Terms and Conditions

DESCRIPTION OF SANCTIONS SCREENING AUTOMATION SERVICES:

Sanctions screening automation – Alpha Omega sanctions screening tool automates the daily screening of the names of individuals and entities, which have been submitted for screening against the United Nations Consolidated List and the UAE Local Terrorist List, providing screening alert information if there is potential match. The tool enables automated screening against the Customer’s preconfigured screening settings. Please note that the sanctions lists screened used in the tool are restricted only to the United Nations Consolidated List and the UAE Local Terrorist List. This screening tool does not provide sanctions screening against any other lists and nor does it provide information about PEPs or adverse media.

Client Review – Customer is responsible for reviewing search results to eliminate false positives.

SCREENING TERMS AND CONDITIONS:

Customer is licensed to use the services solely for compliance use limited to comparing of names against the United Nations Consolidated List and the UAE Local Lists. The use of services under this Subscription applies to customer as it exists on the effective date, expanded use of the services due to a merger or acquisition (including the acquisition of a portfolio) requires the vendor’s prior written consent; The Firm Agrees to provide screening services (‘Screening Services’) on a best efforts basis providing published and publicly available information on Data Subjects ( Collectively, “Information”) to assist the customer in comparing the Data Subject with the names populated in the two sanctions lists.  “Data Subject” means the entity that is to be the subject of screening or the living individual to whom the personal data is related to who is to be the subject of screening or the living individual to whom personal data is related who is to be the subject of screening. “Entity” means the organisation names, or a beneficial owner, and, individual people names (for example principals), that has been sent as a key string to the screening vendor to identify a potential match on that vendors database.

CUSTOMER’S REPRESENTATIONS, WARRANTIES AND COVENANTS: Customer hereby represents warrants and covenants as follows:

• That with respect to applicable data protection laws and regulations governing the processing of information relating to an identified or identifiable natural person or information considered to be personal information as defined under applicable laws( “Personal Information”), that customer is acting as a data controller and the Firm and its third party information providers are acting as Data Processors and the customer is directing the processing of personal information of data subjects for a valid and lawful purpose;

• That customer has used reasonable care to provide the Firm with the correct identifying information for the Data Subjects in English;

• That customer’s use of any information shall in all cases comply with all applicable federal, state and local laws and regulations and all applicable data protection laws and that the information is to be used for customer’s regulatory compliance obligations;
• That customer has all rights and authorisations (including obtaining necessary consents) from and with respect to the Data Subjects, including Data Subjects identified by the Firm through file expansion, to the extent required under applicable law for processing their information in accordance with the terms herein;

• If customer receives any complaint, notice or communication which relates directly or indirectly relates to the services, any data provided under the services, or to either party’s legal compliance, or the parties’ privacy policies, it shall immediately notify the Firm and it shall provide the Firm with full co-operation and assistance in relation to any compliant, notice or communications;

• Customer shall notify the Firm as soon as possible If it receives a request from any individual (Including but not limited to a data subject ) for access to that person’s personal data or the attempted exercise of any similar request including but not limited to any right to be forgotten and shall ensure that the Firm is notified of the request before customer responds to or deals in any way with that request, shall provide the Firm with full co-operation and assistance in relation to any such requests

• Customer agrees to indemnify, defend and hold harmless the Firm and its third party information providers from any claim or cause of action against Firm or its third party information providers arising out of or relating to use of the Services by (i) individuals or entities which have not been authorized by this Agreement to have access to and/or use the Information and (ii) Customer, which use is in violation of the representations, warranties and covenants above.

STANDARD TERMS & CONDITIONS:

The Customer’s attention is drawn to the Standard Terms & Conditions as set out below:- These Standard Terms & Conditions (“T&Cs”) apply to users of all types of information provided by the Firm. Each type of information, whether printed, written, oral or in machine-readable form, including documentation contained in the Firm’s products / services, along with its associated literature comprising of, inter alia, all data, diagrams and representations contained therein shall collectively be referred to as “the Information”. It is understood that each individual item included in the Information shall be provided only when available. By purchasing the requested Information, the Customer is deemed to have agreed to these T&Cs. The supply of the Information hereof by the Firm to the Customer shall be governed by (i) these T&Cs and (ii) the purchase order issued by the Customer (“Subscription”). In the event of conflict between the T&Cs and Subscription, the terms and conditions set out in the T&Cs shall prevail.

