DEPLOI PLATFORM TERMS OF SERVICE
Last updated: 20 May, 2026
These Terms of Service set out the legal agreement between you ("you","your", the "Customer") and Deploi Technologies Limited, a company incorporated in England and Wales under number 15530150 whose registered office is atDepartment, Campfields, Liverpool Road, Manchester, England, M3 4FP ("we","us","our","Deploi") for our Deploi Services.
Important notice:
We make the Deploi Services available to you in accordance with the terms set out in the Sign Up Flow, these Terms of Service, the DP Schedule, and any other documentation referred to within them (being the "Agreement"). By clicking on the "Accept" button below you agree to the terms of this Agreement which will bind you and all persons acting on your behalf. If you do not agree to be contractually bound by the Agreement, you must not click on the "Accept" button below and you will not receive the Deploi Services. You should print a copy of your Agreement for future reference.
1. Commencement and Term
1.1 This Agreement commences on the Commencement Date and, unless terminated earlier in accordance with these Terms of Service, will continue for the Initial Term set out in the Sign Up Flow (the "Initial Term").
1.2 The Initial Term will be either twenty-four (24) months or thirty-six (36) months, as specified in the Sign Up Flow.
1.3 Following expiry of the Initial Term, the Agreement will automatically renew for successive renewal terms of twelve (12) months (each a "Renewal Term") unless either party gives the other not less than 90 days’ written notice to expire at the end of the Initial Term or the then current Renewal Term.
1.4 If you purchase additional Deploi Services during the Term, those purchases will not extend the Term unless expressly agreed in the Sign Up Flow.
2. Your Obligations
2.1 During the Term, we agree to supply, and you agree to purchase, the Deploi Services on, and subject to, the terms set out in this Agreement.
2.2 You will at all times and in all respects:
2.2.1 perform your obligations in accordance with the terms of this Agreement;
2.2.2 pay the Charges for the Deploi Services in accordance with the provisions of clause 5;
2.2.3 promptly co-operate with us in all matters arising under this Agreement or otherwise relating to the performance of the Deploi Services;
2.2.4 promptly provide to us complete and accurate copies of all information, documents, materials, data or other items necessary for the provision of the Deploi Services, including in respect of the Individuals, and undertake your obligations as provided for in the Agreement;
2.2.5 inform us in a timely manner of any matters (including any safety or security requirements) which may affect the provision of the Deploi Services;
2.2.6 obtain and maintain all necessary licences, permits and consents required to enable us to perform the Deploi Services on the Individuals and otherwise comply with our obligations under this Agreement;
2.2.7 ensure that any instructions you provide to us (including via the Platform or Copilot) are lawful and do not require us to Process Personal Data in a manner that would breach Data Protection Laws; and
2.2.8 keep secure all user IDs, passwords, API keys and access credentials, and promptly notify us of any actual or suspected unauthorised access to the Platform.
2.3 You will defend, indemnify, and hold us harmless against claims, actions, proceedings, losses, damages, expenses, and costs (including court costs and reasonable legal fees) arising out of or in connection with a breach by you of this Agreement.
3. Performance of the Deploi Services
3.1 Following performance of the initial Deploi Services on an Individual, we will provide a Report to you in respect of the pre-employment checks requested and/or such other outputs as are applicable to the Deploi Services ordered (including platform workflow outputs, audit trails and status logs).
3.2 We will use our reasonable endeavours to perform Deploi Services:
3.2.1 in accordance with the Specification; and
3.2.2 in respect of the preparation of a Report, promptly following receipt from you (or the Individual, where applicable) of the details and evidence required.
3.3 The Deploi Services will be deemed to have been completed in full and in accordance with the terms of this Agreement in respect of an Individual on our delivery of the Report (and/or applicable service output) to you in respect of such Individual and the end of any Ongoing Services in respect of that Individual ("Completion").
3.4 Where we provide Ongoing Searches in respect of an Individual, we will do so until you notify us that the Individual is no longer employed by you or otherwise no longer requires Ongoing Searches for your lawful and relevant purposes. You must provide us with thirty (30) days’ notice to end Ongoing Searches in respect of an Individual.
3.5 You acknowledge and agree that after Completion, we will retain Relevant Personal Data we Process for the Agreed Purposes, in accordance with our obligations in the DP Schedule and clause 3.8.
3.6 Time of performance will not be of the essence. We will use our reasonable endeavours to perform the Deploi Services in accordance with any commencement or end dates specified for performance but give no guarantee that we will do so. Any Deploi Services which do not have specified commencement or end dates will be performed by us within a reasonable period of time.
3.7 We will not be liable for any delay or failure by us to comply with the Agreement to the extent the default is caused directly or indirectly, in whole or in part, by:
3.7.1 your failure to provide us with adequate information and instructions for performance of the Deploi Services and/or any use of information, documents, materials, data, designs, specifications, requirements, or other items provided by you;
3.7.2 your failure to comply with the provisions of clause 2.2 or any other breach of the Agreement by you or any person acting on your behalf; or
3.7.3 an event of force majeure, as provided for in clause 14.
3.8 Deploi Passports, portability and employer access limits
3.8.1 Where the Deploi Services include the creation or maintenance of a Deploi Passport for an Individual, you acknowledge and agree that:
(a) the Deploi Passport is a portable compliance record for the Individual, maintained within the Platform for the Agreed Purposes; and
(b) Deploi may continue to maintain and update the Deploi Passport (including via Ongoing Searches and compliance status changes) in accordance with the DP Schedule and the Specification, including where the Individual changes roles or employers.
3.8.2 Your access to an Individual’s Deploi Passport (including Reports and related audit records) is limited to:
(a) the period during which the Individual is engaged or employed by you (the “Employment Period”); and
(b) the scope of Deploi Services, checks, monitoring and access rights that you have ordered and paid for in relation to that Individual.
3.8.3 You will not be entitled to access, and the Platform will not provide you access to:
(a) any Deploi Passport updates, monitoring results, checks or information generated outside the Employment Period; or
(b) any information relating to the Individual’s engagements with other employers, except to the extent such information forms part of the Individual’s historic Deploi Passport record that was created or disclosed within the scope you have ordered and paid for during the Employment Period.
