Table of Content

  • Interpretation
  • Licence to use verify, data sources, requirements
  • Verify term
  • Tiller services
  • Exclusivity and restrictions
  • Authorised users
  • Your customers
  • Verify updates
  • Tiller obligations
  • Access to verify
  • Security of information and verify
  • Your obligations
  • Governance
  • Fees
  • Confidentiality
  • Intellectual property
  • Intellectual property indemnity
  • Third party services
  • Your data
  • Data protection
  • Compliance with law
  • Disclaimer
  • Dispute resolution
  • Liability
  • Attribution
  • Mutal warranty
  • Suspension of service
  • Termination
  • Consequences of termination
  • Assignment and subcontracting
  • Variations
  • Severability
  • Status of the parties
  • Notices and communications
  • Waiver
  • Rights and remedies
  • Force majeure
  • Entire agreement
  • Rights of third parties
  • Counterparts
  • Costs
  • Law and jurisdiction



Tiller is a Jersey based software company and is the supplier of Verify.


Tiller provides through Verify, software services that You can utilise to carry out background checking on your clients.


This Agreement sets out the relationship between Tiller and you and describes the nature of the engagement generally.


Specific Products and/or Services and/or Features will have specific Additional Terms that shall be applicable.

It is agreed that the terms and conditions are as follows:

1. Interpretation

1.1. In this agreement, the following definitions shall apply:

Access Date

the date by which Tiller shall make available the Portal for the Services as set out in the Sign Up, as such date may be amended between the parties as provided for in clause 13 (Governance);

Additional Services

any additional service, not included in the Services, agreed under clause 13 (Governance);


Verify by Tiller mobile application – “App” used by Your Customers

Authorised User

a person, firm or company within Your corporate group who or which is duly authorised by You or Your Affiliate to access and use Verify in accordance with clause 2.2 and Clause 6 (Authorised User) or Your Customer;

Business Day

any day (other than a Saturday or Sunday) on which banks are generally open in England and Wales


any person recognised in law that You wish to utilise Verify for;

Cybersecurity Requirements

all laws, regulations, codes, guidance (from regulatory and advisory bodies, whether mandatory or not), international and national standards, and sanctions, applicable to either party and relating to security of network and information systems and security breach and incident reporting requirements, including the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) and the Network and Information Systems Regulations 2018 (SI 506/2018), all as amended or updated from time to time;

Data Processing Addendum

data processing requirements set out in APPENDIX 1;

Derived Data

data that results from Tiller’s observation, analysis or other processing of Your Data and that is anonymised (to exclude any Personal Data) and may be aggregated with other data of Tiller’s;


the documentation made available to You by Tiller from time to time (whether online or in hard copy) which sets out a description of, and user instructions for, Verify, including user manuals, operator guides, training materials and other documentation provided or otherwise made available by Tiller to You for use in conjunction with Verify;


the fees payable for the use of Verify specified in the the Portal or Specification set out in the Sign Up and as may be modified from time to time by notice to you;

Good Industry Practice

in relation to any undertaking and any circumstances, the exercise of that degree of care, and skill which would reasonably and ordinarily be expected from a skilled, professional and experienced person or entity engaged in the same or similar type of business or offering the same or similar type of cloud-based service, including software-as-a-service;

Initial Engagement

the original term or period the parties have agreed for utilisation of Verify

Intellectual Property Rights

patents, trademarks, service marks, design rights (whether registrable or otherwise), Sign Ups for any of those rights, copyright (including all rights in software and any database rights), know-how, confidential information, trade or business names and any similar rights or obligations whether registrable or not in any country;

Personal Data

any information relating to an identified or identifiable natural person including, but not limited to, Your Data;


means Tillers electronic or internet or mobile system or enabled access to the Services web browser application available to Authorised Users.

Relevant Regulator

the regulator, or its successor, under which You are regulated;

Relevant Regulator Rules

the rules and guidance of the Relevant Regulator as contained in any handbook, guidance notes or equivalent, as may be updated from time to time;


(i) the provision of, access to and use of Verify and (ii) any other services to be provided by Tiller under this agreement;

Sign Up

The application completed by You, to use Verify including any declarations , disclosures and the Fees and Specification of Verify;


The verification of Your Customers information and credentials by carrying out due diligence on Your Customers as set out in the technical and functional features, descriptions, specifications, and performance requirements of Verify set out by Tiller in the Sign Up, as may be updated by operation of Clause 133 (Governance) from time to time;

Third Party Services

those suppliers utilised by Tiller for Verify Services;

Tiller Hardware

the computing devices and related technology artefacts utilised by Tiller in provision of Services;

Tiller Software

Verify software that Tiller makes available to you;


the term of this agreement, as stated in the Specification;

Terms of Use

Tiller’s terms of use for Verify as in force from time to time, as accessible within Verify;

Third Party Services

services or data procured by You or Tiller, as the context determines, to be supplied by third parties, access to which is made available through Verify;


updates, new releases, revisions, extensions, versions, upgrades, improvements, bug fixes, patches, enhancements or other modifications made generally available to all users of Verify;


Tiller's offering through Verify to provide the Specification including the App and Portal, but excluding that of Tiller’s Third Party Services;


the firm that has completed Sign Up.

Your Affiliate

an entity controlling, controlled by or under common control with You, “control” having the meaning given in section 1124 of the Corporation Tax Act 2010 in the United Kingdom or the legislation of the country You are incorporated in;

Your Data

data held on or otherwise processed by Verify relating to You or Your own Customers’ affairs;

Your Hardware

the computing devices and related technology artefacts utilised by You utilising the Services;


The definitions include, as the context may require, the singular or the plural form of the term used.


1.1. In this agreement:


clause headings are inserted for ease of reference only and do not affect construction;


references to “writing” or cognate expressions includes a reference to email or comparable means of non-verbal communication;


words importing one gender shall be treated as importing any gender, words importing individuals shall be treated as importing bodies corporate, corporations, unincorporated associations and partnerships and vice-versa, words importing the singular shall be treated as importing the plural and vice-versa, and words importing whole shall be treated as including a reference to any part thereof; and


references to clauses and Appendices are to the clauses of and Appendices to this agreement.


The Appendices form part of this agreement. If there is any conflict or inconsistency between any of the provisions of the main body of this agreement and the Appendices, the main body of this agreement shall prevail.


The rule known as the ejusdem generis rule shall not apply and accordingly general words introduced by the word "other", "including", "in particular", "for example" or any similar expression shall not be given a restrictive meaning by reason of the fact that they are preceded by words indicating a particular class of acts, matters or things.


General words shall not be given a restrictive meaning by reason of the fact that they are followed by particular examples intended to be embraced by the general words.

2.  Licence to use verify, data sources, requirements


In return for your payment of the Fees in accordance with this agreement, Tiller hereby grants to You, on and subject to the terms and conditions of this agreement and the Terms of Use, a non-exclusive licence to access and use Verify during the Term for its own business purposes.


The licence granted under clause 2.1 shall extend to use by: (a) Your Affiliates; (b) Your Customers duly authorised by You or Your Affiliates to use and access Verify, but shall otherwise be non-transferable, non-sub-licensable and non-assignable


Your business may or may not be subject to specific industry regulation. Tiller provides intuitive technical digital operational solutions. Tiller is not required to be regulated by a regulator (other than a data protection regulator) to provide Services. Tiller has implemented the requirements for Verify as described in the service descriptions.


You warrant and represent to Tiller that you have done such reasonable due diligence of Verify and takes sole responsibility for its suitability for its intended purposes and Your obligations to the Relevant Regulator under the Relevant Regulator Rules. You acknowledge that Tiller is making available to it a general service made available to its customers generally and that, it is not making a bespoke service specifically for Your individual requirements.

3. Verify term


This agreement will commence on the Access Date and shall (subject to any period of Initial Engagement and rights to termination under clause 28 (Termination) or as otherwise set out in this agreement) continue in force until notice is served under clause 28 (Termination).

4. Tiller services


In consideration of Your payment of the Fees in accordance with this agreement, Tiller shall provide the following Services to You:


access to and use of Verify through the Portal in accordance with this agreement and options as selected by you in the Sign Up;


Access to the Portal or such other electronic access as we agree with you.


Access for Your Customers to the App.


