TERMS OF SERVICE 

Welcome to Diligence Hub. These terms of service (“Terms”), together with the other documents referred to below govern your access to and use of the veriPAYE services (as defined below). Please read these Terms carefully before continuing to use veriPAYE. Please check your order confirmation for details of your Subscription to the veriPAYE services provided on Diligence Hub.

By checking the “I have read and agree to the Terms of Service and Privacy Policy” box, you confirm that you have authority to agree to these Terms on behalf of and to bind that organisation to these Terms. If you do not have sufficient authority you must not enter into a Subscription (which will be governed by these Terms).

Service Subscription Agreement relating to veriPAYE payslip validation and verification services (SaaS)

Prepared by: JMW Solicitors

1 Byrom Place ● Spinningfields ● Manchester ● M3 3HG
Tel: 0845 402 0001 ● Fax: 0161 828 1819 ● DX: 14372 Manchester 1

1. INTERPRETATION 1
2. SUPPLIER’S SERVICES 4
3. SERVICES 6
4. DATA PROTECTION 6
5. THIRD PARTY SUPPLIERS 8
6. SUPPLIER’S OBLIGATIONS 8
7. CUSTOMER’S OBLIGATIONS 9
8. TESTING PERIOD 10
9. CHARGES AND PAYMENT 10
10. PROPRIETARY RIGHTS 11
11. CONFIDENTIALITY AND COMPLIANCE WITH POLICIES 11
12. INDEMNITY 13
13. LIMITATION OF LIABILITY 15
14. TERM AND TERMINATION 16
15. FORCE MAJEURE 18
16. CONFLICT 18
17. VARIATION 18
18. WAIVER 18
19. RIGHTS AND REMEDIES 18
20. SEVERANCE 18
21. ENTIRE AGREEMENT 19
22. ASSIGNMENT 19
23. NO PARTNERSHIP OR AGENCY 19
24. THIRD PARTY RIGHTS 19
25. COUNTERPARTS 19
26. NOTICES 20
27. GOVERNING LAW 20
28. JURISDICTION 20

THIS AGREEMENT is made on the date of subscription

BETWEEN

(1) veriPAYE Ltd a company incorporated under the laws of England and Wales, with registered number 15357569 and registered office at 35 Ballards Lane, London, England, N3 1XW (the Supplier);

(2) The Subscriber (the Customer)

RECITALS
(A) FCSA is a non-profit organisation operating as the regulator and trade body for Umbrella employment companies such as the Customer.
(B) FCSA has developed a software application and platform for the purpose of secure payroll verification.
(C) FCSA has incorporated the Supplier and is a shareholder of the Supplier for the purpose of providing the secure payroll verification service to Umbrella employment companies.
(D) The Customer wishes to use the Supplier’s service in its employment business operations.
(E) The Supplier has agreed to provide and the Customer has agreed to take and pay for the Supplier’s service subject to the terms and conditions of this agreement.

IT IS HEREBY AGREED

• 1. INTERPRETATION
  1.1 The definitions and rules of interpretation in this clause apply in this agreement.

Controller, Processor, Data Subject, Personal Data, Personal Data Breach, processing and appropriate technical and organisational measures: as defined in the Data Protection Legislation.

Authorised Users: those employees of the Customer who are authorised by the Customer to use the Services and the Documentation, as further described in clause 2.2.5.

Business Day: a day other than a Saturday, Sunday or public holiday in England when banks in London are open for business.

Change of Control: shall be as defined in section 1124 of the Corporation Tax Act 2010, and the expression change of control shall be interpreted accordingly OR the beneficial ownership of more than 50% of the issued share capital of a company or the legal power to direct or cause the direction of the general management of the company, and controls, controlled and the expression change of control shall be interpreted accordingly].

Confidential Information: information that is proprietary or confidential and is either clearly labelled as such or identified as Confidential Information in clause 11.1.

Umbrella Data : the data inputted by the Customer, Authorised Users, or the Supplier on the Customer’s behalf for the purpose of using the Services or facilitating the Customer’s use of the Services including the Relevant Payslips.

Data Protection Legislation: all applicable data protection and privacy legislation in force from time to time in the UK including the UK GDPR; the Data Protection Act 2018 (DPA 2018) (and regulations made thereunder) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended [and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of Personal Data

Domestic Law: the law of the United Kingdom or a part of the United Kingdom.

Documentation: the information made available to the Customer by the Supplier online via https://veripaye.co.uk/ or such other web address notified by the Supplier to the Customer from time to time which sets out a description of the Services and the user instructions for the Services.

Effective Date: the date of this agreement.

EU GDPR: the General Data Protection Regulation ((EU) 2016/679).

EU Law: the law of the European Union or any member state of the European Union.

Fees: the fees payable by the Customer to the Supplier for the Services, as set out in Schedule 2.

Heightened Cybersecurity Requirements: any laws, regulations, codes, guidance (from regulatory and advisory bodies. Whether mandatory or not), international and national standards, industry schemes and sanctions, which are applicable to either the Customer or an Authorised User (but not the Supplier) relating to security of network and information systems and security breach and incident reporting requirements, which may include the cybersecurity Directive ((EU) 2016/1148), Commission Implementing Regulation ((EU) 2018/151), the Network and Information systems Regulations 2018 (SI 506/2018), all as amended or updated from time to time.

Limited Authorised User: an employment agency linked to the Customer to whom the Customer has granted limited rights of access to the information available on the Platform.

Mandatory Policies: the Supplier’s business policies and codes listed in Schedule 5 or included in the Documentation as amended by notification to the Customer from time to time.

Normal Business Hours: [8.00 am to 6.00 pm] local UK time, each Business Day.
Platform: the veriPaye payslip validation service on https://veripaye.co.uk/ or https://diligencehub.co.uk

Relevant Payslips: the payslips of all workers engaged by the Customer for the purpose of and under the Customer’s service(s) as set out in Schedule 4

Renewal Period: the period described in clause 14.1.

Services: the services provided by the Supplier to the Customer under this agreement via the Platform or any other website notified to the Customer by the Supplier from time to time, as more particularly described in Schedule 1, Schedule 3 and Schedule 4 and the Documentation.

