Kloo Terms & Conditions

LAST UPDATED ON 29/02/2024

We are really excited to be working with You! Here are a few things for you to read before we start!

Below are the terms on how to use Kloo’s Services (“Kloo’s Terms & Conditions”) -please  read them carefully along with the terms of the Quote, if you’ve been sent one.

Once you’ve signed the Quote or accepted the Kloo’s Terms & Conditions online, a legally binding “Agreement” between you and us will be formed. You cannot use the Services if you don’t accept Kloo’s Terms & Conditions.

Please note that our payment accounts are provided by Modulr FS Limited, a company  registered in England and Wales under company number 09897919 with its registered office at Scale Space, 58 Wood  Lane, London, W12 7RZ and who is regulated  by the Financial Conduct Authority for  issuance of electronic money under FRN  900573 (“Modulr”). We operate as  distributors of Modulr FS Limited (FRN:  900573).

Modulr holds your money subject to specific  regulatory safeguarding rules to make sure it  is kept safe. Modulr's Terms & Conditions  Modulr UK Introduced Client Terms and its  schedules including Modulr's Terms &  Conditions (together shall be referred to as “Modulr’s Terms & Conditions” hereinafter), which can be accessed here shall be applicable to Modulr’s products and by accepting Kloo’s Terms & Conditions here, you will be deemed to have accepted and agreed to Modulr's Terms & Conditions as well. Because we work very closely with Modulr and they are a crucial part of our Services, unfortunately we will not be able to start working with you if you don’t agree to Modulr's Terms & Conditions. Please see Modulr’s Privacy Policy at https://www.modulrfinance.com/privacy-policy

Learn how Modulr keeps your money safe: How Modulr keeps your money safe 

Read Modulr's Introduced Client Terms & Conditions: Modulr Introduce Client Terms of Business

1. What means what?

Note that if there are any defined terms other than those listed below, they shall have the meanings as set out in your Quote, unless the  context requires otherwise. The following rules of interpretation will also apply in this Agreement, unless the context requires otherwise:

  1. headings are for convenience only  and do not affect the interpretation  of this Agreement;
  2. the singular includes the plural and  vice versa;
  3. words that are gender neutral or  gender specific include each gender

Administrator means a person authorized by the Company to manage the Kloo Account and act on behalf of the Company.

Card means your virtual or physical Kloo card that is a “Corporate Deferred Debit” issued by an Issuer under the license of a Card Scheme (including any replacement card) managed through your Kloo Account and governed by Modulr’s Terms & Conditions.

Cardholder means the Company’s employees or other individuals authorized/permitted by the Company through its Kloo Account to use Cards on Company’s behalf.

Card Scheme means the payment card schemes including Visa and/or any such other payment network through which card transactions are processed.

Card Terms and Conditions means terms governing the use of your Cards under Modulr’s Terms and Conditions

Company, You or Your means the company that is applying or has applied for a Kloo Account and is executing this Agreement and/or the person or persons who have received a Card and/or are authorized to use the Card and Services as provided for in these Terms & Conditions and Modulr’s Terms & Conditions

Company Data means any data, information or other material provided, uploaded, or submitted by the Company to the Service in the course of using the Service (excluding any information shared by the Company with Kloo for the performance of this Agreement, such as billing details, any information provided during onboarding and opening the Kloo Account etc.).

Fees means the amounts we charge you for the use of our Subscribed Services as set out in the Quote (including Subscription Fees and any Add-on Fees).

Integrated Services means services that are provided by third parties connected to or provided through the Services which may include platforms such as Xero, Quickbooks, Freshbooks, Microsoft Dynamics, used for accounting or expense management.

Issuer means Modulr.

Kloo Account means Your electronic account linked to the Services, which is not a bank account.

Kloo Analytics means the basic Kloo service available to any Kloo Account holder and helps them visualize their spend and income data, and which may, from time time and at Kloo’s absolute discretion, be provided as a service free of charge or as a Subscribed Service.

Kloo Mobile App means Our mobile application available for free on iOS and/or Android, including elements of a range of Kloo products, the scope of which may change from time to time.

Kloo Platform means our website, desktop platform, and the Kloo Mobile App together, which are all governed by the Kloo’s Terms and Conditions here.

Linked Account means any electronic money account that is held and maintained by Modulr that has financial data linked to your Kloo Account.

