Token provides a service that allows the users of our products and services (“End-Users”) to access and share account information.
- Below is the basis of the agreement governing Token’s provision of services to a Customer by way of an application programming interface from which the service can be integrated into, and accessed by, End-Users via a Customer’s Website.
- The terms and conditions between Token and an End-User can be found at www.token.io.
The Token Terms of Service is an agreement between Token.io Ltd. (“Token”, “Supplier”) and a Customer that wishes to use Token’s services. The Terms of Service set forth below are the fundamental provisions that will govern a legal relationship between Token and a Customer, but not all the legal provisions. Should you wish to enter into an agreement with us, please email us at firstname.lastname@example.org and we shall send you the full agreement.
In addition, there are three relevant policies that are linked here, which the Customer needs to be aware of:
- What are our obligations?
- What are your obligations as a Customer of Token?
- Security Controls and Processes
- Transfer of Account Information
- Fees and other provisions
- Intellectual Property Rights
- Data Protection
- Limits of liability
- Force majeure
- Entire agreement
- No partnership or agency
- Account Information
- Security and Access Controls
- Governing law and jurisdiction
- Schedule 1: Data Requirements - Account Information
1. What are our obligations?
Subject to the Customer remaining compliant with the terms of this agreement we will grant the Customer a licence for the term in order to:
- Integrate the API into the Customer’s website and to enable End-Users to access and interact with the service for the provision of the services agreed with the Customer.
- With Token’s consent, use the Token Logo on the Customer website.
- Token grants to the Customer a non-exclusive licence to use any associated software for the term.
- Token grants to the Customer a non-exclusive licence to use Token’s Intellectual Property Rights in the services for the term, only to the extent necessary for the Customer to enjoy the benefit of the services, as contemplated by this agreement.
Token shall use all reasonable endeavours to make the service available to End-Users and to transmit Account Information to the Customer, and shall give the Customer at least two (2) weeks written notice via email, of any alterations to the API that may affect integrating the service into the Customer’s Website.
Subject to the above:
- Token will provide the services in accordance with Good Industry Practice.
- Token does not warrant that the use of any software will be uninterrupted or error-free.
- Token does not warrant, represent or give any guarantee or commitment that the Account Information obtained by the Customer through the End-User's use of the service will be accurate or complete or meet the Customer's requirements.
- Token will not contact the End-Users for any purpose, unless the prior written consent of the Customer has been received.
- Token will not use the End-User’s data for any purpose, other than providing the services to the Customer as outlined in this Agreement.
- All other conditions, warranties or other terms which might have effect between the parties or be implied or incorporated into this agreement or any collateral contract, whether by statute, common law or otherwise, are hereby excluded, including the implied conditions, warranties or other terms as to satisfactory quality or fitness for purpose.
- The Customer and Token have taken all necessary actions and have all requisite power and authority to enter into and perform this agreement.
- This agreement constitutes (or shall constitute when executed) valid, legal and binding obligations on the Customer.
- The execution and delivery by the Customer of this agreement and compliance with its terms shall not breach or constitute a default.
2. What are your obligations as a Customer of Token?
The Customer shall:
- Cooperate with the supplier in all matters relating to the Services.
- Appoint a manager for the services who has the authority to support on matters relating to the services (including by signing a Statement of Work and Change Orders). The Customer may replace that person from time to time and shall provide the Customer with reasonable notification if and when it does so.
- Provide Token on request adequate records in order for Token to verify the value of the Relevant Transactions.
- Obtain and maintain all necessary licences and consents and comply with all relevant legislation as required to enable Token to provide the services as agreed by this agreement, in all cases before the date on which the services are to start.
- Keep a complete and accurate record of copying and disclosure of any software and its users, and produce such record to Token on request from time to time.
- Notify Token as soon as it becomes aware of any unauthorised use of any software by any person.
- Not exceed the licences granted under this agreement, including without limitation in respect of the Maximum Usage and Customer Products, without the prior written consent of the Supplier. If the Customer wishes to exceed the Maximum Usage or to use the services in connection with other products, it shall notify the Supplier, and the parties shall work together to agree commercial and other terms for additional usage to be accommodated. Such additional commercial and other terms of additional usage to be reflected in an amended Statement of Work.
- Is exclusively responsible for the supervision, management, backup, security, and control of all aspects of Customer’s information technology systems.
- Ensure that the Customer Website shall be free from, and shall not introduce any Malicious Software including by using up-to-date, industry-standard and comprehensive anti-virus software to seek to prevent the introduction of any Malicious Software into the service.