ARTICLE 1 – MODALITIES OF PROVISION OF SERVICE

1.1 Upon Customer’s written Subscription delivered to the Firm through online website, by email or through any other means, the Firm shall provide the Customer with the Information required by electronic means or other modalities and according to the timeframe if provided as described in The Subscription Form. Customer shall order the Information from time to time during the term of these T&Cs. Any information provided by the Customer shall be processed by the Firm only for the benefit of the Customer and for the purpose of providing the Information to the Customer. This does not prejudice the rights of the Firm to dispose and use such information and/or data if they, at the time of receipt, were already known or available to the Firm. Customer shall provide the Firm with all the information required to process the orders, including but not limited to as products mentioned in the Subscription form, within 30 days from the issuance of the relevant Subscription. The Customer shall not be entitled to revoke any Subscription and claim any refund in respect thereof, once the Subscription has been received by the Firm.

The Firm reserves the right to modify any technical modalities in providing the Information, giving a 30 days written notice to the Customer. The Customer shall implement, on its charge, any subsequent technical measures in order to use and access the Information, as modified by the Firm. Notwithstanding any contrary provisions, in case of any modifications of law impacting the Information, the Firm reserves the right to promptly carry out any modifications to the content and/or to the structure of the Information in order to be in compliance with any modifications stated by law and the Customer shall not impose any liability to the Firm as a consequence of such modifications.

1.3 Unless authorized in writing by the Firm, the Customer shall not assign to any third IT company the administration and management of any data and Information obtained under this T&Cs, in the event that such assignment implies, directly or indirectly, the transfer and access to the content of the Information and to any Firm’s Confidential Information to a company whose activity is in competition with the activity of the Firm  and of any controlling, controlled and affiliate companies of the Firm . The

infringement of this clause shall be considered as a material breach.

1.4 The Customer shall not modify the content of the Information and shall be obliged to use the Information avoiding any misrepresentations of the content provided by  the Firm.

ARTICLE 3 – OWNERSHIP

3.1 The Customer shall not copy, reproduce, repackage, resell, display, publish, transmit, transfer, disseminate or otherwise redistribute the Information, in whole or in part, in any form or manner or by any means whatsoever without the express written permission of the Firm.

ARTICLE 4 – DISCLAIMER AND LIABILITY OF THE PARTIES

4.1 The Customer acknowledges that the Information and relevant data, as provided by screening tool,are collected at public sources (i.e. official archives) and third party provider. The Information are provided on “as is” basis and without warranties of any kind either express or implied. The Firm does not give any warranty whatsoever, including without limitation, as to the availability, accuracy, currency, completeness, correctness, or reliability of the Information made available and expressly disclaims (to the maximum extent permitted in law) all liability for any direct or indirect damage or loss resulting from the Customer’s use of, or reliance on the Information or the contentsprovided therein.

Through these T&Cs, the Customer acknowledges and agrees that the Firm shall not be liable to the Customer in any manner for any direct or indirect loss or injury arising out of or caused, in whole or in part, by Firm’s negligent or other acts or omissions in procuring, compiling, collecting, interpreting, reporting, communicating, system failure, or delivering the Information or its contents, or in otherwise performing its obligations under these T&Cs, whether or not any such matter amounts to a fundamental breach of these T&Cs.

4.2 The Firm shall NOT be liable for any damages suffered by the CUSTOMER arising from the reliance on the screening tool and customer acknowledges that all decisions as to whether a person is matching or not with a name on the sanctions screening lists will be made by the CUSTOMER himself and the sanctions screening tool is only a process to reduce manual effort in the screening. In no event the Firm shall be liable for damages arising from force majeure or incorrect operation of the national and international Internet connection and/ or incorrect operation of Internet systems.

4.3 Further, The Firm shall not be liable, at any time, for special, incidental, exemplary or consequential damages (including, without limitation, damages for loss of business projects or loss of profits), even if advised of the possibility of such damages, arising in contract, tort or otherwise from the use of the Information or its contents, or from any acts or omissions arising as a result of use of the Information or for any failure of performance, error, omission, interruption, defect or delay in the activities undertaken by the Customer as a result of reliance on the contents of the Information.