3.8.4 Ongoing Searches are only intended to operate for current workers and where relevant and required. You will ensure that you only request and maintain Ongoing Searches where:
(a) the Individual is a current worker of yours or where you have a continuing lawful audit obligation); and
(b) the Ongoing Searches remain relevant and required for your lawful purposes.
3.8.5 You acknowledge that the Deploi Services (including Copilot outputs) assist with compliance and decision-making but do not replace your responsibility for employment decisions and regulatory compliance.
3.9 For the avoidance of doubt, Deploi Passports form part of Deploi’s independent compliance infrastructure and are not Customer databases or employment records owned by Customer.
3.10 Suspension for misuse / security risk
Without prejudice to our other rights, we may suspend access to the Platform and/or Deploi Services (in whole or part) where we reasonably believe that:
(a) there has been unauthorised access or a security incident affecting your account;
(b) you are using the Platform in breach of clause 2.2, clause 11 or Data Protection Laws; or
(c) continued provision would expose Deploi, Individuals or third parties to material risk.
We will, where reasonably practicable, notify you and cooperate to restore access promptly once the issue is resolved.
4. Warranty
4.1 You warrant that:
4.1.1 you have the right, power and authority to enter into this Agreement and grant to us the rights (if any) contemplated in this Agreement;
4.1.2 you have obtained all consents and provided all notices required under applicable law (including data protection law) to submit the personal data of the Individuals to us and for us to undertake Processing of that personal data in the delivery of the Services, including where Individuals submit data directly via the Platform;
4.1.3 all information, documents, materials, data or other items provided by you pursuant to this Agreement does not infringe the Intellectual Property Rights of any third party and you have the right to share the same with us for the purposes of this Agreement; and
4.1.4 you will not instruct Copilot or otherwise use the Platform in a manner that would cause Deploi to breach applicable law.
4.2 We warrant that:
4.2.1 we have the right, power and authority to enter into this Agreement and grant to you the rights (if any) contemplated in this Agreement; and
4.2.2 the Deploi Services will be performed with reasonable skill, care and attention and in accordance with good industry practice.
4.3 Subject to the provisions of clause 3.7, we will, at our option, remedy, re-perform or refund the Charges attributable to any Deploi Services that do not materially comply with the terms of this Agreement, provided that within five (5) Business Days of Completion you serve a written notice on us of such defects and identify in that notice reasonable detail of the nature and extent of the defects. Save as otherwise provided for in the Agreement, this is your sole remedy for any failure to provide the Deploi Services in accordance with the terms of the Agreement.
4.4 Except as set out in this clause 4:
4.4.1 we give no warranty and make no representations in relation to the Deploi Services, including that the Deploi Services received by you will meet your requirements or be suitable for any particular purpose; and
4.4.2 the conditions implied by the Supply of Goods and Services Act 1982, ss 12–16 (inclusive) are expressly excluded.
4.5 You acknowledge that we are not and cannot be aware of the extent of any potential loss or damage to you resulting from any failure of the Deploi Services to conform to the Specification, any delay in Completion or any failure by us to discharge our obligations under this Agreement.
4.6 The provisions of this clause 4 set out your sole and exclusive remedies (howsoever arising, whether in contract, tort, negligence or otherwise) for any breach of clause 4.2 or for any other error or defect in the Reports or defective performance of the Deploi Services.
5. Charges and Payment
5.1 You will pay the Charges to us in respect of the Deploi Services in accordance with the Sign Up Flow and this clause 5.
5.2 On completing the Sign Up Flow, you must provide us with valid, up-to-date, and complete direct debit details or approved purchase order information acceptable to us, plus such other information as we reasonably require to receive payment of the Charges due. You hereby authorise us throughout the Term to take payment from you of the Charges.
5.3 You may request Deploi Services in respect of Individuals throughout the Term. Unless otherwise agreed in the Sign Up Flow:
5.3.1 subscription Charges are payable monthly in advance; and
5.3.2 usage-based Charges (including per-check charges and other non-subscription Charges) are payable monthly in arrears (or (TBC) if different in the Sign Up Flow).
5.4 If we have not received payment of the Charges on the due date, without prejudice to any of our other rights and remedies:
5.4.1 without liability to you, we will be under no obligation to provide any or all of the Deploi Services while the invoice(s) concerned remain unpaid; and
5.4.2 we shall be entitled to charge interest to you which will accrue on a daily basis on such due amounts at an annual rate equal to four percent (4%) over the then current base rate of the Bank of England from time to time, commencing on the due date and continuing until fully paid, whether before or after judgment.
5.5 All amounts and fees stated or referred to in the Agreement:
5.5.1 will be payable in pounds sterling;
5.5.2 are non-cancellable and non-refundable; and
5.5.3 are exclusive of VAT, which will be added to our invoice(s) at the appropriate rate.
5.6 We will be entitled to increase the Charges upon thirty (30) days' prior notice to you and the Sign Up Flow will be deemed to have been amended accordingly.
5.7 We may set and vary credit limits and payment terms from time to time and withhold all further supplies without liability to you if you exceed such credit limit or payment terms.
6. Intellectual Property Rights
6.1 We retain all right, title and interest in all Intellectual Property Rights subsisting in:
6.1.1 the Reports and outputs; and
6.1.2 the Platform, Copilot, and all materials, models, workflows, audit trails and systems used in the delivery of the Deploi Services.
6.2 In consideration of the Charges payable under this Agreement and your obligations, we grant to you a non-exclusive licence to use for the purposes of this Agreement the Intellectual Property Rights in the Reports and all other materials created by us pursuant to this Agreement, subject to clause 3.8 (access limits) and the Specification.
6.3 Except as expressly agreed above, no Intellectual Property Rights of either party are transferred or licensed as a result of this Agreement.