Notice means any physical or electronic communication or legal notices provided to You, Administrators or Users related to this Agreement, through text or SMS, email, your Kloo Account, or by other means.

Services means the services we may make available to you as part of our Subscribed Services or free of charge, which includes, without limitation, the services set out in clause 2 below.

Subscribed Services means any paid Kloo services such as Kloo Cards and Payments, Kloo Accounts Payable, or any other service we may make available to you from time to time in return for a fee.

User means any employees, contractors or other individuals permitted to use the Cards or Services on behalf of the Company.

We, Us or Our means Kloo and/or the Issuer.

  1. What is this Agreement about? The Agreement is about the provision of Services to You by Kloo and Your obligations in return including, without limitation, paying any Fees set out in your Quote, and using the Kloo Platform as per the terms stated herein.

  2. What do the Services include?
    The Services may include any or all of the following or any other service which we may make available to you from time to time:
    1. requesting Cards to use within your organization and managing them;
    2. requesting bank transfers;
    3. reviewing and approving Card requests and bank transfer requests (if you have approval rights);
    4. cancelling existing Cards;
    5. managing all your non-payroll expenses including categorizing, uploading, reviewing any expense related data and documents;
    6. using Integrated Services through your Kloo Account;
    7. generating and exporting your expense reports;
    8. visualizing your expenses and income via Kloo Analytics;
    9. Kloo Mobile App services;
    10. paying invoices using your Card or our direct debit services.

  3. Can Kloo change the scope of Services?
    Kloo may change the scope of Services or provide new Services but not without Notice where the changes are material, unless obliged to do so by an Issuer or by law.

  4. How long does this Agreement last?
    This Agreement starts when you sign the Quote or accept the Kloo’s Terms & Conditions by clicking them online and submit your application for a Kloo Account to be opened for you and lasts until it is terminated by You or Us.

    On expiry of the Subscription Period indicated in the Quote, the Subscription Period shall automatically renew for a consecutive term (as stated in the Subscription Period) (“first Renewal Date”) and thereafter renew for a further term on each anniversary of the first Renewal Date (each of the first Renewal Date and each such anniversary being a Renewal Date).

    If You wish for the Subscription Period to expire on the next Renewal Date, You may do so by sending Us a Notice of cancellation via email to info@getkloo.com at least thirty (30) days before that Renewal Date.

  5. Can this Agreement be terminated for convenience?
    Yes. Either party may terminate this Agreement for convenience, by giving the other party at least thirty (30) days’ prior written Notice, which should be done via sending a termination notice by email to info@getkloo.com (if You are sending the Notice to Us) and to the email address of the Administrator or Company contact’s email address provided on the Quote (if We are sending the Notice to You).

    If the Agreement is terminated by Kloo for convenience, Kloo may, at its absolute discretion and if practically reasonable, refund a portion of the Fees to You for which Kloo has not yet provided any Services in return.

    If the Agreement is terminated by You for convenience, You shall remain liable to pay any and all amounts owed for the remaining duration of your Subscription Period as well as any Add-On Fees for the orders you already put in place, payments made to a merchant with your Card, or any fines or penalties caused by your actions under this Agreement.

  6. Are there any other instances where Kloo can terminate the Agreement immediately?
    Yes, We can terminate this Agreement with immediate effect by giving you a Notice of termination, if:
    • You fail to pay one or more of your invoices on time for the due Fees;
    • We suspect that you are using or intending to use, or allowing others to use, your Card for money laundering, terrorist financing, fraud or any other criminal purposes and/or illegal activity;
    • We understand that you shouldn’t have been eligible for a Kloo Account in the first place or that you are no longer entitled to have a Kloo Account;
    • You don’t agree to any changes we make to these Terms & Conditions and/or Modulr's Terms & Conditions and/or Card Terms and Conditions;
    • We discover that the information you’ve provided to us while opening your Kloo Account was inaccurate, false or misleading in a way;
    • You refuse or fail to provide us with reasonably requested information and/or documentation required for Kloo to comply with its legal obligations or to comply with the requirements of the respective Issuer;
    • You commit a material breach of this Agreement or a breach capable of remedy which isn’t remedied within fourteen (14) days of notification of the breach;
    • You become insolvent or cease to carry on your business;
    • We determine that you are in breach of Modulr's Terms & Conditions and/or Card Terms and Conditions which may require the Linked Account to be closed and/or the Cards to be cancelled;
    • You are inactive for at least three (3) consecutive months within a given Subscription Period