Software: the online software applications provided by the Supplier as part of the Services.

Term: has the meaning given in clause 14.1 .

Subscriber: The organisation having subscribed to veriPAYE services via the umbrella subscription sign-up pages on the veriPAYE website (Umbrella Lite, Umbrella XL or Umbrella XXL)

Support Services Policy: the Supplier’s policy for providing support in relation to the Services as made available at https://veripaye.co.uk/ or such other website address as may be notified to the Customer from time to time.

Testing Period: the initial period that the Customer will trial the Service in accordance with clause 8 and Schedule 3
UK GDPR: has the meaning given in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018.

Virus: any thing or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices.

Vulnerability: a weakness in the computational logic (for example, code) found in software and hardware components that when exploited, results in a negative impact to the confidentiality, integrity, or availability, and the term Vulnerabilities shall be interpreted accordingly.

• 1.2 Clause, schedule and paragraph headings shall not affect the interpretation of this agreement.
• 1.3 A person includes an individual, corporate or unincorporated body (whether or not having separate legal personality) and that person’s legal and personal representatives, successors or permitted assigns.
• 1.4 A reference to a company includes any company, corporation or other body corporate, wherever and however incorporated or established.
• 1.5 Unless the context otherwise requires, words in the singular includes the plural and in the plural includes the singular.
• 1.6 Unless the context otherwise requires, a reference to one gender includes a reference to the other genders.
• 1.7 A reference to a statute or statutory provision is a reference to it as it is in force as at the date of this agreement.
• 1.8 A reference to a statute or statutory provision includes all subordinate legislation made as at the date of this agreement under that statute or statutory provision.
• 1.9 A reference to writing or written excludes fax [and email OR but not email].
• 1.10 References to clauses and schedules are to the clauses and schedules of this agreement; references to paragraphs are to paragraphs of the relevant schedule to this agreement.

• 2. SUPPLIER’S SERVICES
  2.1 Subject to the terms and conditions of this agreement, the Supplier hereby grants to the Customer a non-exclusive, non-transferable right and licence, without the right to grant sublicences, to permit the Authorised Users and Limited Authorised Users to use the Services and the Documentation during the Term solely for the Customer’s and Limited Authorised Users internal business payroll operations.
  2.2 In relation to the Authorised Users and Limited Authorised Users, the Customer undertakes that:
  2.2.1 it will not allow or suffer any element of the Services to be used by any person or entity that is not an Authorised User, save for a Limited Authorised User.
  2.2.2 The Limited Authorised User shall only access the Service for the purpose of viewing payslip information verified by the Service and shall not have access to the Service to upload payslip information.
  2.2.3 If an Authorised User leaves the employment of the Customer then access to the Service shall be reassigned in its entirety to another individual Authorised User, in which case the prior Authorised User shall no longer have any right to access or use the Services and/or Documentation;
  2.2.4 each Authorised User and Limited Authorised User shall keep a secure password for their use of the Services and Documentation, that such password shall be changed no less frequently than once per quarter and that each Authorised User and Limited Authorised User shall keep their password confidential;
  2.2.5 it shall maintain a written, up to date list of current Authorised Users and Limited Authorised Users and provide such list to the Supplier within 5 Business Days of the Supplier’s written request at any time or times;
  2.2.6 it shall permit the Supplier or the Supplier’s designated auditor to audit the Services in order to establish the name and password of each Authorised User and Limited Authorised User and the Customer’s data processing facilities to audit compliance with this agreement. Each such audit may be conducted no more than once per quarter, at the Supplier’s expense, and this right shall be exercised with reasonable prior notice, in such a manner as not to substantially interfere with the Customer’s normal conduct of business;
  2.2.7 if any of the audits referred to in clause 2.2.6 reveal that any password has been provided to any individual who is not an Authorised User or Limited Authorised User , then without prejudice to the Supplier’s other rights, the Customer shall promptly disable such passwords and the Supplier shall not issue any new passwords to any such individual; and
  2.2.8 if any of the audits referred to in clause 2.2.6 reveal that the Customer has underpaid Fees to the Supplier, then without prejudice to the Supplier’s other rights, the Customer shall pay to the Supplier an amount equal to such underpayment as calculated in accordance with the prices set out in Schedule 2 within 10 Business Days of the date of the relevant audit.
  2.3 The Customer shall not access, store, distribute or transmit any Viruses, or any material during the course of its use of the Services that:
  2.3.1 is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;
  2.3.2 facilitates illegal activity;
  2.3.3 depicts sexually explicit images;
  2.3.4 promotes unlawful violence;
  2.3.5 is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability; or
  2.3.6 is otherwise illegal or causes damage or injury to any person or property;
  and the Supplier reserves the right, without liability or prejudice to its other rights to the Customer, to disable the Customer’s access to any material that breaches the provisions of this clause.
  2.4 The Customer shall not:
  2.4.1 except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties and except to the extent expressly permitted under this agreement:
  (a) attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Software and/or Documentation (as applicable) in any form or media or by any means; or
  (b) attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Software or the Services; or
  2.4.2 access all or any part of the Services and Documentation in order to build a product or service which competes with the Services and/or the Documentation; or
  2.4.3 use the Services and/or Documentation to provide services to third parties; or
  2.4.4 subject to clause 22.1, license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services and/or Documentation available to any third party except the Authorised and Limited Authorised Users, or
  2.4.5 attempt to obtain, or assist third parties in obtaining, access to the Services and/or Documentation, other than as provided under this clause 2; or
  2.4.6 introduce or permit the introduction of, any Virus or Vulnerability into the Services or the Supplier’s network and information systems.
  2.5 The Customer shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Services and/or the Documentation and, in the event of any such unauthorised access or use, promptly notify the Supplier.
  2.6 The rights provided under this clause 2 are granted to the Customer only and shall not be considered granted to any subsidiary or holding company of the Customer unless they are an FCSA member and with FCSA written approval.
• 3. SERVICES
  3.1 The Supplier shall, during the Subscription Term, provide the Services and make available the Documentation to the Customer on and subject to the terms of this agreement.
  3.2 The Supplier shall use commercially reasonable endeavours to make the Services available 24 hours a day, seven days a week, except for:
  3.2.1 planned maintenance carried out during the maintenance window of [10.00 pm to 2.00 am UK time]; and
  3.2.2 unscheduled maintenance performed outside Normal Business Hours, provided that the Supplier has used reasonable endeavours to give the Customer at least 6 Normal Business Hours’ notice in advance.
  3.3 The Supplier will, as part of the Services and at no additional cost to the Customer provide the Customer with the Supplier’s standard customer support services during Normal Business Hours. The Supplier may amend the support services in its sole and absolute discretion from time to time. The Customer may purchase enhanced support services separately at the Supplier’s then current rates.
• 4. DATA PROTECTION
  4.1 Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 4 is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under the Data Protection Legislation.
  4.2 The parties acknowledge that for the purposes of the Data Protection Legislation, the Customer is the Controller and the Supplier is the Processor. Schedule 6 sets out the scope, nature and purpose of processing by the Supplier, the duration of the processing and the types of Personal Data and categories of Data Subject.
  4.3 Without prejudice to the generality of Clause 4.1, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Supplier and/or lawful collection of the Personal Data by the Supplier on behalf of the Customer and/or for the access to the Personal Data by the Limited Authorised User for the duration and purposes of this agreement. For these purposes Customer warrants that it has put in place an appropriate Data Protection Agreement with the Limited Authorised Users and taken all appropriate steps I this regard.
  4.4 Without prejudice to the generality of Clause 4.1, the Supplier shall, in relation to any Personal Data processed in connection with the performance by the Supplier of its obligations under this agreement:
  4.4.1 process that Personal Data only in the manner described in the documentation in carrying out the Services unless the Supplier is required by Domestic Law or EU Law to otherwise process that Personal Data. Where the Supplier is relying on Domestic Law or EU Law as the basis for processing Personal Data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Domestic Law or EU Law unless the Domestic Law or EU Law prohibits the Supplier from so notifying the Customer;
  4.4.2 ensure that it has in place appropriate technical and organisational measures, that can be reviewed and approved by the Customer, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);
  4.4.3 ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and
  4.4.4 not transfer any Personal Data outside of the UK or EEA unless the prior written consent of the Customer has been obtained and the following conditions are fulfilled:
  (a) the Customer or the Supplier has provided appropriate safeguards in relation to the transfer;
  (b) the data subject has enforceable rights and effective legal remedies;
  (c) the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and
  4.4.5 the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data;
  4.4.6 assist the Customer, at the Customer’s cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
  4.4.7 notify the Customer without undue delay on becoming aware of a Personal Data Breach;
  4.4.8 at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer on termination of the agreement unless required by Domestic Law or EU Law to store the Personal Data; and
  4.4.9 maintain complete and accurate records and information to demonstrate its compliance with this clause 4 and allow for audits by the Customer or the Customer’s designated auditor and immediately inform the Customer if, in the opinion of the Supplier, an instruction infringes the Data Protection Legislation.
  4.5 [The Customer consents to the Supplier appointing [THIRD-PARTY PROCESSOR] as a third-party processor of Personal Data under this agreement. The Supplier confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement incorporating terms which are substantially similar to those set out in this clause 4 and in either case which the Supplier confirms reflect and will continue to reflect the requirements of the Data Protection Legislation. As between the Customer and the Supplier, the Supplier shall remain fully liable for all acts or omissions of any third-party processor.
  4.6 Either party may, at any time on not less than 30 (thirty) days’ notice, revise this clause 4 by replacing it with any applicable controller to processor standard clauses or similar terms adopted under the Data Protection Legislation or forming part of an applicable certification scheme (which shall apply when replaced by attachment to this agreement).