- Ensure that API is used only in accordance with the licence terms.
- Ensure that the End-Users are aware of Token’s services and agreement with the Customer.
- Abide by all relevant Laws and Regulations with respect to its activities under this agreement.
3. Security Controls and Processes
Security is an extremely serious business and Token takes reasonable and practical steps to ensure Customer data is protected in accordance to relevant Privacy Laws.
As a Customer, you will:
only process Account Information in accordance with this agreement.
will inform Token, without delay, as soon as you have been made aware of a security issue relating to the service or the API even if the security issue is a suspicion.
not use the service or API to transfer or receive any malicious programmes or material that is abusive, harassing, indecent, discriminatory, offensive or is in breach Intellectual Property Rights of any third party or would be unlawful.
review all access control procedures if an individual user has left the Customer’s organisation.
4. Transfer of Account Information
The Customer acknowledges that the End-User may revoke their consent to process Account Information at any time and the Supplier shall not be liable to the Customer for failing to provide the Customer with the information requested by the Customer.
Processing of Account Information is subject to the following:
agreement of the End-Users terms of service.
End-User providing the Supplier with the necessary information to process Account Information.
compliance by all parties to the terms and conditions of the agreement.
5. Fees and other provisions
The Customer shall pay fees as agreed in the schedule of fees.
In addition to the Fees, the Customer agrees to pay to the Supplier:
- any additional fees which the parties have agreed in advance in writing which are payable under or in connection with this agreement.
- reasonable travel expenses incurred by the Supplier, which the parties have agreed in advance and in writing, in connection with the provision of the services.
Where applicable the Supplier will issue an invoice for the Licence Fee at the beginning of the term (‘Commencement Date’), and thereafter on each 12-month anniversary of the Commencement Date during the term or as otherwise set out in a relevant Statement of Work.
The Supplier will issue an invoice for any Professional Service Fees and any other fees set out in each Statement of Work at regular intervals during the term.
Where the Customer is utilising Software and / or Services that incurs a Transaction Fee, on or before the 10th day of each calendar month, the Customer shall report to the Supplier the following, in respect of the previous calendar month (each a ‘Billing Month’):
- The amount of Relevant Transactions made.
- The aggregate value of Relevant Transactions made.
The Supplier shall then calculate the Transaction Fee in respect of the Billing Month, and may invoice the Customer for the Transaction Fee at any time.
The Customer shall pay each invoice submitted to it by the Supplier within 30 days of receipt to a bank account nominated in writing by the Supplier from time to time.
All sums payable under this agreement are exclusive of VAT or any relevant local sales taxes, for which the Customer shall be responsible.
Subject to any agreement to the contrary between the parties, the Licence Fees shall remain fixed for the duration of the relevant Statement of Work.
If the Customer fails to make any payment due to the Supplier under this agreement by the due date for payment then, without limiting the Supplier's remedies under this agreement, the Customer shall pay interest on the overdue amount at the rate of 4% per annum above the Bank of England’s base rate (http://www.bankofengland.co.uk/boeapps/iadb/Repo.asp) from time to time. Such interest shall accrue on a daily basis from the due date until actual payment of the overdue amount, whether before or after judgment. The Customer shall pay the interest together with the overdue amount.
6. Intellectual Property Rights
The Customer acknowledges that all Intellectual Property Rights in the services, the Output, any Supplier software and any Maintenance Releases belong and shall belong to the Supplier or the relevant third-party owners (as the case may be), and the Customer shall have no rights in or to the Supplier software or services other than the right to use them in accordance with the terms of this agreement.
The Supplier undertakes at its own expense to defend the Customer or, at its option, settle any claim or action brought against the Customer alleging that the possession or use of any Supplier software or the services (or any part thereof) in accordance with the terms of this agreement infringes the Intellectual Property Rights of a third party (each a ‘Claim’) and shall be responsible for any reasonable losses, damages, costs (including legal fees) and expenses incurred by or awarded against the Customer as a result of or in connection with any such Claim. This clause shall not apply where the Claim in question is attributable to:
- possession or use of any Supplier Software or the Services (or any part thereof) by the Customer other than in accordance with the terms of this agreement.
- use of any Supplier software in combination with any hardware or software not supplied or specified by the Supplier if the infringement would have been avoided by the use of the software not so combined.
- use of a non-current release of the software.
