Qudo Privacy Notice
Protecting your privacy | January 2023  | V1.1

Who are we

Questionardo Ltd. is a company registered in England and Wales (number 12823944). Our registered address is 3rd Floor, 5-11 Worship Street, London, United Kingdom, EC2A 2BH.

References in this Privacy Notice to ‘Qudo’, ‘we’, ‘us’ or ‘our’ mean ‘Questionardo’.

Information about Qudo and our services can be found on our website: www.qudo.ai

Qudo is a ‘data controller’ for the purposes of the Data Protection Act 2018 (‘DPA 2018’) and the UK General Data Protection Regulation (‘UK GDPR’): we are registered with the Information Commissioner’s Office (ICO), registration number ZB252851.

Our Data Protection Officer (DPO) can be contacted via: dataprotection@mooreclear.com

This Privacy Notice contains important information about who we are and how and why we collect, store, use and share personal information. It tells you about your data subject rights and how to contact us and/or the UK Regulator if you have a complaint.

We are committed to respecting and protecting your privacy. This Privacy Notice will answer any questions about our processing activities. If not, please contact us using any of the methods shown below in the section entitled “How Do I contact you?”.

What types of information do we collect from you

Personal information

In this Privacy Notice, the term “personal information” means data relating to you that allows us to identify you directly or in combination with other information we may hold.

Special Categories of Personal Data

The UK GDPR defines special categories of personal data as information about a person’s race and ethnicity, religious or philosophical beliefs, trade union memberships, political opinions, genetic data, biometric and health data, and information concerning a natural person’s sex life or sexual orientation.

Criminal Offence data

Criminal offence data is information relating to criminal convictions and allegations of criminal activity. This includes information disclosed by the Disclosure and Barring Service (DBS) under the Government’s employment vetting scheme.

Lawful bases for processing your personal information

The lawful bases for processing personal information are set out in Article 6 of the GDPR. At least one of these must apply whenever we process personal information:    

1. Consent: we collect and process your personal information with your consent. This may include when you agree to receive an email about how we can support you or how you would like to receive information about us or our services.
2. Contract performance: the processing is necessary for the performance of a contract you have with us, or for the purposes of entering into a contract with us.
3. Compliance with legal obligation: the processing is necessary to comply with the law for tax, social security, employment purposes etc. This will include sharing with law enforcement agencies details of people involved in fraud or other criminal activity.
4. Protection of vital interests: the processing is vital to an individual’s vital interests.
5. Public interest: the processing is necessary to perform a task that is in the public interest or for an official function, and the task or function has a clear basis in law.
6. Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal information that overrides those legitimate interests.

Conditions to process special category personal data

We rely on the following conditions (as appropriate) under Article 9 of the UK GDPR to process special categories of personal data:

1. Explicit consent
2. Employment, social security, and social protection (if authorised by law)
3. Vital interests
4. Not-for-profit bodies
5. Made public by the data subject
6. Legal claims or judicial acts
7. Reasons of substantial public interest (with a basis in law)
8. Health or social care (with a basis in law)
9. Public health (with a basis in law)
10. Archiving, research, and statistics (with a basis in law)

We collect the least amount of special category data possible for our processing purposes.

The processing of special category data is covered by our policies and procedures and all processing activities involving the processing of special category personal data are listed in our ‘Record of Processing Activity’.

Further legal controls are applied to the processing of criminal offence data. Such data is processed under the substantial public interest conditions listed in Schedule 1, DPA 2018.

The data processing principles

The law requires us to

• process your data in a lawful, fair and transparent way;
• only collect your data for explicit and specified purposes;
• only collect data that is relevant, and limited to the purpose(s) we have told you about;
• ensure your data is accurate and, where necessary, kept up to date;
• keep your data only for as long as necessary for the purpose(s) we have told you about;
• implement appropriate security measures to protect your data. 

Personal information we collect

If you choose to participate in one of our surveys, we may collect personal information about your opinions, behaviours, needs, and priorities through the use of anonymous surveys. This information may include demographic information, such as your age, gender, and location, as well as information about your media and aesthetic preferences.

We may also collect information about your device, including its IP address, in order to prevent duplicate responses and ensure that we have a diverse range of respondents from designated countries or regions.

We may also collect personal information from you if you apply for a job with us or use one of our products. This information may include but is not limited to your name, address, telephone number, email address, and date of birth.

How we use the information about you

We use your personal information for the following purposes:

Surveys

We use your personal information to send you surveys and request feedback. These messages will not include any fundraising requests or direct marketing, and they do not require prior consent when sent by email.

Your responses are collected under the provisions of the UK Data Protection Act 2018,  UK GDPR and the Market Research Society’s Code of Conduct, Fair Data Principles and used for statistical and analytical purposes.

It is in our legitimate interest  to send these messages as doing so is helping us to render and or improve our services and make them more relevant to our customers. You can opt-out of receiving survey requests if you do not wish to participate.

Your responses will not identify you as an individual, and when you complete the survey, your responses are aggregated to provide anonymous insights.

Providing the Services

Qudo uses your personal information to operate and provide services to our clients. However, we also process your personal information in reliance on our legitimate interests to manage and improve our operations, systems, and services, and to provide you with the content, products, or services you access via our website (e.g., to download content).

Improving and Developing the Services

Qudo uses your personal information to understand and analyse trends to identify future opportunities for developing, promoting, and improving the services we offer to our clients. We do this in our legitimate interests, i.e. to develop and improve their products and services. Alternatively, we process your personal information with your consent, freely given when you complete the survey we send you.

Analytics

Qudo analyses the personal information we collect from you in a non-identifiable form, to develop new features, capabilities, or products, improve user experiences, assess capability requirements, and identify customer opportunities. We also may send push notifications to your device. You have choices in regard to the communications you receive from us.

Customer Support

Qudo uses the personal information we collect to communicate with you. We do this under the lawful basis of legitimate interests. For instance, to respond to your inquiries by sending e-mails to an e-mail address you provided for customer service or technical-support purposes; to troubleshoot and diagnose technical problems to help us provide, improve, and secure our products, services, and training; and to investigate security incidents.

Securing the Services

Qudo processes your personal information in reliance on our legitimate interest to maintain the safety, integrity and security of our services, including detecting, preventing, or otherwise addressing fraud, verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies, and protecting our rights and the rights of others.

Marketing

Qudo uses your personal information to send you promotional communications about Qudo, including product recommendations and other non-transactional communications (e.g. marketing newsletters or push notifications) according to your marketing preferences. Such communications may include information about our products, which are sent for our legitimate interest purposes and yours, or under the lawful basis of consent if you have previously consented to receive direct marketing communications. You can elect to stop receiving direct marketing emails from Qudo by contacting us using any of the methods shown in the ‘How do I contact you?’ section (see below).

Advertising

Qudo uses your personal information to send you relevant advertisements, provide personalised information about our services, and provide other personalised content based on your activities and interests to the extent that doing so is in our legitimate interest, i.e. to advertise our services, or where necessary, to the extent that you have provided your prior consent. For these purposes, we may link or combine information about you with other personal information we get from third parties to help understand your needs and provide you with a better and more personalised service or content.

Business purposes

Qudo may use your personal information for other legitimate business purposes in reliance on our legitimate interests, such updating, expanding, and analysing our records, identifying new customers, data analysis, to protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, developing new products, enhancing, improving or modifying our services, identifying usage trends, determining the effectiveness of our promotional campaigns, free trials and operating and expanding our business activities.

Our use of Cookies and other technologies

When you visit our website, we may collect your IP Address, page visited, web browser, any search criteria entered, previous web page visited and other technical information.This information is used solely for web server monitoring and to deliver the best visitor experience.

We may use technology such as cookies to help us deliver relevant and interesting content in our communications in the future. We may profile you to find out more about you, but in the least intrusive way. We may use the information we collect to display your most interesting content on our website. We may use the information we hold about your previous visits. Please see our Cookie Policy here.

If, at any time, you do not wish to receive further information about us or our services, contact us by using any of the methods shown below in the section entitled ‘How do I contact you?’.

Service Messages

Sometimes, we need to inform you about certain changes or events that are taking place. For instance, when planned maintenance will be carried out on our website. We do so by using service messages, sent by email, that do not require your prior consent. These messages ensure we comply with our legal obligations and support you by providing excellent ongoing customer service.  Service messages do not include any marketing material.

Links To Other Websites 

Our website may also contain links to other third-party websites of interest.  This Privacy Notice does not cover these websites, and we encourage you to refer to the privacy notices on the third-party website to find out what they do with your personal information.

Sharing Your Personal Data

Your personal information will not be sold to or shared with third-party organisations or published or made available on publicly accessible platforms. However, your responses will be aggregated with other participants’ responses to create summative insights and visualisation that might be published or shared with third-party organisations.

We may disclose your personal information to third parties if we are under a duty to disclose or share your personal information to comply with any legal obligation, enforce or apply any agreements, or protect the rights, property, or safety of the organisation or other individuals. Such disclosures include, but are not limited to, exchanging information with other companies and organisations under statutory regulations for safeguarding purposes.

Qudo may disclose your personal information when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws, to the extent that the processing or disclosure of personal information is done to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our services, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, or to respond to lawful requests.

How long will we retain your personal Data

The length of time we retain your personal information in a live environment depends on the type of information collected, the reason it was collected and how it is to be used. Typically, the retention period for personal information collected in relation to a research project is a year from the date the research project ended. If for technical reasons, we are unable to delete your personal information from our systems, we will put in place appropriate measures to prevent any further use of your personal information.

We maintain a retention schedule to help manage our storage limitation responsibilities. However, we may keep your personal information for longer to establish, exercise, or defend our legal rights and yours. Where such a need exists, your personal information will be securely archived with restricted access, and other appropriate safeguards will be applied.

Alternatively, we may completely anonymise your personal information (so that you can no longer be identified) for research and analysis purposes. We may retain this information indefinitely without further notice to you.