6.4 Subject to the foregoing, each party will be entitled to use in any way it deems fit any skills, techniques, or Know-how acquired or developed or used in connection with this Agreement provided always that such skills, techniques, or Know-how do not infringe the other party's Intellectual Property Rights now or in the future or disclose or breach the confidentiality of the other party's Confidential Information.
7. Limitation of Liability
7.1 This clause 7 sets out our entire liability (including any liability for the acts or omissions of our employees, agents and sub contractors) to you:
7.1.1arising under or in connection with the Agreement;
7.1.2 in respect of any use made by you of the Deploi Services and/or any part of them; and
7.1.3 in respect of any representation, statement or tortious act or omission (including negligence) arising under or in connection with the Agreement.
7.2 Except as expressly and specifically provided in the Agreement:
7.2.1 you assume sole responsibility for any conclusions you draw from the Reports. We will have no liability for any damage caused by errors or omissions in any information, instructions or scripts provided to us by you in connection with the Deploi Services, or any actions taken by us at your direction; and
7.2.2 all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from the Agreement.
7.3 Nothing in the Agreement excludes our liability:
7.3.1 for death or personal injury caused by our negligence;
7.3.2 for fraud or fraudulent misrepresentation; or
7.3.3 any other matter in respect of which liability cannot by applicable law be limited.
7.4 Subject to clause 7.3, you acknowledge and understand that neither us, our licensors nor our suppliers will be liable to you whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for any loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, or for any special, indirect or consequential loss, costs, damages, charges or expenses however arising under the Agreement.
7.5 Our total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of the Agreement will be limited to the greater of one thousand pounds sterling (£1000) or the total Charges paid by you for Deploi Services during the twelve (12) months immediately preceding the date on which the claim arose.
8. Termination
8.1 Without affecting any other right or remedy available to it, either party may terminate the Agreement with immediate effect by giving written notice to the other party if:
8.1.1 the other party fails to pay any amount due under the Agreement on the due date for payment and remains in default not less than thirty (30) days after being notified in writing to make such payment;
8.1.2 the other party commits a material breach of this Agreement and such breach is not remediable or, if remediable, is not remedied within thirty (30) days of receiving written notice of such breach;
8.1.3 in accordance with clause 14.2;
8.1.4 any consent, licence or authorisation held by the other party is revoked or modified such that the other party is no longer able to comply with its obligations under this Agreement or receive any benefit to which it is entitled;
8.1.5 the other party repeatedly breaches any of the terms of the Agreement in such a manner as to reasonably justify the opinion that its conduct is inconsistent with it having the intention or ability to give effect to the terms of the Agreement;
8.1.6 the other party: stops carrying on all or a significant part of its business, or indicates in any way that it intends to do so; is unable to pay its debts either within the meaning of section 123 of the Insolvency Act 1986 or if the non defaulting party reasonably believes that to be the case; becomes subject to a moratorium under Part A1 of the Insolvency Act 1986; becomes the subject of a company voluntary arrangement under the Insolvency Act 1986; becomes subject to a restructuring plan under Part 26A of the Companies Act 2006; becomes subject to a scheme of arrangement under Part 26 of the Companies Act 2006; has a receiver, manager, administrator or administrative receiver appointed over all or any part of its undertaking, assets or income; has a resolution passed for its winding up; has a petition presented to any court for its winding up or an application is made for an administration order, or any winding-up or administration order is made against it; is subject to any procedure for the taking control of its goods that is not withdrawn or discharged within seven (7) days of that procedure being commenced; has a freezing order made against it; is subject to any recovery or attempted recovery of items supplied to it by a supplier retaining title to those items; or is subject to any events or circumstances analogous to those in this clause 8.1.6 in any jurisdiction.
8.2 The right of a party to terminate this Agreement pursuant to clause 8.1 will not apply to the extent that the relevant procedure is entered into for the purpose of amalgamation, reconstruction or merger (where applicable) where the amalgamated, reconstructed or merged party agrees to adhere to this Agreement.
8.3 On termination of this Agreement for any reason:
8.3.1 you will immediately pay all of our outstanding invoices; 8.3.2 we will promptly invoice you for all Deploi Services performed but not yet invoiced and payment for such invoices will be due immediately on receipt by you; and
8.3.3 the accrued rights and liabilities of the parties (including any rights in relation to breaches of contract) will not be affected.
8.3.4 On termination, your access to Deploi Passports and Reports will be governed by clause 3.8 and the DP Schedule (including any audit access retained for lawful purposes).
8.4 The following clauses of this Agreement will survive termination, howsoever caused: clause 7 (limitation of liability); clause 8.3 (termination); clause 9 (data protection); clause 10 (confidential
information); clause 16.10 (third party rights); clauses 18 (governing law and jurisdiction); and DP Schedule (data protection), together with any other provision of this Agreement which expressly or by implication is intended to survive termination.
9. Data Protection
9.1 Each party will comply with its respective obligations in the DP Schedule.
10. Confidential Information
10.1 Each party undertakes that it will keep any information that is confidential in nature concerning the other party and its Affiliates including, any details of its business, affairs, customers, clients, suppliers, plans or strategy ("Confidential Information") confidential and that it will not use or disclose the other party's Confidential Information to any person, except as permitted by clause 10.2.
10.2 A party may, subject to the DP Schedule:
10.2.1 disclose any Confidential Information to any of its employees, officers, agents, representatives or advisers ("Representatives") who need to know the relevant Confidential Information for the purposes of the performance of any obligations under this Agreement, provided that such party must ensure that each of its Representatives to whom Confidential Information is disclosed is aware of its confidential nature and agrees to comply with this clause 10 as if it were a party;
10.2.2 disclose any Confidential Information as may be required by law, any court, any governmental, regulatory or supervisory authority (including any securities exchange) or any other authority of competent jurisdiction to be disclosed; and
10.2.3 use Confidential Information only to perform any obligations under this Agreement.
10.3 You acknowledge that details of the Deploi Services and Individuals, once received by us, and the results of any performance tests of the Deploi Services, are our Confidential Information.
10.4 To the extent any Confidential Information is Personal Data, such Confidential Information may be disclosed or used in accordance with the DP Schedule.
