Terms & Conditions

Oct 22, 2024

This Personal Data Processing Agreement (hereinafter “Agreement“) is supplemental to the Terms and Conditions (also “Master Agreement”) and applies as set out therein.

This Agreement sets out the additional terms, requirements, and conditions under which the Service Provider (hereinafter TRUEZONE Inc.) will process Personal Information when providing Services under the Terms and Conditions. This Agreement contains mandatory clauses required under applicable Data Protection Laws for contracts regarding data sharing and data processing activities.

  1. Definitions and Construction

The subsequent definitions, along with those provided in the Terms and Conditions, shall apply to this Agreement:

a. Authorised Representatives: individuals or categories of individuals designated as authorized employees by the Customer in the dashboard to provide TRUEZONE with instructions for processing Personal Information.

b. Applicant Data: any information pertaining to the Applicant, including Personal Information, Business Data, approval, rejection, resubmission, transactions along with log details.

c. Data Subject: any individual or entity whose Personal Information is processed under this Agreement, also referred to as the ‘Applicant’.

d. Personal Information: refers to any data related to an identified or identifiable natural person that is processed in connection with the provision of services under the Terms and Conditions. An identifiable natural person is someone who can be identified, directly or indirectly, through an identifier such as a name, ID number, photo, birthday, address, citizenship, parent data, location data, online identifier, or through one or more factors specific to their physical, gender, economic, cultural, or social identity.

e. Data Processing: refers to any task involving the utilization of Personal Information or as defined under relevant Data Protection Laws. This encompasses any process or series of processes applied to Personal Information, whether through automated systems or manual means, including but not limited to collection, recording, organization, modification, storage, access, retrieval, consultation, use, sharing through transmission, dissemination, or otherwise making available, alignment, restriction, deletion, or destruction. Data Handling also includes the transfer of Personal Information to third parties.

f. Data Protection Laws: any applicable legislation governing the protection of privacy and Personal Information that applies to the processing of Personal Information under the Terms and Conditions and this Agreement, including but not limited to GDPR and US data protection laws such as CCPA.

g. Data Breach Incident: any security violation resulting in the accidental or unlawful destruction, loss, modification, unauthorized disclosure of, or access to Personal Information that has been transmitted, stored, or otherwise processed.

h. Data Controller: refers to the individual, legal entity, public authority, agency, or any other organization that, either alone or in conjunction with others, determines the objectives and methods of processing Personal Information.

i. Data Processor: refers to the individual, legal entity, public authority, agency, or any other organization that processes Personal Information on behalf of the Data Controller.

j. Exchange Information: refers to any form of written communication between the parties, including but not limited to faxes, emails, and electronic messaging services, which are regularly used to transmit information necessary for the execution of the Terms and Conditions.

The definitions outlined here should be interpreted in accordance with relevant Data Protection Laws. For clarity, the terms “Data Controller,” “Data Processor,” and other defined terms are intended to encompass equivalent concepts under applicable Data Protection Laws. Where specific Data Protection Laws provide alternate definitions, the terms in those laws shall take precedence.

1.2. This Agreement is governed by the provisions outlined in the Terms and Conditions and is considered an integral part of them. The interpretations and definitions provided in the Terms and Conditions shall also apply to the interpretation of this Agreement.

1.3. In the event of any conflict or uncertainty between:

a. any clause within the main body of this Agreement and any provision found in an Annex attached hereto, the terms within the main body of this Agreement shall take precedence;

b. any provision of this Agreement and any provision of the Terms and Conditions, the terms of this Agreement shall override.

  1. Processing of Personal Information

2.1. Acknowledgment of Roles The Customer and TRUEZONE acknowledge and agree that, for the purposes of Data Protection Laws:

a. TRUEZONE processes Personal Information provided by the Customer in connection with the Customer’s use of Services as a Data Processor.

b. TRUEZONE may retain and process Applicant Data, owned by the Customer, even after the Agreement is terminated, for the purposes of improving its platform or fulfilling legal obligations. This may include sharing data with competent regulatory authorities upon request. TRUEZONE acts as an independent Data Processor in these instances and ensures compliance with applicable Data Protection Laws.

