A compilation of articles, highlighting the depth and complexity of this world wide problem. 

A compilation of articles, highlighting the depth and complexity of this world wide problem. 

Ethixbase360 Terms and Conditions for the Supply of Services

Terms & Conditions active from 1 March 2024 to 9 May 2024. Please see below for previous and current versions. 

10 May 2024 – Present 
27 March 2023  29 February 2024 (Archive)
7 October 2022 – 26 March 2023 (Archive)
3 August 2022 – 7 October 2022 (Archive)
1 January 2021 – 2 August 2022 (Archive)
1 January 2020 – 31 December 2021 (Archive)

 

Part 1

About Ethixbase360

Ethixbase360 supports its customers manage third-party risks with a focus on corporate sustainability and other ESG risk factors including anti-bribery and corruption, human rights, modern slavery and the environment.

Ethixbase360 services include cloud-based due diligence platforms, interactive due diligence questionnaires, risk assessment tools and custom due diligence reports.

Risk data is provided by: (a) information sourced from third-party data providers (b) the entity or individual that is the primary subject of a report or (c) Customer’s actual or prospective business partners responding to a due diligence questionnaire. 

Status of these terms and conditions

These terms and conditions, any applicable Managed Services Terms (Terms) and each Order create a separate agreement between Ethixbase360 and Customer regarding the supply of Services.

If Customer clicks online to indicate acceptance of the Terms, makes payment based on an Order that references the Terms or continues to use Services, Customer has agreed to the Terms. Ethixbase360 does not have to accept orders for Services placed by email, but any order accepted will be subject to the Terms. 

Ethixbase360 does not accept other terms or conditions that Customer attempts to impose including those associated with Customer purchase orders. Such other terms and conditions will not apply to an Order.  Customer may deliver a Customer purchase order or similar document as a convenience to Customer and for Customer’s internal accounting procedures only.  Supply of Services or acceptance of payment shall not be considered acceptance of terms and conditions associated with this documentation.

The Terms prevail in the case of conflict between the Terms and an Order. However, the Order prevails if it refers to a specific provision of the Terms and an intention to vary that provision. The DPA always prevail in relation to the processing of Owner Personal Data.

If you sign an Order on behalf of a third party, you warrant and undertake to Ehixbase360 that you are authorised to do so.

How these terms and conditions apply

Part 1:   applies to all Services

Part 2:   applies only if you buy Collaborative Reports 

Part 3:   applies only if you buy a Research Subscription 

Interpretation. The definitions and rules of interpretation in this clause apply to an Agreement.

Affiliate: another entity that controls, is controlled by, or is under common control of a party. Control of a party means ownership, directly or indirectly, of over 50% of the entire ownership interest in the party or of the party’s voting stock, or the right and power to direct the party’s affairs.

Agreement: each separate agreement between Ethixbase360 and Customer made up of an Order and the Terms.

Authorised Users: Customer and Permitted Affiliate employees and individual contractors who are not competitors of Ethixbase360 authorised to use Services up to any maximum number specified in the Order.

Confidential Information: the terms of an Agreement and information of a party that is proprietary or confidential, including (for Ethixbase360) Ethixbase360 Data and (for Owner) Owner Data, and is clearly labelled as such or should reasonably be considered confidential by the receiving party.

Controller”, “Data Subject”, “Personal Data”, “personal data breach” “Processor” and “processing” have the meanings attributed to them in the DPA.

Customer: the party ordering Services identified in an Order.  

Customer Systems: (a) computer or electronic processing equipment (b) communication networks (c) the internet (d) other equipment, applications or software used by Customer, always excluding Services.

Data Protection Legislation: has the meaning in the DPA.

Data Provider: a third-party provider of Ethixbase360 Data.

DDQ: a standard or custom due diligence questionnaire (including the Modern Slavery Module) sent via the Platform as part of Services.

Documentation: documents and materials containing information regarding Services provided by Ethixbase360 from time to time.

DPA: Ethixbase360’s data processing agreement found at https://ethixbase360.com/ethixbase-data-processing-agreement/ .

EDD Reports: Ethixbase360 Enhanced Due Diligence Reports.

ESG Laws:  laws, statutes and regulations applicable to Ethixbase360 in the provision of Services relating to (a) anti-bribery and anti-corruption (b) anti-slavery and human trafficking (c) the protection of the environment (d) the prevention of facilitation of tax evasion.

Ethixbase360: the Ethixbase360 entity identified in Section 18.

Ethixbase360 Data: data and information including personal data, alerts, publications, reports, documentation, white papers, research, analysis, forecasts, ratings, opinions, models, security identifiers, methodologies text, photographs, audio, video and graphics provided by Ethixbase360 through Services, including such data and information sourced from Data Providers.  Ethixbase360 Data does not include Owner Data.

Ethixbase360 Know-How:  know-how, templates, models, methodologies, ideas, techniques, tools, processes, and technologies, including algorithms owned by, licensed to or developed by Ethixbase 360.  Ethixbase360 Know-How is Ethixbase360’s Intellectual Property Rights.

Ethixbase360 Platform:  any cloud-based platform provided by Ethixbase360 on a Subscription basis.

Force Majeure: an event or sequence of events beyond a party’s reasonable control (after exercise of reasonable care to put in place information security, back-up and disaster recovery arrangements) preventing or delaying that party from performing its obligations under an Agreement but excluding  circumstances resulting in Customer’s inability to pay the Price.

Good Industry Practise: practices, methods and procedures which would be reasonably commensurate with those practices, methods and procedures adopted by a skilled and experienced supplier engaged in providing services the same as or similar to Services and by a supplier of similar scale to Ethixbase360.

High Risk Data: information and data of the type described at the following location https://ethixbase360.com/company/eb360-high-risk-information-categories/

Initial Term: the initial, fixed term of an Agreement for a Service bought on a Subscription basis starting on the Order Start Date and ending on the expiry of 36 months from the Order Start Date unless otherwise specified in the Order. The Initial Term specified in an Order may be different for different Services.