      If We terminate the Agreement on the basis of one of the above instances or due to another reasonable or legally permissible basis, We shall not be obliged to refund You any Fees and You understand and acknowledge that the aggregate amount of all Fees for the remaining duration of the Subscription Period shall become due and payable

  7. What are the Fees and how and when to pay them?
    Fees consist of (i) the Subscription Fees as set out in the Quote and (ii) any additional fees for add-on products and/or services (such as additional users/physical cards) that may be ordered in addition to the Subscription (the “Add-on Fees”). Unless otherwise stated in the Quote, We will invoice You:
    • monthly or annually in advance for the Subscription Fees; and
    • monthly in arrears for any other Add-on Fees.

      All amounts payable under this Agreement are exclusive of amounts in respect of value added tax chargeable for the time being (VAT) and any applicable taxes, which will be added to the invoices. Our invoices will be sent via e-mail to the Administrators of your Kloo Account and be payable within 10 days of the date of the invoice. Fees should always be paid net of charges by your bank or any other payment provider and without any set-off.

      After the creation of your Kloo Account, we will issue a virtual card to you which you won't be charged for, and we will link it to your wallet so that any due Fees can be subtracted automatically from the balance in your Kloo Account. By accepting Kloo's Terms and Conditions, you explicitly agree and authorize us to deduct any and all due amounts owed to us from your balance regardless of the type of the currency held.

      If we cannot charge any Fees due to insufficient funds in your Kloo Account, we may suspend your access to the Kloo Platform and Services, block your Cards and notify you immediately for you to top-up your Kloo Account sufficiently so that the due amounts can be subtracted. We reserve our right to terminate this Agreement if no top-up is done and the Fees are not paid within 10 days of the relevant invoice date.

      If any transaction is made in a currency other than Euro or Pound Sterling, you will be charged an additional 2% fee.

  8. What happens if You are late in paying the Fees?
    If You fail to pay an invoice on time, we may, at our discretion, add simple interest on top of the amount due at a rate of 4% per year (accruing on a daily basis from the final date for payment until the actual date of payment, whether before or after judgment).

    Failing to pay the full amount of a Kloo invoice on time is a breach of this Agreement which gives Kloo the right to terminate this Agreement as set out in clause 6, suspend the Services and recover any outstanding debt or due payment directly from you or via a third-party collection service. In the event Kloo incurs costs and expenses including legal fees and any applicable interest while collecting any delayed amount owed by You, You shall be responsible to also pay for these to Kloo in addition to any owed amount

  9. Can the Fees be revised?

    Yes, Kloo will review the Fees annually to ensure that the current negotiated prices are reflected. Kloo may, at its absolute discretion, increase the Fees accordingly once every twelve (12) months.

  10. Can the Administrators and/or other Users add new Users/Administrators?
    Yes, they can as long as they are authorized by the Company to do so. The Administrators and Users shall act only on behalf of the Company when using the Services. Each additional User or Administrator the Company grants access with its Kloo Account must accept Kloo’s Terms and Conditions before starting to use the Services and they will be deemed to be subject to Kloo’s Terms & Conditions here.

  11. What are Your obligations under this Agreement?
    Throughout the Term of this Agreement, You must:
    • keep your Kloo Account and Cards secure and only provide access to the Administrator(s) and/or other individuals you have authorized to use your Kloo Account or Cards on your behalf;
    • ensure that the Cardholders use the Cards for only bona fide business purposes and not use them to engage in any illegal or restricted activities including without limitation to those listed under clause 6 above and inform us as soon as you become aware of any such engagement on your end;
    • not share your personal identification number (“PIN”) or your Card or any passwords to your Kloo Account, or any other security information you have given us with a third party unless you reveal such information in an unrecognisable way;
      Card if possible, where you know or have a reason to believe that your Kloo Account or Cards have been compromised, stolen or maybe misused;
    • immediately notify us of any unauthorized access or use;
    • ensure that You, Administrators, Cardholders and Users always comply with Kloo’s Terms & Conditions as well as Modulr's Terms & Conditions and any other applicable Card Terms and Conditions and Card Scheme rules.

      ou also represent and warrant to us that (i) all data you provide with us during onboarding as well as during the Term of the Agreement is accurate, complete and up-to-date; (ii) the person signing the Quote and accepting Kloo’s Terms & Conditions here (either the Administrator or another person) is legally capable of representing and binding the Company with the terms of this Agreement; (iii) the Administrators have the required power and authority to manage Your Kloo Account and carry out business on Your behalf; (iv) You, Administrators, Cardholders and Users will not engage in any illegal or restricted activities as specified in this Agreement, or in Modulr's Terms & Conditions or any other applicable Card Terms and Conditions.