4.4 If notwithstanding the foregoing, any liability can be lawfully imposed and enforced on the Firm, according to applicable laws, then the Customer agrees that the Firm’s aggregate liability for any and all losses or injuries to the Customer arising out of any negligent or other acts or omissions of The Firm in connection with anything furnished as Information, regardless of the cause of the loss or injury and regardless of the nature of the legal or equitable right claimed to have been violated, shall never exceed the Value of this initial subscription (“Cap”). Value of this initial subscription means the charges/fees payable under this Subscription Form for provision of the service during the initial term without considering possible automatic renewals.

4.5 The Frim provides no advice or endorsement of any kind through this Information. The availability of data in the Information does not constitute a recommendation by the Firm to enter into any transaction or follow any course of action.

4.6 All decisions made by the Customer must be based solely on the Customer’s evaluation of the circumstances and objectives. The Firm recommends that the Customer independently verify the current accuracy of any data made available in the Information upon which the Customer intends to rely.

ARTICLE 5 – INDEMNITY

The Customer shall be liable for the damages suffered by the Firm and its officers, agents, employees or partners arising from the breach of its undertakings and representations and warranties under this T&Cs and therefore shall keep the Firm fully and effectively indemnified against any and all claims, damages, costs, charges, expenses, liabilities, demands, proceedings and actions which the Firm may sustain or which may be brought or established against it by any person or authority arising out of or in relation to such breach by Customer. The Firm agrees to notify Customer in writing of any such claim, action, proceeding or demand as soon as reasonably practicable upon receipt of or knowledge of same and afford Customer the opportunity to defend or participate in the defense of such claim, action proceeding or demand. In addition thereto, the Firm shall cooperate with Customer in every reasonable manner at Customer’s sole expense hereunder.

ARTICLE 6 – TERMS OF USE

6.1 The Information and all content provided therein shall be for the sole and exclusive use of the Customer. The Customer represents and warrants ordering, receiving and otherwise handling the Information in compliance with all applicable laws, statutes and regulations, including, but not limited to, data privacy laws and statutes and regulations governing fair information practices.

6.2 The Customer shall neither request the Information for the use of others nor permit requests to be made under these T&Cs by others. Neither may the Information be used by the Customer in connection with providing advice or recommendations to others, it being understood that the Information is only for the Customer’s internal use.

6.3 Except as otherwise agreed or required by law, neither the Firm nor any of its trade names, trademarks, or service marks may be used for any purpose as the identification of the Customer’s source of reference.

ARTICLE 7 – PAYMENT

7.1 The Customer agrees to pay the Firm immediately upon signing these T&Cs , in AED, the fees due for the Information that have been subscribed, in accordance with the payment terms specified in the Service Subscription and it shall not make any set-off against the Firm. If any payment is not made when due, the automated screening tool service shall be terminated immediately until the balance due is paid.

7.2 If the Customer has selected a unit subscription, it (or its bank under a

standing order mandate) shall pay the Firm in full in advance for the number of units specified on the Service Subscription at the rate set forth in the Firm’s price list in force and detailed in its price list on the date of confirmation of the subscription for the requested Information by the Firm. If, during the term, the Customer uses more units that it has availed, then it shall pay for those units, upon demand, at the rate set forth in the Firm’s price list then in force. The Customer understands that the Firm is not obligated to give any refunds for unused units.

7.3 If the Customer has selected one-off billing, it shall pay the Firm the fee in advance and thereafter the Firm shall specify in the invoice the products/services purchased at the rate set forth in its price list then in force.

7.4 Customer agrees to pay all taxes (including but not limited to sales, excise and value added taxes) which may be levied or imposed by any government authority in connection with the transactions contemplated by this Agreement, and to reimburse the Firm, in addition to the prices stated herein, for any such amounts which are paid by or collected from the Firm (included withholding taxes paid by the Firm, if any) or withheld from amounts due to the Firm hereunder.

ARTICLE 8 – DATA PROTECTION

8.1 In performing the Service, the Customer, in accordance with the UAE applicable laws (including but not limited to the UAE Data Protection Law No. 45 of 2021 and its regulations “UAE Data Protection Law”), hereby states that it is the Controller for the purposes of the processing of the personal data that will be processed by the Firm for the performance of the Service, and guarantees that it has implemented all the requirements of the aforementioned law. The Customer therefore guarantees that the Firm can legitimately process the personal data provided to it for the purposes of the Service. The Customer undertakes to hold harmless the Firm from any possible claims for compensation and penalties deriving from the breach of regulatory provisions on data protection by the Customer in the processing of personal data communicated to the Firm for the performance of the Service.