Tiller warrants to and undertakes with You that:


in respect of the provision of Services to You, it will perform its Services in accordance with the instructions received from You as evidenced in a Sign Up or by processes adopted under Clause 13 (Governance) and law and regulations applicable to it in delivery of the Services;


Tiller will perform the Services with reasonable care and skill and in accordance with Good Industry Practice and any performance criteria specified in this agreement or at Sign Up including Your Requirements and the Specification;


Verify will in all material respects conform to the latest release of the Specification;


Verify does not and will not infringe the Intellectual Property Rights of any person not a party to this agreement;


it has and will maintain all licences, consents, and permissions necessary for the performance of its obligations under this agreement;


it shall use all reasonable efforts in accordance with Good Industry Practice to ensure that Verify will be virus-free and will not include any malicious software or device designed to prevent, impair or otherwise adversely affect the operation of any software, hardware or network;


it shall use all reasonable efforts in accordance with Good Industry Practice to ensure that it and any of its subcontractors comply with all applicable laws pertaining to the confidentiality and security of Your Data and Personal Data.


Except as expressly provided otherwise, any dates or timeframes for provision of the Services as set forth in this agreement and applicable appendices, exhibits and attachments are estimates only, except where they have been agreed as definitive dates under the processes of Clause 13 (Governance).


It is the responsibility of You to ensure that You and your Authorised Users have a suitable internet service and that the hardware, telecommunications services and software necessary to access Verify over the internet as Tiller recommends from time to time. Tiller takes no responsibility for the performance of any such hardware, telecommunications services, software or internet service, or for the performance or availability of the internet itself.

5. Exclusivity and restrictions


Certain of our Third-Party Providers may require restrictions or requirements to be observed by you, and this may change from time to time. Where this happens, we will notify you of the change and you will observe the new arrangements from the date that notification is effective.


During the Term of this Agreement, You undertake not to


Reverse engineer distribute or create, any services or products or features that compete with the Products, Services or Features; or


distribute or resell the Products, Services and/or Features other than as expressly contemplated by this Agreement.


Where we have evidence that you are carrying out or have done any excluded activity, we may


terminate your access or that of any Authorised User or terminate this arrangement.


You hereby assign and novate all intellectual property rights in your developments resulting from the excluded activity and grant Tiller the power (to be exercised by any one of its directors) of attorney by executing this agreement to do on behalf of Tiller anything which you can lawfully do by an attorney in relation to those rights.You will be required to and will account to Tiller for all economic benefit so derived.


Third-Party Providers current restrictions are set out in Appendix 2.

6. Authorised users


You shall not permit any person other than an Authorised User to access and use Verify Portal and You shall not, and shall procure that no Authorised User shall, save for the allocation of Authorised User permissions, license, sublicense, sell, resell, transfer, assign, distribute or otherwise commercially exploit or make available to any person not a party to this agreement Verify in any way without the prior written consent of Tiller, taking into account the commercial impact of such proposal on its commercial interests, and specifically the additional work to conform Verify to the needs of any such person that would become entitled by Your actions and Your obligations under this Agreement.


You and Your Authorised Users are responsible for maintaining the confidentiality of their respective usernames and passwords, and are fully responsible for all activities that occur under their account.


You are responsible for ensuring compliance by your Authorised Users with the terms of this agreement and the Terms of Use and shall be fully liable for the acts or omissions of Your Authorised Users as if they were the acts or omissions of You.


You shall use all reasonable endeavours to prevent any unauthorised access to, or use of, Verify and, in the event of any such unauthorised access or use, shall promptly notify Tiller.


You may decide to set different access rights for each Authorised User and different arrangements for Your Customers who are Authorised Users and other Authorised Users.


We will make arrangements to organise the data Tiller retains for each Customer, and facilitate your access to reports on Customers through our Portal, and interrogate data as the features of the Portal permit.


If You or any Authorised User becomes aware, or suspects, or has reason to believe or confirms that a person who was an Authorised User but is no longer to be one, or there has been any of any misuse of any Verify or materials, or any security event in connection with this Agreement that could compromise the security or integrity of Verify or otherwise adversely affect Tiller or our licensors, or if You or any Authorised User learns or suspects that any Security Feature has been revealed to or obtained by any unauthorised person

You shall (whether you have notified us or not):

  • cooperate in any investigation of the situation;
  • fully co-operate with Tiller to remedy the issue as soon as reasonably practicable; and


Tiller may suspend your rights (or those of any third party under this Agreement until the misuse or security event or unauthorised disclosure of the security feature is remedied, or if Tiller in its sole discretion, determines that immediate action is required to be taken, Tiller may terminate this Agreement.We may change security features on notice to You or the Authorised Users at any time for security reasons


You cannot make any other firm an Authorised User that is not part of your corporate structure or use Verify to create your own services. If you do, all remuneration you derive from that will be collected by you on behalf of Tiller, held by you as agent for Tiller and returnable to them on demand. If you do make any other firm an Authorised User that is not part of your corporate structure Tiller may at its absolute discretion terminate their usage of Verify or Your usage of Verify.

7. Your customers


Tiller and You agree that Tiller does not have, nor does it wish to have, any direct dealings with any of Your Customers by this Agreement, other than processing Services. It is agreed that:


You are responsible for undertaking all due diligence as required by applicable laws in relation to each of Your Customers’ and all applicable monitoring of Your Customers’ activities as are necessary to combat market abuse, fraud, money laundering and other criminal activities and the provision of Your services to Your Customers’;


You are responsible for any products or services offered or given by You to Your Customers including, without limit, ensuring that any product or service is suitable or appropriate for Your Customer;


You will not facilitate direct access of Your Customer to Verify except as specified through Verify Portal or App and the Services as delivered; and


Tiller will not be responsible for providing any services directly to any Your Customer, all communications with Your Customers will be the responsibility of You.


Tiller will make arrangements for you to view and download reports, information and data on your Company, or use of Verify. These may be called an “account” or similar term. Those arrangements will be secured so that only You through your Authorised Users may access the information through those arrangements.


You will

  • Obtain Your Customer’s consent to your use of Verify
  • Conform to the administrative and security arrangements set out in our Portal for each Customer
  • Inform your Customers that they will be asked to accept the App terms of conditions.

8. Verify updates


Tiller may from time to time, for any technical, legal, performance or operational reasons, make updates to Verify (but not so as to materially adversely affect the performance of the Verify Services).


Before making any material change to Verify, save where the change is required to be made for legal compliance or is strictly necessary for operational or system security reasons, Tiller shall give You as much notice in writing as is reasonably possible in the circumstances to allow You the opportunity to adjust Your operational processes.


Excluding any Update where the change is required to be made for legal compliance or is strictly necessary for operational or system security reasons, if You reasonably evidences that any Update or other change to Verify will have a materially adverse effect on the functionality of Verify, You shall provide written notice setting that out to Tiller and the parties will discuss how best to resolve the issue in accordance with Clause 13 (Governance).


If You have proven that there is a materially adverse change to Verify which affects in a material way Verify functionality, and; (i) that update cannot be modified by Tiller; and (ii) the process set out in Clause 13 (Governance) has been exhausted, You may reject the Update for Verify. Should You reject the update for a Verify option you must terminate this Agreement.


You shall be entitled without additional cost to access and use any Updates introduced from time to time by Tiller as additions to the core features and functions of Verify and which are intended for use by all users of Verify.


Tiller may from time to time offer You the option to implement, for additional Fees, any new features or modules which Tiller has developed and which (at Tiller’s sole discretion) are optional and are not implemented by Tiller by default as additions to the core features and functions of Verify.

9. Tiller obligations


The obligations of Tiller are determined by this agreement, including Specification as may be updated by operation of Clause 133 (Governance).




Tiller will be solely responsible for the maintenance and effectiveness of Tiller hardware and will not be responsible for the maintenance and effectiveness of Your Hardware.




Tiller agrees to:

  • make available Verify Services to the specification in the Verify Portal;
  • to deliver services through Verify; and
  • provide Verify ready for service;

on the terms and conditions set out in this agreement.


You may make requests or suggestions about the Verify Portal.


Tiller is responsible for delivering to Verify Portal.


Tiller is a software service provider. It understands the markets in which it operates and specifically the instructions given to it by You that constitute Verify Portal, Verify Portal provides a repeatable process to make the checks on Your Customers set out in the Specification. Verify works to the criteria set out in the Verify Portal. Tiller is responsible to You for Tillers tools and information generated by Verify.

  • You are responsible for your compliance with your regulations.
  • You remain responsible to your regulator(s) for the suitability of and construction of your operational environment to identify and carry out background checks on Your Customers.
  • You are responsible to Your Customers and Your regulators for Your products and services and all pre compliance checking of Customers.