• 5. THIRD PARTY SUPPLIERS
  The Customer acknowledges that the Services may enable or assist it to access the website content of, correspond with, and purchase products and services from, third parties via third-party websites and that it does so solely at its own risk. The Supplier makes no representation, warranty or commitment and shall have no liability or obligation whatsoever in relation to the content or use of, or correspondence with, any such third-party website, or any transactions completed, and any contract entered into by the Customer, with any such third party. Any contract entered into and any transaction completed via any third-party website is between the Customer and the relevant third party, and not the Supplier. The Supplier recommends that the Customer refers to the third party’s website terms and conditions and privacy policy prior to using the relevant third-party website. The Supplier does not endorse or approve any third-party website nor the content of any of the third-party website made available via the Services.]

• 6. SUPPLIER’S OBLIGATIONS
  6.1 The Supplier shall perform the Services substantially in accordance with Schedule 1, Schedule 4 , the Documentation and with reasonable skill and care.
  6.2 In accordance with clause 6.1 Supplier will be responsible for the provision to the Client of:
  6.2.1 The Services during the Testing Period in accordance with clause 8 below
  6.2.2 A detailed technical specification for the required data feed
  6.2.3 Valid veriPAYE account details as required
  6.2.4 Accurate statistics and accounting of payslips processed
  6.2.5 Timeous invoices reflecting service usage
  6.3 The Supplier’s obligations at clause 6.1 shall not apply to the extent of any non-conformance which is caused by use of the Services contrary to the Supplier’s instructions, or modification or alteration of the Services by any party other than the Supplier or the Supplier’s duly authorised contractors or agents. If the Services do not conform with the terms of clause 6.1, Supplier will, at its expense, use reasonable commercial endeavours to correct any such non-conformance promptly. Such correction constitutes the Customer’s sole and exclusive remedy for any breach of the undertaking set out in clause 6.1.
  6.4 The Supplier:
  6.4.1 does not warrant that:
  (a) the Customer’s use of the Services will be uninterrupted or error-free; or
  (b) that the Services, Documentation and/or the information obtained by the Customer through the Services will meet the Customer’s requirements; or
  (c) the Software or the Services will be free from Vulnerabilities or Viruses; or
  (d) the Software, Documentation or Services will comply with any Heightened Cybersecurity Requirements.
  6.4.2 is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the Services and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities.
  6.4.3 may update the Services, allowing flexibility for future service enhancements.
  6.5 This agreement shall not prevent the Supplier from entering into similar agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under this agreement.
  6.6 The Supplier warrants that it has and will maintain all necessary licences, consents, and permissions necessary for the performance of its obligations under this agreement.
  6.7 The Supplier shall follow its archiving procedures for Umbrella Data available at https://veripaye.co.uk/about/ or such other website address as may be notified to the Customer from time to time, as such document may be amended by the Supplier in its sole discretion from time to time. In the event of any loss or damage to Umbrella Data , the Customer’s sole and exclusive remedy against the Supplier shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Umbrella Data from the latest back-up of such Umbrella Data maintained by the Supplier in accordance with the archiving procedure. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Umbrella Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Umbrella Data maintenance and back-up for which it shall remain fully liable.