Intellectual Property Rights: trade secrets, patents and patent applications, trade-marks (registered or unregistered, including goodwill accruing thereto), service marks, trade names, business names, internet domain names, copyrights, moral rights, database rights, design rights, know-how rights in inventions,  other intellectual property and proprietary rights (registered or unregistered), and other equivalent or similar rights which may subsist anywhere in the world, and applications for the foregoing.

Order: an Ethixbase360 ordering document, statement of work or online order or registration form specifying Services to be provided by Ethixbase360.

Order Start Date: the start date specified in an Order (or if no such date is specified the date of the last signature of an Order) or, in relation to an online Order, the date the Order is placed.

Owner: Customer being the owner of all rights including Intellectual Property Rights in Owner Data.

Owner Data: Reports (once paid for), DDQ responses and other Owner Confidential Information (including Owner Personal Data) processed through the Ethixbase360 Platform.

Owner Personal Data: has the meaning in the DPA.

Managed Services: business process management Services provided on a Subscription basis as described in an Order.

Managed Services Terms: additional terms and conditions that apply to a Managed Services as set out in the Order.

Modern Slavery Module: the Modern Slavery Due Diligence module provided on a Subscription basis.

Name: the name of any legal entity or natural person entered in the Ethixbase360 Platform by or on behalf of Customer at any point in a Year.

Name Limit means any maximum number of Names in relation to which Services can be provided in any Year as set out in the Order. A Name will count towards the Name Limit if Services have been provided in relation to that Name at any point in a Year.

Permitted Affiliate: an Affiliate of Customer identified as such in the Order.

Permitted Purpose: as defined within clause 2.1.

Permitted Recipients: (a) Authorised Users (b) to the extent necessary for the Permitted Purpose, Customer’s officers, employees, regulators and professional advisors and those of its Permitted Affiliates (c) other third parties agreed by Customer and Ethixbase360.

Price: the price or charges for Services specified in the Order or agreed between Customer and Ethixbase360 in writing from time to time.

Project Services: professional or other services provided by Ethixbase360 as set out in an Order.

Renewal Term: has the meaning in clause 13.2.

Reports:  due diligence reports provided to Customer as part of Services including digital reports provided through the Ethixbase360 Platform.

Services: Ethixbase360 services ordered by Customer as specified in an Order and the associated Documentation.

Start Date: the earlier of the Order Start Date or the date on which Ethixbase360 begins to provide Services.

Subscription: Services bought by Customer on a recurring basis as identified in an Order. 

Term: the total period of an Agreement.

Training Bundle: means the modules of online training Services selected by Customer as identified in an Order.

Virus:  programs that contains malicious code or infiltrates or damages a computer system or is designed to do so or which is hostile, intrusive or annoying and has no legitimate purpose, including Trojan horses, malware, malicious software, worms or logic bombs.

Voucher: vouchers or pre-paid credits bought by Customer to be redeemed against the future cost of Services.

Website: websites and other web domains owned by Ethixbase360 or its Affiliates from time to time.

Year: each successive 12-month period of the Term starting on the Start Date.

1.2 Clause, schedule and paragraph headings do not affect the interpretation of an Agreement. References to clauses and schedules are to the clauses and schedules of an Agreement.

1.3 A person includes an individual and an incorporated or unincorporated body.

1.4 Unless the context otherwise requires, words in the singular include the plural and vice versa. A reference to one gender includes all genders.

1.5 A reference to a statute or statutory provision is a reference to it as it is in force as at the date of an Agreement and includes subordinate legislation made as at the date of an Agreement under that statute or statutory provision.

1.6 If the word “including” or similar words are used before describing items, such items are examples only and not an exhaustive list.

2. Licence and Usage Restrictions

2.1 Ethixbase360 grants Customer a non-exclusive, non-transferable right to use Services and Ethixbase360 Data during the Term solely to manage Customer’s legal or regulatory compliance obligations regarding (a) supply chain sustainability or ESG risk factors  (b) regulatory and suspicious activity reporting (c) sanctions (d) embargoes (e) financial crime (f) other regulatory risks and associated obligations (the “Permitted Purpose”). 

2.2 Customer may not allow any Affiliate (other than a Permitted Affiliate) to use, access or benefit from Services or the Ethixbase360 Data. No Permitted Affiliate has the right to a separate instance of the Ethixbase360 Platform. EthixBase360’s obligations under clause 10 and the DPA shall be interpreted accordingly.

2.3 Customer shall not when using Services or Ethixbase360 Data access, store, distribute or transmit (a) Viruses or (b) material that (i) is illegal, harmful, threatening, defamatory, obscene, infringing, harassing or offensive (ii) abuses another’s privacy, intellectual property or other legal rights (iii) High Risk Data.

2.4 Customer shall not except as permitted by an Agreement or applicable law incapable of exclusion by agreement: (a) share, republish, or distribute Services or Ethixbase360 Data (b) create derivative works of, adapt, reverse engineer, decompile, disassemble or modify Services or Ethixbase360 Data (c) access Services or Ethixbase360 Data for competitive purposes (d) make Services or Ethixbase360 Data available to third parties or (e) access and/or use the Ethixbase360 Platform via mechanical, programmatic, robotic, scripted or other automated search means.

2.5 Customer shall: (a) put reasonable measures into practice no less stringent than its own information security measures (and no less than reasonable measures) so only Authorised Users can access Services and Ethixbase360 Data (b) keep passwords or other security credentials secure and not share them (c) make only the number of copies of Reports needed for the Permitted Purpose (d) immediately notify Ethixbase360 and take steps to investigate and mitigate the impact of unauthorised use of, access to or transmission of Services or Ethixbase360 Data and cooperate with Ethixbase360 accordingly (e) not probe, scan, penetrate or test the vulnerability of Services (f) not breach the Ethixbase360 security or authentication measures, whether by passive or intrusive techniques.

2.6 Customer must attribute Ethixbase360 Data to the original source identified within Reports and not to Ethixbase360 or Data Providers.