  12. Who owns what?
    Kloo and/or its licensors own all intellectual property rights in and to the Kloo Platform and the Services (“Kloo’s IP”). The Company owns all intellectual property rights to its website(s), any documents or materials that are provided to Kloo, and the output data specific to the Company which is created by Kloo in the provision of the Services (“Company’s IP”).

  13. Does this Agreement grant the parties the right to use each other’s intellectual property?
    This Agreement gives (i) You (and Administrators and/or Users) a nonexclusive and non-transferable license to use Kloo’s IP for the sole purpose of receiving the Services, and (ii) Kloo the right to use the Company’s IP solely for the purposes of the development and/or provision of Kloo’s products and/or Services, in each case for the duration of this Agreement only.

    You cannot reverse engineer or decompile the Kloo Platform, or otherwise grant access to, copy, reproduce, or redistribute any aspect of the Platform or any other documents or materials received by You as a result of receiving the Services under this agreement to any third party without Our prior written consent.

    Any use of the other party’s IP other than as envisaged by this Agreement that will be a material breach of this Agreement allowing the non-breaching party the right to immediately terminate this Agreement.

  14. Can Kloo identify the Company as one of its customers and use aggregated or anonymized data?
    Yes. By clicking the “I accept” button to this Agreement, You will be giving us permission to use Your name and logo on our website or in our communications solely for the purpose of identifying the Company as one of our customers. If you wish to not be identified as a Kloo customer, please notify us and we will remove all references to You on our website and in communications.

    Kloo may monitor use of the Services by all of its customers and use the data gathered in an aggregate and anonymous manner. You agree that we may use and publish such information, provided that such information does not incorporate any Company Data and/or identify you.

  15. Are there any limits to Kloo’s liability against You?
    EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT, KLOO DOES NOT MAKE ANY WARRANTY, EXPRESS OR IMPLIED, WITH RESPECT TO THE SERVICES OR THE RESULTS THEREOF, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. KLOO DOES NOT GUARANTEE THAT (i) THE SERVICES WILL BE USABLE AT ANY GIVEN TIME OR LOCATION,
    - ALL PURCHASES USING THE CARDS WILL BE PERMITTED BY MERCHANTS AT ALL TIMES;
    - SERVICES WILL BE UNINTERRUPTED, SECURE, OR FREE FROM HACKING, VIRUSES, OR MALICIOUS CODE; AND (iv) ANY DEFECTS IN THE SERVICES WILL BE CORRECTED, EVEN WHEN WE ARE ADVISED OF SUCH DEFECTS.

    IN NO EVENT SHALL KLOO BE LIABLE FOR CONSEQUENTIAL, INCIDENTAL, SPECIAL OR INDIRECT DAMAGES; OR FOR ECONOMIC LOSS (INCLUDING LOSS OF PROFITS, BUSINESS, REVENUE, GOODWILL OR ANTICIPATED SAVINGS); OR FOR ACTS OF NEGLIGENCE THAT ARE NOT INTENTIONAL OR RECKLESS IN NATURE, REGARDLESS OF WHETHER IT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES; OR FOR LOSS ARISING FROM ANY CLAIM MADE AGAINST THE COMPANY BY ANY OTHER PERSON; OR FOR LOSS OR DAMAGE ARISING FROM THE COMPANY’S FAILURE TO FULFIL ITS RESPONSIBILITIES OR ANY MATTER UNDER THE CONTROL OF THE COMPANY. IN NO EVENT SHALL KLOO BE LIABLE FOR LOSSES OR FAILURES CAUSED BY THE USE OF INTEGRATED SERVICES OR BY THEIR PROVIDERS. OTHER THAN FOR LIABILITY ARISING UNDER ANYTHING WHICH CAN’T BE LIMITED OR EXCLUDED BY LAW (WHICH, FOR THE AVOIDANCE OF DOUBT, SHALL BE UNLIMITED), THE MAXIMUM AGGREGATE LIABILITY OF KLOO TO THE COMPANY ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT (WHETHER FOR BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE) SHALL BE LIMITED TO DIRECT DAMAGES WHICH IN NO EVENT SHALL EXCEED THE FEES PAID OR PAYABLE BY THE COMPANY TO KLOO UNDER THIS AGREEMENT.