Verify Portal does not include any linking or messaging to your operational systems other than as provided through Services.

10. Access to verify


Tiller shall make available to you Verify through the Portal on or before the applicable Access Date.


Tiller shall supply to You, within a reasonable time on and from Access Date, security protocols for you to access Verify. All you need to do is make the appropriate selections offered within the security protocols and arrange for the same to be done for Authorised Users or Customers There are no updates to be made to Your Software, all you need is access to the internet to access Verify. You should make your own operational arrangements to disseminate and record information received through Verify.


Tiller shall complete access through a portal to Verify by the Access Date as may be amended by Clause 133 (Governance).


You are responsible for keeping safe the security protocols that will be made available to you, and you select to access Verify. All activity under your security protocols will be charged to you.

11. Security of information and verify


Tiller warrants that the security of information in Verify, or as may be agreed under or Clause 13 (Governance) and its information systems is up to date and accurate and that it will update You immediately in the event of any changes to such information. This warranty does not extend to the security of governments’, government agencies or Third-Party Services that Tiller need to access to provide Services.


Tiller shall notify You immediately if it becomes aware of any incident that materially affects the security of its information systems relevant to Verify and respond without delay to all queries and requests for information from You about any Incident, whether discovered by Tiller or You, in particular bearing in mind the extent of any reporting obligations You may have under Cybersecurity Requirements and that You may be required to comply with statutory or other regulatory timescales.


Tiller will use its best endeavours to ensure the continuity of any services to be provided by You via Verify.


Tiller agrees to co-operate with You in relation to:

  • (a) all aspects of its compliance with cybersecurity of Verify;
  • (b) any requests for information, or inspection, made by any regulator (including in connection with Cybersecurity of Verify);
  • (c) any request for information made in respect of any of the information provided or any policies referred to by Tiller; and
  • (d) any security event.


Tiller shall (and warrants and represents that it shall) at all times in accordance with Good Industry Practice.


implement, operate, maintain, and adhere to, appropriate policies to enable Tiller, as a minimum, to discover and assess incidents, and to prioritise those incidents, sufficient to meet its reporting obligations under this clause;


mitigate against all incidents.


Tiller shall:


take reasonable precautions to preserve the integrity of any data which it processes and to prevent any corruption or loss of such data;


make a backup copy of such data and record the copy on media from which the data can be reloaded if there is any corruption or loss of the data;


in such event and if attributable to any default by Tiller, promptly restore the data at its own expense or, at Your option, promptly reimburse You for any reasonable expenses it incurs in having the data restored by a third party; and


conform to Clause 20 (Data Protection).


You will not allow Your Account to be accessed by any individual that is not an Authorised User or Customer. We may at our discretion from time-to-time block or decline to accept any proposed Authorised User.

12. Your obligations


You shall:


Not ask any person under the age of 13 (or if an older age of legal capacity to give consent or enter into agreements applies in the jurisdiction you operate, that age) to access the App


maintain such regulatory permissions authorisations and regulatory status in your home jurisdiction to enable you to provide your service to Your Customers and received Services;


co-operate with Tiller and provide it with such information and assistance as Tiller shall reasonably require to enable it to perform the Services;


allow Tiller and its employees, officers, agents and representatives reasonable access to your Software or hardware to troubleshoot issues if appropriate;


make available to Tiller the Customer details to allow Services to be provided;


require the Customer to confirm it accepts Tiller will process data before they are given the link to Verify and accept the statements made in APPENDIX 2 and accepts these will be repeated to Customer when it accesses Verify.


Tiller shall have no liability for any failure to perform the Services in accordance with this agreement to the extent that such failure or delay results from Your failure to comply with its obligations in clause 12.1.


You may only use Verify for lawful purposes and must not use the Verify in any way that breaches any applicable local, national or international law or regulation or in any way that is unlawful or fraudulent or has any unlawful or fraudulent purpose or effect.


You warrant to and undertake with Tiller that you shall not, and shall ensure that no Authorised User shall, unless otherwise authorised by Tiller:


interfere or attempt to interfere with the proper working of Verify or disrupt Verify or any network connected to Verify;


except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code form or structure of the software used in Verify;


take any action which imposes an unreasonable or disproportionately large load on Verify’s infrastructure;


gain or attempt to gain unauthorised access to any computer system or network connected to Verify;


copy or modify any part of or create any derivative works from, Verify;


circumvent, or attempt to circumvent, the generation of activity or transaction entries conducted over Your Verify account;


analyse, use or access Verify in order to build a product or service which is the same as or similar to Verify


resell or whitelabel Verify without agreeing to Tillers conditions for so doing .


For the avoidance of doubt, nothing in this agreement shall prevent You from carrying out your own configuration of any data received through Verify as all Verify services are accessed through the Portal.

13. Governance


The Parties agree to manage the relationship between them through the governance structure set out in this clause and more fully detailed in the information contained in the Portal.


Tiller will provide information through Verify for


Service availability


Updates to service


Service performance and effectiveness, and


notices on restriction of service, limtiations of service, or issues relevant to Verify


Should You have reason to contact Tiller to commend it in performance of service or Governance You shall use the contact details for Tiller through the Portal and

  • Tiller will respond to all questions within the stated response times;
  • If one or more meetings are appropriate, to resolve the matters brought to their notice under this clause, Tiller shall ensure that accurate minutes and records of meetings held.

14. Fees


Current fees and the arrangements or process by which we will collect those are available through the Portal. If there is an overlap or contradiction between this Agreement and the Portal, the terms set out in the Portal overrule this Agreement.


Whatever the current fee arrangements and processes the following core terms apply.


Unless otherwise specified, Tiller shall invoice You monthly in arrears for Services performed for that month.


You shall pay to Tiller the Fees in accordance with the fee rates and terms of payment set out in Verify Sign Up or Portal.


Payment methods


Tiller may utilise third party payment websites or providers to facilitate you paying Tiller Fees and provide payment details to them for the relevant fees or charges to be Paid by You, to facilitate payment to Tiller.


Where we require you to complete a direct debit mandate, standing order, or provide credit or debit card details you must do so, or you will not be able to utilise the Verify that is dependent on those details being provided to us.


Where these arrangements are in place You will provide to Us valid, up-to-date and complete credit card details or a completed direct debit mandate and any other relevant valid, up-to-date and complete contact and billing details and, if You provide Your credit card details or direct debit mandate to Us, You hereby authorise Us to bill such credit card or bank account for the relevant subscription or other fees that may be applicable for the relevant Verify or services and/or features. If you do not you will not be able to further utilise Verify package dependent on those.


Third Party Supplier Fees incurred by Tiller because of You as specified in the Sign Up and disclosed to you as part of your use of Verify will be paid by You to Tiller as a cost or disbursement of Tiller


The Fees and all other amounts and fees stated or referred to in this agreement are exclusive of value added tax, which where applicable shall be added to Tiller’s invoices at the prevailing rate from time to time.


The Fees become due and payable on and from the Access Date.


Collection of payment may be made by Tiller from your nominated account, payment service provider bank or credit card before an invoice is issued, as described in your particular Verify payment arrangements


Unless otherwise specified, all Fees due for Your use of Verify shall be non-cancellable and non-refundable.


You shall pay each undisputed invoice submitted by Tiller within tthe period specified in any invoice. If You have any valid reason for disputing any portion of an invoice, You shall so notify Tiller within seven (7) calendar days of receipt of invoice by You, paying any undisputed portion of the invoice, and if no such notification is given, the invoice will be deemed valid and accepted.


You shall make each payment due and undisputed to Tiller under this agreement in full, free of any set-off, deduction or counterclaim and in cleared funds to a bank account nominated in writing by Tiller.


Payments of Fees, and expenses under this agreement shall be made in the currency stated in any invoice or such other currency as may be agreed by the Parties.


If You default in payment of any Fees, and expenses and such Fees, and expenses remain outstanding after the due date, then without prejudice to any other rights and remedies of Tiller, interest shall accrue on such due amounts at an annual rate equal to 2% above the base rate from time to time of the Bank of England, commencing on the due date and continuing until fully paid, whether before or after judgment. Interest due shall be compounded quarterly and payable on demand.


