AssentValise

Loading

TERMS AND CONDITIONS POLICY

These Terms and Conditions (“Agreement”) are entered into by and between the user (“Client”) and Provectus Consulting Limited (“Company”), a Kenya registered company offering Software as a Service (“SaaS”) solutions on a subscription basis for Staff Background Checks, Compliance Checklists, Conflicts Register, Litigation Management, Risk Register, Policy Sign Off, Third Party Onboarding, and Shareholder & Board Register Management. By using the Company’s platforms, the Client agrees to comply with and be bound by this Agreement. This Agreement shall be binding upon and inure to the benefit of the Company, its successors (including any entity that acquires the Company through merger, acquisition, or other means) and permitted assignees (including subsidiaries, affiliates, or third-party partners to which the Company may transfer its rights and obligations under this Agreement).

  1. Definitions
    1.1. “Platform” refers to the Company’s suite of software solutions offered to Clients on a subscription basis, including but not limited to:
    o Staff Background Checks: Document Management Solution
    o Compliance Checklists
    o Conflicts Register
    o Litigation Management
    o Risk Register
    o Policy Sign Off
    o Third Party Onboarding
    o Shareholder & Board Register Management

1.2. “Client” refers to any individual, company, or organization that subscribes to the Platform.

1.3. “Subscription” refers to the recurring fee-based access provided to the Client for the Platform.

1.4. “Confidential Information” includes any data or information, oral or written, that is disclosed by one party to the other and is identified as confidential or would be reasonably understood to be confidential.

1.5. “Intellectual Property” refers to the proprietary rights of the Company, including trademarks, patents, copyrights, trade secrets, and know-how.

1.6. “Force Majeure” shall mean any event or circumstance beyond the reasonable control of the Company, which hinders, delays or prevents the Company from performing any of its obligations under this Agreement, including but not limited to:
o Acts of God, natural disasters, or extreme weather conditions (such as floods, earthquakes, hurricanes, tsunamis, volcanic eruptions, or severe storms)
o War, civil war, armed conflict, or terrorism
o Nuclear, chemical, or biological contamination
o Fire, explosion, or accidental damage
o Governmental actions, orders, or restrictions
o Strikes, labor disputes, or other industrial disturbances
o Epidemics, pandemics, or quarantines
o Failure of public or private telecommunications networks or power systems
o Cyberattacks, hacking, or other malicious digital interventions
o Shortages or inability to obtain necessary materials, equipment, facilities, or transportation
o Any other circumstances beyond the Company’s reasonable control

  1. Services Provided
    2.1. Staff Background Checks: The Platform provides an automated solution for managing background checks with customizable workflows, real-time reporting, and multi-jurisdictional compliance.

2.2. Compliance Checklists: Clients can create, manage, and track compliance checklists, collaborate in real-time, and monitor due diligence requirements.

2.3. Conflicts Register: The Platform facilitates the tracking and management of conflicts of interest through automated forms, workflows, and compliance reporting.

2.4. Litigation Management: Provides case management for in-house counsel, collaboration with external counsel, document management, and litigation tracking.

2.5. Risk Register: Facilitates the identification, assessment, monitoring, and mitigation of organizational risks with real-time updates and audit trails.

2.6. Policy Sign Off: Automates organizational policy distribution, sign-offs, and tracking, ensuring compliance with company-wide policies.

2.7. Third Party Onboarding: Manages third-party onboarding documentation, approval workflows, and risk assessments with e-signature capabilities and audit trails.

2.8. Shareholder & Board Register Management: Provides a centralized solution for managing shareholder and board changes, corporate actions, and compliance with regulatory requirements.

  1. Subscription and Payment
    3.1. Subscription Plan: The Client agrees to subscribe to one or more of the Company’s Platforms including but not limited to Basic, Premium, Enterprise, as specified in their subscription agreement. Subscription fees are billed on a recurring basis, Monthly, Quarterly or Annually.

3.2. Payment Terms: Payment is due upon receipt of the invoice and must be made within 15 days. Failure to make timely payments may result in suspension or termination of access to the Platform.