2.7 Customer shall indemnify Ethixbase360 against all liabilities, losses, damages, costs and expenses suffered or reasonably incurred by Ethixbase360 in connection with claims by Data Providers due to a breach of an Agreement by Customer.

3. Use of Services in relation to Individuals

3.1 Customer shall not use Services or Ethixbase360 Data in whole or in part (a) to establish an individual’s eligibility for credit, insurance, other financial services, government benefits or licences (b) to evaluate an individual for employment, promotion, reassignment or retention as an employee (c) for debt collection purposes or (d) to determine whether an individual continues to meet the terms of the credit or prepayment risks associated with an existing account.

3.2 Information obtained from Services or Ethixbase360 Data will not be: (a) used to investigate a consumer’s creditworthiness, credit standing, or credit capacity (b) provided to any person except: (i) to the employer or an agent of the employer, (ii) to  state or local government officers, agencies, or departments, (iii) to self-regulatory organisations with regulatory authority over the activities of the employer or employee, (iv) as otherwise required by law.

3.3 Nothing in this clause 3 limits Customer’s right to use Services or Ethixbase360 Data for the Permitted Purpose.

3.4 If Customer receives complaints or communications (including from an individual, a regulator or law enforcement agency) that relate to Services, Ethixbase360 Data or to Customer’s or Ethixbase360’s legal compliance in connection with Services, Customer shall immediately notify Ethixbase360 and Customer shall give Ethixbase360 full co-operation and assistance in relation to such complaints, notices or communications.

3.5 Customer shall indemnify Ethixbase360 against  liabilities, losses, damages, costs and expenses suffered or reasonably incurred by Ethixbase360 in connection with a breach of this clause 3.

4. Owner Data

4.1 Owner owns all Intellectual Property Rights in Owner Data excluding Ethixbase360 Know-How within Reports. Owner has sole responsibility for the legality, accuracy and quality of Owner Data other than Reports. Owner is advised to keep backup copies of Owner Data.

4.2 If Owner Data is lost or damaged by Ethixbase360, as Customer’s sole and exclusive remedy, Ethixbase360 will use reasonable commercial endeavours to restore the lost or damaged Owner Data from the latest back-up maintained by Ethixbase360 in accordance with its internal policies. Ethixbase360 is not responsible for loss, destruction, alteration or disclosure of Owner Data caused by third parties (except Ethixbase360 sub-contractors or sub-processors).

4.3 The DPA is incorporated by reference and applies to the processing of Owner Personal Data as defined in the DPA.

4.4 Ethixbase360 may use, share and keep anonymised data relating to Customer’s use of Services.  Once anonymised, Ethixbase360 may use such data for its own, legitimate, business purposes including for (a) statistical, trend analysis and reporting (b) machine learning (c) product and service improvements (d) new product development. Ethixbase360 owns the Intellectual Property Rights in such anonymised data and the output from usage of that data.

5. Data Providers

Customer may require a separate license to access certain underlying content within Ethixbase360 Data. For example, certain media owners place adverse media behind paywalls. Ethixbase360 is not a party to and has no responsibility under such license.

6. Ethixbase360’s obligations

6.1 Ethixbase360 warrants that: (a) Services will be performed with reasonable skill and care and in accordance with Good Industry Practise (b) it has and will maintain  necessary licences, consents, and permissions for the performance of its obligations under an Agreement (c) it will comply with  laws and regulations applicable to Ethixbase360 in the provision of Services and (d) it takes industry standard steps designed to ensure Services do not contain or introduce any Virus into Customer’s System.

6.2 Without prejudice to the generality of clause 6.1, Ethixbase360 shall, in connection with the provision of Services: (a) comply with  ESG Laws (b) not engage in activity, practice or conduct which would be an offence under ESG Laws (c) tell Customer if it becomes aware of breach of this clause or has reason to believe that it has received a request or demand for undue financial or other advantage (d) certify to Customer compliance with this clause 6.2 within thirty (30) days of written request.  Breach of this clause is a material breach of an Agreement.

6.3 Ethixbase360 warrants it has not been convicted of offences under ESG Laws or been the subject of proceedings regarding offences or alleged offences in connection with ESG Laws.

6.4 Updates to the Ethixbase360 Platform will be provided to Customer at no additional cost when and to the extent Ethixbase360 makes such updates generally available to its other Customers. Ethixbase360 has the right to modify the features and functionality of Services or Ethixbase360 Data but will not change Services’ fundamental nature without informing Customer through its regular product roadmap communications. Ethixbase360 may add, remove or change Data Providers provided this change does not have a material adverse impact on Services. 

6.5 If Services or Ethixbase360 Data do not conform with an Agreement, Ethixbase360 will, at its sole expense, use reasonable commercial efforts to correct this non-conformance promptly or give Customer an alternative means of accomplishing the desired performance. This correction or substitution is Customer’s sole and exclusive remedy in relation to this non-conformance.

7. Customer’s obligations

7.1 Customer shall: (a) give Ethixbase360 timely cooperation and information as may reasonably be required by Ethixbase360 to provide Services (b) comply with  applicable laws and regulations with respect to its use of Services and Ethixbase360 Data (c) make sure Permitted Recipients and Authorised Users use Services and Ethixbase360 Data in accordance with this Agreement and Ethixbase360’s reasonable instructions (d) maintain  necessary licences, consents, and permissions necessary to enable Ethixbase360 to perform its obligations under an Agreement, including in relation to Owner Data (e) make sure Customer Systems are compatible with Services.

7.2 If the performance of Services is delayed at Customer’s request or because of Customer’s acts or omissions: (a) time for performance of Ethixbase360’s obligations will be extended to take account of this delay (b) Ethixbase360 will use reasonable commercial endeavours to redeploy its personnel allocated to Project Services to other engagements and will work with Customer to agree an alternative start date.  If Ethixbase360 cannot redeploy its personnel for any part of the delay, it reserves the right to charge Customer for lost days or part days at its standard Project Services day rates. If Ethixbase360 can show this delay results in an increase in cost to Ethixbase360 of carrying out Services, Ethixbase360 may increase the applicable Prices by an amount not exceeding this cost.  Ethixbase360 may invoice Customer for additional amounts payable within 30 days of explaining the increase.