For further information about applicable retention periods, please contact us using any of the methods shown below in the ‘How do I contact you?’ section.

Children’s information

The services we offer are not directed at children under the age of 18, and we do not knowingly collect, maintain, or use personal information from children under 18 years of age.

If you learn that your child has provided us with personal information without your consent, you may alert us using any of the methods shown below in the ‘How do I contact you?’.

If we learn that we have unwittingly collected personal information from a child under 18, then we will promptly take steps to delete such information.

Security of your personal information

We take the privacy and security of your personal information very seriously, and accordingly, we have implemented appropriate technical and organisational measures to protect your personal information against unauthorised or unlawful processing and accidental loss, destruction, or damage.

The measures we’ve applied include having clear internal policies and procedures in place and maintaining the physical security of our premises and IT security technologies to prevent unauthorised access, damage, and loss of your personal information. Additionally, we have implemented appropriate security procedures, including access controls, to ensure confidentiality. We limit access to your personal information to only those who genuinely need to know.

It should be noted that the transmission of information via the Internet is not completely secure, and whilst we will do our very best to protect your personal information, we cannot guarantee the security of any personal information transmitted to our website; any such transmission is carried out at your own risk. We do have procedures to deal with any suspected data security breach, and we will notify you and the UK regulator of any actual security breach once the breach is confirmed, and if we are legally required to do so.

Locations of Processing

The personal information we collect from you is processed on our servers located in the UK. We will ensure that your personal information is provided with adequate protection if it becomes necessary to transfer your personal information to a country without a finding of adequacy by the European Commission (EC) or the UK regulator.

Transfers of personal information outside of the European Economic Area (EEA) to a country that has not been granted a finding of adequacy either by the EC or the UK regulator, will be carried out using ‘appropriate safeguards’, i.e. Binding Corporate Rules (BCR), Standard Contract Clauses (SCC) (also known as Model Contract Clauses) supported by the UK Addendum, or an International Data Transfer Agreement (IDTA) supported by a Transfer Risk Assessment (TRA) (as required under UK law).  Alternatively, we may rely on approved Codes of Conduct (once published by the UK regulator), or we will seek your consent (where appropriate), on a case-by-case basis.

What are my data subject rights

We support your data subject rights in relation to the processing of your information under the DPA 2018 and the UK GDPR, including your:

•   right to be informed (chiefly via this Privacy Notice)
•   right of access
•   right to rectification
•   right to erasure
•   right to restrict processing
•   right to data portability
•   right to object
•   rights related to automated decision-making including profiling

You can exercise any of these rights, including your right to request a copy of any information we hold about you (otherwise referred to as a Subject Access Request), by contacting us using any of the methods shown below in the ‘How do I contact you?’ section.

We will usually respond within one month of receiving your request.

To protect the confidentiality of your information and in our interests, we may sometimes ask you to verify your identity before proceeding with any request to access your information.

If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to request such information.

Updating my information

You may choose to correct, update, or delete your personal information by contacting us at any time using any of the methods shown below in the ‘How do I contact you?’ section.

If you have opted-in to receive communications from us, your preferences will remain in effect until you tell us that you want to opt out of receiving any further communications.

You can change your mind at any time by contacting us using any of the methods shown below in the ‘How do I contact you?’ section.

Withdrawing my consent

Where we process your information based on your consent, you may withdraw your consent at any time. You can do this by contacting us using the methods shown below in the ‘How do I contact you?’ section.

Making a complaint to us

We hope you’ll never need to do so, but if you do want to complain about our use of your personal information, or our facilitation of your data subject rights requests, you can contact us using any of the methods shown below in the ‘How do I contact you?’ section.

Our DPO will investigate your complaint and provide a prompt and appropriate response.

How do I contact you

You may contact us using any of the following methods:

By post: Data Protection Officer, 3rd Floor. 5-11 Worship Street, London, EC2A 2BH

By email: info@qudo.ai

Making a complaint to the Information Commissioner

You can complain to the Information Commissioner at any time. For instance, if you are unhappy with how we are processing your information or we have failed to facilitate your data subject rights.

The Information Commissioner can be contacted as follows:

By post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

By phone: 0844 496 4636 (local rate)

Further information on how to complain to the ICO can be found here: ICO Make a Complaint

Changes to this Privacy Notice

We continuously review the content of our Privacy Notice to ensure it accurately reflects what we do with your information, or we may change this Privacy Notice to reflect changes in the law. We recommend that you check this page regularly to keep up to date.

This Privacy Notice was last updated in January 2023.

Qudo Terms of service
Qudo Master SaaS Terms | January 2023  | V1.1

Definitions and interpretation

1. The definitions and rules of interpretation set out in the schedule shall apply to our Agreement.

1. In our Agreement:

1. each Licence Agreement entered into by the Customer shall form a separate agreement, incorporating these Master SaaS Terms together with the Addendums, the Subscribed Service Specific Terms for the respective Subscribed Services and the Policies (our Agreement);

1. in the event of any conflict in respect of the provisions of our Agreement and/or the documents referred to in it the following order of priority shall prevail (in descending order of priority):

1. the Licence Agreement;
2. the Subscribed Service Specific Terms;
3. the Addendums;
4. the Policies;
5. the Master SaaS Terms; and
6. the Documentation; and

1. subject to the order of priority between documents in clause 1.2.2, later versions of documents shall prevail over earlier ones if there is any conflict or inconsistency between them.

1. Any obligation of Qudo under our Agreement to comply or ensure compliance by any person or the Services with any law shall be limited to compliance only with laws within England as generally applicable to businesses and to providers of software as a service solutions. Such obligations shall not be construed to create any obligation on Qudo (or anyone acting on its behalf) or any part of the Services to comply with any laws or regulations which apply solely to specific commercial or other activities (such as insurance, legal advice or banking or other professional services) or which apply solely to a specific commercial or non-commercial sector (or part thereof) (such as the public, legal, accountancy, actuarial, insurance, banking or financial service sectors).

Rights of use

1. Upon Order Acceptance and subject to the terms of our Agreement, Qudo grants the Customer a non-exclusive, non-transferable, personal and non-sublicensable right to use each Subscribed Service and copy and use the Documentation as strictly necessary for its use by Authorised Users of the Subscribed Services, within the relevant Subscribed Territory during the Subscribed Service Period for the Permitted Purpose.

1. The Customer acknowledges that access to the Subscribed Services may take up to two (2) Business Days from Order Acceptance to initially set up and that use of the Subscribed Services is at all times subject to the Customer’s compliance with our Agreement and the requirements identified in our Agreement (including all minimum system requirements).

1. The Customer acknowledges that the Services do not include:
   
   1. any services, systems or equipment required to access the internet (and that the Customer is solely responsible for procuring access to the internet and for all costs and expenses in connection with internet access, communications, data transmission and wireless or mobile charges incurred by it in connection with use of the Services);

1. dedicated data back up or disaster recovery facilities (and the Customer should ensure it at all times maintains backups of all Customer Data); or

1. legal, accounting or other professional or regulated services and that, except as expressly stated in our Agreement, no assurance is given that the Services will comply with or satisfy any legal or regulatory obligation of any person.

Authorised Users

1. The Customer shall ensure that only Authorised Users use the Subscribed Services and that such use is at all times in accordance with our Agreement. The Customer shall ensure that Authorised Users are, at all times while they have access to the Subscribed Services, the employees or contractors of the Customer or the Authorised Affiliates.

1. Authorised User accounts cannot be shared or used by more than one individual at the same time.

1. The Customer shall:

1. be liable for the acts and omissions of the Authorised Users and the Authorised Affiliates as if they were its own;

1. only provide Authorised Users with access to the Services via the access method provided by Qudo and shall not provide access to (or permit access by) anyone other than an Authorised User; and

1. procure that each Authorised User (and each Authorised Affiliate) is aware of, and complies with, the obligations and restrictions imposed on the Customer under our Agreement, including all obligations and restrictions relating to Qudo’s Confidential Information.

1. The Customer warrants and represents that it, and all Authorised Users and all others acting on its or their behalf (including systems administrators) shall, keep confidential and not share with any third party (or with other individuals except those with administration rights at the Customer and its Authorised Affiliate’s organisation as necessary for use of the Service) their password or access details for any Subscribed Service.

1. The Customer shall (and shall ensure all Authorised Affiliates and Authorised Users shall) at all times comply with the Acceptable Use Policy and all other provisions of our Agreement.

1. If any password has been provided to an individual that is not an Authorised User, or the Customer becomes aware that the login details of any Authorised User is lost, stolen or otherwise compromised the Customer shall, without delay, disable any such passwords and notify Qudo immediately.

1. The Customer shall comply (and shall ensure all Authorised Affiliates and Authorised Users comply) with all applicable laws, rules, and regulations governing export that apply to the Services, the Customer Data and the Documentation (or any part), and shall not export or re-export, directly or indirectly, separately or as a part of a system, the Services, the
   

Customer Data or the Documentation (or any part) to, or access or use the Services, the Customer Data or the Documentation (or any part) in, any country or territory for which an export licence or other approval is required under the laws of the United Kingdom, the United States, the European Union or any of its member states, without first obtaining such licence or other approval. Without prejudice to Qudo’s obligations under the Data Protection Addendum, the Customer shall be solely responsible for ensuring its access, importation and use of the Services, the Customer Data and Documentation in or into any part of the Subscribed Territory or elsewhere complies with all export and other laws.

1. Clauses 3.3 to 3.7 (inclusive) shall survive termination or expiry of our Agreement.

Indemnity

1. The Customer shall indemnify, keep indemnified and hold harmless Qudo (on Qudo’s own behalf or on behalf of each of Qudo’s Affiliates) from and against any losses, claims, damages, liability, Data Protection Losses, costs (including reasonable legal and other professional fees) and expenses incurred by it (or any of its Affiliates) as a result of the Customer’s or its Authorised Users access, use or misuse of the Services, or a breach of our Agreement.