3.3. Currency: All payments shall be made in USD, and any applicable taxes or duties shall be the responsibility of the Client.

3.4. Changes to Subscription Fees: The Company reserves the right to modify subscription fees upon providing the Client with at least 30 days’ written notice.

  1. Client Obligations
    4.1. Compliance with Laws: The Client agrees to comply with all applicable laws and regulations in using the Platform, including data protection laws, labor laws, and other relevant regulations.

4.2. Account Security: The Client is responsible for maintaining the confidentiality of their login credentials and ensuring that only authorized personnel access the Platform.

4.3. Data Accuracy: The Client shall ensure that all data uploaded to the Platform is accurate, lawful, and does not infringe the rights of third parties.

4.4. Use Restrictions: The Client agrees not to:
o Modify, decompile, reverse engineer, or disassemble the Platform.
o Rent, lease, or sublicense the Platform to third parties.
o Use the Platform to engage in illegal or fraudulent activities.

  1. User Limitations

5.1. Subscription Tiers and User Limits: The Client acknowledges and agrees that the number of users permitted under this subscription is strictly limited to the quantity defined by the selected subscription tier and plan (hereinafter referred to as the “Defined User Limit”).
5.2. Compliance with User Limits: The Client shall, at all times, ensure that the number of users accessing and utilizing the service does not exceed the Defined User Limit associated with their current subscription tier and plan.
5.3. Monitoring and Enforcement: The Company reserves the right to monitor user activity and enforce the Defined User Limit. This may include, but is not limited to, automated user counts, access logs, and periodic audits.
5.4. Exceeding User Limits: In the event that the Client exceeds the Defined User Limit: a) The Company may, at its sole discretion, temporarily suspend access for users beyond the Defined User Limit. b) The Client agrees to promptly rectify the situation by either reducing the number of users or upgrading to a higher tier or plan that accommodates the desired number of users.
5.5. Upgrading Subscription: The Client may, at any time, choose to upgrade their subscription to a tier or plan with a higher Defined User Limit. Upgrades will be subject to additional fees as per the Company’s current pricing structure.
5.6. Consequences of Non-Compliance: Persistent or willful violation of the Defined User Limit may result in: a) Additional charges for excess users b) Suspension of service c) Termination of the subscription agreement
5.7. No Refunds: The Client understands and agrees that no refunds will be issued for unused user allocations within the Defined User Limit.
5.8. Modifications to User Limits: The Company reserves the right to modify the Defined User Limits for any subscription tier or plan. Any such modifications will be communicated to the Client with reasonable notice and will take effect at the start of the next billing cycle.

By continuing to use the service, the Client acknowledges their understanding of and agreement to comply with these user limitation terms and conditions.

  1. Security Protocols

6.1. Multi-Factor Authentication (MFA):The Service may provide the option for Clients to enable Multi-Factor Authentication (MFA) for enhanced account security.

If the Client chooses to enable MFA through their account settings:
6.1.1. The Client agrees to implement and maintain MFA for all user accounts accessing the service.
6.1.2. MFA must be enabled for all administrative accounts and is strongly recommended for all standard user accounts.
6.1.3. Acceptable forms of MFA include, but are not limited to:
o Time-based One-Time Passwords (TOTP)
o Push notifications to a verified device
6.1.4. The Client is responsible for educating their users on the proper use of MFA and ensuring compliance.

If the Client chooses not to enable MFA:
6.1.5. The Client acknowledges the increased security risk and accepts full responsibility for any security incidents that may occur as a result.
6.1.6. The Company strongly recommends reconsidering this decision and may periodically remind the Client of the benefits of enabling MFA.
6.1.7. The Client can modify their MFA settings at any time through the provided administrative interface.