  16. What happens if something beyond Kloo’s reasonable control happens which prevents or delays Kloo from providing the Services?
    If something beyond Kloo’s reasonable control happens, which prevents or delays Kloo from providing the Services, including without limitation any government-imposed restrictions or government guidance and/or recommendations, (each a “force majeure event”) then Kloo won’t be in breach to the Company for failing to perform such obligations, but only to the extent that such obligations are delayed or prevented by a force majeure event. Kloo will use its reasonable endeavours to keep the Company updated on the impact of the force majeure event on Kloo’s ability to perform its obligations under this Agreement.

  17. What will You indemnify Kloo for?
    In the event that any obligation under this Agreement/Kloo’s Terms & Conditions, Modulr's Terms & Conditions or any other applicable Card Terms and Conditions or any other agreements with Kloo is breached by You and/or your Administrators, Cardholders, Users, as a result of which we face any claims, proceedings or actions by any third party, you accept hereby that you shall indemnify and defend us (including our employees, contractors and any third party service providers) for any losses we may incur in respect thereof

  18. How does Kloo deal with Company Data and personal data under this Agreement?
    We will not process Company Data for purposes other than those specified in this Agreement, unless we are required to do so under applicable law or we have a legal basis for such processing. The details on how we process personal data with respect to the provision of Services under this Agreement can be seen in our Data Processing Addendum and Privacy Policy, which are an integral part of this Agreement.

    Kloo trains its employees regularly on their data protection duties and tasks and takes steps to ensure that all persons and third parties authorized to process personal data on behalf of Kloo shall be bound to treat such personal data as confidential at all times. Kloo also takes commercially reasonable security measures to ensure a level of protection against unauthorized or incidental access, loss, change, disclosure, or erasure of data and uses commercially reasonable efforts to prevent any systems’ infiltration. Kloo undertakes to inform the Company without delay if a security breach occurs in the accounts where Company Data is stored.

  19. Is there any confidential information dealt with under this Agreement?
    Yes, any information which would reasonably be considered confidential that is received by either party in connection with this Agreement is confidential; and agreed to be kept confidential by each party for the duration of this Agreement and for ten (10) years after this Agreement ends. This means, either party must use reasonable security mechanisms to protect the confidential information, and not divulge the confidential information to any third party without the other party’s prior written consent. The only exception is if a party is required to divulge confidential information as required under permitted law – in which case, the party may do so, but it shall inform the other party as soon as reasonably practical (if it is lawfully able to do so). If either party breaches any of the confidential obligations in this clause, then such breach will be a material breach, and the non-breaching party may immediately terminate this Agreement.

  20. How will the Notices be sent under this Agreement?
    Any reference in this Agreement to a written Notice shall include Notice sent via email. Notwithstanding the fact that any Notice of termination must be sent via email as set out in clause 5, We will be sending Notices on payment terms or any other legal terms through the Kloo Account or email to the Administrators, where notices sent through your Kloo Account shall be deemed received twenty-four (24) hours after they are sent. By clicking the “I accept” button below, you agree that all other Notices in relation to activities in your Kloo Account or any alerts can be sent electronically through your Kloo Account, email, via text or SMS to the contact information provided in the Quote or by an Administrator or User. We will provide Notices regarding activity and alerts to your Kloo Account electronically through your Kloo Account, email, and via text or SMS to the contact information provided to us by Administrators and Users. You must reach out to us immediately if you are or you think you are experiencing issues receiving Notices.

  21. Can each party assign this Agreement to another party?
    Kloo may assign any or all of its rights or obligations under this Agreement to a third party without the prior written consent of the Company. The Company may not assign its rights or obligations under this Agreement without the prior written consent of Kloo.

  22. What happens if any part of this Agreement becomes illegal or invalid under applicable law?
    If any clause in this Agreement (or part thereof) is or becomes illegal, invalid or unenforceable under applicable law, but would be legal, valid and enforceable if the clause or some part of it was deleted or modified (or the duration of the relevant clause reduced): then (A) the relevant clause (or part thereof) will apply with such deletion or modification as may be required to make it legal, valid and enforceable; and (B) without limiting the foregoing, in such circumstances the parties will promptly and in good faith seek to negotiate a replacement provision consistent with the original intent of this Agreement as soon as possible.