8.2 In order to legitimize the processing of personal data by the Firm, the Customer  appoints the Firm as the Processor, according to the Terms and Conditions specified in the Annexure A attached to this Agreement.

8.3 The Firm will implement the processing of personal data entrusted to it in full compliance with the UAE Data Protection Law and any other regulations applicable to such processing, as well as the instructions provided by the Customer with the appointment as Processor.

8.4 The Customer authorizes the Firm to appoint all subjects authorized as subcontractors by the Customer as well as the sub-suppliers that the Firm will use for the processing operations as other Processors (hereafter Sub-Processors).

8.5 The Firm will impose on all Sub-Processors the same obligations regarding personal data protection assumed in relation to the Customer through the signing of this Agreement and attached letter of appointment of the Processor, by means of an appropriate contract. Therefore, with the formalization of the appointment, the Firm will provide the Sub-Processors with the same instructions given to it by the Customer. The Firm undertakes to inform the Customer regarding any changes and the addition or replacement of other Processors, to allow the Customer to oppose the changes.

ARTICLE 9 – TERM AND TERMINATION

These T&Cs shall come into effect from the date stated in this agreement and shall remain in force for 12 months. The Customer cannot cancel or terminate the Subscription Form or these T&Cs after signture/execution. Unless terminated earlier by the Firm, these T&Cs, shall renew automatically every 12 (twelve) months on the same terms and conditions. Provisions which by their very nature survive termination shall be deemed to survive any termination. The Firm may terminate these T&Cs at any time and without prior notice in the event of a breach of these T&Cs by the Customer and otherwise upon 30 (thirty) days’ written notice by the Firm.

ARTICLE 10 – GOVERNING LAW

Any dispute, difference, controversy or claim arising out of or in connection with this Agreement, including (but not limited to) any question regarding its existence,

validity, interpretation, performance, discharge and applicable remedies, shall be subject to the exclusive jurisdiction of the Courts of the Dubai International Financial Centre (“the DIFC Courts”) and its Small Claims Tribunal (“the SCT”). This Agreement shall be governed by and construed in accordance with the laws of the United Arab Emirates.

ARTICLE 10 – MISCELLANEOUS

These T&Cs contain the entire and only agreement between the Firm and the Customer in relation to the subject matter hereof and all prior and collateral representations, warranties, promises and conditions made by CRIF GULF have been merged herein. No representation, warranty, promise or condition not incorporated herein shall be binding upon either party. These T&Cs shall bind and inure to the benefit of the parties and their successors and assigns. The Customer shall not assign these T&Cs without the Firm’s prior written consent. In the event that any court of competent jurisdiction holds any provision of these T&Cs invalid or unenforceable, it will not invalidate or render unenforceable any other provisions hereof and the same will continue to be valid. No waiver or amendment of these T&Cs shall be binding on either party, unless it is in writing and signed by the authorized officials of both the parties. The Customer expressly authorizes the Firm to assign this T&Cs to any other subsidiary, parent, affiliated or associated companies of the Firm itself, subject to prior written notice.

Annexure A

In view of the above mentioned appointment, the Customer (hereafter the “Controller”) entrusts the following TASKS to the Firm (hereafter the “Processor”) and gives the following INSTRUCTIONS for data processing, which the Processor must adhere to:

1. Data processing must be carried out by the Processor in full compliance with the applicable legislative provisions under the UAE Data Protection Law and any other applicable legislation, while taking into consideration the personal data protection measures introduced by the UAE Data Office from time to time and concerning the processing performed by the Processor;
2. In carrying out its Data processing activities, the Processor can legitimately expect the Controller to guarantee that the Data sent as part of the diligent execution of the contract relating to the Service was collected by the Controller from the data subject or from third parties in compliance with all the requirements and on the basis of one or more assumptions of legitimacy required by the UAE Data Protection Law ;
3. Data processing must be carried out by the Processor in its performance of the contract for the Service and for the purposes connected to providing the Service, as well as for the time strictly necessary to achieve the aforementioned aims and for the purposes strictly connected and instrumental to the management of related technical problems, and, in any case, in such a way as to guarantee the security of the Data; the processing may be carried out both manually and with the help of electronic means, or automatically and electronically;
4. The Processor is authorized to use Sub- Processors in the normal performance of its services, as specified in the Contract.;
5. On termination of the Service, the Processor must return the Data to the Controller on the basis of its instructions;
6. The Processor has the duty to comply with and ensure the Designated Employees comply with the provisions relating to Data security and, in particular, the Processor must adopt the security measures required to ensure an appropriate level of security in relation to risk and be able to ensure the ongoing integrity and availability of the personal data being processed. These measures should minimize the risks, where identified, of loss or destruction of the Data, even if accidental, and of unauthorized access or Data processing without consent or not complying with the aim of the collection;
7. The Processor must notify the Controller without unjustified delay when becoming aware of a data breach regarding data processed on behalf of the Controller. All the information concerning the event should be provided with this notification, and in any case at least:
8. A description of the nature of the personal data breach including, where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
9. A description of the likely consequences of the personal data breach; and (iii) a description of the measures adopted or proposed measures to address the data breach and including, where appropriate, measures to mitigate its possible adverse effects. Where and to that extent that it is not possible to provide the information at the same time and the identification of the event, the information may be provided in phases without undue further delay;
10. The Processor undertakes to provide support to the Controller in the activities required to comply with the obligations of the latter in accordance with the UAE Data Protection Law , within the limits of the information it holds and of the processing performed on behalf of the Controller;
11. The Processor keeps a record in written or electronic form, of all categories of processing activities carried out on behalf of the Controller;
12. The Controller can carry out sample checks at its own expense at the Processor’s company offices, using personnel that have been expressly appointed to the task, by sending a prior request in writing to the Processor with advance notice of at least fifteen working days from the proposed date and, in any case, at the date and time to be agreed with the Processor, in order to assess compliance of the Data processing with the existing contract for the Service between the parties, with this letter of appointment, and the legislation in force. The Controller shall undertake to carry out the aforementioned verification activities in the shortest time possible – during office hours and on working days – so as not to disrupt the normal performance of the Processor’s activities. The Processor undertakes to make available to the Controller all the information required to demonstrate compliance with the obligations assumed with the signing of the Contract and of this letter of appointment, and in general with the legislation applicable to the processing performed on behalf of the Controller;
13. If, as part of security measure checks, the Processor comes across shortcomings in relation to the security measures or any other aspect of the Data processing carried out as part of the Service which are the responsibility of the Controller, the Processor will immediately inform the Controller, who will quickly activate the appropriate internal departments in order to adopt the necessary actions;
14. For the purposes of the regulation of responsibilities and related compensation rights in favor of the data subjects, the application of the UAE Data Protection Law remains valid;
15. In addition to what is set out above, the Processor should in any case carry out the Data processing for the Controller as part of the Service on the basis of the contract and the terms and conditions, and using the processing methods regulated therein, or which can be inferred from the contract and herein expressly incorporated by reference – where necessary – in addition to this letter of appointment, in terms of the tasks and instructions;
16. The Processor can exercise any appropriate decision-making powers to enable the objectives of the law to be achieved and to implement the obligations and tasks specified above.

Once the instructions referred to above have been given and the tasks specified above have been identified, as part of its role, the Controller can give further instructions which may become necessary over the course of the performance of the Data processing activities, including on completion of and in addition to what is defined above.

This letter of appointment is valid for the whole duration of the Service under the agreed contractual conditions and, therefore, on definitive termination of the Service this letter of appointment will expire at the same time with immediate effect, except in the case where there are additional and independent circumstances which justify the continuation of Data processing by the Processor in a restricted manner and for a period of time which is limited to what is strictly necessary (for example, but not limited to, in the case of abnormal events affecting the contractual relationship between the parties).

This letter of appointment is reserved and confidential and cannot be divulged or disclosed to third parties without the consent of the Controller, except where required by law or when ordered or requested by the competent authorities or for the purposes of legal defense or to assert a right of one of the parties.

By signing this letter of appointment, the Processor accepts the appointment under the conditions outlined above, confirms its direct and in-depth knowledge of the obligations that it takes on in relation to the text of the legislation and undertakes to carry out the Data processing in line with the instructions received from the Customer.