Terms and Conditions

In consideration of the mutual covenants and promises contained in these term and conditions (“Terms”), the parties specified in the applicable Sales Order (“Parties” and each a “Party”) agree as follows:



      1. “Brand Features” means the trade names, trademarks, logos and other distinctive brand features of the applicable Party.
      2. “Customer” means you, the customer of Trustmatic, as defined in the Sales Order.
      3. “Customer Data” means information supplied by a User or the Customer in connection with these Terms (including Personal Data, and metadata).
      4. “Confidential Information” means information disclosed by (or on behalf of) one Party to the other Party in connection with or in anticipation of these Terms, any Customer Data and information that is marked as confidential or, from its nature, content or the circumstances in which it is disclosed, might reasonably be supposed to be confidential. It does not include information that the recipient already knew, that becomes public through no fault of the recipient, that was independently developed by the recipient or that was lawfully given to the recipient by a third party.
      5. “Content” means any information, text, graphics, or other materials uploaded, downloaded or appearing as part of the Services.
      6. “Denial of Service (“DoS”)” means an attack on computer systems, networks, devices, services or other IT resource causing disruption to the targeted resource and preventing legitimate users from partial or full access to that resource.
      7. “Effective Date” has the meaning ascribed to it in the Sales Order.
      8. “Export Control and Sanctions Laws” means any applicable export control, trade or financial sanctions laws, regulations, orders, directives, licenses and requirements of any governmental or other relevant authority with jurisdiction over activities undertaken in connection with these Terms (each such authority being a “Sanctions Authority”).
      9. “Feedback” means any feedback or suggestions provided by the Customer under these Terms in relation to the Services.
      10. “Fees” means the fees for the Services set out in Section 5 of this agreement.
      11. “Go Live Date” means the date the Service is made available to the Customer in a production environment.
      12. “Intellectual Property Rights” means all patents, rights to inventions, utility models, copyright and related rights, trademarks, service marks, trade, business and domain names, rights in trade dress or get-up, rights in goodwill or to sue for passing off, unfair competition rights, rights in designs, rights in computer software, database rights, topography rights, moral rights, rights in Confidential Information (including Know-How and trade secrets) and any other intellectual property rights, in each case whether registered or unregistered and including all applications for and renewals or extensions of such rights, and all similar or equivalent rights or forms of protection in any part of the world.
      13. “Know-How” means unpatented technical information (including information relating to inventions, discoveries, concepts, methodologies, models, research, development, and testing procedures; the results of experiments, tests, and trials; processes, techniques, and specifications; quality control data, analyses, reports, and submissions) that is not in the public domain.
      14. “Permitted Purpose” means legitimate, professional, informational, internal business operations purposes, applied in accordance with such laws applicable to the Customer or User jurisdiction, and not in any event for the reselling or otherwise making the Services available to any third parties.
      15. Personal Data” means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to or with an identified or identifiable User.
      16. “Privacy Laws” means any applicable rules, laws, regulations, directives and governmental requirements currently in effect and as they become effective relating to privacy or data protection within the territory the European Union, especially the General Data Protection Regulation of the EU, Regulation (EU) 2016/679 of the European Parliament and of the Council.
      17. Sales Order” means, irrespective of its title, a document that (a) specifically refers to these Terms; and (b) is signed by both Parties. In the event of a conflict between the provisions of these Terms and the provisions of a Sales Order, the provisions of the applicable Sales Order will control.
      18. “Sandbox Environment” means a test environment for Customers to simulate API requests and to test their integration with the Software.
      19. “Services” means the services and/or products set out in the respective Sales Order.
      20. “Software” means any software provided by Trustmatic, including the software development kit (or “SDK”)  and any Maintenance Release which is being made available to the Customer as part of the Services.
      21. “Taxes” or “Tax” means all applicable sales or consumption taxes on the Services (or goods) provided hereunder (including sales tax, use tax, excise tax, services tax, TVA, VAT, GST, PST and HST) imposed by any governmental authority having jurisdiction on all items, goods and/or Services being paid for by the Customer hereunder.
      22. “User” means the Data Subject who is the target of the Services ordered by the Customer.
      23. “VAT” means value added tax chargeable under Slovak law for the time being and any similar additional tax.



These Terms will commence on the Effective Date and will continue for a period of 12 months from the Go Live Date as set forth in the Sales Order (the “Initial Term”), unless agreed otherwise in the Sales Order. Subject to the terms set out in the Sales Order, after the Initial Term, these Terms will automatically renew for successive twelve (12) month periods (each, a “Renewal Term”), unless a written termination notice is provided by either Party at least thirty (30) days prior to the expiration of the then-current term (such Notice to be effective at the end of the Initial Term or the then current Renewal Term). The Initial Term and the Renewal Terms (if any) are collectively referred to as the “Term”.