• 7. CUSTOMER’S OBLIGATIONS
  7.1 The Customer shall:
  7.1.1 provide the Supplier with:
  (a) all necessary co-operation in relation to this agreement, including such cooperation highlighted in Schedule 1 ;
  (b) all necessary access to such information as may be required by the Supplier;
  in order to provide the Services, including but not limited to Umbrella Data , security access information and configuration services;
  7.1.2 following successful completion of testing, submit all relevant payslips produced by them during the course of their business for validation and verification by Supplier and continue to do so during the term of this Agreement.
  7.1.3 without affecting its other obligations under this agreement, comply with all applicable laws and regulations with respect to its activities under this agreement;
  7.1.4 carry out all other Customer responsibilities set out in this agreement in a timely and efficient manner. In the event of any delays in the Customer’s provision of such assistance as agreed by the parties, the Supplier may adjust any agreed timetable or delivery schedule as reasonably necessary;
  7.1.5 ensure that the Authorised Users and Limited Authorised Users use the Services and the Documentation in accordance with the terms and conditions of this agreement and shall be responsible for any Authorised User or Limited Authorised User’s breach of this agreement;
  7.1.6 obtain and shall maintain all necessary licences, consents, and permissions necessary for the Supplier, its contractors and agents to perform their obligations under this agreement, including without limitation the Services;
  7.1.7 ensure that its network and systems comply with the relevant specifications provided by the Supplier from time to time; and
  7.1.8 be, to the extent permitted by law and except as otherwise expressly provided in this agreement, solely responsible for procuring, maintaining and securing its network connections and telecommunications links from its systems to the Supplier’s data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Customer’s network connections or telecommunications links or caused by the internet.
  7.2 The Customer shall, following successful completion of testing under clause 8 below, submit all Relevant Payslips produced by them during the course of their business for validation and verification by Supplier in accordance with the Services and continue to do so during the term of this Agreement.
  7.3 The Customer shall display the veriPAYE logo on their website and continue to do so during the term of this Agreement unless required by Supplier to remove such logo. This logo should be connected by hyperlink to Supplier’s website at https://veripaye.co.uk
  7.4 The Customer shall display the veriPAYE logo as provided to them by Supplier on their marketing material, website and any relevant social media announcements and continue to do so during the term of this Agreement unless required by Supplier to remove such logo.
  7.5 The Customer shall attend regular performance review meetings convened by the Supplier to foster ongoing collaboration and address potential issues early
  7.6 The Customer shall own all right, title and interest in and to all of the Umbrella Data that is not Personal Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of all such Umbrella Data.
  7.7 The Client shall on request and at least quarterly provide veriPAYE with positive proof that all monies owed to HMRC have been remitted to HMRC and that the Client’s account(s) with HMRC are in good standing, the evidence for such proof to be determined by veriPAYE and may include, but is not limited to, include screen captures and screenshots of the Client’s relevant HMRC gateways and redacted bank statements showing payments to HMRC on the part of the Client.

• 8. TESTING PERIOD
  8.1 The Parties agree that a Testing Period shall apply during which the Service will be assessed by the Customer. The details of the Testing Period, including duration and specific testing criteria, are set out in Schedule 3 and the Documentation.
  8.2 Upon completion of the Testing Period, the Customer shall provide written confirmation to Supplier regarding the satisfactory completion of the Testing Period or any issues identified during the same.
  8.3 Any unresolved issues at the end of the Testing Period may result in a further review before full implementation.

• 9. CHARGES AND PAYMENT
  9.1 The Customer shall pay the Fees to the Supplier for the Services in accordance with this clause 8 and Schedule 2.
  9.2 All payments shall be payable by direct debit payment or credit/debit card transaction to the account of Supplier.
  9.3 If the Supplier has not received payment within 14 days after the due date, and without prejudice to any other rights and remedies of the Supplier:
  9.3.1 the Supplier may, on no less than 5 Business Days’ notice to the Customer and without liability to the Customer, disable the Customer’s password, account and access to all or part of the Services and the Supplier shall be under no obligation to provide any or all of the Services while the invoice(s) concerned remain unpaid; and
  9.3.2 interest shall accrue on a daily basis on such due amounts at an annual rate equal to 4% over the then current base lending rate of Bank of England from time to time, commencing on the due date and continuing until fully paid, whether before or after judgment.
  9.4 All amounts and fees stated or referred to in this agreement:
  9.4.1 shall be payable in pounds sterling;
  9.4.2 are non-cancellable and non-refundable;
  9.4.3 are exclusive of value added tax, which shall be added to the Supplier’s invoice(s) at the appropriate rate.
  9.5 If any Fees remain unpaid after 30 days from the due date Supplier may suspend Services, including access to the Platform, until payment is received.
  9.6 The Supplier shall be entitled to increase the Fees at the start of each Renewal Period upon 90 days’ prior notice to the Customer and Schedule 2 shall be deemed to have been amended accordingly.