11. Compliance with Law
Each party will comply and will (at its own expense unless expressly agreed otherwise) ensure that in the performance of its duties under this Agreement, its Representatives will comply with all
applicable laws and regulations, provided that neither party will be liable for any breach of this clause 11 to the extent that such breach is directly caused or contributed to by any breach of this Agreement by the other party (or its Representatives).
12. Anti-Bribery
12.1 For the purposes of this clause 12 the expressions "adequate procedures" and "associated with" will be construed in accordance with the Bribery Act 2010 and guidance published under it.
12.2 You will ensure that you do not, and each of your Personnel, agents and subcontractors does not, by any act or omission, place us in breach of any Bribery Laws. You will comply with all applicable Bribery Laws in connection with the performance of the Deploi Services and this Agreement, ensure that you have in place adequate procedures to prevent any breach of this clause 12 and ensure that:
12.2.1 all of your Personnel and all direct and indirect subcontractors, suppliers, agents and intermediaries of you;
12.2.2 all others associated with you including the Individuals; and
12.2.3 each person employed by or acting for or on behalf of any of those persons referred to in clauses 12.2.1 and/or 12.2.2, involved in performance of obligations under this Agreement, so comply.
12.3 You will not in connection with the performance of this Agreement make or receive any bribe (which term will be construed in accordance with the Bribery Act 2010) or other improper payment or advantage, or allow any such bribe or improper payment or advantage to be made or received on your behalf, either in the United Kingdom or elsewhere, and will implement and maintain adequate procedures to ensure that such bribes or improper payments or advantages are not made or received directly or indirectly on your behalf.
12.4 You will immediately notify us as soon as you become aware of a breach or possible breach of any of the requirements in this clause 12.
13. Modern Slavery
13.1 You undertake, warrant, and represent that:
13.1.1 neither your nor any of your officers, employees, agents or sub-contractors: (a) has committed an offence under the Modern Slavery Act 2015 (an "MSA Offence"); or (b) has been notified that you are subject to an investigation relating to an alleged MSA Offence or prosecution under the Modern Slavery Act 2015; or (c) is aware of any circumstances within your supply chain that could give rise to an investigation relating toan alleged MSA Offence or prosecution under the Modern Slavery Act 2015;
13.1.2 you will comply with the Modern Slavery Act 2015 and our anti-slavery and human trafficking policy from time to time to the extent provided to you;
13.1.3 you will notify us immediately in writing if you become aware or have reason to believe that you, or any of your officers, employees, agents or subcontractors have breached or potentially breached any of your obligations under clause 13. Such notice to set out full details of the circumstances concerning the breach or potential breach of your obligations.
14. Force Majeure
14.1 We will have no liability to you under this Agreement if we are prevented from or delayed in performing our obligations under this Agreement, or from carrying on our business, by acts, events, omissions or accidents beyond our reasonable control, including strikes, lock-outs or other industrial disputes (whether involving our workforce or any other party), failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, malicious damage, epidemic, pandemic, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, òood, storm or default of suppliers or sub-contractors, provided that you are notified of such an event and its expected duration.
14.2 Where our performance of obligations under the Agreement is affected for more than three (3) months under clause 14.1, without any liability to the other, we or you may terminate the Agreement on thirty (30) days’ written notice to the other from the date of our notice to you under that clause.
15. Update to Terms of Service
We may vary these Terms of Service from time to time. All variations will be made available on our websitewww.deploi.uk
16. General
16.1 The Agreement constitutes the entire agreement between them and supersedes all previous agreements, understandings and arrangements between them, whether in writing or oral in respect of its subject matter.
16.2 We may at any time assign, sub-contract, transfer, mortgage, charge, declare a trust of or deal in any other manner with any or all of our rights under this Agreement, provided that we give prior written notice to you.
16.3 You may assign, sub-contract, transfer, mortgage, charge, declare a trust of or deal in any other manner with any or all of your rights under this Agreement, in whole or in part, provided you obtain our prior written consent (such consent not to be unreasonably withheld or delayed).
16.4 Each party will pay all sums that it owes to the other party under this Agreement without any set-off, counterclaim, deduction or withholding of any kind, save as may be required by law.
16.5 The parties are independent and are not partners or principal and agent and this Agreement does not establish any joint venture, trust, fiduciary or other relationship between them, other than the contractual relationship expressly provided for in it. Neither party will have, nor will represent that it has, any authority to make any commitments on the other party's behalf.
16.6 If any provision of this Agreement (or part of any provision) is or becomes illegal, invalid or unenforceable, the legality, validity and enforceability of any other provision of this Agreement will not be affected.
16.7 No failure, delay or omission by either party in exercising any right, power or remedy provided by law or under this Agreement will operate as a waiver of that right, power or remedy, nor will it preclude or restrict any future exercise of that or any other right, power or remedy.
16.8 No single or partial exercise of any right, power or remedy provided by law or under this Agreement will prevent any future exercise of it or the exercise of any other right, power or remedy.
16.9 A waiver of any term, provision, condition or breach of this Agreement will only be effective if given in writing and signed by the waiving party, and then only in the instance and for the purpose for which it is given.
16.10 A person who is not a party to this Agreement will not have any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any of the provisions of this Agreement.
17. Notices
17.1 Any notice given by a party under the Agreement shall be: in writing and in English; signed by, or on behalf of, the party giving it (except for notices sent by email); and sent to the relevant party at the address set out in clause 17.3.
17.2 Notices may be given, and are deemed received: by hand: on receipt of a signature at the time of delivery; by Royal Mail Recorded Signed For post: at 9.00 am on the second (2nd) Business Day after posting; by email on receipt of a delivery receipt email from the correct address.
17.3 Notices and other communications shall be sent to you at the details provided in the Sign Up Flow. Notices and other communications to us shall be sent to: Deploi Technologies Ltd for the attention of Chief Executive Officer, Embankment East Tower, 100 Cathedral Approach, Salford, Manchester, England, M3 7FB, info@deploi.uk.