3.1. Trustmatic may increase the agreed Fees set out in Section 5 provided that Trustmatic will use reasonable endeavours to notify the Customer in advance on such intended increase, in any case providing the Customer with at least 30 days prior written notice. In the event that the Customer does not wish to incur the cost increase that may arise under this provision, it will be permitted to terminate the Sales Order in accordance with its terms.




4.1. Trustmatic will, during the Term, provide the Services with reasonable skill and care and in accordance with the SLA.

4.2. The Parties will provide each other with: (a) all necessary cooperation in relation to these Terms; and (b) access to such information as may be required in order to render and receive the Services, as set out in this agreement.

4.3. Unless agreed otherwise in writing, the Customer: (a) may download, view, copy and print Content and use the Services for the Permitted Purpose only; (b) agrees that the results provided to the Customer, Services, the Trustmatic website (together with any affiliated website sites from which the Services are provided, the “Site”) and Content may not be sold, transferred, sublicensed, commercially exploited or otherwise made available to, or used for the benefit of, any third party other than the Customer; (c) will not make the Services available or otherwise use the Services in any jurisdiction such that Trustmatic’s provision of the Services would require Trustmatic to physically store data (of any kind) in that jurisdiction, without first obtaining Trustmatic’s prior written consent; (d) will not make the Services available or otherwise use the Services in any jurisdiction where the Services are not permitted by applicable law; and (e) agrees to provide Users with human intervention in respect of any disputed results or with alternative methods to dispute results and any other information resulting from the use of the Services.

4.4. The Customer will comply with all applicable laws and regulations (including any obligation to seek prior regulatory review, approval, or similar) with respect to its use of the Services and will not: (a) use the Services to discriminate against the User or in a manner that causes damage or injury to any person or property; (b) use the Services in a manner that could be reasonably expected to bring Trustmatic into disrepute or otherwise harm its reputation; (c) act or omit to act in a way which interferes with or compromises the integrity or security of the Services; (d) access all or any part of the Services in order to build a product or service which competes with the Services; (e) attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Services (as applicable) in any form or media or by any means to any individual or entity, including without limitation, Users; or (f) attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Services; or (g) attempt to access the Services other than through the means made available to the Customer by Trustmatic. Any breach of this clause will be deemed to be a material breach.

4.5. Trustmatic will only process the Personal Data to the extent, and in such a manner, as is necessary to provide the Services and to (a) detect and prevent fraud, (b) develop and improve Trustmatic’s services including machine-learning technologies; (c) pseudonymise, aggregate and, where feasible, anonymise the Personal Data to compile statistics, benchmarking and analytics regarding the Services; (d) as necessary to comply with applicable law or regulation; and/or (e) exercise legal rights or defend legal claims.

4.6. The Customer will only provide Personal Data to Trustmatic that is complete and in a form that Trustmatic can Process, and Customer agrees that if any Personal Data is not provided as such, any resulting impact on the quality of the Services shall not cause Trustmatic to be in breach of these Terms or any SLA.

4.7. The Customer is responsible for maintaining the confidentiality of any password(s) or other security measures used to access the Services, and is fully responsible for all activities that occur under such password(s) or other security measures. The Customer will notify Trustmatic immediately of any suspected or confirmed unauthorised access to or use of the Services. If Trustmatic reasonably believes that there has been unauthorised access to or use of the Services, or is notified of such by the Customer pursuant to this clause, Trustmatic reserves the right to immediately withdraw or suspend access to the Services and to alter the Customer’s password(s), provided that Trustmatic restores access to the Services and/or provides new Customer password(s) (as applicable) as soon as reasonably possible.

4.8. The Customer acknowledges and agrees that the veracity of any information transmitted through the Site.

4.9. and in relation to the Services is the sole responsibility of the originator from which the content originated (for example, data suppliers) and Trustmatic will not be liable for omissions in content or errors or false statements, including in respect of data provided by third parties. The Services are not intended to be used as the sole basis for any business decision (including where those business decisions concern a User). The Customer agrees and acknowledges that Trustmatic does not monitor or police information submitted by or on behalf of the Customer through its Services and has no liability for any inaccuracy, incompleteness or other error in the Services (including the Site, the results of the Services and the Content) which arises as a result of data provided by the Customer or any third party.

4.10. The Customer will be liable for any damage, but excluding any loss of profit, caused to Trustmatic arising out of or relating to the Customer’s use of the Services (collectively, “Claims”), provided and to the extent that such Claims are not due to any breach of these Terms or any other obligations or negligence by Trustmatic.




5.1. In consideration of the provision of the Services, the Customer will pay the Fees set out in the Sales Order, in accordance with these Terms.

5.2. All Fees quoted to the Customer will be exclusive of Taxes which (where applicable) will be added to the invoices at the appropriate rate. Unless stated otherwise in the Sales Order, all payments due to Trustmatic will be in Euro and shall be invoiced on monthly basis.