1. This clause 4 shall survive termination or expiry of our Agreement.

Support

1. Support Services shall be available for each Subscribed Service to the Customer for the duration of the respective Subscribed Service Period, to the extent and in the manner specified in the relevant Licence Agreement.

1. Qudo shall use reasonable endeavours to notify the Customer in advance of scheduled maintenance but the Customer acknowledges that it may receive no advance notification for downtime caused by Force Majeure or for other emergency maintenance.

Changes to services and terms

1. Qudo may at its absolute discretion make updated versions of the documents referred to in clause 1.2.2 or other documents referred to in any part of our Agreement (excluding in each case the Licence Agreement) from time to time. Qudo shall use reasonable endeavours to notify the Customer of such update by e-mail or by any other reasonable means which Qudo elects (Update Notification). Qudo shall comply with its related obligations in the Data Protection Addendum.

1. The document(s) subject to such Update Notification shall replace the preceding version of the same document(s) for the purposes of our Agreement from the time the Customer makes use of the Services after the Update Notification of such revised document(s) (the Update) or at such other date as Qudo may specify.

1. In the event that the Customer reasonably believes that any Update materially impacts it negatively in any manner it may by notice elect to terminate our Agreement in respect of all impacted Subscribed Services provided it exercises such right on not less than 30 days prior written notice and notifies Qudo at the time of exercising such right of the negative impact which has caused it to exercise this right.

1. The Customer acknowledges that Qudo shall be entitled to modify the features and functionality of the Services. Qudo may, without limitation to the generality of this clause 6.4, establish new limits on the Services (or any part), including limiting the volume of data which
   

may be used, stored or transmitted in connection with the Service, remove or restrict application programming interfaces or make alterations to data retention periods, provided such changes are introduced by Update to the relevant impacted contractual documents. Qudo shall comply with its related obligations in the Data Protection Addendum.

Fees

1. If there is a charge associated with a portion of the Services, the Customer agrees to pay that charge. 

1. The Fees are exclusive of VAT which shall be payable by the Customer at the rate and in the manner prescribed by law. The Customer shall pay taxes based on their location at the time of registering their Qudo account, unless otherwise stated. 

1. After Qudo gives the Customer notice that Qudo has not received a full payment in a timely manner, Qudo may suspend or cancel a portion or all of the Services if payment is still not paid within the prescribed time. Suspension or cancellation of a portion or all of the Services for non-payment could result in a loss of access to or use of the Customer’s account and any content therein.

1. Qudo shall be entitled to increase the Fees for any and all Services at any time by notice to the Customer, such increase to take effect from the commencement date of any new Licence Agreement.

1. To the extent our Agreement terminates or expires the Customer shall not be entitled to any refund or discount of Fees paid for any parts of any month during which the Services cease to be provided.

Warranties

1. Subject to the remainder of this clause 8, Qudo warrants that:

1. each Subscribed Service shall operate materially in accordance with its Description when used in accordance with our Agreement under normal use and normal circumstances during the relevant Subscribed Service Period; and

1. it shall provide each of the Services with reasonable care and skill.

1. The Customer acknowledges that clause 8.1 does not apply to Free or Trial Services, Beta Services or to Support Services provided in connection with any of the same. Without prejudice to Qudo’s obligations under our Agreement in respect of Protected Data, Free or Trial Services, Beta Services and Support Services provided in connection with the same are provided ‘as is’ and without warranty to the maximum extent permitted by law.

1. The Services may be subject to delays, interruptions, errors or other problems resulting from use of the internet or public electronic communications networks used by the parties or third parties. The Customer acknowledges that such risks are inherent in cloud services and that Qudo shall have no liability for any such delays, interruptions, errors or other problems.
   
2. If there is a breach of any warranty in clause 8.1 Qudo shall at its option: use reasonable endeavours to repair or replace the impacted Services within a reasonable time or (whether or not it has first attempted to repair or replace the impacted Service) refund the Fees for the impacted Services which were otherwise payable for the period during which Qudo was in breach of any such warranty (provided such period is at least 14 consecutive days). To the maximum extent permitted by law, this clause 8.4 sets out the Customer’s sole and exclusive remedy (however arising, whether in contract, negligence or otherwise) for any breach of any of the warranties in clause 8.1.

1. The warranties in clause 8.1 are subject to the limitations set out in clause 17 and shall not apply to the extent that any error in the Services arises as a result of:

1. incorrect operation or use of the Services by the Customer, any Authorised Affiliate or any Authorised User (including any failure to follow the Documentation or failure to meet minimum specifications);

1. use of any of the Services other than for the purposes for which it is intended;

1. use of any Services with other software or services or on equipment with which it is incompatible;

1. any act by any third party (including hacking or the introduction of any virus or malicious code);

1. any modification of Services (other than that undertaken by Qudo or at its direction); or

1. any breach of our Agreement by the Customer (or by any Authorised Affiliate or Authorised User).

1. Qudo may make Non-Supplier Materials available for the Customer’s use in connection with the Services. The Customer agrees that:

1. Qudo has no responsibility for the use or consequences of use of any Non-Supplier Materials;

1. the Customer’s use of any Non-Supplier Materials shall be governed by the applicable terms between the Customer and the owner or licensor of the relevant Non-Supplier Materials;

1. the Customer is solely responsible for any Non-Supplier Materials used in connection with the Services and for compliance with all applicable third party terms which may govern the use of such Non-Supplier Materials; and

1. the continued availability, compatibility with the Services and performance of the Non-Supplier Materials is outside the control of Qudo and Qudo has no responsibility for any unavailability of or degradation in the Services to the extent resulting from the availability, incompatibility or performance of any of the Non-Supplier Materials.

1. The Customer acknowledges that no liability or obligation is accepted by Qudo (howsoever arising whether under contract, tort, in negligence or otherwise):

1. that the Subscribed Services shall meet the Customer’s individual needs, whether or not such needs have been communicated to Qudo;
   
2. that the operation of the Subscribed Services shall not be subject to minor errors or defects; or

1. that the Subscribed Services shall be compatible with any other software or service or with any hardware or equipment.

1. Other than as set out in this clause 8, and subject to clause 17.5, all warranties, conditions, terms, undertakings or obligations whether express or implied and including any implied terms relating to quality, fitness for any particular purpose or ability to achieve a particular result are excluded to the fullest extent allowed by applicable law.

Customer’s responsibilities

1. The Customer shall (and shall ensure all Authorised Affiliates and Authorised Users shall) at all times comply with all applicable laws relating to the use or receipt of the Services.

1. The Customer shall comply with Qudo’s Acceptable Use Policy as made available and updated from time to time (currently available at www.qudo.ai/acceptable-use-policy ).

1. The Customer shall obtain and maintain all necessary licences, consents, and permissions necessary for Qudo to perform its obligations to the Customer under the terms of our Agreement.

1. The Customer is solely responsible for procuring and maintaining its network connections and telecommunications links from its systems in order to access and use Qudo’s Services.

Intellectual property

1. All Intellectual Property Rights in and to the Services (including in all Applications, Documentation and all Supplier Provided Materials) belong to and shall remain vested in Qudo or the relevant third party owner. To the extent that the Customer, any of its Affiliates or any person acting on its or their behalf acquires any Intellectual Property Rights in the Applications, Documentation, Supplier Provided Materials or any other part of the Services, the Customer shall assign or procure the assignment of such Intellectual Property Rights with full title guarantee (including by way of present assignment of future Intellectual Property Rights) to Qudo or such third party as Qudo may elect. The Customer shall execute all such documents and do such things as Qudo may consider necessary to give effect to this clause 10.1.

1. Qudo has no obligation to deliver any copies of any software to the Customer in connection with our Agreement or the Services.

1. The Customer and Authorised Users may be able to store or transmit Customer Data using one or more Subscribed Services and the Subscribed Services may interact with Customer Systems. The Customer hereby grants a royalty-free, non-transferable, non-exclusive licence for Qudo (and each of its direct and indirect sub-contractors) to use, copy and other otherwise utilise the Customer Data and Customer Systems to the extent necessary to perform or provide the Services or to exercise or perform Qudo’s rights, remedies and obligations under our Agreement. The Customer warrants to Qudo that none of the Customer Data violates our Agreement and that the Customer has the necessary right, title, interest and consent necessary to allow Qudo to use the Customer Data in accordance with our Agreement.

1. To the extent Non-Supplier Materials are made available to, or used by or on behalf of the Customer, any Authorised Affiliate or any Authorised User in connection with the use or
   

provision of any Subscribed Service, such use of Non-Supplier Materials (including all licence terms) shall be exclusively governed by applicable third party terms notified or made available by Qudo or the third party and not by our Agreement. Qudo grants no Intellectual Property Rights or other rights in connection with any Non-Supplier Materials.

1. Qudo may use any feedback and suggestions for improvement relating to the Services provided by the Customer, the Authorised Affiliates or any Authorised User without charge or limitation (Feedback). The Customer hereby assigns (or shall procure the assignment of) all Intellectual Property Rights in the Feedback with full title guarantee (including by way of present assignment of future Intellectual Property Rights) to Qudo at the time such Feedback is first provided to Qudo.

1. The Customer hereby waives (and shall ensure all relevant third parties have waived) all rights to be identified as the author of any work, to object to derogatory treatment of that work and all other moral rights in the Intellectual Property Rights assigned to Qudo under our Agreement.

1. Except for the rights expressly granted in our Agreement, the Customer, any Authorised User, any Customer Affiliate and their direct and indirect sub-contractors, shall not acquire in any way any title, rights of ownership, or Intellectual Property Rights of whatever nature in the Services (or any part including the Applications or Documentation) and no Intellectual Property Rights of either party are transferred or licensed as a result of our Agreement.