After the initial Engagement, and on each anniversary thereafter, Tiller may increase its fees by (i) a percentage amount equal to the percentage change in the United Kingdom Retail Price Index – all Items (or any replacement of it) plus 2% as published by the U.K.'s Office of National Statistics which occurred during the previous one-year period measured from the one month before the date of notice of such a change by providing at least sixty (60) calendar days written notice to You prior to the effective date of the Fee increase, and Verify Portal and/or Sign Up will be deemed amended accordingly or (ii) by such amount as Tiller determines is appropriate to the particular activities that Verify provides you with and the pricing model you have selected.


Tiller Third Party Service costs and fees, as defined in Verify, will be as determined by the provider of those services and may be increased or decreased as provided for in terms of the engagement with that provider. If Tiller absorbs the costs of that provider in the commercial terms agreed with You, then if those costs increase, the Fees may increase at separate intervals to Tillers own Fees. Tiller may increase these by providing You at least sixty (60) calendar days' written notice to You prior to the effective date of the Fee increase, and Verify Portal and/or Sign Up will be deemed amended accordingly.

15. Confidentiality


Each party will treat as confidential this Agreement and all information obtained from the other party under or in connection with this agreement which is designated as confidential by the other party or which is by its nature clearly confidential or proprietary to the other party (“Confidential Information”).


The recipient party will not disclose such Confidential Information to any person (except only to those employees, directors, agents, sub-contractors, Tillers and other representatives who need to know it) or use such Confidential Information for purposes other than in connection with this agreement without the other party’s prior written consent.


This clause will not extend to information that:


is or becomes publicly known other than through any act or omission of the receiving party;


was in the other party's lawful possession before the disclosure;


is lawfully disclosed to the receiving party by a third party without restriction on disclosure;


is independently developed by the receiving party, which independent development can be shown by written evidence; or


is required to be disclosed by law, by any court of competent jurisdiction or by any regulatory or administrative body.


Each party will ensure that all persons to whom it discloses any Confidential Information of the other party are aware, prior to disclosure, of the confidential nature of the information and that they owe a duty of confidence to the other party. Each party shall be liable for any use, disclosure or dissemination of the other party’s Confidential Information by persons to whom it discloses or disseminates Confidential Information of the other party.


You acknowledges that details of Verify and the Portal constitute Tiller's Confidential Information, except when such details constitute or reference Your Data, Your Configuration, or Your Requirements.


Tiller acknowledges that Your Data, and Your Requirements are the Confidential Information of You.


These obligations of confidentiality will survive any termination of this agreement. Each party will maintain the confidentiality and security of the other party’s Confidential Information, and protect it against threats, hazards or unauthorized access or use, for as long as it is in possession or control of the other party’s Confidential Information. Upon termination of this agreement, and upon written request, each party shall return or destroy all copies of the other party’s Confidential Information to other party’s reasonable satisfaction.

16. Intellectual property


All Intellectual Property Rights in and to Verify shall be and remain vested in Tiller and nothing in this agreement shall be construed as transferring any right of ownership over any Intellectual Property Rights to You or any Authorised User.


Tiller confirms that it has all the rights in relation to Verify that are necessary to grant the rights it grants under this agreement.


All Intellectual Property Rights in and to Your Data, shall as between You and Tiller be and remain Your sole and exclusive property.


All Intellectual Property Rights in and to Derived Data shall be and remain Tiller’s property and Tiller may use and license Derived Data for any purpose provided that Derived Data does not contain any identifiable You Data or Personal Data of You Customers.


If in addition to any of the Services to be provided under this agreement, You request Tiller to provide it with consultancy or build and delivery services for a product or service that will operate independently of Tiller's Verify, the parties will agree the costs, timescales and the licencing arrangement for that product or service by separate agreement.

17. Intellectual property indemnity


Tiller shall defend, indemnify and keep indemnified You against all liabilities, damages, costs, losses, claims, expenses, demands and proceedings arising from or incurred by reason of any infringement or alleged infringement of any Intellectual Property Rights relating to Your or any Authorized User’s proper authorised use of Verify or the proper authorised use of any Services by You.


In the defence or settlement of the claim, Tiller may (i) settle successfully the claim brought against it or You or Authorised Users or (ii) obtain for You the right to continue using the infringing element in Verify, or replace or modify the infringing element so that it becomes non-infringing. If such remedies are not reasonably available, either party may terminate this agreement and Tiller shall refund to You the portion of the Fees paid in advance.


Tiller shall have no liability under this clause if the alleged infringement is based on:


Any of Your Data;


any admission made by You or an Authorised User without Tiller's prior written consent;


Your or any Authorised User’s proper authorised use of Verify in a manner contrary to this agreement (including the Terms of Use), or any instructions given to You by Tiller;


Your Configuration in so far as carried out by You or by Tiller at Your request;


Your use or any Authorised User’s use of Verify after notice of the infringement from Tiller or any appropriate authority;


changes or additions to Verify by You, any Authorised User or any third party on their behalf; or


combination, operation or use of Verify with any third party program or equipment.


This clause 17 sets out Your sole and exclusive rights and remedies, and Tiller’s entire obligations and liability, for infringement of Intellectual Property Rights.


You shall indemnify and keep indemnified Tiller against all liabilities, damages, costs, losses, claims, expenses, demands and proceedings arising from or incurred by reason of any infringement or alleged infringement of any Intellectual Property Rights to the extent based on any of the matters in clause 17.3


In the event of a claim which is the subject of clause 17.1 or 17.5, the relevant indemnified party shall:


ensure the indemnifying party is given prompt notice of any such claim;


provide reasonable co-operation to indemnifying party in the defence and settlement of such claim, at the indemnified party's expense; and


give the indemnifying party sole authority to defend or settle the claim.

18. Third party services


Tiller Third Parties


You acknowledge that Verify may enable you to access or acquire Third Party Services in the provision of Services and that you do so solely at Your own risk.


Tiller has or will put in place the necessary consents and updates to their Third Party Service provider to enable Verify to be used.


Tiller makes no representation, warranty or condition and shall have no liability or obligation (other than the obligation to make such Third Party Services accessible and functional according to its intended purpose through Verify) whatsoever in relation to the content or use of any such Third Party Services, or any transactions completed, and any contract entered into by You, with any such third party.


Any contract entered into and any transaction completed via any third-party is between You and the relevant third party. Tiller recommends that You tests with the third party its ability to integrate with these Services prior to using the relevant Third Party Services.


Tiller obligations and Third Parties. If Tiller has disclosed the use of Third Party Services the representations, warranties given by it are restricted to the extent that the firm providing those Third Party Services is responsible for the issue to which the representations or warranties relate and shall have no liability or obligation (other than the obligation to make such Third Party Services accessible and functional according to its intended purpose through Verify) whatsoever in relation to the content or use of any such Third Party Services, or any transactions completed, and any contract entered into on behalf of You, with any such firm providing the Third Party Services.

19. Your data


You acknowledge that Tiller is not responsible for Your Data, other than to protect its security and confidentiality as provided in clause 15 (Confidentiality) and in compliance with the requirements set out in the Data Processing Addendum, and that You are responsible for the legality, reliability, integrity, accuracy, completeness and quality of Your Data and acknowledges that Tiller does not purport to monitor, and accepts no responsibility for monitoring or verifying Your Data received by it under this Agreement.


Tiller will cross reference Your Data received against various resources to evidence that there are no inconsistencies that would merit a warning to be given to You. You acknowledge that certain warnings may arise because of a time lag in information being received by such resources.

20. Data protection


To the extent that Tiller processes any Personal Data on Your behalf when providing the Services and performing its obligations under this agreement, the Data Processing Addendum shall apply. Tiller is your data processor and you a data controller (in both cases or equivalent in your jurisdiction).


Tiller will give effect to its obligations as a data processor as set out in this agreement, and the law of Jersey, regardless of the jurisdiction(s) that You operate in.


You acknowledge and agree that, subject to the terms of the Data Processing Addendum:


You will inform Your Customer that details of Your Customer's name, address and financial records may be submitted to Tiller and a credit reference agency, and other required agencies;


details of Your Customer's name, address and payment record may be submitted to a credit reference agency, and other required agencies;


Tiller processes as processor, personal data relating to Your; employees, Customers, representatives and Authorised Users that are collected and used by Tiller in order to enable Tiller to deliver, administer or manage the Services, Your account, and for Tiller’s own business purposes;


Tiller may monitor, collect, store and use information on the use and performance of Verify (including Your Data and Derived Data) to detect threats or errors to Verify and/or Tiller’s operations, may aggregate and utilise data received on an anonymous basis for the purposes of the further development and improvement and development or extension of Verify and Tiller’s services.