If any third party makes a Claim, or notifies an intention to make a Claim against the Customer, the Supplier's obligations are conditional on the Customer:
- as soon as reasonably practicable, giving written notice of the Claim to the Supplier, specifying the nature of the Claim in reasonable detail.
- not making any admission of liability, agreement or compromise in relation to the Claim without the prior written consent of the Supplier (such consent not to be unreasonably conditioned, withheld or delayed).
- giving the Supplier and its professional advisers access at reasonable times (on reasonable prior notice) to its premises and its officers, directors, employees, agents, representatives or advisers, and to any relevant assets, accounts, documents and records within the power or control of the Customer, so as to enable the Supplier and its professional advisers to examine them and to take copies (at the Supplier's expense) for the purpose of assessing the Claim.
- taking such action (at the Supplier’s reasonable expense) as the Supplier may reasonably request to avoid, dispute, compromise or defend the Claim.
If any Claim is made, or in the Supplier's reasonable opinion is likely to be made, against the Customer, the Supplier may at its sole option and expense:
- procure for the Customer the right to continue to use the software or the Hosted Services or Support and Maintenance Services (or the relevant part thereof) in accordance with the terms of this agreement.
- modify the Supplier software or Hosted Services or Support and Maintenance Services (as applicable) so that it or they cease to be infringing.
- replace the Supplier software or Hosted Services or Support and Maintenance Services with non-infringing software or services.
- terminate this agreement by notice in writing to the Customer and refund any of the Fees paid by the Customer as at the date of termination (less a reasonable sum in respect of the Customer's use of any Supplier software and Services to the date of termination),
This clause constitutes the Customer's exclusive remedy and the Supplier's only liability in respect of Claims.
The Supplier will provide the services in accordance with good industry practice, but will not warrant that the use of any software or service will be uninterrupted or error free.
All other conditions, warranties or other terms which might have effect between the parties or be implied or incorporated into this agreement or any collateral contract, whether by statute, common law or otherwise, are hereby excluded, including the implied conditions, warranties or other terms as to satisfactory quality or fitness for purpose.
8. Data Protection
Terms and expressions used in this section and not defined in this agreement shall have the meaning provided in the relevant Data Protection Legislation to the processing activities agreed between both parties. It is recommended that this section be read in conjunction with our Privacy Notice available on the Supplier website https://token.io/privacy.
Both parties will comply with their obligations under the relevant Data Protection Legislation and will support that party to comply with its own obligations under Data Protection Legislation.
The Customer acknowledges and agrees that:
- The Account Information it receives through use of the API comprises Personal Data relating to the relevant End-User.
- They have adequate grounds to process personal data and to contract with the Supplier for such Processing.
- They have provided adequate information to each Data Subject in respect of such Processing.
- They have implemented effective technical and organisational measures to protect end-users personal data.
- They will assist the Supplier in fulfilling their legal obligations to comply with data Subject rights.
- They will provide assistance to the Supplier to comply with data breaches, data impact assessments, record keeping and audit responsibilities under all relevant data protection legislation.
- They will provide a contact with the Customer’s organisation who is authorised to deal with all enquiries regarding data privacy.
- They will not disclose or transfer any Personal Data to a third party located outside of the EEA unless:
- the party acting as data controller approves.
- the third party has appropriate technical and operational measures in place to protect end users personal data the third party has agreed to the Data Processing Agreement in the contract.
- End-users consent to all aspects of the processing.
The agreement will commence or be deemed to commence on the start date and shall continue until terminated by the Customer or Supplier.
Each party may terminate this agreement where the other party has committed a material breach of any term of this agreement which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 30 days after being notified in writing to do so, or is subject to insolvency.
For the purposes of the agreement, a material breach means a breach (including an anticipatory breach) that is serious in the widest sense of having a serious effect on the benefit which the terminating party would otherwise derive from:
- a substantial portion of this agreement; or
- any of the obligations set out in the agreement
Over the term of this agreement, in deciding whether any breach is material, no regard shall be had to whether it occurs by some accident, mishap, mistake or misunderstanding.
Termination or expiry of this agreement shall not affect any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination or expiry, including the right to claim damages in respect of any breach of the agreement which existed at or before the date of termination or expiry.
On termination for any reason:
- all rights granted to the Customer under this agreement shall cease.
- the Customer shall cease all activities authorised by this agreement.
- the Customer shall immediately pay to the Supplier any sums due to the Supplier under this agreement.
- the Customer shall immediately destroy or return to the Supplier (at the Supplier's option) all copies of any software then in its possession, custody or control and, in the case of destruction, certify to the Supplier that it has done so.