6.1. Without prejudice to clause 6.2, Trustmatic and its licensors own all Intellectual Property Rights and all other rights in the Services Feedback, Onboarding Packages (if applicable) and/ or Beta Features and all improvements, modifications and derivative works thereof. Trustmatic licenses all such rights to the Customer free of charge during the Term on a non-exclusive, non-transferable, royalty-free worldwide basis to such extent as is necessary to enable the Customer to make use of the Services in accordance with these Terms. The Customer will leave in place (and not alter or obscure) all proprietary notices and licenses contained in the Services. All rights in and to Intellectual Property Rights owned or controlled by Trustmatic not expressly granted herein are reserved.

6.2. As between Trustmatic and the Customer, all Intellectual Property Rights in and to Customer Data will be owned by the Customer. Trustmatic is only entitled to use Customer Data expressly for the purposes set out in these Terms or with the Customer’s prior written consent.  

6.3. Any new Intellectual Property Rights which are created as a result of, or in connection with, these Terms(“New IPR”), shall be owned by Trustmatic. To the extent not owned solely by Trustmatic, Customer hereby assigns, including by present assignment of future rights, all right, title and interest in and to all Intellectual Property Rights in the New IPR to Trustmatic and agrees to execute such deeds or documents and do such act and things as both Parties may deem reasonable to give effect to that assignment.

6.4. Unless Trustmatic receives written notice otherwise, the Customer will allow Trustmatic to reference and/or include the Customer in any advertising or promotional material, including:

  • 6.4.1. using the Customer’s Brand Features in advertising or promotional materials, including on the Site, social media sites, external marketing powerpoints and presentations, and sales materials at conferences; and
  • 6.4.2. naming the Customer in a press release, such press release to be jointly worked on with the Customer within 90 days of the Effective Date and to be subject to Customer’s final approval.

Upon Customer’s written request, Trustmatic shall cease to use Customer’s Brand Features in accordance with the above purpose, by no later than 30 days since the notice was sent to Trustmatic by the Customer.




Without prejudice to any other rights or remedies which the Parties may have, either Party may suspend, terminate or partially terminate these Terms without liability to the other Party immediately on giving Notice to the other Party if: (a) the other Party fails to pay any amount due under these Terms on the due date for payment and remains in default not less than 30 days after being notified in writing to make such payment; or (b) (i) the other Party is in material breach of these Terms where the breach is incapable of remedy; or (ii) the other Party is in material breach of these Terms where the breach is capable of remedy and fails to remedy that breach within fourteen (14) days after receiving written Notice of such breach; or (c), a Party is declared bankrupt or insolvent or liquidated or is dissolved or otherwise ceases to carry on any Services; (d) the circumstances in Clause 3 apply; (e) required pursuant to a change in applicable law or regulations or upon the request of applicable regulatory bodies. If the Customer terminates these Terms because Trustmatic commits a material breach, Trustmatic will refund any unconsumed prepaid Fees calculated pro rata . If Trustmatic terminates these Terms because the Customer commits a material breach, Trustmatic will be entitled to the Fees until the end of the relevant payment period. Payment obligations will continue in full during any period of suspension by Trustmatic for material breach. On termination of these Terms, the accrued rights and liabilities of the Parties as at termination and the continuation of any provision expressly stated to survive or implicitly surviving termination, will not be affected.









8.6. In the event that the Customer elects to access Trustmatic’s services through a third party interface, integration or similar (“Third Party Integration”), such Third Party Integration will be outside the scope of these Terms, and shall remain the sole responsibility of the Customer. The Customer will contract directly with such third party, and Trustmatic will (i) have no liability in respect of such third party, or Third Party Integration; and (ii) not be in breach of these Term sto the extent such breach is caused by the Third Party Integration.



9.1. The recipient of any Confidential Information will not disclose that Confidential Information, except to (i) employees, affiliates and/or professional advisors who need to know it and who have agreed in writing (or in the case of professional advisors are otherwise bound) to keep such information confidential, except they are bound by a duty of confidentiality arising from the applicable law and (ii) third party service providers where and only to the extent required to fulfill the purpose of the Terms. The recipient will ensure that those people and entities: (a) use such Confidential Information only to exercise rights and fulfill obligations under these Terms; and (b) keep such Confidential Information confidential. The recipient may also disclose Confidential Information when required by law after giving reasonable Notice to the discloser, such Notice to be sufficient to give the discloser the opportunity to seek confidential treatment, a protective order or similar remedies or relief prior to disclosure.

9.2. The recipient may also disclose Confidential Information (i) when required by law or (ii) where reasonably required in connection with a defence of a legal claim (including any pre-action protocols (for example in response to a letter before claim) and/or settlement discussions). Before the recipient discloses any Confidential Information pursuant to this clause 9.2 it shall, to the extent permitted by applicable law, give reasonable Notice to the discloser, such Notice to be sufficient to give the discloser the opportunity to seek confidential treatment, a protective order or similar remedies or relief prior to disclosure.