6.2. Password Strength Requirements:
6.2.1. The Client shall have the ability to define and manage password strength requirements through the provided administrative settings.
6.2.2. The Client is responsible for configuring password policies that align with their organizational security standards and industry best practices.
6.2.3. The Client acknowledges that they bear responsibility for the security implications of their chosen password policy settings.
6.2.4. The Company reserves the right to recommend minimum password strength guidelines, but the final configuration remains at the Client’s discretion.
6.2.5. At a minimum, the Client’s password policy settings should address:
o Password length
o Password complexity (e.g., use of uppercase, lowercase, numbers, special characters)
o Password expiration and history
o Restrictions on common words, sequential characters, or personal information

6.3. Account Lockout Policy:
6.3.1. User accounts will be temporarily locked after five consecutive failed login attempts.
6.3.2. Locked accounts can be unlocked after a 30-minute period or through an administrator intervention.
6.4. Regular Security Audits: The Client agrees to conduct regular security audits of their user accounts and access patterns, at least once every six months.

6.5. Security Awareness Training: The Client shall provide security awareness training to all users with access to the service, covering topics such as password security, MFA usage, and phishing prevention.

6.6. Reporting Security Incidents: The Client agrees to promptly report any suspected or confirmed security breaches or incidents related to their user accounts or access to the service.

6.7. Compliance Monitoring: The Company reserves the right to monitor compliance with these security protocols and may require the Client to provide evidence of compliance upon request.

6.8. Consequences of Non-Compliance: Failure to comply with these security protocols may result in:
o Temporary suspension of service access
o Mandatory security review and remediation
o Termination of the service agreement in cases of repeated or severe non-compliance

6.9. Updates to Security Protocols: The Company may update these security protocols from time to time to address emerging threats or improve overall security. The Client will be notified of any changes and agrees to implement updated protocols within a reasonable timeframe.

By using the service, the Client acknowledges their understanding of and agreement to comply with these security protocols.

  1. Third-Party Authentication
    7.1. Supported Third-Party Authentication Providers: The Service supports authentication through select third-party providers, including but not limited to:
    o Google Workspace (formerly G Suite)
    o Microsoft 365 (formerly Office 365)
    The Company reserves the right to add or remove supported third-party authentication providers with reasonable notice to the Client.
    7.2. Client Authorization: The Client may choose to enable third-party authentication for their users. By enabling third-party authentication, the Client authorizes the Service to:
    o – Interact with the chosen third-party authentication provider(s)
    o – Access necessary user information for authentication purposes
    o – Create and manage user accounts within the Service based on third-party credentials
    7.3. Security Responsibilities: The Client remains responsible for:
    o – Properly configuring and securing their third-party authentication provider accounts
    o – Managing user access and permissions within their third-party systems
    o – Promptly revoking access for terminated employees or compromised accounts
    The Client must ensure that their chosen third-party authentication provider meets or exceeds the security standards required by the Service.

7.4. Data Handling and Privacy: The Service will only access and store the minimum necessary information from third-party providers to facilitate authentication. Any data obtained through third-party authentication will be handled in accordance with the Service’s Privacy Policy.

7.5. Multi-Factor Authentication (MFA): Where supported by the third-party provider, the Client is strongly encouraged to enable MFA for all users. The Service may enforce additional MFA requirements even when using third-party authentication, as outlined in the general Security Protocols.

7.6. Account Linking and Management:
7.6.1. Users may be required to link their third-party account with an existing Service account.
7.6.2. The Client is responsible for managing any conflicts arising from discrepancies between third-party account information and existing Service account data.

7.7. Service Continuity:
7.7.1. The Client acknowledges that the availability and functionality of third-party authentication depend on the respective provider’s services.
7.7.2. The Company is not liable for authentication issues stemming from third-party service outages or changes.

7.8. Compliance with Third-Party Terms
7.8.1. The Client agrees to comply with the terms of service and usage policies of the chosen third-party authentication providers.
7.8.2. The Client is responsible for obtaining any necessary consents from their users for using third-party authentication.

7.9. Audit and Monitoring
7.9.1. The Service reserves the right to monitor and audit the use of third-party authentication to ensure compliance with these terms and maintain system security.
7.9.2. The Client agrees to cooperate with any reasonable auditing requests related to third-party authentication usage.

7.10. Termination of Third-Party Authentication
7.10.1. The Client may disable third-party authentication at any time through the provided administrative settings.
7.10.2. The Company reserves the right to terminate third-party authentication support if it poses a security risk or violates any terms of service.