8. Price and payment

8.1 Customer will pay the Price in accordance with the Order and this clause 8. 

8.2 Customer shall pay the Price within thirty (30) days of receipt of Ethixbase360’s invoice. Invoice disputes must be raised before the due date for payment or the invoice will be considered accepted.

8.3 If, at any time in a Year, the Name Limit is exceeded Ethixbase360, may notify Customer.  Following notification, the Name Limit and corresponding Price for Services may be increased, in accordance with the rates set out in the Order with effect from the start of the first month following receipt of such notice by Customer or such later date as specified by Ethixbase360. 

8.4 If Ethixbase360 has not received payment of the Price by the due date, and without prejudice to its other rights and remedies, Ethixbase360 may on prior written notice to Customer: (a) suspend provision of Services until the Price is paid (b) charge Customer interest on overdue payments at the rate specified in the Contracting Entity Table in Section 18 on the amount overdue (c) retain Owner Data until outstanding amounts have been paid in full or (d) terminate an Agreement under clause 13.3.  Customer will be liable for  legal or other reasonable costs incurred by Ethixbase360 in the collection of overdue amounts.

8.5 The Price: (a) is payable in the currency specified in the Order (b) non-refundable (c) exclusive of value-added or sales taxes or duties which Customer is responsible for paying (d) must be paid without withholding or deduction. If the law requires Customer to deduct withholding tax from the Price, Customer must pay Ethixbase360 an amount that ensures its net receipt is the same as it would have been if the payment had not been subject to this withholding.

8.6 By providing not less than ninety (90) days’ written notice: (a) before the start of any Year, Ethixbase360 may notify Customer of the amount by which the Price for Services for that Year will increase in line with any increase in the Consumer Price Index published by the Office for National Statistics  (www.ons.gov.uk) for a 12 month period ending before the start of that Year and (b) before the start of any Renewal Term, Ethixbase360 may review the Price for that Renewal Term.

8.7 No part of the Price paid is refundable or capable of being applied to a subsequent Year, Renewal Term or new Agreement.  A Voucher must be redeemed in full within 12 months of it being bought.  A Training Bundle cannot be used after the expiry of the period set out in the Order.

9. Intellectual Property Rights

9.1 Ethixbase360 warrants it has the right to allow Customer to use Services and Ethixbase360 Data in accordance with the terms of each Agreement.

9.2 Ethixbase360 or its licensors own all Intellectual Property Rights in Services, Ethixbase360 Know-How and Ethixbase360 Data, their structure, organisation and associated search and extraction mechanisms.

9.3 An Agreement does not grant Customer  rights to Intellectual Property Rights in Services, Ethixbase360 Know-How or Ethixbase360 Data except as stated.

9.4 Customer must not access or use Services, Ethixbase360 Know-How or Ethixbase360 Data in any manner that infringes the Intellectual Property Rights of Ethixbase360, any Data Provider or its or their licensors.

9.5 Customer must store only insubstantial parts of and will not data or text mine, Ethixbase360 Data. Customer will not store or use Ethixbase360 Data (a) in a searchable database created by or on behalf of Customer (b) in a way that allows manual, automated or machine-assisted indexing or classification.  Nothing in this clause prevents Customer from (a) using an Ethixbase360 provided API to extract Ethixbase360 Data into or (b) storing Reports in, Customer Systems in each case for archiving purposes and to comply with Customer’s regulatory or legal obligations.

9.6 Customer will not remove copyright notices, proprietary markings, trademarks or trade names from Services or Ethixbase360 Data.

9.7 Customer or its Authorised Users may submit comments, information, questions, data, ideas, description of processes, or other information to Ethixbase360 in connection with Services (“Feedback”). Ethixbase360 may use, disclose, reproduce, license, create derivative works of or otherwise exploit Feedback without obligation to or restriction from, Customer. 

10. Confidentiality

10.1 A party may be given access to the Confidential Information of the other party to perform its obligations or exercise its right under an Agreement. A party’s Confidential Information shall not include information that: (a) is or becomes publicly known other than through act or omission of the receiving party (b) was in the receiving party’s lawful possession before the disclosure (c) is lawfully disclosed to the receiving party by a third party without known restriction on disclosure or (d) is independently developed by the receiving party, which independent development can be shown by written evidence.

10.2 Subject to clauses 10.3 and 10.4, each party shall take steps no less stringent than the steps it takes to protect its Confidential Information (and no less than reasonable steps) to hold the other’s Confidential Information in confidence and shall not use the other’s Confidential Information for purposes other than to exercise its rights or perform its obligations under an Agreement.  Subject to clause 10.3, a party may disclose the other party’s Confidential Information to the disclosing party’s officers, employees and service providers or those of its Affiliates to the extent necessary to provide or receive Services.  The disclosing party will make sure these recipients comply with the terms of this clause 10.

10.3 Subject to clause 10.5, Customer may disclose Ethixbase360 Data or Reports only to Permitted Recipients to the extent required for the Permitted Purpose. Customer shall ensure Permitted Recipients comply with this clause 10.  

10.4 A party may disclose Confidential Information to the extent such Confidential Information must be disclosed by law, by governmental or other regulatory authorities or by a court or other authority of competent jurisdiction if, to the extent it is legally allowed to do so, it gives the other party prior notice of such disclosure and considers the reasonable requests of the other party about the content of such disclosure.

10.5 Following termination of an Agreement, Ethixbase360 may securely dispose of Owner Data unless Owner requests Ethixbase360 to return Owner Data at Owner’s cost within 30 days of termination.  Ethixbase360 shall use reasonable commercial efforts to deliver to Owner a copy of the then most recent back-up of Owner Data within 30 days of receipt of such request.  Ethixbase360 has the right to retain Customer Confidential Information (a) when required by law or (b) when securely isolated and protected on back-up systems and deleted in accordance with Ethixbase360’s standard deletion practises.  Ethixbase360 may also keep one copy of each Report for its internal risk management purposes for 6 years following the date of the Report.  Retained Customer Confidential Information shall remain subject to the Terms and this clause 10 and the DPA.