10.1. PERSONAL DATA. The Customer will provide or make available to Trustmatic or assist Trustmatic with the collection of information and Personal Data as specified under the applicable Privacy Laws relating to Users. Customer consents to Trustmatic’s collection, storage, use, disclosure, international transfer subject to the Trustmatic’s compliance with the applicable Privacy Laws, and destruction of Personal Data (collectively, “Process” “Processing”) to provide the Services and otherwise in accordance with these Terms. THE CUSTOMER REPRESENTS AND WARRANTS THAT IT HAS OBTAINED ALL NECESSARY CONSENTS AND PROVIDED ALL NECESSARY NOTICES REQUIRED BY THE PRIVACY LAWS TO ENSURE THAT TRUSTMATIC MAY LAWFULLY PROCESS THE PERSONAL DATA FOR THE PURPOSE OF PROVIDING THE SERVICES AND THE PERFORMANCE OF THESE TERMS IN ACCORDANCE WITH PRIVACY LAWS (INCLUDING BY HAVING OBTAINED ALL NECESSARY CONSENTS AND PROVIDED ALL NECESSARY NOTICES, WHERE REQUIRED). The purpose of the Personal Data processing by Trustmatic is the provision of Services by Trustmatic to the Customer in accordance with these Terms.

10.2. Trustmatic will:

  • 10.2.1. Process Personal Data only in accordance with these Terms, the applicable Privacy Laws and the Customer’s written instructions, including via email and the Trustmatic dashboard;
  • 10.2.2. inform the Customer if, in its opinion, an instruction from the Customer infringes any Privacy Laws;
  • 10.2.3. unless required by applicable law, not disclose or otherwise make available any Personal Data to any third party without first (i) imposing contractual obligations on the third party recipient that are substantially similar to those imposed on Trustmatic under these Terms related to the Processing of Personal Data; and (ii) including the third party in Trustmatic’s record of Processing before sharing any Personal Data with that third party service provider. Trustmatic shall make the record of Processing available to Customer, and if Customer objects to any third party service provider, Customer may terminate these Terms in accordance with the clause 7 of these Terms. Trustmatic agrees to remain liable to the Customer for the aforementioned third party service provider’s Processing of Personal Data;
  • 10.2.4. cooperate and assist the Customer in responding to any User’s request to exercise their rights of access, rectification, erasure, restriction of Processing, data portability, objection to Processing, or any other rights available to the User under Privacy Laws (collectively “Data Subject Rights”), and Customer agrees that Trustmatic may disclose Customer’s name and contact information to any User seeking to exercise their Data Subject Rights so User may directly exercise their Data Subject Rights with the Customer;
  • 10.2.5. enable the Customer to amend, correct, or delete (unless storage of any Personal Data is required for the purposes specified in Clause 4.5) Personal Data within the Services;
  • 10.2.6. where requested by the Customer and required under Privacy Laws, provide such assistance as the Customer reasonably requires (taking into account the nature of the Processing and the information available to Trustmatic) for the Customer to (i) conduct data protection impact assessments; and (ii) consult with data protection supervisory authorities;
  • 10.2.7. take measures designed to ensure the reliability of all personnel who Process Personal Data by (i) performing background checks upon such personnel (where permissible under applicable law); (ii) assigning specific and necessity-based access privileges to such personnel; (iii) ensuring that such personnel have undergone training in data protection and privacy; and (iv) ensuring that such personnel are bound by obligations of confidentiality;
  • 10.2.8. provide other reasonably necessary assistance for the Customer to meet its compliance obligations under Privacy Laws with respect to the Service
  • 10.2.9. not store any Personal Data outside of any country or territory of the European Economic Area without prior written consent.


  • 10.3.1. Taking into account the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Trustmatic will establish, maintain and comply with administrative, physical, technical and organisational safeguards designed to ensure the security and confidentiality of Personal Data and to prevent the unauthorised disclosure of, or access to, Personal Data.
  • 10.3.2. Trustmatic’s Information Security Policy will: (i) implement back-up and disaster recovery systems; (ii) continuously assess risks to the security of Personal Data by (1) assessing the likelihood and potential damage of such risks, taking into account the sensitivity and risk of the Personal Data, (2) identifying internal and external threats that could result in a Security Breach, and (3) conducting penetration testing; and (iii) take appropriate steps to protect against such risks.

10.4. AUDITS

  • 10.4.1. Upon sixty (60) days written Notice, once per contract year Trustmatic will make available to the Customer such access to its books and records as is reasonably necessary for audit purposes to demonstrate Trustmatic’s compliance with its obligations under Privacy Laws. Any audit requests in excess of those set out in this Clause 10.4.1 will be at Trustmatic’s discretion, and at the Customer’s sole cost (with the exception of in the event that the audit reveals a breach of Privacy Laws). All audits are subject to confidentiality obligations.
  • 10.4.2. Trustmatic shall promptly resolve all data protection and security issues discovered by the Customer and reported to Trustmatic that reveal a breach or potential breach by Trustmatic of any of its obligations under these Terms or Privacy Laws.