1. This clause 10 shall survive the termination or expiry of our Agreement.

Defence against infringement claims

1. Subject to clauses 11.2 and 11.5, Qudo shall:

1. defend at its own expense any claim brought against the Customer by any third party alleging that the Customer’s use of the Services infringes any copyright, database right or registered trade mark, registered design right or registered patent in the United Kingdom (an IP Claim); and

1. pay, subject to clause 11.3, all costs and damages awarded or agreed in settlement or final judgment of an IP Claim.

1. The provisions of clause 11.1 shall not apply unless the Customer:

1. promptly (and in any event within 5 Business Days) notifies Qudo upon becoming aware of any actual or threatened IP Claim and provides full written particulars;

1. makes no comment or admission and takes no action that may adversely affect Qudo’s ability to defend or settle the IP Claim;

1. provides all assistance reasonably required by Qudo subject to Qudo paying the Customer’s reasonable costs; and

1. gives Qudo sole authority to defend or settle the IP Claim as Qudo considers appropriate.

1. The provisions of clause 17 shall apply to any payment of costs and damages awarded or agreed in settlement or final judgment of an IP Claim under clause 11.1.
   
2. In the event of any IP Claim Qudo may elect to terminate our Agreement immediately by written notice and promptly refund to the Customer on a pro-rata basis for any unused proportion of Fees paid in advance. This clause 11.4 is without prejudice to the Customer’s rights and remedies under clauses 11.1.

1. Qudo shall have no liability or obligation under this clause 11 in respect of (and shall not be obliged to defend) any IP Claim which arises in whole or in part from:

1. any modification of the Services (or any part) without Qudo’s express written approval;

1. any Non-Supplier Materials or third party websites;

1. any Customer Data;

1. any Free or Trial Services, or Beta Services (or any Support Services provided in connection with them);

1. any Open Source Software;

1. any breach of our Agreement by the Customer;

1. installation or use of the Services (or any part) otherwise than in accordance with our Agreement; or

1. installation or use of the Services (or any part) in combination with any software, hardware or data that has not been supplied or expressly authorised by Qudo.

1. Subject to clause 17.5, the provisions of this clause 11 set out the Customer’s sole and exclusive remedy (howsoever arising, including in contract, tort, negligence or otherwise) for any IP Claim.

Customer Systems and Customer Data

1. Customer Data shall at all times remain the property of the Customer or its licensors.

1. Except to the extent Qudo has direct obligations under data protection laws, the Customer acknowledges that Qudo has no control over any Customer Data hosted as part of the provision of the Services and may not actively monitor or have access to the content of the Customer Data. The Customer shall ensure (and is exclusively responsible for) the accuracy, quality, integrity and legality of the Customer Data and that its use (including use in connection with the Service) complies with all applicable laws and Intellectual Property Rights.

1. If Qudo becomes aware of any allegation that any Customer Data may not comply with the Acceptable Use Policy or any other part of our Agreement Qudo shall have the right to permanently delete or otherwise remove or suspend access to any Customer Data which is suspected of being in breach of any of the foregoing from the Services and/or disclose Customer Data to law enforcement authorities (in each case without the need to consult the Customer). Where reasonably practicable and lawful Qudo shall notify the Customer before taking such action.

1. Except as otherwise expressly agreed in our Agreement, Qudo shall not be obliged to provide the Customer with any assistance extracting, transferring or recovering any data whether
   

during or after the Service Period. The Customer acknowledges and agrees that it is responsible for maintaining safe backups and copies of any Customer Data, including as necessary to ensure the continuation of the Customer’s and Authorised Affiliates’ businesses. The Customer shall, without limitation, ensure that it backs up (or procures the back up of) all Customer Data regularly (in accordance with its, its Authorised Affiliates and its Authorised User’s needs) and extracts it from each Subscribed Service prior to the termination or expiry of our Agreement or the cessation or suspension of any of the Services.

1. Qudo routinely undertakes regular backups of the Subscribed Services (which may include Customer Data) for its own business continuity purposes. The Customer acknowledges that such steps do not in any way make Qudo responsible for ensuring the Customer Data does not become inaccessible, damaged or corrupted. To the maximum extent permitted by applicable law, Qudo shall not be responsible (under any legal theory, including in negligence) for any loss of availability of, or corruption or damage to, any Customer Data.

1. Unless otherwise set out in the Licence Agreement or subsequently agreed by the parties in writing, the Customer hereby instructs that Qudo shall within 12 months of the earlier of the end of the provision of the Services (or any part) relating to the processing of the Customer Data securely dispose of such Customer Data processed in relation to the Services (or any part) which have ended (and all existing copies of it) except to the extent that any applicable laws of the United Kingdom (or a part of the United Kingdom) requires Qudo to store such Customer Data. Qudo shall have no liability (howsoever arising, including in negligence) for any deletion or destruction of any such Customer Data undertaken in accordance with our Agreement.

Confidentiality and security of Customer Data

1. Qudo shall maintain the confidentiality of the Customer Data and shall not without the prior written consent of the Customer or in accordance with our Agreement, disclose or copy the Customer Data other than as necessary for the performance of the Services or its express rights and obligations under our Agreement.

1. Qudo undertakes to disclose the Customer Data only to those of its officers, employees, agents and contractors to whom, and to the extent to which, such disclosure is necessary for the purposes contemplated under our Agreement or as otherwise reasonably necessary for the provision or receipt of the Services.

1. The provisions of this clause 13 shall not apply to information which:

1. is or comes into the public domain through no fault of Qudo, its officers, employees, agents or contractors;

1. is lawfully received by Qudo from a third party free of any obligation of confidence at the time of its disclosure;

1. is independently developed by Qudo (or any of its Affiliates or any person acting on its or their behalf), without access to or use of such Confidential Information; or

1. is required by law, by court or governmental or regulatory order to be disclosed, provided that clauses 13.3.1 to 13.3.3 (inclusive) shall not apply to Protected Data.

1. This clause 13 shall survive the termination or expiry of our Agreement for a period of five (5) years.
   
2. To the extent any Customer Data is Protected Data, Qudo shall ensure that such Customer Data may be disclosed or used only to the extent such disclosure or use does not conflict with any of Qudo’s obligations under the Data Protection Addendum. Clauses 13.1 to 13.4 (inclusive) are subject to this clause 13.5.

Qudo’s Confidential Information

1. The Customer shall maintain the confidentiality of Qudo’s Confidential Information and shall not without the prior written consent of Qudo, disclose, copy or modify Qudo’s Confidential Information (or permit others to do so) other than as necessary for the performance of its express rights and obligations under our Agreement.

1. The Customer undertakes to:

1. disclose Qudo’s Confidential Information only to those of its officers, employees, agents and contractors to whom, and to the extent to which, such disclosure is necessary for the purposes contemplated under our Agreement;

1. procure that such persons are made aware of and agree to observe the obligations in this clause 14; and

1. be responsible for the acts and omissions of those third parties referred to in this clause 14.2 as if they were the Customer’s own acts or omissions.

1. The Customer shall give notice to Qudo of any unauthorised use, disclosure, theft or loss of Qudo’s Confidential Information immediately upon becoming aware of the same.

1. The provisions of this clause 14 shall not apply to information which:

1. is or comes into the public domain through no fault of the Customer, its officers, employees, agents or contractors;

1. is lawfully received by the Customer from a third party free of any obligation of confidence at the time of its disclosure;

1. is independently developed by the Customer, without access to or use of Qudo’s Confidential Information; or

1. is required by law, by court or governmental or regulatory order to be disclosed provided that the Customer, where possible, notifies Qudo at the earliest opportunity before making any disclosure.

1. This clause 14 shall survive the termination or expiry of our Agreement for period of 5 years or as long as the Confidential Information is confidential, whichever is the longer.

Monitoring compliance

1. Qudo may monitor, collect, store and use information on the use and performance of the Services (including Customer Data) to detect threats or errors to the Services and/or Qudo’s operations, to provide data analysis to industry groups or marketers and for the purposes of the further development and improvement of Qudo’s services, provided that such activities at all times comply with the Privacy Policy and Data Protection Addendum.

1. This clause 15 shall survive termination or expiry of our Agreement.
   

Relief

To the maximum extent permitted by law, Qudo shall not be liable (under any legal theory, including negligence) for any breach, delay or default in the performance of our Agreement to the extent the same (or the circumstances giving rise to the same) arises or was contributed to by any Relief Event.

Limitation of liability

1. The extent of Qudo’s liability under or in connection with our Agreement (regardless of whether such liability arises in tort, contract or in any other way and whether or not caused by negligence or misrepresentation or under any indemnity) shall be as set out in this clause 17.

1. Subject to clause 17.5, Qudo’s total aggregate liability howsoever arising under or in connection with our Agreement shall not exceed an amount equal to the Project Fees for all Services paid to Qudo in the 6 month period immediately preceding the first incident giving rise to any claim under our Agreement.

1. Subject to clause 17.5, Qudo shall not be liable for consequential, indirect or special losses.

1. Subject to clause 17.5, Qudo shall not be liable for any of the following (whether direct or indirect):

1. loss of profit;

1. unfavourable returns on advertising spend (ROAS) whilst using the Suppliers’ Services compared with any alternative.

1. destruction, loss of use or corruption of data;

1. loss or corruption of software or systems;

1. loss or damage to equipment;

1. loss of use;

1. loss of production;

1. loss of contract;

1. loss of opportunity;

1. loss of savings, discount or rebate (whether actual or anticipated); and/or

1. harm to reputation or loss of goodwill.

1. Notwithstanding any other provision of our Agreement, Qudo’s liability shall not be limited in any way in respect of death or personal injury caused by negligence; fraud or fraudulent misrepresentation; or any other losses which cannot be excluded or limited by applicable law.

1. This clause 17 shall survive the termination or expiry of our Agreement.

Suspension

1. Qudo may suspend access to the Services (or any part) to all or some of the Authorised Users without prior written notice if:
   
   1. Qudo suspects that there has been any misuse of the Services or breach of our Agreement;

1. the Customer fails to pay any sums due to Qudo by the due date for payment; or

1. required by law, by court or governmental or regulatory order.