17.4 The parties will notify each other of any change to the contact details of a party. Notification to the other party shall be in accordance with clause 17.1 and shall be effective: on the date specified in the notice as being the date of such change; or if no date is so specified, ten (10) Business Days after the notice is deemed to be received.
17.5 All references to time are to the local time at the place of deemed receipt.
17.6 This clause does not apply to notices given in legal proceedings or arbitration.
18. Governing law and jurisdiction
18.1 This Agreement and any dispute or claim arising out of, or in connection with, it, its subject matter or formation (including non contractual disputes or claims) will be governed by, and construed in accordance with, the laws of England and Wales.
18.2 The parties irrevocably agree that the courts of England and Wales will have exclusive jurisdiction to settle any dispute or claim arising out of, or in connection with, this Agreement, its subject matter or formation (including non-contractual disputes or claims).
19. Definitions and Interpretation
19.1 In this Agreement:
Affilliate: means any entity that directly or indirectly Controls, is Controlled by, or is under common Control with, another entity;
Bribery Laws: means the Bribery Act 2010 and associated guidance published by the Secretary of State for Justice under the Bribery Act 2010 and all other applicable United Kingdom laws, legislation, statutory instruments and regulations in relation to bribery or corruption and any similar or equivalent laws in any other relevant jurisdiction;
Business Day: means a day other than a Saturday, Sunday or bank or public holiday in England;
Charges: means the charges for any of the Deploi Services determined under clause 5;
Commencement Date: means the date you request the Deploi Services under the Sign Up Flow;
Completion: has the meaning given in clause 3.3 and Complete, Completed and similar expressions will be construed accordingly;
Confidential Information: has the meaning given to it in clause 10.1
Control: has the meaning given in the Corporation Tax Act 2010, s 1124 and Controls, Controlled, and under common Control will be interpreted accordingly;
DP Schedule: means the data protection terms set out in Schedule 1;
Individuals: means those prospective employees and other individuals who you request we perform Deploi Services in respect of including, where applicable, those individuals whose details are included on the Sign Up Flow;
Intellectual Property Rights: means copyright, rights related to copyright such as moral rights and
performers' rights, patents, rights in inventions, rights in Confidential Information, Know-how, trade secrets, trade marks, geographical indications, service marks, trade
names, design rights, rights in get-up, database rights, databases, data exclusivity rights, approvals, utility models, domain names, business names, rights in computer software, the right to sue for infringement, unfair competition and passing off, and all similar rights of whatever nature and, in each case: (i) whether registered or not, (ii) including any applications to protect or register such rights, (iii) including all renewals and extensions of such rights or applications, (iv) whether vested, contingent or future and (v) wherever existing;
Know-how: means inventions, discoveries, improvements, processes, formulae, techniques, specifications, technical information, methods, the results and procedures for experiments and tests, reports, component lists, manuals, instructions, designs, sketches, drawings, information relating to customers and suppliers (whether written or in any other form and whether confidential or not);
MSA Offence: has the meaning given in clause 13.1.1;
Ongoing Searches: means, following preparation of a Report, continuous monitoring of an Individual;
Deploi Services: means the services listed in the Sign Up Flow together with the Reports including, where applicable, the Ongoing Searches;
Party: each of us and you and together being the parties;
Reports: means the report, certificate of analysis, or other summary, in whatever form and on whatever media, of results or findings generated in the performance of the Deploi Services prepared by us for you;
Representatives: has the meaning given to it in 10.2;
Sign Up Flow: means the order page on our website completed by you under which you request from us Deploi Services;
Specification: means the description of the Deploi Services as updated from time to time and made available at www.deploi.uk
Supplier Personnel: means all employees, officers, staff, other workers, agents and consultants of ours, our Affiliates and any of our or their sub-contractors who are engaged in the performance of the Deploi Services from time to time;
Term: has the meaning given to it in clause 1; and
Terms of Service: these terms of service;
VAT: means value added tax, as defined by the Value Added Tax Act 1994.
19.2 In this Agreement a reference to: (a) this Agreement includes its schedules and appendices; (b) to a party includes that party's personal representatives, successors and permitted assigns; (c) a 'person' includes a natural person, corporate or unincorporated body (in each case whether or not having separate legal personality) and that person's personal representatives, successors and permitted assigns; (d) legislation is a reference to that legislation as amended, extended, re-enacted or consolidated from time to time except to the extent that any such amendment, extension or re-enactment would increase or alter the liability of a party under this Agreement; and (e) any words that follow 'include', 'includes', 'including', 'in particular' or any similar words and expressions will be construed as illustrative only and will not limit the sense of any word, phrase, term, definition or description preceding those words.
19.3 In the event of any inconsistency between:
19.3.1 any provisions of the Sign Up Flow; and the provisions of the Terms of Service, the provisions of the Sign Up Flow will prevail; or
19.3.2 any of the provisions in the main body of the Agreement and the Schedules, the provisions in the main body of the Agreement will prevail.