10.5. SECURITY BREACH. In the event Trustmatic confirms any breach of security involving its facilities, networks or systems and any unauthorised disclosure of, or access to, Personal Data (each, a “Security Breach”), Trustmatic will (i) without undue delay notify the Customer of the Security Breach; and (ii) provide all reasonable help for the Customer to investigate and remedy the Security Breach.


  • 10.6.1. Subject to 10.6.2, on the earlier of (i) written instructions from Customer, which shall include changes to Customer’s configuration within the Services, (ii) retention periods set by legislation or regulatory bodies, (iii) Trustmatic’s maximum data retention period, or (iv) a reasonable period of time after the termination or expiration of the Terms, Trustmatic will cease processing and delete Personal Data processed for the provision of the Services (unless storage of any Personal Data is required for purposes specified in Clause 4.5).
  • 10.6. 2. All other Personal Data processed by Trustmatic (including Personal Data processed for backup and logging purposes) or on behalf of Trustmatic (including Personal Data processed by third parties) is deleted in accordance with Trustmatic’s record of Processing.

10.7. INDEMNITY. Trustmatic will indemnify, defend, and hold harmless the Customer and its respective officers, shareholders, directors, and personnel, (and keep such individuals indemnified on a full indemnity basis), from and against any claims, suits, hearings, actions, damages, liabilities, fines, penalties, costs, losses, judgments or expenses (including reasonable attorneys’ fees) arising out of Trustmatic’s breach of Clause 10.5.

10.8. The additional data protection provisions set out in the Schedule 1 data processing addendum (“DPA”) shall be deemed to form an integral part of these Terms. In the event of a conflict between any of the provisions of these Terms and the DPA, the provisions of this DPA shall prevail.



11.1. If any provision of these Terms(or part of any provision) is found by any court or other authority of competent jurisdiction to be invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed not to form part of the Terms and (a) the Parties will immediately commence good faith negotiations to remedy such invalidity; and (b) the validity and enforceability of the other provisions of the Terms as applicable will not be affected.

11.2. These Terms, the Sales Order and any schedules or annexes referenced herein, constitute the whole agreement between the Parties and supersedes any previous arrangement, understanding or agreement between them relating to the subject matter of these Terms. Each Party acknowledges that in entering into these Terms it has not relied upon any oral or written statements, collateral or other warranties, assurances, representations or undertakings which were made by or on behalf of the other Party in relation to the subject-matter of these Terms at any time before its signature other than those which are set out in these Terms. Furthermore and for the avoidance of doubt, Customer understands its business needs and has determined independently that the Services will meet its needs.

11.3. Except as expressly stated otherwise, nothing in these Terms will create an agency, partnership or joint venture of any kind between the Parties. Neither Party will have authority to act in the name of or on behalf of the other, or to enter into any commitment or make any representation or warranty or otherwise bind the other in any way.

11.4. Neither Party may assign any of its rights or obligations under these Terms without the prior written consent of the other, such consent shall not be unreasonably withheld. Notwithstanding the foregoing, either Party may assign these Terms in connection with a merger, change of control, sale of substantially all assets or other similar transaction.

11.5. The Customer acknowledges and agrees that the supply of the results and Services by Trustmatic and their use by the Customer is governed by laws and regulatory requirements and that these laws and regulatory requirements may be altered from time to time. The Customer agrees that Trustmatic may: (a) modify; or (b) cease to provide the Services (including the results of the Services rendered, the Content and the Site) to the Customer if necessary to comply with the legal or regulatory requirements, and that such modifications or a cessation will not be deemed to be a breach of these Terms.

11.6. All notices shall be in English, in writing, and sent by email to the address for Legal notices as set out in these Terms, the Sales Order or such other address as either Party has notified the other in accordance with this clause (a “Notice”).

11.7. The Parties will: (i) comply with all applicable Anti-Corruption Laws; (ii) promptly report to the other Party any request or demand for any undue financial or other advantage of any kind received by it in connection with the performance of these Terms; (iii) cooperate regarding investigations by the other Party into any matters related to bribery and corruption in connection with these Terms.

11.8. Except in respect of any transfer of staff pursuant to applicable law, neither Party shall (except with the prior written consent of the other Party) directly or indirectly solicit or entice away (or attempt to solicit or entice away) from the employment of the other Party any person employed or engaged by such other Party in the provision of the Services or (in the case of the Customer) in the receipt of the Services at any time during the Term or for a further period of 3 months after the termination of these Terms other than by means of a national advertising campaign open to all comers and not specifically targeted at any of the staff of the other Party.