1. Where the reason for the suspension is suspected misuse of the Services or breach of our Agreement, without prejudice to its rights under clause 19, Qudo will take steps to investigate the issue and may restore or continue to suspend access at its discretion.

1. Fees shall remain payable during any period of suspension notwithstanding that the Customer, Authorised Affiliates or some or all of the Authorised Users may not have access to the Services.

Term and termination

1. Our Agreement shall come into force on Order Acceptance and, unless terminated earlier in accordance with its terms, shall continue for the duration of the Service Period after which it shall automatically expire.

1. Qudo may terminate our Agreement or the provision of any of the Subscribed Services for convenience on not less than 30 days’ prior written notice to the Customer.

1. Qudo may terminate our Agreement immediately at any time by giving notice in writing to the Customer where the Customer has failed to pay any amount due under our Agreement on the due date and such amount remains unpaid within 7 days following notification that the payment is overdue.

1. Either party may terminate our Agreement immediately at any time by giving notice in writing to the other party if:

1. the other party commits a material breach of our Agreement and such breach is not remediable; or

1. the other party commits a material breach of our Agreement which is not remedied within (i) 30 days’ where the breaching party is Qudo; or (ii) five (5) Business Days where the breaching party is the Customer, of receiving written notice of such breach; or

1. the other party is unable to pay its debts (within the meaning of section 123 of the Insolvency Act 1986), or becomes insolvent, or is subject to an order or a resolution for its liquidation, administration, winding-up or dissolution (otherwise than for the purposes of a solvent amalgamation or reconstruction), or has an administrative or other receiver, manager, trustee, liquidator, administrator or similar officer appointed over all or any substantial part of its assets, or enters into or proposes any composition or arrangement with its creditors generally, or is subject to any analogous event or proceeding in any applicable jurisdiction.

1. Qudo may terminate or suspend the provision of Beta Services or Free or Trial Services (and all related Support Services) at any time with or without notice.

1. Any breach by the Customer of the Acceptable Use Policy or of clauses 9 and 10 shall be deemed a material breach of our Agreement which is not remediable.
   

Consequences of termination

1. Immediately on termination or expiry of our Agreement (for any reason), the rights granted by Qudo under our Agreement shall terminate and the Customer shall (and shall procure that each Authorised User and Authorised Affiliate shall):

1. stop using the Services; and

1. destroy and delete or, if requested by Qudo, return any copies of the Documentation in its possession or control (or in the possession or control of any person acting on behalf of any of them).

1. Termination or expiry of our Agreement shall not affect any accrued rights and liabilities of either party at any time up to the date of termination or expiry and shall not affect any provision of our Agreement that is expressly or by implication intended to continue beyond termination.

Entire agreement

1. Our Agreement constitutes the entire agreement between the parties and supersedes all previous agreements, understandings and arrangements between them in respect of its subject matter, whether in writing or oral.

1. Each party acknowledges that it has not entered into our Agreement in reliance on, and shall have no remedies in respect of, any representation or warranty that is not expressly set out in our Agreement.

1. Nothing in our Agreement shall limit or exclude any liability for fraud.

Notices

1. Notices under this Agreement shall be in writing, in English and to be sent to Qudo at team@qudo.ai and in the case of those to the Customer, to any email or physical address or contact details linked to the account of the Client registered for using the supplier’s Services (as updated from time to time pursuant to clause 22.2), or any other method that Qudo deems appropriate. Notices may be given, and shall be deemed received:

1. by hand: on receipt of a signature at the time of delivery;

1. by pre-paid first class post or other next day Business Delivery services: at 9.00 am on the second Business Day after posting;

1. by tracked international mail: at 9.00 am on the fourth Business Day after posting;

1. by email: at the time of transmission to the correct email address, or if this falls outside of 9am to 5pm in the United Kingdom (“Business Hours”), when Business Hours resume; and

1. Immediately, when posted by Qudo on the Qudo Services platform.

1. Any change to the contact details of a party as set out in clause 22.2 shall be notified to the other party in accordance with clause 22.1 and shall be effective:

1. on the date specified in the notice as being the date of such change; or
   
2. if no date is so specified, five (5) Business Days after the notice is deemed to be received.

1. This clause does not apply to notices given in legal proceedings or arbitration.

Variation

1. Qudo has the right to revise and amend our Agreement from time to time to reflect the commercial needs of its business and the Customer will be subject to the Agreement in force at the time that it makes use of the Qudo platform, or if Qudo notifies the Customer of changes to our Agreement and it continues to use the Services the Customer will be subject to those changes.

Assignment and subcontracting

1. Except as expressly provided in our Agreement, Qudo may at any time assign, sub-contract, sub-licence (including by multi-tier), transfer, mortgage, charge, declare a trust of or deal in any other manner with any or all of its rights or obligations under our Agreement.

1. Except as expressly permitted by our Agreement, the Customer shall not assign, transfer, sub-contract, sub-licence, mortgage, charge, declare a trust of or deal in any other manner with any or all of its rights or obligations under our Agreement (including the licence rights granted), in whole or in part, without Qudo’s prior written consent.

Set off

Each party shall pay all sums that it owes to the other party under our Agreement without any set-off, counterclaim, deduction or withholding of any kind, save as may be required by law.

No partnership or agency

The parties are independent and are not partners or principal and agent and our Agreement does not establish any joint venture, trust, fiduciary or other relationship between them, other than the contractual relationship expressly provided for in it. Neither party shall have, nor shall represent that it has, any authority to make any commitments on the other party’s behalf.

Severance

1. If any provision of our Agreement (or part of any provision) is or becomes illegal, invalid or unenforceable it shall be modified or deleted to the minimum extent necessary to make the provision legal, valid and enforceable. In the event of such deletion or modification, the parties shall negotiate in good faith in order to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of this Agreement.

Waiver

1. No failure, delay or omission by either party in exercising any right, power or remedy provided by law or under our Agreement shall operate as a waiver of that right, power or remedy, nor shall it preclude or restrict any future exercise of that or any other right, power or remedy. No single or partial exercise of any right, power or remedy provided by law or under our Agreement shall prevent any future exercise of it or the exercise of any other right, power or remedy.
   
2. A waiver of any term, provision, condition or breach of our Agreement shall only be effective if given in writing and signed by the waiving party, and then only in the instance and for the purpose for which it is given.

Costs and expenses

Each party shall pay its own costs and expenses incurred in connection with the negotiation, preparation, signature and performance of our Agreement (and any documents referred to in it).

Third party rights

A person who is not a party to our Agreement shall not have any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any of its provisions.

Authority

Each party represents and warrants to the other that it has the right, power and authority to enter into our Agreement and grant to the other the rights (if any) contemplated in our Agreement and to perform its obligations under our Agreement.

Governing law

Our Agreement and any dispute or claim arising out of, or in connection with, it, its subject matter or formation (including non-contractual disputes or claims) shall be governed by, and construed in accordance with, the laws of England and Wales.

Jurisdiction

The parties irrevocably agree that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of, or in connection with, our Agreement, its subject matter or formation (including non-contractual disputes or claims).

DEFINITIONS AND INTERPRETATION

1. In our Agreement:

Addendums means the addendum identifying certain respective rights and obligations of the parties’ in respect of personal data and privacy under our Agreement (as Updated from time to time), which as at Order Acceptance is the latest version available at www.qudo.ai/data-protection-addendum (the Data Protection Addendum);

Affiliate means, in respect of any entity, any entity that directly or indirectly controls, is controlled by or is under common control with that entity within the meaning set out in section 1124 of the Corporation Tax Act 2010;

Applications means the software or applications used by or on behalf of Qudo to provide the Subscribed Services;

Authorised Affiliates means, in respect of the relevant Subscribed Service, the Affiliates of the Customer (if any);

Authorised Users means, in respect of the relevant Subscribed Service, the named users authorised by the Customer to use that Subscribed Service in accordance with the terms of our Agreement;

Beta Services means any Subscribed Service identified as being provided as a beta release or on an early access basis (for the duration of the period during which it is provided on such basis);

Business Day means a day other than a Saturday, Sunday or bank or public holiday in England;

Customer Means a person, who has signed up with the supplier and accepted all terms and conditions to use a portion or all of its Services.

Customer Data means all data (in any form) that is provided to Qudo or uploaded or hosted on any part of any Subscribed Service by the Customer or by any Authorised User (but excluding Feedback as defined in clause 10.5);

Customer Systems means all software and systems used by or on behalf of the Customer, the Customer’s Affiliates, any of its or their direct or indirect

sub-contractors, or any Authorised User in connection with the provision or receipt any of the Services or that the Services otherwise, link, inter-operate or interface with or utilise (in each case whether directly or indirectly);

Data Protection Losses has the meaning given to that term in the Data Protection Addendum;

Documentation means:

1. the description of the relevant Subscribed Service (as Updated from time to time) at Licence Acceptance in the Licence Agreement (the Description).