• 10. PROPRIETARY RIGHTS
  10.1 The Customer acknowledges and agrees that the Supplier and/or its licensors own all intellectual property rights in the Services and the Documentation. Except as expressly stated herein, this agreement does not grant the Customer any rights to, under or in, any patents, copyright, database right, trade secrets, trade names, trademarks (whether registered or unregistered), or any other rights or licences in respect of the Services or the Documentation.
  10.2 The Supplier confirms that it has all the rights in relation to the Services and the Documentation that are necessary to grant all the rights it purports to grant under, and in accordance with, the terms of this agreement.

• 11. CONFIDENTIALITY AND COMPLIANCE WITH POLICIES
  11.1 Confidential Information means all confidential information (however recorded or preserved) disclosed by a party or its Representatives (as defined below) to the other party and that party’s Representatives whether before or after the date of this agreement in connection with the Services, including but not limited to:
  11.1.1 the existence and terms of this agreement or any agreement entered into in connection with this agreement;
  11.1.2 any information that would be regarded as confidential by a reasonable business person relating to:
  (a) the business, assets, affairs, customers, clients, suppliers, or plans , intentions, or market opportunities of the disclosing party (or of any member of the group of companies to which the disclosing party belongs); and
  (b) the operations, processes, product information, know-how, designs, trade secrets or software of the disclosing party (or of any member of the group of companies to which the disclosing party belongs);
  11.1.3 any information developed by the parties in the course of carrying out this agreement; and
  11.1.4 any information detailed in the Schedules to this Agreement.
  Representatives means, in relation to a party, its employees, officers, contractors, subcontractors, representatives and advisers.
  11.2 The provisions of this clause shall not apply to any Confidential Information that:
  11.2.1 is or becomes generally available to the public (other than as a result of its disclosure by the receiving party or its Representatives in breach of this clause);
  11.2.2 was available to the receiving party on a non-confidential basis before disclosure by the disclosing party;
  11.2.3 was, is or becomes available to the receiving party on a non-confidential basis from a person who, to the receiving party’s knowledge, is not bound by a confidentiality agreement with the disclosing party or otherwise prohibited from disclosing the information to the receiving party; [or]
  11.2.4 the parties agree in writing is not confidential or may be disclosed; or
  11.2.5 is developed by or for the receiving party independently of the information disclosed by the disclosing party.
  11.3 Each party shall keep the other party’s Confidential Information secret and confidential and shall not:
  11.3.1 use such Confidential Information except for the purpose of exercising or performing its rights and obligations under or in connection with this agreement (Permitted Purpose); or
  11.3.2 disclose such Confidential Information in whole or in part to any third party, except as expressly permitted by this clause 11.
  11.4 A party may disclose the other party’s Confidential Information to those of its Representatives who need to know such Confidential Information for the Permitted Purpose, provided that:
  11.4.1 it informs such Representatives of the confidential nature of the Confidential Information before disclosure; and
  11.4.2 at all times, it is responsible for such Representatives’ compliance with the confidentiality obligations set out in this clause.
  11.5 A party may disclose Confidential Information to the extent such Confidential Information is required to be disclosed by Supplier due to it’s connection with the FCSA or generally by law, by any governmental or other regulatory authority or by a court or other authority of competent jurisdiction provided that, to the extent it is legally permitted to do so, it gives the other party as much notice of the disclosure as possible and, where notice of disclosure is not prohibited and is given in accordance with this clause 11.5, it takes into account the reasonable requests of the other party in relation to the content of the disclosure.
  11.6 A party may, provided that it has reasonable grounds to believe that the other party is involved in activity that may constitute a criminal offence under the Bribery Act 2010, disclose Confidential Information to the Serious Fraud Office without first informing the other party of such disclosure.
  11.7 Each party reserves all rights in its Confidential Information. No rights or obligations in respect of a party’s Confidential Information other than those expressly stated in this agreement are granted to the other party, or to be implied from this agreement.
  11.8 On termination or expiry of this agreement, each party shall:
  11.8.1 destroy or return to the other party all documents and materials (and any copies) containing, reflecting, incorporating or based on the other party’s Confidential Information;
  11.8.2 erase all the other party’s Confidential Information from computer and communications systems and devices used by it, including such systems and data storage services provided by third parties (to the extent technically and legally practicable); and
  11.8.3 certify in writing to the other party that it has complied with the requirements of this clause, provided that a recipient party may retain documents and materials containing, reflecting, incorporating or based on the other party’s Confidential Information to the extent required by law or any applicable governmental or regulatory authority. The provisions of this clause shall continue to apply to any such documents and materials retained by a recipient party, subject to clause 14 (Termination).
  11.9 No party shall make, or permit any person to make, any public announcement concerning this agreement without the prior written consent of the other parties (such consent not to be unreasonably withheld or delayed), except as required by law, any governmental or regulatory authority (including, without limitation, any relevant securities exchange), any court or other authority of competent jurisdiction.
  11.10 Except as expressly stated in this agreement, no party makes any express or implied warranty or representation concerning its Confidential Information.
  11.11 The above provisions of this clause 11 shall continue to apply after termination or expiry of this agreement for a period of five years from termination or expiry of this agreement.
  11.12 In performing its obligations under this agreement the Customer shall comply with the Mandatory Policies.