21. Compliance with law


You shall be solely responsible for compliance with all laws applicable to You and Your Authorised Users access to Verify (including, without limitation, data protection laws) and shall further be solely responsible for compliance with all published policies, guidelines or industry codes of practice applicable to it but not having the force of law.


Tiller shall be solely responsible for compliance with all laws applicable to it and its provision of Verify and shall further be solely responsible for compliance with all published policies, guidelines or industry codes of practice applicable to it but not having the force of law.

22. Disclaimer


While Tiller shall use commercially reasonable endeavours to correct any errors in Verify, Tiller does not warrant:


that the operation or use of Verify will be error-free or uninterrupted or that any defect will be corrected;


the services provided by Third Party Supplier; or


that the configuration performed by, or specified by You and Authorised Users will meet the needs of You or Authorised Users.


You assume sole responsibility for the design and development of your own products and services


Tiller access a variety of data service providers some are Third Party Suppliers and government or local authority registers and related information providers relevant to Verify services, to carry out its service. These, include open source databases, web based searches and government or official registers. Some of these have time lags between events and events being recorded on them, and sometimes those data service providers are not always told of events whether or there is an obligation or requirement for a report to be made. Not all of these are kept up to date. Accordingly whilst the information provided through Verify is accurate in the information it relays but cannot warrant or guarantee the source information it accesses.


Tiller shall have no liability for any loss or damage resulting from and not caused by the acts or omissions to act of Tiller or any of its subcontractors in relation to data providers including:


any error or omission in any of Your Data;


any Third Party Services or data providers described in this clause;


any Configuration in so far as carried out by You;


any Authorised User’s configuration of Verify in so far as carried out by Authorised Users; or


Tiller following any information or instructions provided by You or Authorised User


Save as expressly set out in this agreement, to the maximum extent permitted by law, Tiller disclaims any and all representations, conditions and warranties whether express or implied by statute or common law or otherwise that Verify, the Services or Portal are or will be fit for a particular purpose.

23. Dispute resolution


Any dispute which may arise between the parties concerning this agreement shall be determined as provided in this Clause.


For the purpose of this Clause, a dispute shall be deemed to have arisen when one party serves on the other a notice in writing stating the nature of the dispute and utilised the facilities made available through Clause 133 (Governance) to resolve any matter at issue. If no resolution is secured by that the Parties will refer the matter to the appropriate senior manager to resolve failing which they shall utilise the appropriate dispute resolution venues available in the jurisdictions specified in Clause 42 (law and Jurisdiction).

24. Liability


Nothing in this agreement shall be deemed to limit or exclude the liability of either party for:


death or personal injury caused by its negligence;


fraud or fraudulent misrepresentation;


any other liability that cannot by law be limited or excluded; or


the indemnity given to the indemnified party in clause 16 (Intellectual Property Indemnity).


Subject to clause 24.1, neither party shall in any event be liable whether in contract (by way of indemnity or otherwise), tort (including negligence), misrepresentation, restitution or otherwise under or in connection with this agreement for:


any special, indirect or consequential loss or damage;


any indirect loss of profit, turnover, business, revenue, contracts, goodwill, reputation, anticipated savings, management time or data;


loss of data, unless such loss is as a result of a breach of Tiller’s obligations under the Data Processing Addendum.

25. Attribution


Notwithstanding Clause 15 (Confidentiality):


You shall not remove or obscure any Tiller branding


Tiller may list You as a user of Verify in its advertising and marketing materials and on its website.


Tiller may use your trademarks and logos when in communication with Your Customer.

26. Mutual warranty


Each party warrants to and undertakes with the other that:


it has duly authorised and executed this agreement;


this agreement constitutes a legally valid and binding obligation, enforceable against it in accordance with its terms;


its entry into and performance of this agreement, will not be in breach of any statutory or other legal requirement or of any express or implied terms of any contract it has with or other obligation it is or will be under to any third party;


it shall not at any time act or omit to act in a manner calculated or likely to bring either of the other party into disrepute;


it shall at all material times act in good faith towards the other party.

27. Suspension of service


Without prejudice to any other remedy it may pursue, Tiller may suspend access to Verify:


for such time as You are in material breach of any term of this agreement and such breach (being capable of remedy) has not been remedied within thirty (30) days of You being given notice specifying such breach;


if any money is owed to Tiller by You under an undisputed invoice raised in connection with this agreement and remains unpaid for thirty (30) days after it became due; and


where Tiller reasonably suspects that the security of its systems is or is about to be compromised by You, any Authorised User or third party having access to Your or any Authorised User’s equipment or credentials.


Tiller may suspend access to Verify for emergency or planned system maintenance, in which event Tiller will give You as much notice as is reasonably possible in the circumstances.


Tiller shall plan Maintenance Work to minimize the interruption of the use of Verify, so that the use of Verify by You are affected as little as possible.


Tiller is also permitted to conduct unscheduled Maintenance Work on Verify for critical reasons, e. g. if Verify operation is jeopardized. This includes but is not limited to emergency changes, e. g. the implementation of security patches, which are necessary for securing and maintaining operations and require immediate implementation. You must be notified hereof without undue delay and the unscheduled Maintenance Work must be carried out in such a way as to minimize malfunctions in operational processes as far as possible.

28. Termination


You may terminate this agreement at any time by giving not less than three (3) months’ notice in writing to Tiller.


Subject to the Initial Engagement, Tiller may terminate this agreement at any time by not less than three (3) months’ notice in writing to You such notice ending no earlier than the end of the Initial Engagement.


Tiller may terminate this agreement by notice in writing to You having immediate effect if You:


default in payment of any undisputed Tiller invoice and such invoice remains outstanding thirty (30) days after Tiller has issued a demand in writing for payment;


you are on a pay as you go basis, but have not used Verify for 3 (three) months since your last use, or any date specified in your package of expiry of that package’s entitlements.


infringes Tiller’s or its third party licensor's Intellectual Property Rights, and You have not remedied such infringement within thirty (30) days following Your receipt of said notice by Tiller.


Either party may terminate this agreement with immediate effect by giving written notice to the other party if the other party:


commits a Material Breach of any of its obligations under this agreement which (if the breach is capable of remedy) it has failed to remedy within thirty (30) days after the receipt of a notice in writing from the terminating party requiring the defaulting party to do so;


is unable to pay its debts either or if the non-defaulting party reasonably believes that to be the case;


becomes the subject of a company voluntary arrangement;


has a receiver, manager, administrator or administrative receiver appointed over all or any part of its undertaking, assets or income;


has a resolution passed for its winding-up;


has a petition presented to any court for its winding-up or an application is made for an administration order, or any winding-up or administration order is made against it;


is subject to any procedure for the taking control of its goods that is not withdrawn or discharged within seven days of that procedure being commenced;


has a freezing order made against it;


is subject to any events or circumstances analogous to those in clauses 28.4.2 to 28.4.8 in any jurisdiction;


takes any steps in anticipation of, or has no realistic prospect of avoiding, any of the events or procedures described in clauses 28.4.2 to 28.4.8 including for the avoidance of doubt, but not limited to, giving notice for the convening of any meeting of creditors, issuing an application at court or filing any notice at court, receiving any demand for repayment of lending facilities, or passing any board resolution authorising any steps to be taken to enter into an insolvency process.

29. Consequences of termination


On termination of this agreement however arising:


Tiller shall be entitled to receive from You all undisputed Fees, and any other undisputed fees and expenses accrued or incurred under this agreement up to the date of termination;


Tiller may discontinue provision of the Services and may disable Your and Authorised Users’ access to Verify whereupon You and Authorised Users will no longer have the right to access and use Verify;


Tiller will make available the reports and outputs of Verify through the portal up to and including the date of termination.


Tiller will retain any data received for such periods as required of it by any legislation applicable to it, but may not for a period of three months following termination of this agreement destroy any of Your Data in its possession, without the prior written consent of You. Tiller shall furnish a certificate evidencing the secure destruction of such documents and files upon Your written request. Upon receiving a written request from You for Your Data, Tiller shall use reasonable commercial endeavours to deliver the back-up to You in a structured, commonly used, machine-readable and mutually agreed upon format within 10 Business Days of its receipt of such a written request, provided that You have, at that time, paid all undisputed Fees, and any other fees and expenses outstanding at and resulting from termination (whether or not due at the date of termination). You shall pay reasonable time-based charges and expenses at Tiller’s standard rates for compliance with its obligations under this clause.


Termination shall not affect or prejudice the accrued rights of the parties as at termination.