7.11. Liability Limitation
7.11.1. The Company shall not be held liable for any security breaches, data loss, or other issues arising from the use of third-party authentication providers.
7.11.2. The Client agrees to indemnify and hold the Company harmless from any claims resulting from their use of third-party authentication.

By enabling and using third-party authentication, the Client acknowledges their understanding of and agreement to comply with these terms.

  1. Confidentiality
    8.1. Confidentiality Obligations: Both parties agree to keep Confidential Information confidential and not disclose it to third parties without the prior written consent of the disclosing party, except as required by law.

8.2. Exclusions: Confidential Information does not include information that is public, already in possession of the receiving party, or independently developed without breach of this Agreement.

  1. Intellectual Property
    9.1. Ownership: The Client acknowledges that the Platform, including all associated Intellectual Property, is owned by the Company or its licensors. The Client receives a limited, non-exclusive, non-transferable license to use the Platform as part of their subscription.

9.2. Infringement: The Client agrees to notify the Company immediately of any claims of Intellectual Property infringement relating to the use of the Platform.

  1. Data Protection and Privacy
    10.1. Compliance with Data Laws: Both the Company and the Client agree to comply with applicable data protection laws when processing personal data.

10.2. Data Ownership: The Client retains ownership of all data uploaded to the Platform. The Company will only process this data in accordance with the Client’s instructions and for the purposes of providing the Platform’s services.

10.3. Data Security: The Company will implement appropriate technical and organizational measures to protect the Client’s data from unauthorized access, loss, or disclosure.

10.4. Privacy Policy: The use of the Platform is subject to the Company’s Privacy Policy, which is incorporated by reference into these Terms and Conditions. The Privacy Policy provides detailed information on how the Company collects, uses, and protects personal data. By agreeing to these Terms, the Client acknowledges that they have read, understood, and agreed to the terms of the Privacy Policy. The Privacy Policy can be accessed at www.assentvalise.com/privacy_policy/

10.5. Compliance with Jurisdictional Requirements: The Company is committed to ensuring that its Platform and services comply with applicable laws and regulations in the jurisdictions where its Clients operate. This includes, but is not limited to, compliance with data protection laws, consumer protection laws, and industry-specific regulations.

10.5.1. Data Protection Compliance: The Company will comply with the data protection laws applicable in the Client’s jurisdiction, including but not limited to the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA) in the United States, and other relevant data protection regulations. The Company will implement appropriate safeguards to ensure that personal data is processed lawfully, fairly, and transparently, and will provide mechanisms for data subjects to exercise their rights under applicable laws.

10.5.2. Localized Terms and Conditions: Where required by local laws and requested by the clients, the Company will provide Clients with tailored Terms and Conditions that reflect the specific legal requirements of their jurisdiction. These localized terms may address issues such as dispute resolution, consumer rights, and any mandatory legal provisions that differ from the general terms provided in this Agreement.

10.5.3. Cross-Border Data Transfers: The Company will at the client’s request put in place measures ensure that any cross-border data transfers comply with applicable laws in the Client’s jurisdiction. This may include entering into standard contractual clauses (SCCs) or other legal mechanisms to ensure the lawful transfer of personal data from one jurisdiction to another.

10.5.4. Compliance with Industry-Specific Regulations: The Company will at the client’s request put in place measures to ensure that its Platform complies with any industry-specific regulations that apply to the Client, such as those related to financial services, healthcare, or telecommunications, as required by the Client’s jurisdiction. The Company will work with the Client to understand their regulatory obligations and to ensure that the Platform can be configured to meet these requirements.

10.5.5. Legal Notifications: The Company may also notify the Client of any changes to laws or regulations in their jurisdiction that may impact the use of the Platform. The Company will work with the Client to implement any necessary changes to ensure continued compliance.

10.5.6. Client Cooperation: The Client agrees to inform the Company of any specific legal or regulatory requirements in their jurisdiction that may affect their use of the Platform. The Client will cooperate with the Company to ensure that all services are provided in compliance with local laws and regulations.