11. Basis of Provision of Services

11.1 Customer is responsible for: (a) assuming all management responsibilities in relation to the receipt and use of Services (b) evaluating the adequacy of the output of Services.

11.2 Customer should not rely only on Services or Ethixbase360 Data when deciding to deal with any person or entity.  Information in Reports is in summary form.  People or entities identified in Reports may not be the same as the person or entity Customer intends to transact business with.

11.3 Customer must make sure Services and Ethixbase360 Data enable it to comply with its legal or regulatory obligations. Services are not the provision of advice of any kind.

11.4 Ethixbase360 takes reasonable steps to ensure the reliability of Data Providers.  Ethixbase360 Data is derived from third-party sources including public domain sanctions lists, law enforcement and regulatory websites and media sources, Data Providers and Report Subjects.  Ethixbase360 cannot control whether Ethixbase360 Data is comprehensive, correct or current.  Ethixbase360 will not tell Customer if Ethixbase360 Data changes other than as part of its continuous monitoring service if purchased as part of Services.  Ethixbase360 makes no warranty or representation about and disclaims liability for, the accuracy, completeness or currency of Ethixbase360 Data and its merchantability or fitness for a particular purpose.

11.5 Reports containing environmental, social and governance resilience assessments are based on sentiment published on Report Subject websites. Ethixbase360 draws subjective inferences from those sentiments to create a risk score.  Ethixbase360 does not seek to assess the truth or accuracy of those published sentiments or the steps taken by Report Subject to implement them in practise.

11.6 Ethixbase360 is not responsible if any person terminates or changes any commercial relationship with a Report Subject as the result of Services. Output of Services are not a recommendation, opinion or approval.

11.7 Certain algorithmic risk modules within the Ethixbase360 Platform including the Modern Slavery Module, Tsort and Perceived and Custom Risk Indicators provide indicative risk ratings only. The accuracy of the risk score generated by these modules depends on external factors outside the control of Ethixbase360, including Data Providers and inputs from third parties made at the request of Customer. Risk scores or rankings provided are subjective and a matter of opinion only.  

11.8 While every care has been taken in developing the automated risk modules within the Platform, automated decision-making poses inherent risks such as potentially inaccurate, biased or otherwise flawed risk scores due to the complexity of the algorithm and reliability of third-party data used. Automated risk scores should be reviewed by Customer to determine their accuracy and suitability for Customer’s risk appetite. 

11.9 Ethixbase360 acts in a commercially prudent manner to carry out Services in accordance with dates quoted for performance of Services.  Such dates are estimates only.

11.10 If Ethixbase360 tells Customer Ethixbase360 Data must be updated or removed to avoid breaching applicable law or third-party rights, Customer will promptly do so.

12. Limitation of liability

12.1 EXCEPT AS EXPRESSLY PROVIDED IN AN AGREEMENT: (A) ALL WARRANTIES, REPRESENTATIONS, CONDITIONS AND ALL OTHER TERMS OF ANY KIND WHATSOEVER IMPLIED BY STATUTE OR COMMON LAW INCLUDING IN RELATION TO NONINFRINGEMENT, MERCHANTABLE QUALITY OR FITNESS FOR PURPOSE, OR IMPLIED FROM COURSE OF PERFORMANCE, COURSE OF DEALING, OR USAGE OF TRADE ARE, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, EXCLUDED FROM EACH AGREEMENT (B) SERVICES AND ETHIXBASE360 DATA ARE PROVIDED TO CUSTOMER ON AN “AS IS/AS AVAILABLE” BASIS. THE UNITED NATIONS CONVENTION ON CONTRACTS FOR THE INTERNATIONAL SALE OF GOODS SHALL NOT APPLY TO AN AGREEMENT (C) NOTHING IN AN AGREEMENT OR THE PROVISION OF SERVICES CREATES ANY DUTY OF CARE TO CUSTOMER ON THE PART OF ETHIXBASE360 OR DATA PROVIDERS.

12.2 NOTHING IN AN AGREEMENT EXCLUDES A PARTY’S LIABILITY FOR: (A) DEATH OR PERSONAL INJURY CAUSED BY A PARTY’S NEGLIGENCE  (B) FRAUD OR FRAUDULENT MISREPRESENTATION (C) GROSS NEGLIGENCE, RECKLESSNESS, OR WILFUL MISCONDUCT (D) NON PAYMENT OF THE PRICE (E) MISUSE OR MISAPPROPRIATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS OR (F) MATTERS FOR WHICH IT WOULD BE UNLAWFUL FOR THE PARTIES TO EXCLUDE LIABILITY.

12.3 SUBJECT TO CLAUSE 12.1 AND CLAUSE 12.2:

12.3.1 A PARTY IS NOT LIABLE WHETHER IN TORT (INCLUDING FOR NEGLIGENCE OR BREACH OF STATUTORY DUTY), CONTRACT, MISREPRESENTATION, RESTITUTION OR OTHERWISE FOR LOSS OF PROFITS, LOSS OF BUSINESS, DEPLETION OF GOODWILL, WASTED EXPENDITURE, LOSS OF REPUTATION OR SIMILAR LOSSES OR LOSS OR CORRUPTION OF DATA OR INFORMATION, OR PURE ECONOMIC LOSS, OR FOR SPECIAL, INDIRECT OR CONSEQUENTIAL LOSS, COSTS, DAMAGES, CHARGES OR EXPENSES HOWEVER ARISING UNDER AN AGREEMENT

12.3.2 ETHIXBASE360’S TOTAL AGGREGATE LIABILITY IN CONTRACT, TORT (INCLUDING NEGLIGENCE OR BREACH OF STATUTORY DUTY), MISREPRESENTATION, RESTITUTION OR OTHERWISE ARISING IN CONNECTION WITH AN AGREEMENT AND SERVICES IS LIMITED TO THE TOTAL PRICE PAID BY CUSTOMER FOR SERVICES GIVING RISE TO THE LIABILITY DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE DATE ON WHICH THE LIABILITY AROSE. 