The provisions of clauses 15 (Confidentiality), 16 (Intellectual Property), 17 (Intellectual Property Indemnity), 22 (Disclaimer), 24 (Liability), and 23 (Dispute Resolution) shall survive termination of this agreement for any reason.

30. Assignment and subcontracting


You shall not assign, transfer, mortgage, charge, declare a trust of, subcontract or deal in any other manner with any or all of its rights or obligations under this agreement, without the prior written consent of Tiller (such consent not to be unreasonably withheld or delayed).


Tiller may without Your prior written consent:


assign or transfer the benefit of, and any of its rights under, this agreement together with any cause of action arising in connection with any of them to its successor in title, to any of its group companies or to any purchaser or transferee from it or any of them; or


sub-contract any or all of its obligations under this agreement so long as Tiller remains responsible for the obligations performed by any such subcontractor to the same extent as if such obligations were performed by Tiller.


Any attempted assignment, transfer or other dealing in violation of this clause 30 will be void and without effect.

31. Variations


No amendment or variation of this agreement shall be effective unless it is notified to You in advance by a duly authorised representatives of Tiller. If You have proven that there is a materially adverse change to its interest in its use by any change to the Agreement (not being an exercise of the options given to Tiller) which affects in a material way it utilisation of Verify functionality or customer experience, or its relationship with Tiller or compliance with relevant regulation and; (i) that amendment or variation cannot be modified by Tiller; and (ii) the process set out in Clause 13 (Governance) has been exhausted, You may reject the variation and terminate the Agreement.


Any change to the Specification shall be effected through Clause 8 (Verify Updates) or Clause 13 (Governance).

32. Severability


If any provision or part of any provision of this agreement shall be held by a court of competent jurisdiction to be invalid or unenforceable, then the provision or part shall be severed and the remainder of the provision and all other provisions of this agreement shall remain valid and in full force.


If any invalid, unenforceable or illegal provision would be valid, enforceable or legal if some part of it were deleted, the provision will apply with whatever modification is necessary to give effect to the commercial intention of the parties.

33. Status of the parties


Tiller is an independent contractor. Nothing in this agreement is intended to, or shall operate to, create a partnership between the parties, or to authorise either party to act as agent for the other, and neither party shall have authority to act in the name or on behalf of or otherwise to bind the other in any way (including the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).

34. Notices and communications


A notice or other communication required to be given under this agreement shall be in writing and shall be delivered personally, or sent by pre-paid first class post or recorded delivery or sent by commercial courier, or sent by email to the relevant party at the address set out in clause 34.3.


A notice or other communication shall be deemed given when so delivered by hand or email or if mailed, three days after mailing (one business day in the case of express mail or overnight courier service).


Notices shall be sent to the person named in the Sign Up, failing which the person Tiller determines from public records is Your chief executive officer or equivalent.


Any change to the contact details of a party shall be notified to the other party in accordance with clause 13 (Governance).


This clause does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.

35. Waiver


No failure or delay by a party to exercise any right or remedy provided under this agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.

36. Rights and remedies


Except as expressly provided in this agreement, the rights and remedies provided under this agreement are in addition to, and not exclusive of, any rights or remedies provided by law.

37. Force majeure


“Force Majeure Event” means any circumstance not within a party's reasonable control including, without limitation:


acts of God, flood, drought, earthquake or other natural disaster;


epidemic or pandemic;


terrorist attack, civil war, civil commotion or riots, war, threat of or preparation for war, armed conflict, imposition of sanctions or embargo;


nuclear, chemical or biological contamination or sonic boom;


failure of or interruption in internet or telecommunications services;


any law or any action taken by a government or public authority, including without limitation imposing an export or import restriction, sanction, quota or prohibition.


Provided it has complied with clause 37.3, if a party is prevented, hindered or delayed in or from performing any of its obligations under this agreement by a Force Majeure Event (“Affected Party”), the Affected Party shall not be in breach of this agreement or otherwise liable for any such failure or delay in the performance of such obligations. The time for performance of such obligations shall be extended accordingly.


The Affected Party shall:


as soon as reasonably practicable after the start of the Force Majeure Event, notify the other party in writing of the Force Majeure Event, the date on which it started, its likely or potential duration, and the effect of the Force Majeure Event on its ability to perform any of its obligations under the agreement; and


use all reasonable endeavours to mitigate the effect of the Force Majeure Event on the performance of its obligations.


A Force Majeure Event shall not relieve the Affected Party from its obligation to make payment of any sum due under this agreement.


If the Force Majeure Event prevents the Affected Party's performance of its obligations under this agreement or an individual Order for a continuous period of more than two months, the other party may terminate this agreement or the affected Order by notice in writing to the Affected Party without liability to the Affected Party as a result of exercising the right of termination.

38. Entire agreement


This agreement, including its appendices, schedules or other attachments hereto, represents the entire agreement between the parties in relation to the subject matter of this agreement and supersedes any previous agreement whether written or oral between all or any of the parties in relation to that subject matter. Accordingly, all other conditions, representations and warranties which would otherwise be implied (by law or otherwise) shall not form part of this agreement.


Each party acknowledges that in entering into this agreement it does not rely on, and shall have no remedies in respect of, any representation or warranty (whether made innocently or negligently) that is not set out in this agreement.


Nothing in this clause shall limit or exclude any liability for fraud

39. Rights of third parties


Except as otherwise expressly provided in this agreement, none of the terms and conditions of this agreement shall be enforceable by any person who is not a party to it, and accordingly the Contracts (Rights of Third Parties) Act 1999 shall not apply in relation to this agreement.

40. Counterparts


This agreement may be executed in any number of counterparts and by the parties on different counterparts. Each counterpart shall constitute an original of this agreement but all the counterparts shall together constitute one and the same agreement.


Each party may evidence their signature of this agreement by completing the Sign Up or if agreed with Tiller transmitting by email a signed signature page of this agreement in PDF format together with the final version of this agreement in PDF or Word format, which shall constitute an original signed counterpart of this agreement. Each party adopting this method of signing shall, following circulation by email, provide the original, hard copy signed signature page to the other parties as soon as reasonably practicable.

41. Costs


Each party shall pay its own costs incurred in connection with the negotiation, preparation, and execution of this agreement and any documents referred to in it.

42. Law and jurisdiction


This agreement and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the laws of Jersey.


Each party irrevocably agrees that the courts of Jersey shall have exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with this agreement or its subject matter or formation.

Appendix 1 – data processing addendum

  • Definitions and interpretation
  • Personal data types and processing purposes
  • Tiller's obligations
  • Tiller's employees
  • Security
  • Personal data breach
  • Cross-border transfters of personal data
  • Subcontractors
  • Complaints, data subject requests and third-party rights
  • Term and termination
  • Data return and destruction
  • Records
  • Audit
  • Warranties

Definition and interpretation

The following definitions and rules of interpretation apply in this agreement.



Business Purposes:

the services described in the agreement.

Controller and Processor:

as defined in the Data Protection Legislation.

Data Subject:

an individual who is the subject of Personal Data.

Personal Data:

means any information relating to an identified or identifiable natural person that is processed by Tiller as a result of, or in connection with, the provision of the services under the agreement; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing, processes, and process:

either any activity that involves the use of Personal Data or as the Data Protection Legislation may otherwise define processing, processes, or process. It includes any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. Processing also includes transferring Personal Data to third parties.

Data Protection Legislation:

the UK Data Protection Legislation relating to personal data and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of personal data (including, without limitation, the privacy of electronic communications).

UK Data Protection Legislation:

all applicable data protection and privacy legislation in force from time to time in Jersey being set out in DATA PROTECTION (JERSEY) LAW 2018 ( as amended from time to time.

Personal Data Breach:

a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed.

Third Party (Tillers):

means those third parties identified in this Appendix, Paragraph 8 (Subcontractors) or otherwise are as agreed in writing between the parties.


Interpretations and defined terms set forth in the agreement apply to the interpretation of this agreement.


The Annex forms part of this Addendum and will have effect as if set out in full in the body of this agreement. Any reference to this agreement includes the Annex.


In the case of conflict or ambiguity between:

  • any provision contained in the body of this Addendum and any provision contained in the Annexes or agreement, the provision in the body of the agreement will prevail;
  • the terms of any accompanying invoice or other documents annexed to this agreement and any provision contained in the Annexes, the provision contained in the Annexes will prevail;
  • any of the provisions of this agreement and the provisions of the agreement, the provisions of this agreement will prevail.