Fees means the Project Fees together with any other amounts payable to Qudo under our Agreement;

Force Majeure means an event or sequence of events beyond a party’s reasonable control preventing or delaying it from performing its obligations under our Agreement (provided that an inability to pay is not Force Majeure), including any matters relating to transfer of data over public communications networks and any delays or problems associated with any such networks or with the internet;

Free or Trial Service means any Subscribed Service identified as being provided on a trial basis or provided without charge (for the duration of the period during which it is provided on such basis);

Intellectual Property Rights means  any  and  all  copyright,  rights  in

inventions, patents, know-how, trade secrets, trademarks and trade names, service marks, design rights, rights in get-up, database rights and rights in data, semiconductor chip topography rights, utility models, domain names and all similar rights and, in each case:

1. whether registered or not;

1. including any applications to protect or register such rights;
   
2. including all renewals and extensions of such rights or applications;

1. whether vested, contingent or future; and

1. wherever existing;

Licence Agreement means the terms set out when the Client signs up for or purchases a Subscribed Service;

Master SaaS Terms means the terms set out in the clauses and other provisions of this document (including the schedule), as Updated from time to time;

Materials means all services, data, information, content, Intellectual Property Rights, websites, software and other materials provided by or on behalf of Qudo in connection with the Services, but excluding all Customer Data;

Non-Supplier Materials means Materials provided, controlled or owned by or on behalf of a third party the use of which is subject to a separate agreement or licence between the Customer and the relevant third party (including such Non-Supplier Materials which may be linked to, interact with or used by the Services) and all other Materials expressly identified as Non-Supplier Materials in our Agreement;

Open Source Software means any software subject to a version of the General Public Licence, together with any other ‘open source’ software falling within the Open Source Definition issued by the Open Source Initiative (www.opensource.org/docs/osd) at the date of our Agreement and any ‘free software’ as defined by the Free Software Foundation (www.gnu.org/philosophy/free-sw.html) at the date of our Agreement;

Permitted Downtime means:

1. scheduled maintenance which Qudo shall use reasonable endeavours to undertake outside of Business Hours (UK time);

1. emergency maintenance; or

1. downtime caused in whole or part by Force Majeure.

Permitted Purpose means use solely for the Customer’s internal business operations and, in respect of each Subscribed Services, also for the internal business of operations of any Authorised Affiliates, in each case in accordance with the applicable Documentation and our Agreement. Permitted Purpose expressly excludes any of the following to the maximum extent permitted by law:

1. copying, reproducing, publishing, distributing, redistributing, broadcasting, transmitting, modifying, adapting, editing, abstracting, storing, archiving, displaying publicly or to third parties, selling, licensing, leasing, renting, assigning, transferring, disclosing (in each case whether or not for charge) or in any way commercially exploiting any part of any Subscribed Service or Documentation;

1. permitting any use of any Subscribed Service or Documentation in any manner by any third party (including permitting use in connection with any timesharing or service bureau, outsourced or similar service to third parties or making any Subscribed Service or Documentation (or any part) available to any third party or allowing or permitting a third party to do any of the foregoing (other than to the Authorised Affiliates for the Permitted Purpose));

1. combining, merging or otherwise permitting any Subscribed Service (or
   

any part of it or any Application) to become incorporated in any other program or service, or arranging or creating derivative works based on it (in whole or in part); or

1. attempting to reverse engineer, observe, study or test the functioning of or decompile the Applications or the Services (or any part),

except as expressly permitted under our Agreement.

Policies means each of the following:

1. Qudo’s policy on acceptable use of the Services (as Updated from time to time), which as at Order Acceptance is the latest version available at www.qudo.ai/acceptable-use-policy (the Acceptable Use Policy); and

1. Qudo’s privacy policy in relation to the Services (as Updated from time to time), which as at Order Acceptance is the latest version available at https://www.qudo.ai/privacy-policy (the Privacy Policy);

Pricing Terms means the details of pricing and fees in respect of each part of the Services;

Subscription Fees means the fees payable by the Customer in consideration of that Subscribed Service as set out in the Pricing Terms;

Protected Data has the meaning given in the Data Protection Addendum;

Qudo’s Confidential Information means all information (whether in oral, written

or electronic form) relating to Qudo’s business which may reasonably be considered to be confidential in nature including information relating to Qudo’s technology, know-how, Intellectual Property Rights, assets, finances, strategy,  products  and  customers.  All

information relating to the Feedback, Pricing Terms, the Description and any other technical or operational specifications or data relating to each Subscribed Service shall be part of Qudo’s Confidential Information;

Relief Event means:

1. any breach of our Agreement by the Customer; or

1. any Force Majeure;

Service Hours means 24 hours a day, seven days a week excluding Permitted Downtime;

Service Period means the period beginning the subscription start date and  ending with the last day of the Subscribed Service Periods;

Services means the Subscribed Services and the Support Services;

Subscribed Service Period means (subject to clause 19) in respect of each

Subscribed Service, the duration during which such services are to be provided as initially set out in the Licence Agreement and as varied in accordance with our Agreement;

Subscribed Services means each cloud service to which the Customer has subscribed as set out in the Licence Agreement  (and Subscribed Service shall refer to each respective service separately);

Subscribed Territory means, in respect of the relevant Subscribed Service, the territories identified in the Licence Agreement  except to the extent it is illegal (including as a result of any embargo) under the laws of the United States, any member of the European Union or the United Kingdom (as binding on any person) for the Subscribed Service to be provided to or received within such territories from time to time;

Supplier or Qudo Questionardo Limited (Company Number 12823944) 

Address: 3rd Floor 5-11 Worship Street, London, United Kingdom, EC2A 2BH

Contact Email: info@qudo.ai

Supplier Provided Materials means all of the Materials provided or made

available by or on behalf of Qudo, but excluding all Customer Data and all Non-Supplier Materials;

Support Services means, in respect of the relevant Subscribed Service, the support services provided by Qudo to the Customer during Business Hours as described in the Order Form;

Update has the meaning given in clause 6.2, and

Updated shall be construed accordingly;

Update Notification has the meaning given in clause 6.1; and

VAT means United Kingdom value added tax, any other tax imposed in substitution for it.

1. In our Agreement, unless otherwise stated:

1. the table of contents, background section and the clause, paragraph, schedule or other headings in our Agreement are included for convenience only and shall have no effect on interpretation;

1. Qudo and the Customer are together the parties and each a party, and a reference to a party includes that party’s successors and permitted assigns;

1. words in the singular include the plural and vice versa;

1. any words that follow ‘include’, ‘includes’, ‘including’, ‘in particular’ or any similar words and expressions shall be construed as illustrative only and shall not limit the sense of any word, phrase, term, definition or description preceding those words;

1. a reference to ‘writing’ or ‘written’ includes any method of reproducing words in a legible and non-transitory form (including email);

1. a reference to legislation is a reference to that legislation as amended, extended, re-enacted or consolidated from time to time and a reference to legislation includes all subordinate legislation made from time to time under that legislation; and

1. a reference to any English action, remedy, method of judicial proceeding, court, official, legal document, legal status, legal doctrine, legal concept or thing shall, in respect of any jurisdiction other than England, be deemed to include a reference to that which most nearly approximates to the English equivalent in that jurisdiction.

Qudo Data Protection Addendum | January 2023 | V1

1 Definitions

1.1 In this Data Protection Addendum defined terms shall have the same meaning, and the same rules of interpretation shall apply as in the remainder of our Agreement. In addition, in this Data Protection Addendum the following definitions have the meanings given below:

Applicable Law means the following to the extent forming part of the law of United Kingdom (or a part of the United Kingdom) as applicable and binding on either party or the Services:

(a) any law, legislation, regulation, byelaw or subordinate legislation in force from time to time;

(b) the common law and laws of equity as applicable to the parties from time to time;

(c) any binding court order, judgment or decree; or

(d) any applicable direction, policy, rule or order made or given by any regulatory body having jurisdiction over a party or any of that party’s assets, resources or business; Controller has the meaning given to that term in Data Protection Laws; Data Protection Laws means as applicable and binding on either party or the Services:

(a) the GDPR;

(b) the UK Data Protection Act 2018;

(c) any laws which implement o rsupplement any such laws; and (d) any laws that replace, extend, re-enact, consolidate or amend any of the foregoing;

Data Protection Losses means all liabilities, including all:

(a) costs (including reasonable legal costs), claims, demands, actions, settlements, interest, charges, procedures, expenses,
losses and damages (including relating to material or non-material damage); and

(b) to the extent permitted by Applicable Law:

(i) administrative fines, penalties, sanctions, liabilities or other remedies imposed by a Supervisory Authority;

(ii) compensation which is ordered by a court or Supervisory Authority to be paid to a Data Subject; and

(iii) the reasonable costs of compliance with investigations by a Supervisory Authority;

Data Subject has the meaning given to that term in Data Protection Laws;

Data Subject Request means a request made by a Data Subject to exercise any rights of Data Subjects under Chapter III of the GDPR;

GDPR means the General Data Protection Regulation, Regulation (EU) 2016/679, as it forms part of domestic law in the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018 (including as further amended or modified by the laws of the United Kingdom or of a part of the United Kingdom from  time to time);

International Recipient means the organisations, bodies, persons and other recipients to which Transfers of the Protected Data are prohibited under paragraph 7.1 without the Customer’s prior written authorisation;

Lawful Safeguards means such legally enforceable mechanism(s) for Transfers of Personal Data as may be permitted under Data Protection Laws from time to time;

List of Sub-Processors means the latest version of the list of Sub-Processors used by Qudo, as Updated from time to time, which as at Order Acceptance is available at www.qudo.ai/data-protection-addendum ;

Personal Data has the meaning given to that term in Data Protection Laws;

Personal Data Breach means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Protected Data;

Processing has the meaning given to that term in Data Protection Laws (and related terms such as process, processes and processed have corresponding meanings);

Processing Instructions has the meaning given to that term in paragraph 3.1.1;

Processor has the meaning given to that term in Data Protection Laws;

Protected Data means Personal Data in the Customer Data;

Sub-Processor means a Processor engaged by Qudo or by any other Sub-Processor for carrying out processing activities in respect of the Protected Data on behalf of the Customer;

Supervisory Authority means any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering Data Protection Laws; and Transfer bears the same meaning as the word ‘transfer’ in Article 44 of the GDPR (and related terms such as Transfers, Transferred and Transferring have corresponding meanings).

2 Processor and Controller

2.1 The parties agree that, for the Protected Data, the Customer shall be the Controller and Qudo shall be the Processor. Nothing in our Agreement relieves the Customer of any responsibilities or liabilities under any Data Protection Laws

2.2 To the extent the Customer is not sole Controller of any Protected Data it warrants that it has full authority and authorisation of all relevant Controllers to instruct Qudo to process the Protected Data in accordance with our Agreement.

2.3 Qudo shall process Protected Data in compliance with:

2.3.1 the obligations of Processors under Data Protection Laws in respect of the performance of its obligations under our Agreement; and 2.3.2 the terms of our Agreement.