12.4 ETHIXBASE360 DOES NOT GUARANTEE THAT CUSTOMER’S USE OF SERVICES OR ETHIXBASE360 DATA WILL BE UNINTERRUPTED OR ERROR FREE.  ETHIXBASE360 SHALL HAVE NO LIABILITY FOR BREACH OF AN AGREEMENT CAUSED BY (A) CUSTOMER SYSTEMS OR THE INTERNET, (B) USE OF SERVICES OR ETHIXBASE360 DATA CONTRARY TO ETHIXBASE360’S INSTRUCTIONS, (C) MODIFICATION OR ALTERATION OF SERVICES OR ETHIXBASE360 DATA BY ANY PARTY OTHER THAN ETHIXBASE360 OR (D) USE OF THIRD-PARTY PRODUCTS OR SERVICES IN CONJUNCTION WITH SERVICES OR ETHIXBASE360 DATA.

12.5 A PARTY MAY NOT BRING AN ACTION AGAINST THE OTHER UNDER OR IN CONNECTION WITH AN AGREEMENT MORE THAN 12 MONTHS AFTER THE CLAIMING PARTY BECAME AWARE OF THE CAUSE OF ACTION OR EVENT GIVING RISE TO THE CLAIM.  A PARTY IS ENTITLED TO RECOVER ITS REASONABLE LEGAL COSTS AND EXPENSES AGAINST THE OTHER PARTY IN RELATION TO SUCCESSFUL CLAIMS UNDER AN AGREEMENT.

13. Term and termination

13.1 An Agreement begins on its Start Date.

13.2 Renewal of Subscriptions.  A Subscription will continue for its Initial Term.  After the Initial Term, a Subscription will renew automatically for 12 months on each anniversary of the Start Date (each, a Renewal Term) unless terminated by a party giving the other at least 60 days prior written notice to expire on the day before the first day of the next Renewal Term.  

13.3 Without affecting other rights or remedies available to it, Ethixbase360 may terminate any Agreement with immediate effect by giving written notice to Customer if Customer fails to pay amounts due under an Agreement on the due date and remains in default not less than thirty (30) days after being notified in writing of the default.

13.4  Without affecting other rights or remedies available to it, a party may terminate an Agreement with immediate effect by giving written notice to the other party: (a) if the other party commits a material breach of an Agreement which is irremediable or (if the breach is remediable) fails to remedy that breach within 30 days after being notified in writing to do so (b) if the other party suspends, or threatens to suspend, payment of its debts or cannot pay its debts as they fall due or admits inability to pay its debts or is considered unable to pay its debts (c) if the other party suspends or stops, or threatens to suspend or cease, carrying on a substantial part of its business (d) either (i) the use or provision of Services or Ethixbase360 Data may breach the export control or economic sanctions laws and regulations of any jurisdiction including the United States of America, the United Kingdom, the European Union and its Member States and the United Nations or  (ii) if the other party becomes or any of its Affiliates become specially designated or sanctioned under such laws.

13.5 Ethixbase360 can suspend Customer’s rights in relation to Services if (a) Ethixbase360 has the right to terminate such rights (b) to protect Ethixbase360’s systems or security. Suspension will not affect Ethixbase360’s rights to later terminate an Agreement.

13.6 Termination or expiry of an Agreement shall not result in the termination of any other Agreement except that if Ethixbase360 terminates an Agreement under clause 13.3 or 13.4, it may terminate all Agreements.

13.7 On termination of an Agreement:

13.7.1 Ethixbase360 will repay any prepaid amount of the Price that relates to Services that will not be provided after termination if Customer has validly terminated an Agreement in accordance with clause 13.4

13.7.2 licences granted under an Agreement terminate immediately. Customer shall immediately stop use of Services and Ethixbase360 Data

13.7.3 each party shall return and make no further use of equipment, property, Confidential Information, Documentation and other items (and copies) belonging to the other party

13.7.4 rights, remedies, obligations or liabilities of the parties that have accrued up to termination, including the right to claim damages in respect of breach of an Agreement which existed at or before the date of termination shall not be affected or prejudiced

13.7.5 Provisions of an Agreement which expressly, by implication is intended to or should logically come into or continue in force on or after termination of an Agreement, including clauses 1, 2.7, 3.5, 4, 8, 9, 10, 12, 13.7 and clauses 16 to 19 shall remain in full force and effect.

14. Force Majeure

14.1 A party shall not be liable if delayed in or prevented from performing its obligations due to Force Majeure if it: (a) promptly tells the other party about the Force Majeure event and its expected duration (b) uses reasonable commercial endeavours to minimise the effects of that event.

14.2 If, due to Force Majeure, a party cannot perform a material obligation for thirty (30) days or more, the other party may terminate an Agreement on immediate notice.

15. Publicity

15.1 A party shall not issue announcements regarding an Agreement without the prior written consent of the other party. 

15.2 Ethixbase360 may use Customer’s name and logo on the Website and on its marketing materials to publicise Customer’s use of Services.  Customer must tell Ethixbase360 before publication if there are brand guidelines that Ethixbase360 must follow.

15.3 Provided Customer’s experience of using Services is positive, Customer will give Ethixbase360 a reference and/or case study in connection with Services which Ethixbase360 may use for marketing purposes.

16. General

16.1 Ethixbase360 may not change the Terms during the Initial Term. Ethixbase360 may change the Terms with effect from the start of any Renewal Term by updating the Terms found at https://ethixbase360.com/terms-and-conditions/ or the Managed Services Terms found at the URLs in the Order.  Customer must review the Terms before and this change will be effective from, the start of the next Renewal Term.  Customer’s continued use of Services is acceptance of the change.  Use of Ethixbase360 Data may be subject to additional conditions, restrictions and disclaimers imposed by Data Providers on Ethixbase360 from time to time.  Ethixbase360 will give Customer reasonable notice of such additional requirements before they take effect.