11.9. The Customer shall: (i) comply with Export Control and Sanctions Laws; (ii) not engage in any conduct or permit the use of, or access to, the Services in such a way which would constitute an offence under Export Control and Sanctions Laws; (iii) not do, or omit to do, any act that would cause Trustmatic to be in breach of Export Control and Sanctions Laws; and (iv) have and enforce its own procedures and controls to ensure compliance with Export Control and Sanctions Laws. The Customer represents and warrants that it and each company within the same group as the Customer is not: (i) a Sanctioned Person; (ii) owned (50% or more, including in the aggregate) or controlled by, or acting on behalf of, a Sanctioned Person; or (iii) located, carrying on business or resident in a Restricted Territory. The Customer will immediately notify Trustmatic if, during the Term: (i) it has breached the terms of this clause 11.9; or (ii) any of the representations or warranties set out in this clause 11.9 are no longer true. Any breach of this clause by the Customer will be deemed to be a material breach of these Terms. Trustmatic reserves the right to implement geo-blocking or such other measures as it deems necessary to ensure that the Services are not provided to Users who are subject to Export Control and Sanctions Laws.

11.10. Any and all claims for loss arising under these Terms will be subject to a general obligation of the Parties to use all reasonable efforts to mitigate such losses.

11.11. The Terms shall be governed by, and construed in accordance with, Slovak law, and each Party hereby submits to the exclusive jurisdiction of the Slovak courts.






1. Background


1.1. This data processing addendum (the “DPA”) forms an integral part of the Terms and shall be deemed in force as of the Effective Date.

1.2. In the event of a conflict between any of the provisions of this DPA and the provisions of the Terms or the Sales Order, the provisions of this DPA shall prevail.

1.3. For the purposes of this DPA, the Parties acknowledge that the Customer shall be the Controller and Trustmatic shall be the Processor. To the extent Trustmatic processes Customer Personal Data on behalf of the Customer as a processor as a result of hosting the Customer Data or otherwise as a result of the Customer’s use of Trustmatic, it shall do so in accordance with this DPA.

2. Definitions


2.1. Unless otherwise defined herein, each capitalised term in this DPA shall have the meaning set out in the Terms:

  • 2.1.1. Customer Personal Data” means any personal data contained in the Customer Data, including: the names and contact details of the Users; details of Users’ identification documents, including document type, number, date of issue and date of expiry; photographs, videos and audio recordings of Users captured by the Trustmatic; biometric data relating to Users; the results of the identity verification process conducted through the Trustmatic; duration of the User’s use of the Trustmatic; the names, contact details and the content of any communications with the Customer’s employees, agents and contractors; and any other personal data that Trustmatic Processes on behalf of the Customer during the Term in connection with the Customer’s use of and access to the Trustmatic;
  • 2.1.2.Data Protection Laws” means the EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council (“GDPR”), any national implementing or supplementary legislation and any other applicable legislation protecting the fundamental rights and freedoms of persons and their right to privacy with regard to the Processing of Customer Personal Data;
  • 2.1.3.European Economic Area” or “EEA” means the Member States of the European Union together with Iceland, Norway, and Liechtenstein;
  • 2.1.4. Onward Transfer” means transfer of Data Subject’s personal data as part of Customer Personal Data to any other controller or (sub)processor outside EEA by the Customer.
  • 2.1.5. Privacy Policy” means a set of Trustmatic’s rules and principles on processing Customer Personal Data, as made available, and changed, by Trustmatic from time to time;
  • 2.1.6.Relevant Transfer” means a transfer out of the EEA of Customer Personal Data pursuant to this DPA;
  • 2.1.7. “Security Incident” means any accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Customer Personal Data;
  • 2.1.8.Subprocessor” means any Processor engaged by Trustmatic who Processes Customer Personal Data on Trustmatic’s behalf for the purpose of the Terms;
  • 2.1.9.Standard Contractual Clauses” means either the standard data protection clauses adopted under the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council as may be amended or replaced from time to time by the European Commission, any applicable data protection authority, or other body with competent authority and jurisdiction, or any subsequent version thereof released by the European Commission.

2.2. The terms “personal data”, “Controller”, “Processor”, “Data Subject”, “Process” and “Supervisory Authority” shall have the same meaning as set out in the GDPR.

3. Data Processing


3.1. Trustmatic will only Process Client Personal Data in accordance with the Agreement, to the extent necessary to provide the Trustmatic TrustHub Service to the Client, and the Client's written instructions, unless Processing is allowed or mandated by European Union, any European Union Member State or any other applicable laws or legislation to which Trustmatic is subject, in which case Trustmatic shall, to the extent permitted by applicable law, inform the Client before Processing that Client Personal Data.

3.2. The Terms (subject to any changes to the Trustmatic ) and this DPA shall be the Customer’s complete and final documented instructions to Trustmatic in relation to the Processing the Customer Personal Data.