SCHEDULE 1 DATA PROTECTION SCHEDULE
1. Definitions
1.1 In this Schedule:
Agreed Purposes: means the purposes for which we are permitted to use and Process the Relevant Personal Data under this Agreement as set out in Appendix 1 (Data Processing Particulars) of this Agreement;
ApplicableLaw: means all applicable laws, statutes, enactments, regulations, declarations decrees, directives, legislative enactments, orders, binding decisions of a competent court or tribunal, regulations, rules, regulatory policies, guidelines, codes, other binding restrictions, regulatory permits and licences applicable under law which are in force from time to time during the term of the Agreement, including the rules, codes of conduct, codes of practice, practice requirements and accreditation terms stipulated by any regulatory authority or body to which a party is subject from time to time as the same are amended, consolidated, modified, re-enacted or replaced;
Controller: has the meaning given in applicable Data Protection Laws from time to time;
Data Exporter: means the party exporting the Relevant Personal Data which is subject to a Data Transfer;
Data Importer: means the party or Third Party which receives the Relevant Personal Data as a result of a Data Transfer;
Data Processing Particulars: means, in relation to any Processing under this Agreement: the subject matter and duration of the Processing; the nature and purpose of the Processing; the type of Personal Data being Processed; and the categories of Data Subjects; as described in Appendix 1 (Data Processing Particulars) of this Agreement;
Data Protection Laws: means any Applicable Law which applies to each party in any territory in which they Process Personal Data and which relates to the protection of individuals with regards to the Processing of Personal Data and privacy rights, including without limitation Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and repealing Directive 95/46/EC (EU GDPR), the UK GDPR, the Data Protection Act 2018, and any laws that replace, extend, re-enact, consolidate or amend any of the foregoing;
Data Subject: has the meaning given in applicable Data Protection Laws from time to time;
Data Subject Request: means an actual or purported subject access request or notice or complaint from (or on behalf of) a Data Subject exercising his or her rights under the Data Protection Laws;
Data Transfer: means i) a transfer of Relevant Personal Data to a Restricted Country; or ii) an onward transfer from a Data Importer to a third party, in each case where such transfer would be prohibited by the Data Protection Laws of the Data Exporter in the absence of a legal transfer mechanism permitted by the Data Protection Laws;
Data Transfer Agreement: means an agreement between the Data Exporter and the Data Importer which incorporates the UK Standard Contractual Clauses or the EU Standard Contractual Clauses (as applicable), or any alternative Data Transfer mechanism permitted under the Data Protection Laws;
Data Transfer Risk Assessment: means an assessment of a Data Transfer of Relevant Personal Data in relation to the risks to Data Subjects posed by the Data Transfer, the existence of enforceable rights under the Data Protection Laws by the Data Subjects and the availability of effective legal remedies for the Data Subjects taking into account the country or countries in which and/ or to which Relevant Personal Data will be transferred and/or Processed;
EU Standard Contractual Clauses: means the standard contractual clauses contained in the annex to Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council and any amendment or replacement pursuant to Article 46(5) of the EU GDPR;
Losses: means losses, liabilities, damages, compensation, awards, payments made under settlement arrangements, claims, fines, proceedings, costs and other expenses including without limitation interest and penalties, legal and other professional fees and expenses in each case whether arising in contract, tort (including but not limited to negligence), misrepresentation, breach of statutory duty, breach of warranty, claims by third parties arising from any breach of this Agreement) or otherwise;
Personal Data: has the meaning given in applicable Data Protection Laws from time to time;
Personal Data Breach: has the meaning given in applicable Data Protection Laws from time to time;
Personnel: means, in relation to a party, all persons engaged or employed by that party in
connection with this Agreement, including employees, consultants, contractors, sub-contractors and permitted agents from time to time;
Processing: has the meaning given in applicable Data Protection Laws from time to time (and related expressions, including Process, Processed and Processes will be construed accordingly);
Processor: has the meaning given in applicable Data Protection Laws from time to time;
Regulator: means any local or national agency, department, official, parliament, public or
statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering, providing guidance on, supervising and enforcing Data Protection Laws, including for the UK, the Information Commissioner's Office, or any successor or replacement body from time to time;
Regulator Correspondence: means any correspondence or communication (whether written or verbal) from a Regulator in relation to the Processing of Relevant Personal Data;
Relevant Personal Data: means the Personal Data shared between the parties under, or in connection with, this Agreement (such Personal Data is more particularly described in Appendix 1 (Data Processing Particulars) of this Agreement; Restricted Country means a country, territory or jurisdiction which (i) is not covered by an adequacy determination by a competent authority with jurisdiction over the Data Exporter (ii) or otherwise in relation to which a transfer restriction applies under the Applicable Laws of the Data Exporter;
Third Party: means a third party with whom either party wishes to share the Relevant Personal Data (including a sub-contractor or any Group company or affiliate, or any Data Importer) and who is appointed to carry out Processing of the Relevant Personal Data in connection with this Agreement;
UK GDPR: means the General Data Protection Regulation (EU) 2016/679 as it forms part of domestic law in the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018 (including as further amended or modified by the laws of the United Kingdom or apart from time to time);
UK Standard Contractual Clauses: means either the International Data Transfer Agreement issued by the ICO, version A1.0, in force 21 March 2022 or the EU Standard Contractual Clauses, as amended by the International Data Transfer Addendum to EU Standard Contractual Clauses issued by the ICO under s119A(1) of the Data Protection Act 2018, version B1.0, in force 21 March 2022 and any updates or replacements as may be issued by the ICO from time to time in accordance with S119A(1).
2. Arrangement between the parties
2.1 The parties acknowledge and agree that the factual arrangements between them dictate the role of each party under Data Protection Laws. The parties agree that the nature of the Processing under the Agreement will be as follows:
2.1.1 Customer as Controller. You will be a Controller where you Process Relevant Personal Data in connection with your relationship with the Data Subjects (including hiring, onboarding, workforce management, audit and compliance obligations) and for any other purposes for which you choose to Process the Relevant Personal Data.
2.1.2 Deploi as Processor (outsourced services). Where Deploi performs background checking and related services on your behalf as part of outsourced screening (including obtaining and verifying evidence, requesting third-party checks, producing Reports and administering your workflows), Deploi will Process Relevant Personal Data as your Processor and you will be the Controller for that Processing.
2.1.3 Deploi as independent Controller (passport + monitoring). Deploi will be an independent Controller where it Processes Relevant Personal Data for the purposes of:
(a) creating, maintaining and updating Deploi Passports;
(b) performing Ongoing Searches / continuous monitoring as part of Deploi Passport functionality and safeguarding/compliance services;
(c) fraud prevention, platform integrity, dispute handling, legal claims and compliance with law; and
(d) anonymised and aggregated analytics to improve the Platform and Deploi Services (provided such analytics do not identify Individuals).
2.1.4 Copilot / Platform administration. Each party will Process Personnel Personal Data (in their respective capacities as Controllers) for administration, management, dispute resolution and compliance with the Agreement.