16.2 Ethixbase 360 has the right to assume that  Customer’s and Permitted Affiliates’ employees, directors and officers who instruct Ethixbase360 are authorised to do so. Ethixbase360 may act on oral instructions.

16.3 No failure or delay by a party to exercise rights or remedies provided under an Agreement or by law shall be a waiver of that or other rights or remedies, nor shall it prevent or restrict the further exercise of that or other rights or remedies. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or other rights or remedies.

16.4 If any provision (or part of a provision) of an Agreement is found by a court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, the other provisions shall remain in force.

16.5 If an invalid, unenforceable or illegal provision would be valid, enforceable or legal if some part of it were deleted, the provision shall apply with whatever change is necessary to give effect to the commercial intention of the parties.

16.6 An Agreement and the DPA are the entire agreement between Ethixbase360 and Customer in relation to the subject matter of that Agreement and the DPA and supersede previous agreements, promises, assurances, warranties, representations and understandings between them in relation to that subject matter, whether written or oral, relating to its subject matter.

16.7 In entering into an Agreement, no party is relying on and shall have no remedies regarding, statements, representations, assurances or warranties (whether made innocently or negligently) that are not set out in an Agreement.

16.8 Neither party shall, without the prior written consent of the other, assign its rights or obligations under an Agreement other than in connection with any merger, consolidation, sale of all or substantially all of such assigning party’s assets, or other similar transactions, provided, that the assignee: (a) is not a competitor of the non-assigning party (b) can fully perform the obligations under the Agreement and (c) agrees to be bound by the Agreement.  The assigning party will give prior, written notice of such permitted assignment to the other party.  

16.9 Ethixbase360 contracts with Customer on its own behalf and as trustee for Data Providers.  Data Providers may enforce rights relating to Ethixbase360 Data against Customer directly.  Other than as stated, an Agreement does not confer rights on any person or party (other than the parties to an Agreement and, where applicable, their successors and permitted assigns) under the Contracts (Rights of Third Parties) Act 1999.

17. Notices

17.1 Notices required to be given under an Agreement must be in writing and delivered by hand, courier or email.  Notices delivered by hand or courier shall be marked for the attention of the CEO of the recipient and sent (in the case of Ethixbase360) to the address specified in clause 18 and (in the case of Customer) to an address specified in the Order. Notices sent by email shall be sent (in the case of Ethixbase360) to [email protected] and (in the case of Customer) to an email address specified in the Order.  Notices delivered by hand or courier shall be considered delivered when left at the correct address.  Notices sent by email shall be considered delivered when sent if no notice of non-delivery is received.

17.2 A party may update its address or email address by giving notice to the other party in accordance with this clause.

18. Contracting Entity

18.1 In the table below, “Customer Location” refers to where Customer is located (as determined by Customer’s business address on the Order, if specified) and determines which table row applies to Customer.

Contracting Entity Table

Customer Location

Contracting Entity

Overdue Payments

Governing Law, Venue & Jurisdiction

Americas

TRACE, Inc. d.b.a. Ethixbase360 – US Corporation, registered in Maryland, FEIN 41-2260954, Corporate Address – 151 West Street, Suite 303, Annapolis, Maryland 21401

3% per year above the Federal Reserve Board interest rate

State of Maryland, USA

APAC

Ethixbase 360 Pte. Limited incorporated and registered in Singapore with company number 201131414M whose registered office is at 600 North Bridge Road, #23-01 Parkview Square, Singapore 188778

3% per year above the Monetary Authority of Singapore Base rate

Singapore

Rest Of World

Ethixbase UK Limited incorporated and registered in England & Wales with company number 10651805 whose registered office is at 27 Old Gloucester Street, London, United Kingdom, WC1N 3AX

3% per year above Bank of England Base rate

England & Wales

18.2 An Agreement and disputes or claims relating to an Agreement (including non-contractual disputes or claims) is governed by and construed under the law of the jurisdiction specified in the Contracting Entity Table.  The courts of that jurisdiction shall have non-exclusive jurisdiction to settle such disputes or claims.

19. English Language

If an Agreement is translated into a language other than English, the English-language version of an Agreement shall take precedence in the event of conflicts in interpretation or translation.

———————

Ethixbase360 Terms and Conditions for the Supply of Services – Part 2

The Terms in this Part 2 apply to the provision of Collaborative Reports in addition to the Terms set out in Part 1.  In the case of conflict between Part 1 and Part 2 of the Terms, Part 2 prevails in relation to Collaborative Reports.

Data Protection Relationships

Collaborative Reports rely on information provided to Ethixbase360 by the Collaborative Report Subject.  Collaborative Report Subject is the Controller of Collaborative Report Data. Ethixbase360 includes Collaborative Report Data in a Report on the written instructions of the Collaborative Report Subject.

A Collaborative Report may be paid for by the Collaborative Report Subject or another Customer. Customer paying for a Collaborative Report is the Controller of that Report.

If Customer allows the release of a Collaborative Report to a third party (including to a Collaborative Report Subject) that third party is an independent Controller of the copy of the Collaborative Report released to it.

Ethixbase360 acts as Processor to Customer or Collaborative Report Subject.

1. Interpretation. The additional definitions in this paragraph apply to the provision of Collaborative Reports. If a definition in this part 2 duplicates a definition in Part 1, the definition in this Part 2 will instead apply in Part 1 in relation to Collaborative Reports.

Authorised Recipient: a party to whom Collaborative Report Subject allows the release of Collaborative Report Data within a Collaborative Report.

Certification Date: the date a Certification Report is issued in final form by Ethixbase360.

Certification Report: a Collaborative Report purchased on a Subscription basis.

Collaborative Report: a Report that includes Collaborative Report Data.

Collaborative Report Data: information and data (including Personal Data) provided to Ethixbase360 by a Collaborative Report Subject to be included in a Collaborative Report.