3.3. Processing outside the scope of the Terms will require prior written agreement between the Customer and Trustmatic on additional documented instructions for Processing.

3.4. The Customer shall ensure its compliance with Data Protection Laws in relation to the Customer Personal Data disclosed to and exchanged with Trustmatic in accordance with this DPA, including the accuracy and lawfulness of Processing the Customer Personal Data by the Parties in accordance with the DPA, the provision of all applicable notices and information to Data Subjects and references to Trustmatic (including to Trustmatic’s Privacy Policy) as required under applicable Data Protection Laws.

3.5. The Customer will ensure that it has an appropriate legal basis under applicable Data Protection Laws for Processing Personal Data including, but not limited to, by obtaining any consents, if required under applicable Data Protection Laws for the lawful Processing of Customer Personal Data by Trustmatic in accordance with the Terms.

3.6. When Processing of personal data of a child, the Customer shall make reasonable efforts to assure that the holder of parental responsibility over the child has given a consent for the Processing or authorized the Processing in another manner required under Data Protection Laws. The Customer shall inform Trustmatic of unauthorised sessions after which Trustmatic shall delete the related Customer Personal Data Processed by Trustmatic or any Subprocessors. If Trustmatic detects an unauthorised session, it may delete the Customer Personal Data Processed by Trustmatic or any Subprocessors.

3.7. Trustmatic has the right to delete, blur or make unreadable in any other way the personal data or identification documents presented during the verification session that are not necessary for the provision of the Services.


4. Subprocessors


4.1. The Customer agrees that Trustmatic may use Subprocessors to Process Customer Personal Data, provided it enters into a written agreement with the Subprocessor which imposes the same obligations on the Subprocessor with regard to their Processing of Customer Personal Data as are imposed on Trustmatic under this DPA. Upon such demand by the Customer, Trustmatic shall notify to the Customer all Subprocessors used by Trustmatic.

4.2. Trustmatic shall notify the Customer of any changes to the Subprocessors it uses to Process Customer Personal Data (including any addition or replacement of any Subprocessors). If the Customer does not approve of a new Subprocessor, then the Customer may give notice to terminate the Terms at the end of the then-current Subscription Period by providing at least fourteen (14) days written notice to Trustmatic. The Customer will not have the right of recourse in relation to the paid Fee, regardless of the extent in which the Customer has used the Services, or any other circumstance. If no objection has been raised prior to Trustmatic adding or replacing of a Subprocessor, Trustmatic will deem the Customer to have authorised the new Subprocessor.

4.3. Trustmatic shall at all times remain responsible for compliance with its obligations under the DPA and will be liable to the Customer for the acts and omissions of any Subprocessor as if they were the acts and omissions of Trustmatic.


5. International Transfers

5.1. Trustmatic shall only transfer the Customer Personal Data to a country or territory outside the EEA if it is necessary to complete the Services, and always with the Customers prior written consent.


6. Data Security, Audits and Security Notifications


6.1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Trustmatic shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including any measure set out in Terms and (as appropriate) any other measures listed in Article 32(1) of the GDPR. Trustmatic is entitled to unilaterally change and update such measures provided that the measures, at all times, comply with Article 32(1) of the GDPR.

6.2. The Customer may, upon 30 days’ prior notice and at Trustmatic’s regular business hours, audit (either by itself or using independent third party auditors) Trustmatic’s compliance with the security measures set out in this DPA, including by conducting audits of Trustmatic’s data processing facilities. The Customer shall submit, together with the aforementioned notice, an auditing plan, detailing the compliance elements and data processing facilities (in terms of functions) which are subject to the audit. Trustmatic shall assist with, and contribute to such audits conducted in accordance with this clause 6.2, provided that such audits are not carried out more than once a year. The Parties shall bear their own costs related to the audit. In case of any additional assistance, drafting of compliance documents, assisting with the requests or making available information reasonably necessary to demonstrate compliance with this DPA or with the Standard Contractual Clauses, that goes beyond auditing set forth in clause 6.2, Trustmatic shall have the right to reimbursement of costs and work as notified to the Customer prior to providing such assistance.

6.3. Trustmatic may, upon 30 days’ prior notice and at the Customer’s regular business hours, audit (either by itself or using independent third party auditors) Customer’s compliance with this DPA, including by conducting audits of Customer’s data processing facilities. Trustmatic shall submit, together with the notice, an auditing plan, detailing the compliance elements and data processing facilities (in terms of functions) which are subject to the audit. Customer shall assist with, and contribute to any audits conducted in accordance with this clause 6.3, provided that such audits are not carried out more than once a year. The Parties shall bear their own costs related to the audit.

6.4. Where required under Article 28(3)(h) of the GDPR, Party shall immediately notify the other Party in the event that notifying Party believes the other Party’s instructions conflict with the requirements of the GDPR or other EU or Member State laws.