10.5.7. Limitation of Liability: The Company will use its best efforts to comply with jurisdictional requirements, but the Client acknowledges that it is ultimately responsible for ensuring that their use of the Platform complies with all applicable laws in their jurisdiction. The Company shall not be held liable for any non-compliance arising from the Client’s failure to inform the Company of specific legal requirements or changes in the law.

  1. Warranties and Disclaimers
    11.1. Platform Availability: The Company warrants that it will use reasonable efforts to ensure the Platform is available to the Client without interruption, except during scheduled maintenance or unforeseen outages.

11.2. Disclaimer of Warranties: Except as expressly provided in this Agreement, the Platform is provided “as is,” and the Company disclaims all warranties, whether express, implied, statutory, or otherwise, including but not limited to any warranties of merchantability, fitness for a particular purpose, and non-infringement.

  1. Limitation of Liability
    12.1. Limitation of Liability: The Company’s liability under this Agreement, whether in contract, tort, or otherwise, shall be limited to the total amount paid by the Client for the subscription during the twelve (12) months prior to the claim.

12.2. No Liability for Indirect Damages: The Company shall not be liable for indirect, incidental, special, or consequential damages, including but not limited to loss of revenue, profits, or business opportunities, even if advised of the possibility of such damages.

  1. Term and Termination
    13.1. Term: This Agreement shall remain in effect as long as the Client subscribes to the Platform.

13.2. Termination by Client: The Client may terminate their subscription by providing 30 days’ written notice prior to the end of the subscription term.

13.3. Termination by Company: The Company reserves the right to terminate this Agreement, including the Client’s access to the Platform, under the following circumstances:
o Non-Payment: If the Client fails to pay any fees due under this Agreement within 30 days after the due date.
o Breach of Agreement: If the Client breaches any material term of this Agreement and fails to remedy such breach within 30days after receiving written notice from the Company.
o Violation of Law: If the Client uses the Platform in violation of applicable laws or regulations, or engages in illegal or fraudulent activities.
o Insolvency: If the Client becomes insolvent, files for bankruptcy, or is otherwise unable to pay its debts as they become due.
o Misuse of Platform: If the Client engages in activities that are deemed, at the Company’s sole discretion, to be a misuse of the Platform, including but not limited to, exceeding the user limits, unauthorized access or use of the Platform, or activities that compromise the security or functionality of the Platform.
o Failure to Comply with Security Protocols: If the Client fails to adhere to the security protocols outlined in Section 6 and does not rectify the situation within 30 days after receiving written notice.
o Force Majeure: If a Force Majeure event, as defined in Section 14, continues for a period exceeding 90 days, and the Company is unable to perform its obligations under this Agreement.
13.3.1. Notification of Termination: The Company shall provide the Client with written notice of termination, including the reason(s) for termination, the effective date of termination, and any steps the Client may take to remedy the situation, if applicable.
13.3.2. Effect of Termination: Upon termination by the Company, the Client’s access to the Platform will be immediately revoked. The Client shall have 30 days to download or retrieve their data, after which the Company may permanently delete such data.

13.4. Refunds and Cancellations: The Client may request a refund or cancellation of their subscription in accordance with the Company’s Refunds and Cancellations Policy. Refunds are subject to eligibility criteria, which include but are not limited to unused portions of the subscription period and adherence to the notice requirements specified in this Agreement. The Refunds and Cancellations Policy, which details the procedures for requesting a refund and the conditions under which refunds are granted, can be accessed at www.assentvalise.com/refund_and_cancellation_policy/

  1. Force Majeure

14.1. Notification: The Company shall notify the Client as soon as reasonably practicable after becoming aware of any Force Majeure event affecting its ability to perform its obligations under this Agreement.

14.2. Suspension of Obligations
14.2.1. Upon the occurrence of a Force Majeure event, the Company’s obligations under this Agreement shall be suspended for the duration of such event.
14.2.2. The Company shall not be liable for any delay, failure to perform, or damages caused by a Force Majeure event.
14.2.3. The time for performance of the affected obligations shall be extended by a period equivalent to the period during which performance of such obligations has been delayed or failed to be performed.