Collaborative Report Subject: the legal entity or individual that is the primary subject of a Collaborative Report 

Customer: (a) the party ordering a Collaborative Report identified in an Order and (b) Collaborative Report Subject (whether or not paying for the Report). 

Owner Data: (a) the information and data identified in paragraph 2.1, other Owner Confidential Information including Owner Personal Data processed through the Ethixbase360 Platform.

Released Report: a copy of a Collaborative Report released to an Authorised Recipient.

Renewal Term: has the meaning specified in paragraph 6.1.

Year: each successive 12-month period of the Term starting on the Certification Date.

2. Owner Data

2.1The Owner is identified in the table below.  Ethixbase360’s responsibilities for Owner Data are owed only to the Owner. 

Owner Data

Owner/Controller

Collaborative Report Data

Collaborative Report Subject

Collaborative Report (including  Collaborative Report Data included)

Customer paying for Report

Released Report (including  Collaborative Report Data included)

Authorised Recipient

3. Customer’s obligations

3.1 Collaborative Report Subject warrants and undertakes to Ethixbase360 that all information it provides to Ethixbase360 in connection with the Collaborative Report is and will be true and accurate and not misleading.

4. Confidentiality

4.1 Certification Report Subject may disclose its Certification Report without restriction.

4.2 Ethixbase360 will disclose Collaborative Report Data in a Report to an Authorised Recipient if instructed to do so in writing by Collaborative Report Subject.  If Ethixbase360 cannot complete a Collaborative Report as the result of Collaborative Report Subject’s failure to provide  necessary information or cooperation or due to the identification of unacceptable risks, the instruction will apply to the latest draft of the Collaborative Report at the date of this confirmation.  Ethixbase360 is authorised to tell the Authorised Recipient about the reasons for non-completion. 

4.3 Ethixbase360 has no control over the use by Authorised Recipient of a Collaborative Report or  Collaborative Report Data within it.  Authorised Recipient is an independent Controller of the Released Report and  Personal Data within it.  

4.4 Collaborative Report Subject shall indemnify Ethixbase360 against  liabilities, losses, damages, costs and expenses suffered or reasonably incurred by Ethixbase360 in connection with the authorised release by Ethixbase360 of Collaborative Report Data or Collaborative Report Subject profile in accordance with an Agreement. 

4.5 Ethixbase360 may keep a public register of Certification Report Subjects.  Published information is limited to Certification Report Subject name, Ethixbase360 ID number, whether the Certification Report Subject has identified as woman-owned or minority-owned and Certification Report Subject industry, service, headquarters country, and web address.

5. Basis of Provision of Collaborative Reports

5.1 Collaborative Reports depend on the accuracy of Collaborative Report Data.  When possible, Ethixbase360 takes reasonable steps to verify this accuracy.   In most cases such information is not capable of independent verification and Ethixbase360 must rely on the information from the Collaborative Report Subject.  Ethixbase360 cannot give assurance that this information is comprehensive, correct or current.

5.2 Ethixbase360 does not have to complete a Collaborative Report if, in its reasonable discretion, Collaborative Report Subject has not co-operated to the extent necessary, has not provided complete and accurate information or presents an unacceptable risk.

5.3 Ethixbase360 may decide (a) not to begin or not to complete a Collaborative Report or (b) to revoke a Certification Report or to not issue an Ethixbase360 ID number.

5.4 Ethixbase360 may provide functionality within the Ethixbase360 Platform for Certification Report subject to grant access to its profile information and or Certification Report to third parties.  Certification Report subject is responsible for the accuracy of this information and for granting this access.

6. Renewal

6.1 Renewal of Certification Report Subscriptions.  A Certification Report Subscription begins on the Certification Date and renews automatically for an additional Year on each anniversary of the Certification Date (each, a Renewal Term) provided that:

6.1.1  information required by Ethixbase360 to update the Certification Report has been provided by the Certification Report Subject and

6.1.2 the Price has been paid by Customer, by the anniversary of the Certification Date.  Ethixbase360 shall determine whether a Certification Report Subscription has automatically renewed.

———————

Ethixbase360 Terms and Conditions for the Supply of Services – Part 3

The Terms in this Part 2 apply to the provision of Research Subscriptions in addition to the Terms set out in Part 1.  In the case of conflict between Part 1 and Part 3 of the Terms, Part 3 prevails in relation to Research Subscriptions.

1. Interpretation. The additional definitions and rules of interpretation in this paragraph apply to the provision of a Research Subscription. If a definition in this part 3 duplicates a definition in Part 1, the definition in this Part 3 will instead apply in Part 1 in relation to Collaborative Reports.

Platform Allocation:  any amount of the Price for a Research Subscription allocated to the Ethixbase360 Platform as set out in the Order.

Research Discount: any discount for a Year specified in a Research Subscription Order.

Research Subscription Price: the Price paid for a Research Subscription for a Year as set out in the Order excluding any Platform Allocation, Research Discount or value added or other sales tax.

Research Subscription:  EDD Reports or Collaborative Reports provided on a Subscription basis.

2. Using a Research Subscription

2.1 Each Year, Customer may use the aggregate of the Research Subscription Price and the Research Discount for that Year as credit against the cost of EDD or Collaborative Reports purchased at Ethixbase360’s then prevailing rate card price.  The amount of up to 25% of the Research Subscription Price paid for a Year and unused in that Year may be used as credit against the cost of EDD or Collaborative Reports purchased during the first three (3) months of the next Year. Otherwise, no amount of the Research Subscription Price or Research Discount is refundable or capable of being applied to a subsequent Year. 

2.2 The Platform Allocation will be allocated to a subscription to the Ethixbase360 Platform for the Term. Termination of a Research Subscription will not prevent the associated Subscription to the Ethixbase360 Platform from entering into a Renewal Period unless specifically stated in the termination notice. 

2.3 Customer will not receive the benefit of the Research Discount for a Year if the full Research Subscription Price for that Year is not paid in full on the due date.