2.2.Processing of Personal Information In the event that the Customer submits Personal Information in connection with the execution of the Terms and Conditions via TRUEZONE’s website, dashboard, or any other communication channels (including any related requests), TRUEZONE shall process such Personal Information in accordance with its privacy policy.

2.3. Disclosure Requests Each Party shall promptly inform the other Party of any request for the disclosure of Personal Information by any governmental, regulatory authority, or law enforcement agency (including any data protection supervisory authority), unless such disclosure is prohibited by law or a legally binding order issued by such an authority, in accordance with clause 13 of this Agreement.

  1. Parties’ Obligations

3.1. TRUEZONE’s Obligations as the Data Processor:

a. TRUEZONE shall only process the Personal Information to the extent necessary for the Business Purposes and in accordance with this Agreement. TRUEZONE shall not process the Personal Information for any other purpose or in a manner that does not comply with this Agreement or applicable Data Protection Laws.

b. TRUEZONE shall promptly comply with any requests or instructions from the Customer’s Authorised Representatives to rectify, transfer, delete, or otherwise process the Personal Information, or to stop, mitigate, or remedy any unauthorized processing.

c. TRUEZONE will maintain the confidentiality of all Personal Information and will not disclose such information to third parties unless authorized by the Customer, permitted by this Agreement, or required by law.

d. In instances where a law, court, regulator, or supervisory authority compels TRUEZONE to disclose or process Personal Information, TRUEZONE shall inform the Customer of the legal requirement, allowing the Customer the opportunity to object or challenge the necessity of such disclosure, unless prohibited by law from providing such notice.

e. TRUEZONE will ensure that all of its personnel are informed of the confidential nature of the Personal Information and are bound by confidentiality obligations and usage restrictions concerning the Personal Information; have received training on the applicable Data Protection Laws related to the handling of Personal Information and how these laws apply to their specific duties; and are aware of both TRUEZONE’s obligations and their own individual responsibilities under the Data Protection Laws and this Agreement.

3.2. Customer’s Obligations as the Data Controller:

a. The Customer represents and warrants that it has taken all necessary measures to ensure that TRUEZONE and its subprocessors may lawfully process the Personal Information in accordance with the applicable Data Protection Laws.

b. The Customer ensures that all required privacy notices have been provided to all Data Subjects and that any necessary consents have been obtained prior to the processing of their Personal Information by TRUEZONE or its subprocessors. Such notices and consents must be adequate to allow each Party to process the Personal Information as outlined in this Agreement and the Master Agreement, in compliance with applicable Data Protection Laws. This includes the transfer of Personal Information to and from TRUEZONE, ensuring all necessary notices are given and consents are obtained for the processing of Applicant Data and biometric data as per relevant Data Protection Laws.

c. When processing the Personal Information of a child, the Customer shall make reasonable efforts to ensure that the holder of parental responsibility for the child has provided consent for the Processing or has authorized the Processing in accordance with applicable Data Protection Laws.

d. Upon receiving requests from Data Subjects or authorities authorized under applicable Data Protection Laws, TRUEZONE will respond to inquiries related to the processing of Personal Information conducted by TRUEZONE and controlled by the Customer. Alternatively, the Customer will provide TRUEZONE with the relevant instructions on how to respond to such requests.

  1. Security Measures

TRUEZONE shall at all times implement appropriate technical and organizational measures to protect against unauthorized or unlawful processing, access, disclosure, copying, modification, storage, reproduction, display, or distribution of Personal Information, as well as against accidental or unlawful loss, destruction, alteration, disclosure, or damage of Personal Information.

  1. Data Breach Notification

5.1. TRUEZONE shall promptly notify the Customer of any Data Breach Incident affecting Personal Information.

5.2. Immediately following any unauthorized or unlawful processing of Personal Information or a Data Breach Incident, the parties will coordinate to investigate the matter. TRUEZONE will reasonably cooperate with the Customer in managing the situation, including:

a. Assisting with any investigation;

b. Providing the Customer with physical access to any facilities and operations affected;

c. Making available all relevant records, logs, files, data reports, and other materials necessary to comply with all Data Protection Laws.

d. Taking reasonable and prompt steps to mitigate the effects and minimize any damage resulting from the Data Breach or unlawful processing of Personal Information.