2. Personal data types and processing purposes


You and Tiller acknowledge that for the purpose of the Data Protection Legislation, You are the Controller and Tiller is the Processor.


You retain control of the Personal Data and remain responsible for Your compliance obligations under the applicable Data Protection Legislation, including providing any required notices and obtaining any required consents, and for the processing instructions it gives to Tiller.

3. Tiller's obligations


Tiller will only process the Personal Data to the extent, and in such a manner, as is necessary for the Business Purposes in accordance with Your written instructions from Your Customers. Tiller will not process the Personal Data for any other purpose or in a way that does not comply with this agreement or the Data Protection Legislation.


Tiller must promptly comply with any request or instruction received through Verify requiring Tiller to amend, transfer, delete or otherwise process the Personal Data, or to stop, mitigate or remedy any unauthorised processing.


Tiller will maintain the confidentiality of all Personal Data and will not disclose Personal Data to third parties unless You or this agreement specifically authorises the disclosure, or as required by law, except as provided for here including Third Party (Tillers). If a law, court, regulator, or supervisory authority requires Tiller to process or disclose Personal Data or anything that is set out in its notice of such action, Tiller will inform You of the legal or regulatory requirement placed upon it and give You an opportunity to take such actions as it thinks appropriate and give it such information if Tiller is not precluded from so doing by the notice.


Tiller will implement the instructions of You in Tillers compliance obligations under the Data Protection Legislation, taking into account the nature of Tiller's processing and the information You makes available to Tiller, in accordance with the technical, security and other measures it or Third Party Tillers have put in place to effect a safe operational system data processing taking into account Data Subject rights, and reporting to and consulting with supervisory authorities under the Data Protection Legislation.


Should Tiller become aware it must promptly notify You of any changes to its operational environment that may adversely affect Tiller's observance of Data Protection Legislation.

4. Tiller's employees


Tiller will ensure that all relevant employees:

  • are informed of the confidential nature of the Personal Data and are bound by confidentiality obligations and use restrictions in respect of the Personal Data;
  • have undertaken training on the Data Protection Legislation relating to handling Personal Data and how it applies to their particular duties; and
  • are aware both of Tiller's duties and their personal duties and obligations under the Data Protection Legislation and this agreement.

5. Security


Tiller must at all times implement appropriate technical and organisational measures against unauthorised or unlawful processing, access, disclosure, copying, modification, storage, reproduction, display or distribution of Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure, or damage of Personal Data including. Tiller will make those measures available for review as agreed with You through the governance arrangement.


Tiller must implement such measures to ensure a level of security appropriate to the risk involved, including as appropriate:

  • the pseudonymisation and encryption of personal data;
  • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
  • a process for regularly testing, assessing, and evaluating the effectiveness of security measures.

6. Personal Data Breach


Tiller will promptly and without undue delay notify You if any Personal Data is lost or destroyed or becomes damaged, corrupted, or unusable. Tiller will restore such Personal Data at its own expense.


Tiller will, without undue delay (and in any event within 72 hours), notify You if it becomes aware of or suspects:

  • (a) any accidental, unauthorised, or unlawful processing of the Personal Data; or
  • (b) any Personal Data Breach.


Where Tiller becomes aware of or suspects (a) and/or (b) above, it shall, without undue delay, also provide You with the following information:

  • description of the nature of (a) and/or (b), including the categories and approximate number of both Data Subjects and Personal Data records concerned;
  • the likely consequences; and
  • description of the measures taken or proposed to be taken to address (a) and/or (b), including measures to mitigate its possible adverse effects.


Immediately following any unauthorised or unlawful Personal Data processing or Personal Data Breach, the parties will co-ordinate with each other to investigate the matter. Tiller will reasonably co-operate with You in Your handling of the matter, including:

  • assisting with any investigation;
  • providing You with physical access to any facilities and operations affected;
  • facilitating interviews with Tiller's employees, former employees and others involved in the matter;
  • making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by You; and
  • taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Data Breach or unlawful Personal Data processing.


Tiller will not inform any third party of any Personal Data Breach without first obtaining Your prior written consent, except when required to do so by law.


Tiller agrees that You have the sole right to determine:

  • whether to provide notice of the Personal Data Breach to any Data Subjects, supervisory authorities, regulators, law enforcement agencies or others, as required by law or regulation or in Your discretion, including the contents and delivery method of the notice; and
  • whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy.

You acknowledge that Tiller may be required to give notice to supervisory authority, Tiller undertakes to inform   You of any such notification and response, as it is permitted to do so under the Data Protection Legislation.


Tiller will cover all reasonable expenses notified to it in advance and agreed by the Parties as appropriate, associated with the performance of the obligations under clause 6.2 and clause 6.4 unless the matter arose from Your specific instructions, negligence, wilful default or breach of this agreement, in which case You will cover all reasonable expenses of it and Tiller.

7. Cross-border transfers of personal data


Tiller (or any subcontractor) may transfer or otherwise process Personal Data outside the European Economic Area (EEA). If it does it will take such measures as it determines appropriate to have applied similar protections as if the data remained within the EEA. By executing this agreement, you have given your written consent or direction so to do.


Subject to 7.1, Tiller may only process, or permit the processing, of Personal Data outside the EEA under the following conditions:

  • Tiller is processing Personal Data in a territory which is subject to a current finding by the European Commission under the Data Protection Legislation that the territory provides adequate protection for the privacy rights of individuals; or
  • Tiller participates in a valid cross-border transfer mechanism under the Data Protection Legislation, so that Tiller (and, where appropriate, You) can ensure that appropriate safeguards are in place to ensure an adequate level of protection with respect to the privacy rights of individuals as required by Data Protection Legislation; or
  • the transfer otherwise complies with the Data Protection Legislation for the reasons that Tiller will demonstrate at the request of You.

8. Subcontractors


Third Party (Tillers) as at the commencement of this agreement are approved being those firms set out by us by reference to the documentation referred to in the Specification and those firms disclosed as part of the Specification.


Tiller may not authorise any additional third party or subcontractor to process the Personal Data unless:

  • (a) You provide written consent (except where a Third-Party Tiller assigns disposes or transfers its business to another person); and
  • (b) Tiller enters into a written contract with the subcontractor that contains terms no less onerous than those set out in this agreement, in particular,
  • (i) in relation to requiring appropriate technical and organisational data security measures, and, upon   Your written request, provides   You with copies of such contracts; and
  • (ii) Tiller maintains control over all Personal Data it entrusts to the subcontractor; and
  • (iii) the subcontractor's contract terminates automatically on termination of this agreement for any reason.
  • (iiii) Tiller shall procure that all Tiller personnel or subcontractors who have access to Personal Data in connection with this Agreement comply with the Data Protection Laws and the terms of this Agreement relating to data protection and Tiller remains fully liable to   You for the acts and omissions of such Tiller personnel, and subcontractor's performance of its agreement obligations.
  • (v) Tiller has disclosed to You,  the Third-Party who may be handling Your data and end user agreement as appropriate.  Tiller believes the Third-Party Tillers shall comply with the Data Protection Laws but will only have the obligation to implement its rights against such Third-Party Tillers for their performance of the Third-Party Tiller obligations.


The Parties consider Tiller to control any Personal Data controlled by or in the possession of its subcontractors.


Certain Third-Party Tillers require Tiller to ensure compliance with or make You aware of, Third Party Tillers terms. These are included here in the Third-Party Tillers – End User Terms and Conditions attached to this AppendixAPPENDIX 1.


Tiller will audit a subcontractor's compliance with its obligations regarding Your Personal Data as provided for in its operational arrangements with that firm. At Your request Tiller may provide You with a summary of the audit results. Tiller will give effect to the rights to audit Third Party Tillers.

9. Complaints, data subject requests and third-party rights


Tiller must, at no additional cost, take such technical and organisational measures as may be appropriate, and promptly provide such information to You as You may reasonably require, to enable You to comply with:

  • (a) the rights of Data Subjects under the Data Protection Legislation, including subject access rights, the rights to rectify and erase personal data, object to the processing and automated processing of personal data, and restrict the processing of personal data; and
  • (b) information or assessment notices served on   You by any supervisory authority under the Data Protection Legislation.


    Tiller must notify You within two Working Days if it receives any complaint, notice or communication that relates directly or indirectly to the processing of the Personal Data or to either party's compliance with the Data Protection Legislation.


    Tiller must notify You within two Working Days if it receives a request from a Data Subject for access to their Personal Data or to exercise any of their related rights under the Data Protection Legislation.