  23. What happens if there is a conflict between the terms of the Quote and Kloo’s Terms & Conditions?
    If there is a conflict between any of the terms of the Quote and Kloo’s Terms & Conditions, the terms specified in the Quote shall prevail.

  24. How can the changes to this Agreement be made?
    Any terms contained within the Quote, other than the email addresses and addresses, each of which can be amended by email alone, can only be amended by written agreement signed by the parties. Any terms contained within Kloo’s Terms & Conditions are subject to review from time to time, and may be unilaterally amended by Kloo at its sole and absolute discretion without the need to obtain Company’s prior consent. We will notify You of any such revision via Your Kloo Account through the platform or via an email. The revised Kloo’s Terms & Conditions will come into effect once they are posted on our website. If you have any difficulty in accessing these, please contact us at info@getkloo.com to arrange a copy to be forwarded to you. Your continuing to use the Services will amount to acceptance of our revised Kloo’s Terms & Conditions. Changes to Kloo’s Terms & Conditions will not affect the provision of Services ordered and paid before the change.

    No failure, delay or omission by either party in exercising any right, power or remedy provided by law or under this Agreement shall operate as a waiver of that right, power or remedy, nor shall it preclude or restrict any future exercise of that or any other right or remedy. No single or partial exercise of any right, power or remedy provided by law or under this Agreement shall prevent any future exercise of it or the exercise of any other right, power or remedy.

  25. Would earlier documents or correspondence between parties form part of this Agreement?
    No, the parties agree that this Agreement including incorporated terms, these Terms & Conditions and the Quote signed by the Company comprises the entire the entire Agreement between them and supersedes all previous agreements, understandings and arrangements between the parties, whether in writing or oral in respect of its subject matter.

  26. Does this Agreement create a partnership or agency?

    No, the parties are independent contractors and nothing in this Agreement constitutes, or shall be deemed to constitute, a partnership between the parties nor make any party the agent of another party.

  27. What law governs this Agreement?
    This Agreement and any dispute or claim arising out of, or in connection with, it, its subject matter or formation (including non-contractual disputes or claims) shall be governed by, and construed in accordance with English law.

  28. Which courts have jurisdiction to hear any dispute that arises under this Agreement?

    The parties irrevocably agree that the courts of England shall have exclusive jurisdiction to settle any dispute or claim arising out of, or in connection with, this Agreement, its subject matter or formation (including non-contractual disputes or claims

2. Data Processing Addendum To Kloo’s T&C’s

  1. DEFINITIONS

    Data Controller” has the meaning given to ‘Data Controller’, or ‘Controller’ as appropriate, in the Data Protection Laws;

    Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed;

    “Data Processor”     has the meaning given to ‘Data Processor’, or ‘Processor’ as appropriate, in the Data Protection Laws;

    Data Protection Laws” means any and all laws, statutes, enactments, orders or regulations or other similar instruments of general application and any other rules, instruments or provisions in force from time to time relating to the processing of personal data and privacy applicable to the performance of this Agreement, including where applicable the Data Protection Act 1998, the Data Protection Act 2018, the Regulation of Investigatory Powers Act 2000, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI2426/2003) and the GDPR (Regulation (EU) 2016/679), as amended or superseded;

    GDPR” Means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC as updated, superseded or repealed from the time to time;

    Personal Data” has the meaning given in the Data Protection Laws.

    Sub-Processor” means any processor engaged by KLOO (or by any other Sub-Processor) for carrying out any processing activities in respect of the Personal Data provided by the Company.

  2. DATA PROCESSING

    Where KLOO, pursuant to this Agreement, processes Personal Data on behalf of the Company, KLOO acknowledges that the Company is the Data Controller and the owner of such Personal Data, and that KLOO is the Data Processor.

  3. COMPLIANCE WITH DATA PROTECTION LAWS
    The Data Processor warrants that it has complied, and shall continue to comply, with the requirements of the applicable Data Protection Laws and all other data protection legislation in any jurisdiction relevant to the exercise of its rights or the performance of its obligations under this Agreement.