• 12. INDEMNITY
  12.1 The Customer shall defend, indemnify and hold harmless the Supplier against claims, actions, proceedings, losses, damages, expenses and costs (including without limitation court costs and reasonable legal fees) arising out of or in connection with the Customer’s use of the Services and/or Documentation, or access to the Platform by a Limited Authorised User provided that:
  12.1.1 the Customer is given prompt notice of any such claim;
  12.1.2 the Supplier provides reasonable co-operation to the Customer in the defence and settlement of such claim, at the Customer’s expense; and
  12.1.3 the Customer is given sole authority to defend or settle the claim.
  12.2 The Customer agrees to indemnify Supplier against all liabilities, costs, expenses, damages, and losses (including any direct, indirect, or consequential losses, loss of profit, loss of reputation, and all interest, penalties, and legal costs) arising out of or in connection with any claim made against Supplier for actual or alleged infringement of a third party’s intellectual property rights arising out of or in connection with the receipt or use of the Services by the Customer and any claims arising from data breaches due to the Customer’s negligence.
  12.3 The Supplier shall defend the Customer, its officers, directors and employees against any claim that the Customer’s use of the Services or Documentation or Limited Authorised User’s use of the Platform in accordance with this agreement infringes any third party’s intellectual property rights including United Kingdom patent effective as of the Effective Date, copyright, trade mark, database right or right of confidentiality, and shall indemnify the Customer for any amounts awarded against the Customer in judgment or settlement of such claims, provided that:
  12.3.1 the Supplier is given prompt notice of any such claim;
  12.3.2 the Customer does not make any admission, or otherwise attempt to compromise or settle the claim and provides reasonable co-operation to the Supplier in the defence and settlement of such claim, at the Supplier’s expense; and
  12.3.3 the Supplier is given sole authority to defend or settle the claim.
  12.4 In the defence or settlement of any claim, the Supplier may procure the right for the Customer to continue using the Services, replace or modify the Services so that they become non-infringing or, if such remedies are not reasonably available, terminate this agreement on 2 Business Days’ notice to the Customer without any additional liability or obligation to pay liquidated damages or other additional costs to the Customer.
  12.5 In no event shall the Supplier, its employees, agents and sub-contractors be liable to the Customer to the extent that the alleged infringement is based on:
  12.5.1 a modification of the Services or Documentation by anyone other than the Supplier; or
  12.5.2 the Customer’s use of the Services or Documentation in a manner contrary to the instructions given to the Customer by the Supplier; or
  12.5.3 the Customer’s use of the Services or Documentation after notice of the alleged or actual infringement from the Supplier or any appropriate authority; or
  12.5.4 the Customer’s breach of this agreement.
  12.6 The foregoing and clause 13.3.2 states the Customer’s sole and exclusive rights and remedies, and the Supplier’s (including the Supplier’s employees’, agents’ and sub-contractors’) entire obligations and liability, for infringement of any patent, copyright, trade mark, database right or right of confidentiality.

• 13. LIMITATION OF LIABILITY
  13.1 Except as expressly and specifically provided in this agreement:
  13.1.1 the Customer assumes sole responsibility for results obtained from the use of the Services and the Documentation by the Customer and the Limited Authorised User , and for conclusions drawn from such use. The Supplier shall have no liability for any damage caused by errors or omissions in any Umbrella Data, information, instructions or scripts provided to the Supplier by the Customer in connection with the Services, or any actions taken by the Supplier at the Customer’s direction;
  13.1.2 all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this agreement; and
  13.1.3 the Services and the Documentation are provided to the Customer on an “as is” basis.
  13.2 Nothing in this agreement excludes the liability of the Supplier:
  13.2.1 for death or personal injury caused by the Supplier’s negligence; or
  13.2.2 for fraud or fraudulent misrepresentation.
  13.3 Subject to clause 13.1 and clause 13.2:
  13.3.1 the Supplier shall have no liability for any:
  (a) loss of profits,
  (b) loss of business,
  (c) wasted expenditure,
  (d) depletion of goodwill and/or similar losses,
  (e) loss or corruption of data or information, or
  (f) any special, indirect or consequential loss, costs, damages, charges or expenses; and
  13.3.2 the Supplier’s total aggregate liability to the Customer (including in respect of the indemnity at clause 12.2), in respect of all breaches of duty occurring within any contract year shall not exceed the cap. If breaches committed in more than one contract year give rise to a single claim or a series of connected claims, the Supplier’s total liability for those claims shall not exceed the single highest annual cap for those contract years.
  13.3.3 In clause 13.3.2:
  (a) Cap. The cap is one hundred per cent (100%) of the total Fees paid to Supplier in the six months preceding the event giving rise to the claim.
  (b) contract year. A contract year means a 12 month period commencing on the Effective Date or any anniversary of it.
  13.4 References to liability in this clause 13 include every kind of liability arising under or in connection with this agreement including but not limited to liability in contract, tort (including negligence), misrepresentation, restitution or otherwise.
  13.5 Nothing in this agreement excludes the liability of the Customer for any breach, infringement or misappropriation of the Supplier’s Intellectual Property Rights.