2.2 The particulars of the Relevant Personal Data are set out in the Data Processing Particulars.
2.3 Each party will comply with obligations imposed on it under Data Protection Laws.
2.4 Processor terms. To the extent Deploi acts as your Processor under paragraph 2.1.2, the Processor obligations in paragraph 2.5 apply.
2.5 Processor obligations
2.5 Where Deploi acts as your Processor, Deploi shall:
2.5.1 Process Relevant Personal Data only on your documented instructions (including as set out in the Agreement and via Platform configuration), unless required by Applicable Law;
2.5.2 ensure persons authorised to Process the Relevant Personal Data are subject to confidentiality;
2.5.3 implement appropriate technical and organisational measures;
2.5.4 not engage subprocessors without maintaining appropriate contracts meeting Article 28 UK GDPR requirements (and shall remain responsible for subprocessors);
2.5.5 assist you, taking into account the nature of Processing, with Data Subject Requests and security obligations as reasonably required; and
2.5.6 on termination of the Processor Processing, delete or return Personal Data to you as set out in the Retention provisions of this Agreement, unless Applicable Law requires storage.
3. Data Sharing Obligations
3.1Without limiting the generality of the obligation set out in paragraph 2.3, each party will:
3.1.1 ensure it is not subject to any prohibition or restriction which would: (a) prevent or restrict it from disclosing or transferring the Relevant Personal Data to the other party as required under this Agreement; (b) prevent or restrict it from granting the other party access to the Relevant Personal Data as required under this Agreement; or (c) prevent or restrict either party from Processing the Relevant Personal Data, as envisaged under this Agreement;
3.1.2 ensure that all fair Processing notices have been given (and/or, as applicable, consents obtained) and are sufficient in scope to enable each party to Process the Relevant Personal Data as required in order to obtain the benefit of its rights and to fulfil its obligations under this Agreement in accordance with the Data Protection Laws;
3.1.3 ensure that appropriate technical and organisational security measures are in place sufficient to comply with at least the obligations imposed on a Controller by the Data Protection Laws;
3.1.4 without undue delay, notify the other party of any Data Subject Request or Regulator Correspondence which relates to the Relevant Personal Data, and provide any reasonable assistance required by the other party to respond to such a request, which for the avoidance of doubt will be responsible for responding to the request;
3.1.5 without undue delay, notify the other party about any actual or suspected Personal Data Breach in relation to the Relevant Personal Data and will, within such timescale reasonably agreed between the parties: (a) provide any necessary support and assistance required by the other party for it to satisfy its obligations under Data Protection Laws, including without limitation, to satisfy its notification obligations; (b) not inform any Third Party or Regulator without first obtaining the other party's prior written consent, unless notification is required by Applicable Law, in which case to the extent permitted by such law, inform the other party of that legal requirement, providing a copy of the proposed notification to the other party and consider any comments made by the other party before notifying the Third Party or Regulator;
3.1.6 use all reasonable steps to ensure the reliability of any Personnel who have access to the Relevant Personal Data and ensure that each member of its Personnel will have entered into appropriate contractually-binding confidentiality undertakings;
3.1.7 where it engages a Third Party to Process Relevant Personal Data, be responsible for managing such Third Party and: (a) provide the other party with all details requested of the Third Party; (b) enter into a contract with such Third Party which satisfies the requirements of the Data Protection Laws, carrying out due diligence on the Third Party.
4. Transfers
4.1Unless such country or organisation has been designated as having an adequate level or protection in accordance with Article 45 UK GDPR, you will ensure (and will ensure that a Third Party will not) permit a Data Transfer to a Data Importer, without the following conditions being satisfied:
4.1.1ensuring appropriate safeguards are in place in relation to the Data Transfer, which may include entering into (or procuring that any relevant Third Party enters into), and maintaining, a Data Transfer Agreement with each relevant Data Importer;
4.1.2 complying with your obligations under the Data Protection Laws by providing an adequate level of protection to any Relevant Personal Data that is transferred which could include completing a Data Transfer Risk Assessment.
5. Your Obligations
5.1 You will not do anything which will damage the reputation of our relationship with the Data Subjects in relation to the Relevant Personal Data Processed in connection with this Agreement.
5.2 You will remain primarily liable to us for the acts, errors and omissions of any such Third Party appointed in accordance with paragraph 3.1.7 above as if such acts, errors or omissions were your own.
5.3 You will indemnify and keep indemnified us from and against all Losses suffered or incurred by us, arising out of or in connection with, any breach by you or any of your appointed Third Parties breach of the obligations under this Schedule 1 and/or their obligations under the Data Protection Laws. Nothing in this Agreement will exclude, limit or restrict your liability under this indemnity.
5.4 You will always obtain and keep in full force and effect a policy or policies of insurance which covers liability in relation to the Processing of the Relevant Personal Data.
6. Amendments and Liability
6.1 We may, at any time by giving you thirty (30) days' notice, unilaterally amend this Agreement to ensure (in our opinion) that any applicable Data Transfers of Relevant Personal Data or related data Processing comply with Data Protection Laws including further to any judgment of an applicable court or guidance issued by any Regulator.
6.2 Our liability in respect of each claim made under or in connection with this Schedule 1 (regardless of whether such liability arises in tort, contract, negligence, breach of statutory duty or otherwise) will not exceed the Charges payable to us under this Agreement in each year of the Term starting from the Commencement Date.
SCHEDULE 2 — RETENTION & PASSPORT PORTABILITY
1. Retention
1.1 Deploi will retain Relevant Personal Data for as long as necessary for the Agreed Purposes, including maintaining Deploi Passports and Ongoing Searches where applicable, and for legal, regulatory, safeguarding, audit, dispute and fraud-prevention purposes.
1.2 Unless otherwise required by Applicable Law, Deploi will apply retention periods and deletion rules as set out in its retention policy, as updated from time to time (available at (TBC)).
2. Portability and employer access
2.1 Deploi Passports are designed to be portable and may be used by individuals to support future work opportunities.
2.2 Employer access is restricted in accordance with clause 3.8. You acknowledge you do not “own” the Individual’s Deploi Passport.