2.4 The Customer shall ensure that it, its Affiliates and each Authorised User shall at all times comply with:

2.4.1 all Data Protection Laws in connection with the processing of Protected Data, the use of the Services (and each part) and the exercise and performance of its respective rights and obligations under our Agreement, including maintaining all relevant regulatory registrations and notifications as required under Data Protection Laws; and 2.4.2 the terms of our Agreement.

2.5 The Customer warrants, represents and undertakes, that at all times:

2.5.1 the processing of all Protected Data (if processed in accordance with our Agreement) shall comply in all respects with Data Protection Laws, including in terms of its collection, use and storage;

2.5.2 fair processing and all other appropriate notices have been provided to the Data Subjects of the Protected Data (and all necessary consents from such Data Subjects obtained and at all times maintained) to the extent required by Data Protection Laws in connection with all processing activities in respect of the Protected Data that may be undertaken by Qudo and its Sub-Processors in accordance with our Agreement;

2.5.3 the Protected Data is accurate and up to date;

2.5.4 except to the extent resulting from Transfers to International Recipients made by Qudo or any Sub-Processor, the Protected Data is not subject to the laws of any jurisdiction outside of the United Kingdom;

2.5.5 it shall establish and maintain adequate security measures to safeguard the Protected Data in its possession or control (including from unauthorised or unlawful destruction, corruption, processing or disclosure) and maintain complete and accurate backups of all Protected Data provided to Qudo (or anyone acting on its behalf) so as to be able to immediately recover and reconstitute such Protected Data in the event of loss, damage or corruption of such Protected Data by Qudo or any other person;

2.5.6 all instructions given by it to Qudo in respect of Personal Data shall at all times be in accordance with Data Protection Laws; and 2.5.7 it has undertaken due diligence in relation to Qudo’s processing operations and commitments and it is satisfied (and at all times it continues to use the Services
remains satisfied) that:

(a) Qudo’s processing operations are suitable for the purposes for which the Customer proposes to use the Services and engage Qudo to process the Protected Data;

(b) the technical and organisational measures set out in our Agreement (each as Updated from time to time) shall ensure a level of security appropriate to the risk in regards to the Protected Data as required by Data Protection Laws; and

(c) Qudo has sufficient expertise, reliability and resources to implement technical and organisational measures that meet the requirements of Data Protection Laws.

3 Instructions and details of processing

3.1 Insofar as Qudo processes Protected Data on behalf of the Customer, Qudo:

3.1.1 unless required to do otherwise by Applicable Law, shall (and shall take steps to ensure each person acting under its authority shall) process the Protected Data only on and in accordance with the Customer’s documented instructions as set out in our Agreement (including with regard to Transfers of Protected Data to any International Recipient), as Updated from time to time (Processing Instructions); 3.1.2 if Applicable Law requires it to process Protected Data other than in accordance with the Processing Instructions, shall notify the Customer of any such requirement before processing the Protected Data (unless Applicable Law  prohibits such information on important grounds of public interest); and

3.1.3 shall promptly inform the Customer if Qudo becomes aware of a Processing Instruction that, in Qudo’s opinion, infringes Data Protection Laws, provided that:

(a) this shall be without prejudice to paragraphs 2.4 and 2.5; and

(b) to the maximum extent permitted by Applicable Law, Qudo shall have no liability howsoever arising (whether in contract, tort (including negligence) or otherwise) for any losses, costs, expenses or liabilities (including any Data Protection Losses) arising from or in connection with any processing in accordance with the Processing Instructions following the Customer’s receipt of the information required by this paragraph 3.1.3.

3.2 The Customer agrees that:

3.2.1 Qudo (and each Sub-Processor) is not obliged to undertake any processing of Protected Data that Qudo believes infringes any of the Data Protection Laws and shall not be liable (or subject to any reduction or set-off of any Fees otherwise payable to Qudo) to the extent that it (or any Sub-Processor) is delayed in or fails to perform any obligation under our Agreement as a result of not undertaking any processing in such circumstances; and

3.2.2 without prejudice to any other right or remedy of Qudo, in the event the Customer has not resolved any Processing Instruction notified to it under paragraph 3.1.3 such that it is lawful in Qudo’s reasonable opinion within five (5) Business Days’ of such notification then such circumstances are a material breach of our Agreement by the Customer that cannot be remedied and Qudo may terminate our Agreement in accordance with its terms.

3.3 The Customer shall be responsible for ensuring all Authorised Affiliates’ and Authorised User’s read and understand the Privacy Policy (as Updated from time to time).

3.4 The Customer acknowledges and agrees that the execution of any computer command to process (including deletion of) any Protected Data made in the use of any of the Subscribed Services by an Authorised User will be a Processing Instruction (other than to the extent such command is not fulfilled due to technical, operational or other reasons, including as set out in the User Manual). The Customer shall ensure that Authorised Users do not execute any such command unless authorised by the Customer (and by all other relevant Controller(s)) and acknowledges and accepts that if any Protected Data is deleted pursuant to any such
command Qudo is under no obligation to seek to restore it.

3.5 Subject to the Order Form the processing of the Protected Data by Qudo under our Agreement shall be for the subject-matter, duration, nature and purposes and involve the types of Personal Data and categories of Data Subjects set out in the schedule.

4 Technical and organisational measures

4.1 Qudo shall implement and maintain technical and organisational measures in relation to the processing of Protected Data by Qudo, to assist the Customer insofar as is possible (taking into account the nature of the processing) in the fulfilment of the Customer’s obligations to respond to Data Subject Requests relating to Protected Data, in each case at the Customer’s cost in accordance with Qudo’s daily fees as amended from time to time. The parties have agreed that (taking into account the nature of the processing) Qudo’s compliance with paragraph 6.1 shall constitute Qudo’s sole obligations under this paragraph 4.1.

4.2 During the period in which Qudo processes any Protected Data, the Customer shall regularly undertake a documented assessment of whether the security measures implemented in accordance with paragraph 4.1 are sufficient to protect the Protected Data against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access to the extent required by Data Protection Laws in the circumstances. The Customer shall promptly notify Qudo of full details of any additional measures the Customer believes are required as a result of the assessment. The Customer acknowledges that Qudo provides a commoditised
one-to-many service and the needs or assessments of other customers may differ. Qudo shall not be obliged to implement any further or alternative security measures, but this is without prejudice to the Customer ’s right to terminate our Agreement in accordance with the express provisions of our Agreement if it concludes the measures adopted by Qudo are no longer sufficient for its needs.

5 Using staff and other Processors

5.1 Subject to paragraph 5.2, Qudo shall not engage (nor permit any other Sub-Processor to engage) any Sub-Processor for carrying out any processing activities in respect of the Protected Data in connection with our Agreement without the Customer’s prior written authorisation. The Customer shall not unreasonably object to any new Sub-Processor (or any change to any of the Sub-Processors).

5.2 The Customer:

5.2.1 authorises the appointment of each of the Sub-Processors identified on the List of Sub-Processors as at Order Acceptance; and

5.2.2 authorises the appointment of each Sub-Processor (or any change to any of the Sub-Processors) identified on the List of Sub-Processors as Updated from time to time. The Customer’s right to object to the appointment of a new Sub-Processor (or any change to any of the Sub-Processors) following the relevant Update Notice introducing that change may be exclusively exercised by terminating our Agreement in accordance its rights following the Update Notification introducing the change before that Update takes effect in accordance with our Agreement.

5.3 Qudo shall:

5.3.1 prior to the relevant Sub-Processor carrying out any processing activities in respect of the Protected Data, ensure each Sub-Processor is appointed under a written contract containing materially the same obligations as under paragraphs 2 to 12 (inclusive) (including those obligations relating to sufficient guarantees to implement appropriate technical and organisational measures); and

5.3.2 remain fully liable for all the acts and omissions of each Sub-Processor as if they were its own.

5.4 Qudo shall ensure that all persons authorised by it (or by any Sub-Processor) to process Protected Data are subject to a binding written contractual obligation to keep the Protected Data confidential (except where disclosure is required in accordance with Applicable Law, in which case Qudo shall, where practicable and not prohibited by Applicable Law, notify the Customer of any such requirement before such disclosure).

6 Assistance with compliance and Data Subject rights

6.1 Qudo shall refer all Data Subject Requests it receives to the Customer without undue delay. The Customer shall pay Qudo for all work, time, costs and expenses incurred by Qudo or any Sub-Processor(s) in connection with such activity, calculated at Qudo’s standard rates as amended from time to time.
6.2 Qudo shall provide such assistance as the Customer reasonably requires (taking into account the nature of processing and the information available to Qudo) to the Customer in ensuring compliance with the Customer’s obligations under Data Protection Laws with respect to:

6.2.1 security of processing;

6.2.2 data protection impact assessments (as such term is defined in Data Protection Laws);

6.2.3 prior consultation with a Supervisory Authority regarding high risk processing; and

6.2.4 notifications to the Supervisory Authority and/or communications to Data Subjects by the Customer in response to any Personal Data Breach, provided the Customer shall pay Qudo for all work, time, costs and expenses incurred Qudo or any Sub-Processor(s) in connection with providing the assistance in this paragraph 6.2, calculated at Qudo’s standard rates as amended from time to time.

7 International data Transfers

7.1 Subject to paragraphs 7.2 and 7.4, Qudo shall not Transfer any Protected Data:

7.1.1 to any country or territory outside the United Kingdom; and/or 7.1.2 to an organisation and/or its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries, without the Customer’s prior written authorisation except where required by Applicable Law (in which case the provisions of paragraph 3.1 shall apply).

7.2 The Customer hereby authorises Qudo (or any Sub-Processor) to Transfer any Protected Data for the purposes referred to in paragraph 3.5 to any International Recipient(s), provided all Transfers of Protected Data by Qudo of Protected Data to an International Recipient shall (to the extent required under Data Protection Laws) be effected by way of Lawful Safeguards and in accordance with Data Protection Laws and our Agreement. The provisions of our Agreement (including this Data Protection Addendum) shall constitute the Customer’s instructions with respect to Transfers in accordance with paragraph 3.1.1.