6.5. If Party becomes aware of a Security Incident, Party will (a) notify the other Party of the Security Incident without undue delay, (b) investigate the Security Incident and provide such reasonable assistance to the Party (and any law enforcement or regulatory official) as required to investigate the Security Incident, and (c) take steps to remedy any non-compliance with this DPA.

6.6. Parties shall treat the Customer Personal Data as respective Party’s Confidential Information, and shall ensure that any employees or other personnel that have access to the Customer Personal Data have agreed in writing to protect the confidentiality and security of the Customer Personal Data and do not Process such Customer Personal Data other than in accordance with this DPA.

6.7. Customer shall confirm and agree on any notice of Security Incident to the supervisory authority, to public or Data Subject(s), beforehand with Trustmatic.

6.8. Each Party certifies that:

  • 6.8.1. it has not purposefully created back doors or similar programming that could be used to access the system and/or personal data,
  • 6.8.2. it has not purposefully created or changed its business processes in a manner that facilitates access to personal data or systems, and
  • 6.8.3. that national law or government policy does not require the Party to create or maintain back doors or to facilitate access to personal data or systems or for the Party to be in possession or to hand over the encryption key.
  • 6.8.4. Notwithstanding other applicable rights of Trustmatic, Trustmatic shall have the right to immediately terminate the Terms if the Customer acts in violation of sentence 1 of this clause 6.8.

7. Access Requests and Data Subject Rights


7.1. Save as required (or where prohibited) under applicable law, Trustmatic shall notify the Customer of any request received by Trustmatic from a Data Subject, whether directly or through a Subprocessor, in respect of their personal data included in the Customer Personal Data, and shall direct the Data Subject to the Customer, who shall respond to the Data Subject’s request. For avoidance of doubt, Trustmatic has the right to communicate with the Data Subject in order to clarify the request, including whether the request is submitted regarding the Customer, and provide information to the Data Subject regarding the identity of the Controller.

7.2. Party shall notify the other Party of any request for the disclosure of Customer Personal Data by a governmental or regulatory body or law enforcement authority (including any data protection supervisory authority) unless otherwise prohibited by law or a legally binding order of such body or agency.

7.3. Customer shall notify Trustmatic of any inquiries by the supervisory authorities about Services or Trustmatic Processing of Customer Personal Data.


8. Assistance


8.1. Where applicable, taking into account the nature of the Processing, and to the extent required under applicable Data Protection Laws:

8.2. Parties shall use all reasonable endeavours and not hinder the other Party’s efforts towards compliance, to assist each other by implementing appropriate technical and organisational measures and all other necessary compliance measures, insofar as this is possible, for the fulfilment of the Parties obligation to comply with applicable Data Protection Laws and to respond to requests for exercising Data Subject rights laid down in the applicable Data Protection Laws; and

8.3. Trustmatic shall provide reasonable assistance to the Customer with any data protection impact assessments and with any prior consultations to any Supervisory Authority of the Customer, in each case solely in relation to Processing of Customer Personal Data and taking into account the information available to Trustmatic. This assistance may be paid service as set forth in clause 6.2.

9. Duration and Termination


9.1. The Customer Personal Data Processed by Trustmatic in connection with the provision of the Services shall be available to the Customer in the Service in accordance with the chosen subscription plan after which the Customer Data shall be archived and the available to the Customer on a request basis subject to limitations in the chosen subscription plan.

9.2. Trustmatic shall, within 14 days of the date of termination of the Terms, delete and use all reasonable efforts to procure the deletion of all other copies of Customer Personal Data Processed by Trustmatic or any Subprocessors.

9.3. Upon the Customer’s written request submitted prior to termination of the Terms and subject to unarchiving limitations of the chosen subscription plan, Trustmatic will return a copy of a selection of Customer Personal Data by secure file transfer in such a format as notified by Customer to Trustmatic. If required by applicable laws, Trustmatic shall delete Customer Personal Data prior to the date provided in this clause 9.3.

9.4. In case the Customer’s retrieval request exceeds the unarchiving limitations of the chosen subscription plan, the Parties may separately agree on retrieval fee. The Customer acknowledges that Trustmatic has no obligation to facilitate the retrieval requests exceeding the unarchiving limitations of the chosen subscription plan.

9.5. Trustmatic and its Subprocessors may retain Customer Personal Data to the extent required by applicable law, or as Trustmatic may deem necessary to prosecute or defend any legal claim, provided that such Customer Personal Data is retained only to the extent and for such period as required by applicable laws or pending resolution of any issue, and always provided that Trustmatic shall ensure the confidentiality of all such Customer Personal Data.

9.6. In case where Trustmatic is a Processor, Trustmatic and its Subprocessors may retain Customer Personal Data in its backup systems, from which the corresponding Customer Personal Data will be deleted after the end of the backup cycle. Trustmatic ensures that during the backup period appropriate safeguards are applied and the backed-up materials are put beyond the use.