    Tiller will give You its full co-operation and assistance in responding to any complaint, notice, communication, or Data Subject request.


    Tiller may disclose to Third Party (Tiller) but must not disclose the Personal Data to any Data Subject or to a third party other than at Your request or instruction, as provided for in this agreement or as required by law.

    10. Term and termination


    This agreement will remain in full force and effect so long as:

    • (a) the agreement remains in effect; or
    • (b) Tiller retains any Personal Data related to the agreement in its possession or control (Term).


    Any provision of this agreement that expressly or by implication should come into or continue in force on or after termination of the agreement in order to protect Personal Data will remain in full force and effect.


    Tiller's failure to comply with the terms of this Agreement is a material breach only if not remedied within the periods agreed between the parties under the governance arrangements.


    If a change in any Data Protection Legislation prevents Tiller from fulfilling its Data Protection Legislation obligations, the parties will agree a change control process, the appropriate portion attributable to You of Tiller's costs of this will be met by You as set out in the change control process and Tiller will suspend the processing of Personal Data on and from the date of the new requirements, if Tiller is not able to conform with those. If the parties are unable to bring the Personal Data processing into compliance with the Data Protection Legislation within six months, either party may terminate the Agreement on written notice to the other party.

    11. Data return and destruction


    At Your request, and on the conditions set out by Tiller, Tiller will give You a copy of or access to all or part of Your Personal Data in its possession or control in the format and on the media reasonably specified by You.


    On termination of the Agreement for any reason or expiry of its term, Tiller will securely delete or destroy or, if directed in writing by You, return and not retain, all or any Personal Data related to this Agreement in its possession or control, except for one copy that it may retain and use for the period set out in the Data Protection Legislation or seven years from the date of termination for audit purposes only.


    If any law, regulation, or government or regulatory body requires Tiller to retain any documents or materials that Tiller would otherwise be required to return or destroy, it will notify You in writing of that retention requirement, giving details of the documents or materials that it must retain, the legal basis for retention, and establishing a specific timeline for destruction once the retention requirement ends.


    Tiller will certify in writing that it has destroyed the Personal Data within 180 Working Days after it completes the destruction.

    12. Records


    Tiller will keep detailed, accurate and up-to-date written records regarding any processing of Personal Data it carries out for You, including but not limited to, the access, control and security of the Personal Data, Third Party Tillers, approved subcontractors and affiliates, the processing purposes, categories of processing, any transfers of personal data to a third country and related safeguards, and a general description of the technical and organisational security measures referred to in clause 5.1 (Security).


    Tiller will ensure that the Records are sufficient to enable You to verify Tiller's compliance with its obligations under this Agreement and Tiller will provide You and/or any UK based relevant supervisory authority that directly requests Tiller with copies of the Records upon request.


    You and Tiller must review the information listed in the Annexes to this Agreement once a year to confirm its current accuracy and update it when required to reflect current practices.

    13. Audit


    Tiller will permit through the Portal You and its third-party representatives to audit Tiller's compliance with its Agreement obligations, on at least 10 Working Days' notice, during the Term. Tiller will give   You and its third-party representatives all necessary assistance to conduct such audits. If You need further assurances you will conform to Tillers conditions of provision of information, and pay the costs notified to you at the time.  The assistance may include, but is not limited to:

    • (a) physical access to, remote electronic access to, and copies of the Records and any other information held at Tiller's premises or on systems storing Personal Data;
    • (b) access to Tiller's premises and/or any other location where Personal Data is Processed under this Agreement (excluding Third Party Tillers);
    • (c) access to and meetings with any of Tiller's personnel reasonably necessary to provide all explanations and perform the audit effectively; and
    • (d) inspection of all Records and the infrastructure, electronic data or systems, facilities, equipment, or application software used to store, process or transport Personal Data.


    The notice requirements in clause 13.1 will not apply if You reasonably believes that a Personal Data Breach occurred or is occurring, or Tiller is in breach of any of its obligations under this Agreement or any Data Protection Legislation.


    If a Personal Data Breach is identified as part of the Audit or is the cause of the Audit, Tiller will:

    • (a) within 20 Working Days of the triggering event, conduct its own audit to determine the cause;
    • (b) produce a written report that includes detailed plans to remedy any deficiencies identified by the audit;
    • (c) provide You with a copy of the written audit report; and
    • (d) remedy any deficiencies identified by the audit within the period agreed between the Parties.


    At least as frequently as Tiller set out in its measures to conform with the Data Protection Legislation, Tiller will conduct site audits of its Personal Data processing practices and the information technology and information security controls for all facilities and systems used in complying with its obligations under this Agreement, including, but not limited to, obtaining a network-level vulnerability assessment performed by a recognised third-party audit firm based on recognised industry best practices.


    Tiller will promptly address any exceptions noted in the audit reports with the development and implementation of a corrective action plan by Tiller's management.

    14. Warranties


    Tiller warrants and represents that:

    • (a) its employees, subcontractors, Third Party Tillers, agents and any other person or persons accessing Personal Data on its behalf are reliable and trustworthy and where relevant have received the required training on the Data Protection Legislation relating to the Personal Data;
    • (b) it will process the Personal Data in compliance with the Data Protection Legislation and other laws, enactments, regulations, orders, standards, and other similar instruments;
    • (c) any person  appointed to control or process the Personal Data in compliance with the instructions received from   You under this Appendix 4,
    • (d) it has no reason to believe that the Data Protection Legislation prevents it from providing any of the Agreement's contracted services; and
    • (e) considering the current technology environment and implementation costs, it will take appropriate technical and organisational measures to prevent the unauthorised or unlawful processing of Personal Data and the accidental loss or destruction of, or damage to, Personal Data, and ensure a level of security appropriate to:
    • (i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction, or damage;
    • (ii) the nature of the Personal Data protected; and
    • (iii) comply with all applicable Data Protection Legislation and its information and security policies, including the security measures required in clause 5.1.


    You warrant and represents that Tiller's expected use of the Personal Data for the Business Purposes and as specifically instructed by You will comply with the Data Protection Legislation.

    Personal Data Processing Purposes and Details

    Subject matter of processing: Data generated by the business and commercial relationship between You and You Customer

    Duration of Processing: the duration of the Agreement

    Nature of Processing: as stated in the Specification to include collection, recording, organisation, structuring, storage, adaptation, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of data

    Categories of Data: as stated in the Specification to include staff (including volunteers, agents, and temporary workers), Your Customers, Yours, Tillers

    Type of Personal Data: as stated in the Specification to include name, address, date of birth, telephone number

    Appendix 2 disclosure of terms tiller terms and third party – end user terms and conditions

    GBG|ID3global Service

    These are the disclosures referenced in clause 27 (Mutual Warranty)

    The ID3global Electronic Identity Verification Service ("GBG|ID3global Service") that Tiller use to provide You with Services under this Agreement is supplied by GB Group plc ("GBG"). GBG has authorised Tiller to act as its authorised intermediary in relation to the GBG|ID3global Service which GBG provide to You. Tiller is obliged under the terms of |Tillers agreement with GBG to ensure that You agree to and comply with the provisions as laid out in the End User Terms and Conditions a copy of which is set out Accordingly, You acknowledges and agrees to (i) a legal and binding agreement between You and GBG for the GBG|ID3global Service incorporating the terms of the End User Terms and Conditions and (ii) comply with its terms. Notwithstanding the terms of the End User Terms and Conditions, the parties agree that:

    • You will pay Charges owed for Your use of the GBG|ID3global Service to Tiller in accordance with the payment terms specified by Tiller. In exceptional circumstances, GBG may be required to collect the Charges from You directly. In such circumstances, you will be notified and GBG's standard payment terms for the supply of the GBG|ID3global Services set out within End User Terms and Conditions shall apply. For the avoidance of doubt, GBG will not exercise this right in relation to Charges which You can show have already been paid to Tiller.
    • Any Standard Support Service or Professional Services shall be provided directly by Tiller and in accordance with the terms of the agreement with You and not by GBG. Consequently, GBG shall have no liability to provide You with any Standard Support Service or Professional Services unless otherwise agreed in writing by GBG.
    Help us prevent automated submissions.
    Go back
    Fill in a few details
    Our team will be happy to help
    Oops! Something went wrong while submitting the form.
    Help us prevent automated submissions.
    Go back
    Fill in a few details
    Our team will be happy to help
    Oops! Something went wrong while submitting the form.
    How can we help?
    Choose from one of the below