- The Supplier may destroy or otherwise dispose of any Customer Data in its possession unless the Supplier receives, no later than twenty (20) days after the effective date of the termination of this agreement, a written request for the delivery to the Customer of the then most recent back-up of the Customer Data. The Supplier shall use reasonable commercial endeavours to deliver the back-up to the Customer within 30 days of its receipt of such a written request, provided that the Customer has, at that time, paid all fees and charges outstanding at and resulting from termination (whether or not due at the date of termination). The Customer shall pay all reasonable expenses incurred by the Supplier in returning or disposing of Customer Data. For the purposes of this clause customer data (“Customer Data”) means the data inputted by the Customer, authorised users, or the Supplier on the Customer's behalf for the purpose of using the services or facilitating the Customer's use of the services.
- Where the Customer requires the Supplier services in planning, managing and auctioning any transition to a new supplier, such services will be provided on a time and materials basis at the prevailing rates as advised from time to time.
10. Limits of liability
The Supplier shall not in any circumstances have any liability for any losses or damages which may be suffered by the Customer (or any person claiming under or through the Customer), whether the same are suffered directly or indirectly or are immediate or consequential, and whether the same arise in contract, tort (including negligence) or otherwise howsoever, which fall within any of the following categories:
- special damage even if the Supplier was aware of the circumstances in which such special damage could arise;
- loss of profits;
- oss of anticipated savings;
- loss of business opportunity;
- loss of goodwill;
- loss or corruption of data;
provided that this shall not prevent claims for loss of or damage to the Customer's tangible property that fall within the terms or any other claims for direct financial loss that are not excluded;
The total liability of the Supplier, whether in contract, tort (including negligence) or otherwise and whether in connection with this agreement or any collateral contract, shall in no circumstances exceed a sum equal to the Fees paid by the Customer during the 12-month period preceding the date on which the claim arose; and the Customer agrees that, in entering into this agreement, either it did not rely on any representations (whether written or oral) of any kind or of any person other than those expressly set out in this agreement or (if it did rely on any representations, whether written or oral, not expressly set out in this agreement) that it shall have no remedy in respect of such representations and (in either case) the Supplier shall have no liability in any circumstances otherwise than in accordance with the express terms of this agreement.
Exclusions shall apply to the fullest extent permissible at law, but the Supplier does not exclude liability for:
- Death or personal injury caused by the negligence of the Supplier, its officers, employees, contractors or agents.
- Fraud or fraudulent misrepresentation.
- Any other liability which may not be excluded by law.
All parties shall ensure compliance to all applicable Anti- Bribery Laws and will:
- Implement and maintain adequate training and procedures to support compliance to all applicable anti bribery laws.
- Ensure that robust reporting procedures are in place to ensure that compliance issues are escalated to other parties as required by Law.
- If requested by the other party and where permitted by law, provide the other party with any reasonable assistance, at the other party's reasonable costs, to enable the other party to perform any activity required by any Authority for the purpose of compliance with any applicable Anti-Bribery Laws to the extent that such compliance relates to or is in connection with its rights and/or obligations under this agreement.
- At the other party's reasonable request, confirm in writing that it has complied with its obligations under this clause and provide any information reasonably requested by the other party in support of such compliance.
12. Force majeure
Neither party shall be in breach of this agreement nor liable for delay in performing, or failure to perform, any of its obligations under this agreement if such delay or failure results from events, circumstances or causes beyond its reasonable control. In such circumstances, the affected party shall be entitled to a reasonable extension of the time for performing such obligations. If the period of delay or non-performance continues for 6 weeks, the party not affected may terminate this agreement with immediate effect by giving written notice to the affected party.
Save that day to day “business as usual” communications may be made verbally or by email, any demand, notice or communication (“Notice”) must be in writing and may be given by:
- recorded delivery;
- registered post;
- registered airmail; or
- E-mail, provided that if Notice is given by e-mail, it must be followed by one of the methods listed in clauses 1) to 4) above, and shall not be deemed to have been validly given if it is not followed.
Notices shall be deemed to have been duly served:
- If delivered by hand, at the time and date of delivery.
- If sent by recorded delivery or registered post, 48 hours from the date of posting (such date as evidenced by postal receipt).
- If sent by registered airmail, five days from the date of posting.
- If sent in accordance with governing law and jurisdiction, at the time of transmission of the email.
No failure or delay by a party to exercise any right or remedy provided under this agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.