2.3 You may retain access to historic Reports created during the Employment Period for audit purposes only for (TBC) (or as required by Applicable Law), provided you maintain an account in good standing.
3. Ongoing Searches
3.1 Ongoing Searches are provided only where relevant and required. You will not request or maintain Ongoing Searches for individuals who are no longer current workers unless you have a continuing lawful obligation and the relevant service is ordered and paid for.
SCHEDULE 3 — SERVICE LEVELS, SUPPORT, SECURITY, SUB-PROCESSING AND EXIT
1. Service Levels (Availability)
1.1 Availability target. We will use reasonable endeavours to make the Platform available on a twenty-four (24) hours per day, seven (7) days per week basis, subject to Planned Maintenance, emergency maintenance, and circumstances outside our reasonable control.
1.2 Planned Maintenance. We may carry out planned maintenance which may affect availability. We will use reasonable endeavours to provide at least 24 hours’ notice of Planned Maintenance where practicable.
1.3 Emergency Maintenance. We may carry out emergency maintenance without notice where required to address security issues, operational integrity, or material risk. We will notify you as soon as reasonably practicable.
1.4 No service credits unless agreed. Unless expressly stated in the Sign Up Flow or Order Form, no service credits apply for failure to meet the target availability.
2. Support and Escalation
2.1 Support desk. We will provide support for the Platform and Deploi Services during Support Hours. “Support Hours” means between 9am-5pm (UK time), excluding bank holidays in England unless otherwise specified.
2.2 How to raise tickets. You may raise support tickets via platform or such other method we make available from time to time.
2.3 Response times. We will use reasonable endeavours to respond to support requests in accordance with the following target response times:
(a) Priority 1 (Critical): (TBC) — total loss of service or material security incident;
(b) Priority 2 (High): (TBC) — major functionality impaired with no reasonable workaround;
(c) Priority 3 (Normal): (TBC) — non-critical issue with workaround available;
(d) Priority 4 (Low):(TBC) — minor issue or general enquiry.
2.4 Customer cooperation. You will provide timely information reasonably required by us to investigate and resolve support requests, including logs, reproduction steps and the impact assessment.
2.5 Out of scope support. Requests relating to your internal IT environment, third party systems, bespoke configurations, data cleansing, training, or new feature development may be treated as professional services and charged in accordance with clause 5 and clause 3 of this Schedule.
3. Implementation, Integrations and Professional Services
3.1 Professional services. Where we agree to provide implementation, onboarding, configuration, integration development, or other services that sit outside the standard Deploi Services, those services will be described in the Sign Up Flow or a written statement of work (each an “SOW”).
3.2 Fees. Unless otherwise agreed, professional services fees (if any) will be set out in the Sign Up Flow or SOW (and if not stated, (TBC)). There is no expectation that such fees will be incurred unless an SOW is agreed.
3.3 Dependencies. You acknowledge that delivery timelines for integrations and implementation services depend on third party systems, access, credentials, environments, and your timely cooperation.
3.4 Third party systems. We are not responsible for third party outages, changes, limitations, or failures that affect integrations.
4. Information Security
4.1 Security measures. We will implement appropriate technical and organisational measures designed to protect the security, confidentiality and integrity of Relevant Personal Data and the Platform, taking account of the nature of the Processing and the risks, as required by Data Protection Laws.
4.2 Security documentation. On reasonable request, we will make available to you a summary of our security measures and policies (which may include a security whitepaper, certification summary, or questionnaire responses), subject to confidentiality.
4.3 Access controls. You are responsible for ensuring that only authorised users access the Platform under your account and that access rights are limited to what is necessary.
4.4 Security incidents. Each party will notify the other without undue delay of any actual or suspected security incident affecting the Platform or Relevant Personal Data, and will cooperate in good faith to investigate and mitigate impacts, in accordance with the DP Schedule.
4.5 Penetration testing / scanning. You must not conduct penetration tests, vulnerability scans, or similar security testing of the Platform without our prior written consent (not to be unreasonably withheld where the request is reasonable and scoped), and any such testing must be conducted in accordance with our reasonable instructions.
5. Sub-processing and Third Parties
5.1 Sub-processors. Where we Process Relevant Personal Data as your Processor (as described in the DP Schedule), we may use sub-processors to assist in providing the Deploi Services (including hosting, messaging, document verification and check providers), provided we maintain contracts with such sub-processors that satisfy Data Protection Laws.
5.2 Responsibility. We remain responsible for the acts and omissions of our sub-processors to the same extent we would be if we performed the services ourselves.
5.3 Sub-processor list and changes. We will maintain a list of sub-processors used for Processor Processing and make it available upon request. We may update the list from time to time. Where required under Data Protection Laws, we will provide notice of material changes and allow a reasonable opportunity to object on reasonable grounds related to data protection.
5.4 Third party checks. You acknowledge that certain checks require use of third party data sources and providers. We will select and manage such providers in accordance with our obligations under the Agreement and DP Schedule.
6. Exit, Data Export and Transition Assistance
6.1 Data export (Customer data). During the Term and for a period of (TBC) days following termination or expiry, you may request an export of Customer Data available to you within the Platform relating to your Individuals and workforce records during your Employment Period access rights (as limited by clause 3.8 of the Terms of Service and the DP Schedule).
6.2 Format. Exports will be provided in a commonly used electronic format (for example CSV, PDF, or JSON) as determined by us acting reasonably.
6.3 Transition assistance. If you require assistance to migrate to another provider, we may provide transition services under a separate SOW and charge our then-current professional services rates.
6.4 Deploi Passports. You acknowledge that Deploi Passports are designed to be portable for Individuals and may continue to be maintained by Deploi as described in clause 3.8 and the DP Schedule. Termination of this Agreement does not require Deploi to delete Deploi Passport records where Deploi is acting as an independent Controller for the Agreed Purposes, subject always to Data Protection Laws.
6.5 Deletion. Any deletion, return, or retention of Personal Data will be handled in accordance with the DP Schedule and our retention obligations under applicable law.