14.3. Mitigation: The Company shall use reasonable efforts to mitigate the effects of the Force Majeure event on its performance of its obligations under this Agreement.

14.4. Alternative Arrangements: Where possible and commercially reasonable, the Company will attempt to provide alternative methods of performance or workarounds to minimize the impact of the Force Majeure event.

14.5. Termination Due to Extended Force Majeure:
14.5.1. If a Force Majeure event continues for a period exceeding ninety (90) consecutive days, either party may terminate this Agreement by giving written notice to the other party.

14.5.2. In the event of such termination, the Company shall refund any prepaid fees covering the remainder of the term after the effective date of termination.

14.5.3. Neither party shall have any liability to the other in respect of the termination of this Agreement as a result of an extended Force Majeure event.

14.6. No Relief from Payment Obligations: Force Majeure shall not excuse the Client from paying any fees owed to the Company for services rendered prior to the Force Majeure event.

14.7. No Liability for Consequential Loss: In no event shall the Company be liable to the Client or be deemed to be in breach of this Agreement for any failure or delay in rendering performance arising out of a Force Majeure event.

14.8. Obligation to Resume Performance: As soon as it is reasonably possible after the end of the Force Majeure event, the Company shall resume performance of its obligations under this Agreement.

14.9. Communication: The Company will keep the Client informed about the situation and provide updates on expected timelines for resuming normal operations.

This Force Majeure clause shall be interpreted in accordance with applicable laws and regulations governing such provisions in commercial contracts.

  1. Amendment Process

15.1. Right to Amend
15.1.1. The Company reserves the right to amend these Terms and Conditions (“Terms”) at any time to reflect changes in business practices, legal requirements, or other factors affecting the Service.
15.1.2. Amendments may include modifications, additions, or removals of any portions of these Terms.

15.2. Notification of Amendments
15.2.1. The Company shall provide written notice of any material amendments to these Terms to the Client’s designated point of contact via email or through the Service’s administrative interface.
15.2.2. The notice shall include:
o A summary of the key changes
o The effective date of the amendments
o A link to or copy of the updated Terms

15.3. Timing of Notifications
15.3.1. For material changes that may substantially affect the Client’s use of the Service or legal rights and obligations the Company shall provide at least 30 days’ notice before the amendments take effect.
15.3.2. For minor changes or those required by law, the Company may provide shorter notice or implement changes immediately, as circumstances require.

15.4. Acceptance of Amendments
15.4.1. Continued use of the Service after the effective date of any amendment constitutes the Client’s acceptance of the amended Terms.
15.4.2. If the Client does not agree to the amended Terms, they must discontinue use of the Service before the amendments take effect.

15.5. Opportunity for Review and Feedback
15.5.1. During the notice period for material changes, the Client may submit written feedback or concerns regarding the proposed amendments to the Company.
15.5.2. The Company shall consider such feedback in good faith but is not obligated to modify the proposed amendments based on Client input.

15.6. 6. Special Amendments
15.6.1. Amendments required by law or necessary to address security concerns may be implemented immediately without prior notice.
15.6.2. The Company shall notify the Client of such amendments as soon as practicable after implementation.

15.7. Client-Specific Amendments
15.7.1. Any amendments specific to an individual Client must be mutually agreed upon in writing by both parties.
15.7.2. Such amendments shall be documented in a separate amendment agreement or an updated Service Order, referencing these Terms.

15.8. Version Control
15.8.1. The Company shall maintain a record of all versions of the Terms, including effective dates.
15.8.2. Clients may request access to previous versions of the Terms applicable

  1. Miscellaneous
    16.1. Governing Law: This Agreement shall be governed by and construed in accordance with the laws of Kenya without regard to its conflict of law provisions.

16.2. Dispute Resolution: Any disputes arising out of this Agreement shall be resolved through mediation. If mediation fails, the dispute shall be submitted to the exclusive jurisdiction of the courts of Kenya.

16.3. Entire Agreement: This Agreement constitutes the entire understanding between the parties with respect to the subject matter and supersedes all prior agreements or understandings.

Last updated: 1st August 2024
Version: 1.01