  1. Transfer of Personal Information

6.1. TRUEZONE will transfer Personal Information outside the Customer’s Country and process it within the European Union, provided that:

a. Data recipients or third countries offer sufficient protection for the rights and freedoms of Data Subjects concerning the Processing of Customer Personal Information, as determined by applicable Data Protection Laws.

6.2. Any laws or regulations relevant to the Customer require the Customer to secure authorization, consent, approval, or any other form of decision from a regulatory authority before transferring and processing Personal Information, or any other data disclosed to TRUEZONE (including personal, payment, confidential data, etc.) outside the Customer’s Country, the Customer is solely responsible for obtaining such authorization prior to disclosing Personal Information to TRUEZONE for processing. TRUEZONE will not be liable for any non-compliance with laws or regulations that necessitate the storage and processing of Personal Information within the Customer’s Country.

6.3. The Customer acknowledges that TRUEZONE utilizes third-party cloud services, including server solutions, for its platform. The Customer consents to the processing of Personal Information on such third-party servers, which are located in the European Union. The Customer understands that Personal Information will be processed on third-party cloud solution provider servers within the EU.

6.4. When the Customer transfers any Personal Information from the System or provides access to the System to any third party or recipient, including those located outside the European Union, the Customer is solely responsible for ensuring that such transfer complies with applicable Data Protection Laws. The Customer must ensure that the transfer is legal and is subject to the necessary protection regime and/or appropriate safeguards, as defined under applicable Data Protection Laws.

  1. Handling Complaints, Data Subject Requests, and Third-Party Rights

7.1. TRUEZONE shall implement appropriate technical and organizational measures, at no additional cost, to assist the Customer in fulfilling its obligations under the Data Protection Laws concerning the rights of Data Subjects. This includes, but is not limited to, enabling access to Personal Information, facilitating data portability, rectifying inaccuracies, erasing data, objecting to processing, and restricting processing activities.

7.2. TRUEZONE must promptly inform the Customer if it receives any complaint, notice, or communication related to the processing of Personal Information or compliance with Data Protection Laws. Communication details are specified in clause 13 of this Agreement.

7.3. TRUEZONE shall notify the Customer within ten (10) working days upon receiving a request from a Data Subject seeking access to their Personal Information or exercising any related rights under the Data Protection Laws.

7.4. TRUEZONE agrees to fully cooperate with the Customer in addressing any complaints, notices, communications, or Data Subject requests.

7.5. TRUEZONE shall not disclose Personal Information to any Data Subject or third party except as instructed by the Customer, as provided in this Agreement, or as required by applicable law.

  1. Engagement of Sub-Processors

TRUEZONE may engage a subprocessor to process Personal Information. The Customer grants TRUEZONE general authorization to select any subprocessor necessary for the provision of services upon signing the Terms and Conditions.

a. If the Customer objects to the engagement of a specific subprocessor and provides valid reasons for the objection,

b. If TRUEZONE finds it impractical to provide an alternative subprocessor,

TRUEZONE may cease to provide, or the Customer may choose to temporarily or permanently refrain from utilizing, the specific aspect of a TRUEZONE Service that involves the subprocessor in the processing of Personal Information. Either party may terminate this Agreement in accordance with clause 9.4.

  1. Terms & Termination

9.1. This Agreement shall remain in effect for as long as the Terms and Conditions are active.

9.2. Any provision within this Agreement that is intended to protect Personal Information shall remain enforceable even after the termination of the Terms and Conditions.

9.3. A breach of the Terms and Conditions occurs if TRUEZONE fails to adhere to the terms of this Agreement. In such cases, the Customer has the right to terminate any portion of the Terms and Conditions that permits the processing of Personal Information, effective immediately upon providing written notice to TRUEZONE, without further liability or obligation.