• 14. TERM AND TERMINATION
  14.1 This agreement shall, unless otherwise terminated as provided in this clause 14, commence on the Effective Date and shall continue unless:
  14.1.1 either party notifies the other party of termination, in writing, with at least one month’s notice; or
  14.1.2 Supplier terminates in writing with immediate effect due to Customer leaving membership of FCSA for any reason; or
  14.1.3 Supplier terminates in writing with immediate effect due to Supplier raising concerns with Umbrella regarding the Umbrella Data, including the authenticity of the Umbrella Data that is not remedied in a timely manner by the Umbrella or repeated concerns are raised.
  14.1.4 otherwise terminated in accordance with the provisions of this agreement;
  14.2 Without affecting any other right or remedy available to it, either party may terminate this agreement with immediate effect by giving written notice to the other party if:
  14.2.1 the other party fails to pay any amount due under this agreement on the due date for payment and remains in default not less than 28 days after being notified in writing to make such payment;
  14.2.2 the other party commits a material breach of any other term of this agreement and (if such breach is remediable) fails to remedy that breach within a period of 28 days after being notified in writing to do so. For the avoidance of doubt failure by the Customer to comply with clause 7.1.2 shall constitute a material breach;
  14.2.3 Either party defames or materially adversely affects the reputation of the other, its directors, officers and employees, products or services, publicly or privately, directly or indirectly through others, by use of any words, actions, gestures or medium, including but not limited to on social media or other internet site;
  14.2.4 the other party suspends, or threatens to suspend, payment of its debts or is unable to pay its debts as they fall due or admits inability to pay its debts or is deemed unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986 as if the words “it is proved to the satisfaction of the court” did not appear in sections 123(1)(e) or 123(2) of the Insolvency Act 1986 OR (being an individual) is deemed either unable to pay their debts or as having no reasonable prospect of so doing, in either case, within the meaning of section 268 of the Insolvency Act 1986;
  14.2.5 the other party commences negotiations with all or any class of its creditors with a view to rescheduling any of its debts, or makes a proposal for or enters into any compromise or arrangement with its creditors other than for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party;
  14.2.6 the other party applies to court for, or obtains, a moratorium under Part A1 of the Insolvency Act 1986;
  14.2.7 a petition is filed, a notice is given, a resolution is passed, or an order is made, for or in connection with the winding up of that other party other than for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party;
  14.2.8 an application is made to court, or an order is made, for the appointment of an administrator, or if a notice of intention to appoint an administrator is given or if an administrator is appointed, over the other party (being a company, partnership or limited liability partnership);
  14.2.9 the holder of a qualifying floating charge over the assets of that other party (being a company or limited liability partnership) has become entitled to appoint or has appointed an administrative receiver;
  14.2.10 a person becomes entitled to appoint a receiver over the assets of the other party or a receiver is appointed over the assets of the other party;
  14.2.11 a creditor or encumbrancer of the other party attaches or takes possession of, or a distress, execution, sequestration or other such process is levied or enforced on or sued against, the whole or any part of the other party’s assets and such attachment or process is not discharged within 14 days;
  14.2.12 any event occurs, or proceeding is taken, with respect to the other party in any jurisdiction to which it is subject that has an effect equivalent or similar to any of the events mentioned in clause 14.2.3 to clause 14.2.15 (inclusive);
  14.2.13 the other party suspends or ceases, or threatens to suspend or cease, carrying on all or a substantial part of its business;
  14.2.14 the other party’s financial position deteriorates so far as to reasonably justify the opinion that its ability to give effect to the terms of this agreement is in jeopardy; or
  14.2.15 there is a change of control of the other party [(within the meaning of section 1124 of the Corporation Tax Act 2010).
  14.3 On termination of this agreement for any reason:
  14.3.1 Customer shall immediately pay any outstanding Fees due up to the date of termination together with any interest up to the date of payment;
  14.3.2 all licences granted under this agreement shall immediately terminate and the Customer shall immediately cease all use of the Services and/or the Documentation;
  14.3.3 each party shall return and make no further use of any equipment, property, Documentation and other items (and all copies of them) belonging to the other party;
  14.3.4 the Supplier may destroy or otherwise dispose of any of the Umbrella Data in its possession unless the Supplier receives, no later than ten days after the effective date of the termination of this agreement, a written request for the delivery to the Customer of the then most recent back-up of the Umbrella Data . The Supplier shall use reasonable commercial endeavours to deliver the back-up to the Customer within 30 days of its receipt of such a written request, provided that the Customer has, at that time, paid all fees and charges outstanding at and resulting from termination (whether or not due at the date of termination). The Customer shall pay all reasonable expenses incurred by the Supplier in returning or disposing of Umbrella Data ; and
  14.3.5 any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the agreement which existed at or before the date of termination shall not be affected or prejudiced.
  14.4 In the event of termination without notice and without cause on the part of the Customer, the Supplier shall pay to the Supplier a liquidated sum of the previous Fees charged in the preceding quarter multiplied by 2 as an early termination fee in addition to the Fees due up to the date of termination plus any applicable interest twice the previous periods usage fees

• 15. FORCE MAJEURE
  Neither party shall be in breach of this agreement or otherwise liable for any delay or failure in the performance of its obligations for so long as and to the extent that such delay or failure results from events, circumstances or causes beyond its reasonable control.

• 16. CONFLICT
  If there is an inconsistency between any of the provisions in the main body of this agreement and the Schedules, the provisions in the main body of this agreement prevail.

• 17. VARIATION
  No variation of this agreement shall be effective unless it is in writing and signed by the parties (or their authorised representatives).

• 18. WAIVER
  18.1 A waiver of any right or remedy is only effective if given in writing and shall not be deemed a waiver of any subsequent right or remedy.
  18.2 A delay or failure to exercise, or the single or partial exercise of, any right or remedy does not waive that or any other right or remedy, nor does it prevent or restrict the further exercise of that or any other right or remedy.

• 19. RIGHTS AND REMEDIES
  Except as expressly provided in this agreement, the rights and remedies provided under this agreement are in addition to, and not exclusive of, any rights or remedies provided by law.

• 20. SEVERANCE
  20.1 If any provision or part-provision of this agreement is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of this agreement.
  20.2 If any provision or part-provision of this agreement is deemed deleted under clause 20.1 the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.

• 21. ENTIRE AGREEMENT
  21.1 This agreement constitutes the entire agreement between the parties and supersedes and extinguishes all previous and contemporaneous agreements, promises, assurances and understandings between them, whether written or oral, relating to its subject matter.
  21.2 Each party acknowledges that in entering into this agreement it does not rely on, and shall have no remedies in respect of, any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in this agreement.
  21.3 Each party agrees that it shall have no claim for innocent or negligent misrepresentation based on any statement in this agreement.
  21.4 Nothing in this clause shall limit or exclude any liability for fraud.

• 22. ASSIGNMENT
  22.1 The Customer shall not, without the prior written consent of the Supplier, assign, transfer, mortgage, charge, subcontract, delegate, declare a trust over or deal in any other manner with any of its rights and obligations under this agreement.
  22.2 The Supplier may at any time assign, mortgage, charge, subcontract, delegate, declare a trust over or deal in any other manner with any or all of its rights and obligations under this agreement, provided that it gives prior written notice of such dealing to the Customer.

• 23. NO PARTNERSHIP OR AGENCY
  Nothing in this agreement is intended to or shall operate to create a partnership between the parties, or authorise either party to act as agent for the other, and neither party shall have the authority to act in the name or on behalf of or otherwise to bind the other in any way (including, but not limited to, the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).

• 24. THIRD PARTY RIGHTS
  24.1 Unless it expressly states otherwise, this agreement does not give rise to any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this agreement.
  24.2 The rights of the parties to rescind or vary this agreement are not subject to the consent of any other person.

• 25. COUNTERPARTS
  25.1 This agreement may be executed in any number of counterparts, each of which shall constitute a duplicate original, but all the counterparts shall together constitute the one agreement.
  25.2 No counterpart shall be effective until each party has provided or delivered to the other at least one executed counterpart.