  4. DATA PROCESSING OBLIGATIONS

    1. In respect of any Personal Data to be processed by the Data Processor pursuant to this Agreement for which the Company is Data Controller, the Data Processor shall:

      1. have in place and at all times maintain appropriate technical and organisational measures in such a manner as is designed to ensure the protection of the rights of the data subject and to ensure a level of security appropriate to the risk and shall implement any reasonable security measures as requested by the Company from time to time;

      2. not engage any sub-processor without the prior specific or general written authorisation of the Company (and in the case of general written authorisation; the Data Processor shall inform the Company of any intended changes concerning the addition or replacement of other processors and the Company shall have the right to object to such changes);

      3. ensure that each of the Data Processor’s employees, agents, consultants, subcontractors and sub-processors are made aware of the Data Processor’s obligations under this Schedule and enter into binding obligations with the Data Processor to maintain the levels of security and protection required under this Schedule. The Data Processor shall ensure that the terms of this Schedule are incorporated into each agreement with any sub-processor, subcontractor, agent or consultant to the effect that the sub-processor, subcontractor, agent or consultant shall be obligated to act at all times in accordance with duties and obligations of the Data Processor under this Schedule. The Data Processor shall at all times be and remain liable to the Company for any failure of any employee, agent, consultant, subcontractor or sub-processor to act in accordance with the duties and obligations of the Data Processor under this Schedule;

      4. process that Personal Data only on behalf of the Company in accordance with the Company’s instructions and to perform its obligations under this Agreement or other documented instructions from the Company and for no other purpose save to the limited extent required by law;

      5. (at no additional cost to the Company) within 7 days following the end of the term of this Agreement, deliver to the Company (in such format as the Company may require) a full and complete copy of all Personal Data, and, following confirmation of receipt from the Company, permanently remove the Personal Data (and copies) from the Data Processor’s systems, and the Data Processor shall certify to the Company that it has complied with these requirements, and such Personal Data shall remain confidential in perpetuity;

      6. ensure that all persons authorised to access the Personal Data are subject to obligations of confidentiality and receive training to ensure compliance with this Agreement and the Data Protection Laws;

      7. make available to the Company all information necessary to demonstrate compliance with the obligations laid out in Article 28 of GDPR and this Schedule and allow for and contribute to audits, including inspections, conducted by the Company or another audit or mandated by the Company, of the Data Processor’s data processing facilities, procedures and documentation (and the facilities, procedures and documentation of any sub-processors) in order to ascertain compliance with Article 28 GDPR and this Schedule, within 5 working days of request by the Company, and, following any such audit, without prejudice to any other rights of the Company, the Data Processor shall implement such measures which the Company considers reasonably necessary to achieve compliance with the Data Processor’s obligations under this Schedule; provided that, in respect of this provision the Data Processor shall immediately inform the Company if, in its opinion, an instruction infringes Data Protection Laws;

      8. taking into account the nature of the processing, provide assistance to the Company, within such timescales as the Company may require from time to time, at no charge to the Company, in connection with the fulfilment of the Company’s obligation as Data Controller to respond to requests for the exercise of data subjects’ rights pursuant to Chapter III of the GDPR to the extent applicable;

      9. provide the Company with assistance in ensuring compliance with articles 32 to 36 (inclusive) of the GDPR (concerning security of processing, data breach notification, communication of a personal data breach to the data subject, data protection impact assessments, and prior consultation with supervisory authorities) to the extent applicable to the Company, taking into account the nature of the processing and the information available to the Data Processor;

      10. (at no additional cost to the Company) deal promptly and properly with all enquiries or requests from the Company relating to the Personal Data and the data processing activities, promptly provide to the Company in such form as the Company may request, a copy of any Personal Data requested by the Company;

      11. (at no additional cost to the Company) assist the Company (where requested by the Company) in connection with any regulatory or law enforcement authority audit, investigation or enforcement action in respect of the Personal Data;

      12. immediately notify the Company in writing about:

        1. any Data Breach or any accidental loss, disclosure or unauthorised access of which the Data Processor becomes aware in respect of Personal Data that it processes on behalf of the Company;

        2. any request for disclosure of the Personal Data by a law enforcement authority (unless otherwise prohibited);

        3. any access request or complaint received directly from a data subject (without responding other than to acknowledge receipt); and

      13. maintain a record of its processing activities in accordance with Article 30 of the GDPR.