9.4. In the event that changes in applicable Data Protection Laws hinder either party from fulfilling their obligations under the Terms and Conditions, the parties shall suspend the processing of Personal Information until they can comply with the new legal requirements. If the parties are unable to achieve compliance with the Data Protection Laws within two (2) months, they may terminate the Terms and Conditions by providing written notice to the other party. The Customer acknowledges that termination shall be the exclusive remedy in such circumstances.

  1. Return and Destruction of Personal Information

10.1. Upon the Customer’s request, TRUEZONE shall provide the Customer with a copy of or access to all or part of the Customer’s Personal Information in its possession or control, in a format and on the media as reasonably specified by the Customer.

10.2. TRUEZONE shall cease any processing and, if directed in writing by the Customer, either delete or return all or any Personal Information related to this Agreement upon (i) receiving instructions from the Customer concerning the Services or (ii) upon the Customer’s written request related to the termination of the Terms and Conditions for any reason or upon expiration of its term.

10.3. If any applicable law, regulation, or directive from a governmental or regulatory authority mandates that TRUEZONE retain any documents or materials that would otherwise need to be returned or destroyed, TRUEZONE shall notify the Customer in writing of this retention requirement, including details of the specific documents or materials that must be retained, the legal basis for such retention, and a timeline for destruction once the retention requirement concludes.

10.4. When the Customer instructs TRUEZONE to delete any Personal Information, TRUEZONE shall provide written certification confirming the destruction of that Personal Information within 30 days of completing the destruction.

10.5. In the event that TRUEZONE and/or its subprocessors cease or terminate their services, the Customer shall be notified promptly. If the Customer requests Personal Information, TRUEZONE may provide the Personal Information in a format approved by TRUEZONE and/or the relevant subprocessors.

  1. Adherence to US Data Protection Regulations

11.1. This section applies in conjunction with other parts of this Data Processing Agreement (DPA) and is relevant whenever US Data Protection Regulations govern the handling of Personal Information in relation to the provision of services and the Permitted Business Purposes.

11.2. TRUEZONE certifies its understanding of the restrictions and obligations outlined in this DPA and commits to compliance. Specifically, without the Customer’s explicit instructions, TRUEZONE shall refrain from:

a. Selling or Sharing the Personal Information;

b. Using, retaining, or disclosing the Personal Information for purposes beyond the limited Permitted Business Purposes, unless permitted by Data Protection Regulations;

c. Disclosing, retaining, or using the Personal Information outside the direct business relationship between the Parties; and

d. Combining the Personal Information with any data received from or related to other individuals, or data obtained through interactions with the Data Subject, unless authorized by Data Protection Regulations or the Customer’s instructions.

11.3. Should TRUEZONE find that it is unable to meet its obligations under US Data Protection Regulations, it will promptly notify the Customer.

11.4. TRUEZONE is committed to maintaining a high level of security for the protection of Personal Information and will not make any material reductions in this security.

  1. Customer Liability and Indemnification

12.1. The Customer agrees to defend, indemnify, and hold TRUEZONE, along with its affiliates, successors, and assigns, as well as the directors, officers, agents, and personnel of any party mentioned above, harmless from any and all claims, actions, lawsuits, and proceedings brought by third parties. This includes any resulting judgments, settlements, liabilities, damages, losses, costs, and expenses (including attorneys’ fees and legal expenses) arising from the Customer’s breach (including any alleged breach) or failure to fulfill its obligations as specified in clause 3.2. It is clarified that any liability limitations set forth in the Terms and Conditions (Master Agreement) will not be applicable to this section.

  1. Legal Notifications

13.1. Any notice or other communication provided to a party under or related to this Agreement must be in writing and sent to: legal@truezone.com.

13.2. The provisions of clause 13.1 do not apply to the service of any legal proceedings or other documents in any legal action, or, where applicable, to any arbitration or alternative dispute resolution method.

This agreement comes into force upon the customer’s registration to TRUEZONE, KYC platform via official website https://truekyc.io/

Ready to begin your journey?

Join the satisfied customers who have streamlined their businesses' compliance management with TrueKYC.

Start Now
Bootstrap Themes