• 26. NOTICES
  26.1 Any notice given to a party under or in connection with this agreement shall be in writing and shall be:
  26.1.1 delivered by hand or by pre-paid first-class post or other next working day delivery service at its registered office (if a company) or its principal place of business (in any other case); or
  26.1.2 [sent by email to the following addresses (or an address substituted in writing by the party to be served):
  (a) Party 1: team@veripaye.co.uk.
  (b) Party 2: the email address of the subscriber as given at the point of commencement of the subscription or as subsequently notified to veriPAYE by the Cusotmer
  26.2 Any notice shall be deemed to have been received:
  26.2.1 if delivered by hand, at the time the notice is left at the proper address;
  26.2.2 if sent by pre-paid first-class post or other next working day delivery service, at 9.00 am on the second Business Day after posting; or
  26.2.3 if sent by email, at the time of transmission, or, if this time falls outside Business Hours in the place of receipt, when Business Hours resume.
  26.3 This clause does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.

• 27. GOVERNING LAW
  This agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and interpreted in accordance with the law of England and Wales.

• 28. JURISDICTION
  Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this agreement or its subject matter or formation (including non-contractual disputes or claims).

• This Agreement has been entered into on the date stated at the beginning of it.

Schedule 1 Service Description

A. Overview of the Payslip Validation and Verification Service

1. Calculation Verification:
– veriPAYE confirms the accuracy of various payroll elements including but not limited to NMW, Employee National Insurance Contributions, Income Tax, Post-Tax Deductions, Margin, Other Fees/Charges, ErNICs, Expenses, Salary Sacrifice, Annual Leave (on gross), and Holiday Pay whether advanced or accrued.

2. RTI Reconciliation:
– The service reconciles payslip data to Real Time Information (RTI) submitted to HMRC, ensuring accuracy with the reported figures. In cases where multiple RTI submissions occur for the same period, veriPAYE re-reconciles the data.

3. Agency Reporting Reconciliation:
– Reconciliation against Employment Agency Intermediary Reports to verify that the agency’s stated remittances match the payroll data provided by the umbrella company.

4. Pension Data Reconciliation:
– veriPAYE reconciles payroll data against NEST (or other applicable pension schemes) to ensure pension deductions and contributions are accurate and correctly reported.

5. Compliance Monitoring and Reporting:
– Ongoing monitoring of payroll submissions to detect systemic issues, high failure rates, and other discrepancies, followed by proactive warnings to software Suppliers or umbrella companies if systemic issues are detected.

6. Provision of data views and reporting to employment businesses which are customers of the Client.

6.1 At the request of and with the agreement of the Client, veriPAYE will provide a restricted view of the Client’s data to the employment business clients or end-clients of the Client provided that those organisations have (or will have) an established account on veriPAYE

6.2 Such views and reports will be made available at an agreed delay to real-time in order for errors to be rectified/properly explained (minimum 24 hours)

7. Provision of data views and reporting to payroll software businesses which are suppliers of the Client.

7.1 veriPAYE will provide a restricted view of the Clients processed data to any payroll software businesses which are suppliers to the Client provided that those organisations have (or will have) an established account on veriPAYE

B. Security and Data Integrity

• AWS EC2 hosting on UK servers
• Data Security
– No payments data held on front-end servers
– Manual approval of user lead accounts
– PCI DSS Compliant
• User security
– Manual FCSA approval of user accounts
– Two-factor Authentication
– SSL connections only
– Hardened firewall
– Privileged usernames forbidden
– Brute force attempt prevention
– Known blacklists observed
– Too many failed login lockout
C. Two factor Authentication Details

• Supported 2FA Apps
– Microsoft Authenticator
– Google Authenticator
– Sophos Mobile Security
– FreeOTP Authenticator
– 1Password (mobile and desktop versions)
– LastPass Authenticator
– Authy 2-Factor Authentication
– Most other authenticator apps that support Time-Based One-Time Passwords (TOTP)
veriPAYE will regularly review and update these security measures, and the Client must also adhere to equivalent data protection standards.

Schedule 2 – Fees

veriPAYE shall charge the customer a monthly subscription fee in accordance to the terms offered on the veriPAYE website in force at the time of the commencement of this agreement

veriPAYE reserves the right to review this pricing on an annual basis from date of this contract.

Schedule 3 – Testing

The testing phase will be approximately six weeks in length, with the start and end date being mutually agreed by both parties, confirmed in writing, upon signature of this contract. A meeting will be held to agree these dates.

The Client may choose to include client agencies in this testing phase as and when they deem appropriate, which will be supported by the Supplier.

This testing phase may be shortened or extended if both parties agree this is necessary.

In order to mitigate risks from premature service rollout, any unresolved issues at the end of the testing phase will result in a further review before full implementation.

Once the testing phase has concluded, written confirmation from both parties will be required before billing occurs. For the avoidance of doubt veriPAYE will make no charges during testing.

Schedule 4 – the services being validated

1. Umbrella employment under the terms of FCSA’s Code of Compliance for Umbrella Employment alongside any further provisions and obligations arising from contracts between the Client and FCSA.

2. Any other form of employment offered by the Customer or associated companies which would generally fall under the common market understanding of umbrella employment.

a. Including but not limited to any form of employment or engagement of a person in which the Customer receives an assignment rate (also known as a day rate) from a third party and deducts any employment costs including margin to arrive at a gross pay rate from which National Insurance, Income Tax and other deductions are then made.

b. Specifically excluding Payroll Bureau services and Ltd Co Services.

Schedule 5 Processing, Personal Data and Data Subjects

• 1.Processing by the Supplier
  1.1 Scope
  As set out in Schedule 1
  1.2 Nature of processing
  As set out in Schedule 1
  1.3 Purpose of processing
  As set out in Schedules1,3 and 4
  1.4 Duration of the processing
  The Term

• 2.Types of Personal Data
  As set out in Schedule 1 and Schedule 4
• 3.Categories of Data Subject
  As set out in Schedule 4

This agreement is deemed to have been electronically signed by both parties at the point of commencement of the subscription, the Customer having agreed to accept the terms and conditions of veriPAYE usage.