7.3 The Lawful Safeguards employed by Qudo in connection with Transfers pursuant to paragraph 7.2 shall be as follows: inclusion of Standard Contractual Clauses or be regulated and reference the US – EU Privacy Shield or another recognised transfer method.

7.4 The Customer acknowledges that due to the nature of cloud services, the Protected Data may be Transferred to other geographical locations in connection with use of the Services further to access and/or computerised instructions initiated by Authorised Users. The Customer acknowledges that Qudo does not control such processing and the Customer shall ensure that Authorised Users (and all others acting on its behalf) only initiate the Transfer of Protected Data to other geographical locations if Lawful Safeguards are in place and that such Transfer is in compliance with all Applicable Laws.

8 Information and audit

8.1 Qudo shall maintain, in accordance with Data Protection Laws binding on Qudo, written records of all categories of processing activities carried out on behalf of the Customer.

8.2 The Customer may, by written notice to Qudo, request information regarding Qudo’s compliance with the obligations placed on it under this Data Protection Addendum. On receipt of such request, Qudo shall provide the Customer (or auditors mandated by the Customer) with information to demonstrate Qudo’s compliance with this Data Protection Addendum to the extent such request is reasonable and the information is in Qudo’s possession or control. Such information shall be confidential to Qudo and shall be Qudo’s Confidential Information as defined in our Agreement, and shall be treated in accordance with applicable terms.

“

9.1 In respect of any Personal Data Breach, Qudo shall, without undue delay (and in any event within 72 hours):

9.1.1 notify the Customer of the Personal Data Breach; and

9.1.2 provide the Customer with details of the Personal Data Breach.

10 Deletion of Protected Data and copies

Following the end of the provision of the Services (or any part) relating to the processing of Protected Data Qudo shall dispose of Protected Data in accordance with its obligations under our Agreement. Qudo shall have no liability (howsoever arising, including in negligence) for any deletion or destruction of any such Protected Data undertaken in accordance with our Agreement.

11 Compensation and claims

11.1 Qudo shall be liable for Data Protection Losses (howsoever arising, whether in contract, tort (including negligence) or otherwise) under or in connection with our Agreement:

11.1.1 only to the extent caused by the processing of Protected Data under our Agreement and directly resulting from Qudo’s breach of our Agreement; and

11.1.2 in no circumstances to the extent that any Data Protection Losses (or the circumstances giving rise to them) are contributed to or caused by any breach of our Agreement by the Customer (including in accordance with paragraph 3.1.3(b)).

11.2 If a party receives a compensation claim from a person relating to processing of Protected Data in connection with our Agreement or the Services, it shall promptly provide the other party with notice and full details of such claim.

11.3 The parties agree that the Customer shall not be entitled to claim back from Qudo any part of any compensation paid by the Customer in respect of such damage to the extent that the Customer is liable to indemnify or otherwise compensate Qudo in accordance with our Agreement.

11.4 This paragraph 11 is intended to apply to the allocation of liability for Data Protection Losses as between the parties, including with respect to compensation to Data Subjects, notwithstanding any provisions under Data Protection Laws to the contrary, except:

11.4.1 to the extent not permitted by Applicable Law (including Data Protection Laws); and

11.4.2 that it does not affect the liability of either party to any Data Subject.

12 Survival

This Data Protection Addendum (as Updated from time to time) shall survive termination (for any reason) or expiry of our Agreement and continue until no Protected Data remains in the possession or control of Qudo or any Sub-Processor, except that paragraphs 10 to 12 (inclusive) shall continue indefinitely.

DATA PROCESSING DETAILS

Subject-matter of processing: Qudo’s provision of the Services to the Customer
Duration of the processing: The Service Period plus the period of expiry from the Service Period until the deletion of all Personal Data by Qudo in accordance with our Agreement

Nature and purpose of the processing:
● processing in accordance with the rights and obligations of the parties under our Agreement;

● processing as reasonably required to provide the Services;

● processing as initiated, requested or instructed by Authorised Users in connection with their use of the Services, or by the Customer, in each case in a manner consistent with our Agreement; and/or

● in relation to each Subscribed Service, otherwise in accordance with the nature and purpose
identified in its Subscribed Service Specific Terms;

Type of Personal Data:

The Customer may submit Personal Data (as part of the Customer’s Data) the extent of which is determined and controlled by the Customer in its sole discretion, which may include, but is not limited to:

● Title

● First and last name

● Contact information (e.g. email, billing address, shipping address, ‘phone number(s))

● Sex and/or Gender

● Suffix

● Timezone (e.g. user preference or derived from contact information)

● IP address

● Geolocation of the customer (e.g city, country, timezone)

● Date of birth

● Purchase history including product description and values

Categories of Data Subjects:

Authorised Users, employees, customers or other Data Subjects of the Customer

Special categories of Personal Data:

Personal data revealing racial or ethnic origin (derived from name or email address)

Qudo Acceptable Use Policy | January 2023 | v1

1 Introduction

1.1 This Acceptable Use Policy (as Updated from time to time) is incorporated into our Agreement pursuant to the Master SaaS Terms. It governs how the Customer, Authorised Affiliates and Authorised Users may access and use the Services.

1.2 Defined terms in this Acceptable Use Policy shall have the meaning given in the Master SaaS Terms as applied by our Agreement and the same rules of interpretation apply. In addition, in this Acceptable Use Policy the following definitions have the meanings given below:

Master SaaS Terms means the latest version of the document available at www.qudo.ai/master-saas, as Updated from time to time; and Virus means any virus, disabling code (including code intended to limit or prevent any use of any software or system) or other malicious software (including malware, trojan horses, ransomware and spyware).

1.3 The Customer, Authorised Affiliates and Authorised Users are only permitted to use and access the Services for the Permitted Purpose as defined in our Agreement and in accordance with its terms. Use of the Services (or any part) in any other way, including in contravention of any restriction on use set out in this Acceptable Use Policy, is not permitted. If any person does not agree with the terms of this Acceptable Use Policy, they may not use
the Services.

2 Restrictions on use

2.1 As a condition of use of the Services, the Customer (on its own behalf and on behalf of all Authorised Affiliates and Authorised Users) and each Authorised User agrees not to use the Services nor permit them to be used:

2.1.1 for any purpose that is unlawful under any applicable law or prohibited by this Acceptable Use Policy or our Agreement;

2.1.2 to commit any act of fraud;

2.1.3 to distribute any Virus;

2.1.4 for purposes of promoting unsolicited advertising or sending spam;

2.1.5 to simulate communications from Qudo or another service or entity in order to collect identity information, authentication credentials, or other information (‘phishing’);

2.1.6 in any manner that disrupts the operations, business, equipment, websites or systems of Qudo or any other person or entity (including any denial of service and similar attacks);

2.1.7 in any manner that harms or may endanger minors or any other person;

2.1.8 in connection with any service, use or purpose where the failure of the Services (or any part) may endanger the health or life of any person or cause damage or loss to any tangible property or the environment;

2.1.9 to promote any unlawful activity;

2.1.10 to represent or suggest that Qudo endorses any other business, product or service unless Qudo has separately agreed to do so in writing;

2.1.11 to gain unauthorised access to or use of any computers, data, systems, accounts or networks of any person;

2.1.12 in any manner which may impair any other person’s use of the Services or use of any other services provided by Qudo to any other person;

2.1.13 to attempt to circumvent any security controls or mechanisms;

2.1.14 to attempt to circumvent any password or user authentication methods of any person;

2.1.15 in any manner inconsistent with our Agreement or any instructions provided by Qudo from time to time; or

2.1.16 in any manner which does not comply with the provisions relating to Intellectual Property Rights contained in our Agreement.

3 Customer Data and communication standards

3.1 Any Customer Data or communication made on or using the Services by any person must conform to appropriate and lawful standards of accuracy, decency and lawfulness, which shall be applied in Qudo’s discretion, acting reasonably. In particular, the Customer warrants and undertakes that any Customer Data and each such communication shall at all times be:

3.1.1 submitted lawfully and without infringement of any Intellectual Property Rights of any person;

3.1.2 free of any Virus (at the point of entering any of the Subscribed Service or Qudo’s systems);

3.1.3 factually accurate;

3.1.4 provided with all necessary consents of all relevant third parties;

3.1.5 not defamatory or likely to give rise to an allegation of defamation;

3.1.6 not obscene, seditious, vulgar, pornographic, sexually explicit, discriminatory or deceptive;

3.1.7 not abusive, threatening, offensive, harassing or invasive of privacy;

3.1.8 free of any content or activity that is, or may reasonably be suspected to be, terrorist in nature;

3.1.9 not racist, sexist or xenophobic;

3.1.10 not of a nature that any courts, regulators, law enforcement authorities or other governmental authorities may order be blocked, deleted, suspended or removed;

3.1.11 not liable to offend religious sentiments or deeply held beliefs; and

3.1.12 unlikely to cause offence, embarrassment or annoyance to any person.

4 Linking and other intellectual property matters

4.1 As a condition of use of the Services, the Customer (on its own behalf and on behalf of all Customer Affiliates and Authorised Users) and each Authorised User agrees not to:

4.1.1 create a frame or any other browser or border environment around the content of the Services (or any part);

4.1.2 display any of the trade marks or logos used on the Services without Qudo’s permission together with that of the owner of such trade marks or logos; or

4.1.3 use Qudo’s trade marks, logos or trade names in any manner.

5 Changes to the Acceptable Use Policy

We may revise this Acceptable Use Policy at any time by amending this page. You are expected to check this page from time to time to take notice of any changes we make, as they are legally binding on you. Some of the provisions contained in this Acceptable Use Policy may also be superseded by provisions or notices published elsewhere on this website.