Except as expressly provided in this agreement, the rights and remedies provided under this agreement are in addition to, and not exclusive of any rights or remedies provided by law.
16. Entire agreement
- This agreement, any Statement of Work, and the documents annexed as appendices to this agreement or otherwise referred to herein constitute the whole agreement between the parties relating to the subject matter hereof and supersedes all prior agreements, arrangements and understandings between the parties relating to that subject matter.
- Each party acknowledges that, in entering into this agreement, it does not rely on any statement, representation, assurance or warranty (whether it was made negligently or innocently) of any person (whether a party to this agreement or not) other than as expressly set out in this agreement.
- Nothing in this clause shall limit or exclude any liability for fraud.
No variation of this agreement shall be effective unless it is in writing and signed by the parties (or their authorised representatives).
18. No partnership or agency
Nothing in this agreement is intended to, or shall be deemed to establish any partnership or joint venture between any of the parties, constitute any party the agent of another party, or authorise any party to make or enter into any commitments for or on behalf of any other party. Each party confirms it is acting on its own behalf and not for the benefit of any other person.
If any provision or part-provision of this agreement is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of this agreement.
If any provision or part-provision of this agreement is invalid, illegal or unenforceable, the parties shall negotiate in good faith to amend such provision so that, as amended, it is legal, valid and enforceable, and, to the greatest extent possible, achieves the intended commercial result of the original provision.
The Supplier may at any time assign all or some of its rights and obligations under this agreement to a Holding Company and Subsidiary, provided that it gives prior written notice of such assignment to the Customer.
The Customer shall not assign any of its rights and obligations under this agreement.
The Supplier may subcontract any of its obligations under this agreement to any third party.
21. Account Information
The transfer of Account Information through the API is subject to the following:
- The End-User’s agreement to the End-User Terms of Service.
- The End-User providing correct and accurate credentials to access the Account Information.
- The Customer’s compliance with the terms and conditions of this Agreement.
The Customer acknowledges that an End-User may withdraw any consent it has granted to the Supplier to process Account Information at any time pursuant to the Supplier’s terms, and the Supplier shall not be liable to the Customer to the extent that it is prevented from providing the Customer with Account Information in these circumstances.
22. Security and Access Controls
The Supplier shall use reasonable endeavours to protect Account Information and ensure the End-Users’ privacy in accordance with applicable law.
- May only download Account Information pursuant to, and in accordance with, account information requirements.
- Shall not access or attempt to access any part or parts of the service and/or API to which it has not been granted access to by the Supplier.
- shall notify the Supplier immediately if it becomes aware of any unauthorised access or use of the service and/or API (or any part thereof) or any other actual or potential breach of security in relation to the service and/or API (or any part thereof) and provide such reasonable assistance to the Supplier with regard to abating such access, use or breach as the Supplier shall reasonably request.
- Shall be responsible for any third party using the Customer's encryption key.
- Shall not share with any third party the Customer's encryption key that could be used to access the service, API and/or any Account Information without the Supplier's prior written consent and shall ensure that such encryption key is only used by the individual(s) nominated to access the same. If such individual(s) cease to act in an authorised capacity on behalf of the Customer for any reason, the Customer shall immediately notify the Supplier and remove the encryption key from such individual(s); and
- Shall not use the service or API to transfer or knowingly receive any malicious software or any material or content that is obscene, offensive, abusive, harassing, indecent, defamatory or discriminatory or which infringes the Intellectual Property Rights of any third party or whose transfer by the Customer would otherwise be unlawful, including under all applicable competition laws.
The Customer shall promptly notify the Supplier and change the password(s) it uses to access the service and/or API in the event that any individual user has left the Customer’s organisation.
23. Governing law and jurisdiction
This agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of England and Wales.
The parties irrevocably agree that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this agreement or its subject matter or formation (including non-contractual disputes or claims).
24. Schedule 1: Data Requirements - Account Information
Account Information shall include, but not be limited to, the following financial and personal information:
- Personal information e.g. name, date of birth, full address(es), email address, phone number, gender;
- Bank account information;
- Account type (e.g. current, saving, investment, credit card);
- Account name;
- IBAN/Account number/Sort code/SWIFT;
- Account balance information;
- Current balance;
- Available balance (credit cards);
- Interest rate;
- Payment due date (credit cards);
- Next closing date (credit cards);
- Minimum payment due (credit cards);
- Meta data (arbitrary data that banks associated with a transaction e.g. category); and/or
- Additional data which the supplier may collect in the future (as confirmed in writing from time to time):
- Loans data;