  5. INTERNATIONAL DATA TRANSFERS

    1. In respect of any Personal Data to be processed by a party acting as Data Processor pursuant to this Agreement for which the other party is Data Controller, the Data Processor shall not transfer the Personal Data outside the EEA or to an international organisation without:

      1. obtaining the written permission of the Data Controller;

      2. ensuring appropriate levels of protection, including any appropriate safeguards if required, are in place for the Personal Data in accordance with the Data Protection Laws;

      3. notifying the Data Controller of the protections and appropriate safeguards in paragraph 5.1.2 above;

      4. documenting and evidencing the protections and appropriate safeguards in paragraph 5.1.2 above and allowing the Data Controller access to any relevant documents and evidence

3. Annex A – Data Processing Activities

Where Kloo acts as a Data Processor on behalf of the Company

The following table sets out the details of processing as required by Article 28 of GDPR:

Purposes for which the Personal Data shall be processed

Please specify the purposes for which KLOO intends to process the Personal Data.

KLOO, when acting as Data Processor on behalf of the Company, shall process the Personal Data described in this table for the sole purpose of delivering the Services; ensuring quality, maintaining safety, and improving the Services and customizing customer experience as described under this Agreement.

Description of the categories of the data subjects

Please specify the categories of data subject whose Personal Data shall be processed under this Agreement.
  1. Legal representatives of the Company;
  2. Administrators, Users, or other individuals given access to the Services and the Kloo Account of the Company;
  3. Contact persons and proxies of the Company;
  4. Employees, contractors of the Company or other individuals that are designated and permitted by the Company through the Kloo Account to use physical or virtual cards on Company’s behalf.

Description of the categories of Personal Data

Please specify the categories of Personal Data that shall be processed under this Agreement.

The following data fields may be processed by KLOO on behalf of the Company:

  • First name, last name;
  • Phone number;
  • Email;
  • Job title/ role;
  • Personal bank accounts;
  • Address;
  • IP address;
  • Location/Country (with respect to the occurrence of the expenses)

Description of transfers of Personal Data to a country outside of the EAE

Please record transfers of Personal Data outside of the EEA, recording the country and/or international organisation and, where applicable, please document suitable safeguards.

 

The envisaged time limits for erasure of the different categories of Personal Data

Please specify how long you think the Personal Data will be retained for, where possible.

All Personal Data shall be deleted within 5 years from termination or performance of the Services by means of encryption solutions or deletion from the Servers where they have been stored.

General description of technical and organisational security measures

Where possible, please describe the measures put in place under Article 32(1) GDPR.

 

Authorised Sub-Processors

List the sub-processors who will process Personal Data.

Please see Annex B to this Schedule below – all of the sub-processors listed in Annex B to this Schedule are hereby authorised by the Company to act as sub-processors for and on behalf of KLOO.

Additionally:

  • IT service providers (for the purpose of hosting, supporting or maintaining KLOO's IT systems, including any back-up and disaster recovery systems); and
  • End Point Assessment Organisations

4. Annex B - Authorised Processors and Sub-processors of KLOO where the Company is the Data Controller

List of trusted third parties where data is hosted in the EEA or in the United Kingdom:

Company name
 Address Reason for data sharing Impacted individuals
Modulr FS Limited Scale Space, 58 Wood Lane, London, W12 7RZ For Modulr to issue physical or virtual corporate payment cards and provide money account(s) linked to the Kloo Account Employees, contractors, Administrators, Cardholders, Users, or other individuals given access to the Services and the Kloo Account
PenTest People The Coachworks, 21 The Calls, Leeds, LS2 7EH, United Kingdom Penetration testing services Employees, contractors, Administrators, Cardholders, Users, or other individuals given access to the Services and the Kloo Account
Codat 301 Ink Rooms, 28 Easton St, London WC1X 0BE Integration with accounting software via API Employees, contractors, Administrators, Cardholders, Users, or other individuals given access to the Services and the Kloo Account
Nitecrest 32a Marathon Pl, Moss Side Industrial Estate, Leyland PR26 7QN Production of physical cards Employees, contractors, Administrators, Cardholders and Users
Tell.Money 20 Red Lion Street, Holborn, WC1R 4PS PSD2 dedicated interface Employees, contractors, Administrators, Cardholders, Users, or other individuals given access to the Services and the Kloo Account
Blenheim Chalcot LTF 58 Wood Lane, W12 7RZ Product management, HR, legal support and accounting support Employees, contractors, Administrators, Cardholders, Users, or other individuals given access to the Services and the Kloo Account