization (Art. 36(5) GDPR).

5.7  Cooperation with the supervisory authorities: ValidSoft and VS Labs will fully cooperate with any competent supervisory authority in relation to Data Protection Legislation (as defined in Articles 55 and 56 GDPR, in the exercise of any such authority’s tasks or powers under the GDPR, as listed in Articles 57 and 58 GDPR).     –