- Contact us
- Help Center
- Contact us
- Help Center
We are really excited to be working with You! Here are a few things for you to read before we start!
Below are the terms on how to use Kloo’s Services (“Kloo’s Terms & Conditions”) -please read them carefully along with the terms of the Quote, if you’ve been sent one.
Once you’ve signed the Quote or accepted the Kloo’s Terms & Conditions online, a legally binding “Agreement” between you and us will be formed. You cannot use the Services if you don’t accept Kloo’s Terms & Conditions.
Please note that our payment accounts are provided by Modulr FS Limited, a company registered in England and Wales under company number 09897919 with its registered office at Scale Space, 58 Wood Lane, London, W12 7RZ and who is regulated by the Financial Conduct Authority for issuance of electronic money under FRN 900573 (“Modulr”). We operate as distributors of Modulr FS Limited (FRN: 900573).
Note that if there are any defined terms other than those listed below, they shall have the meanings as set out in your Quote, unless the context requires otherwise. The following rules of interpretation will also apply in this Agreement, unless the context requires otherwise:
Administrator means a person authorized by the Company to manage the Kloo Account and act on behalf of the Company.
Card means your virtual or physical Kloo card that is a “Corporate Deferred Debit” issued by an Issuer under the license of a Card Scheme (including any replacement card) managed through your Kloo Account and governed by Modulr’s Terms & Conditions.
Cardholder means the Company’s employees or other individuals authorized/permitted by the Company through its Kloo Account to use Cards on Company’s behalf.
Card Scheme means the payment card schemes including Visa and/or any such other payment network through which card transactions are processed.
Card Terms and Conditions means terms governing the use of your Cards under Modulr’s Terms and Conditions
Company, You or Your means the company that is applying or has applied for a Kloo Account and is executing this Agreement and/or the person or persons who have received a Card and/or are authorized to use the Card and Services as provided for in these Terms & Conditions and Modulr’s Terms & Conditions
Company Data means any data, information or other material provided, uploaded, or submitted by the Company to the Service in the course of using the Service (excluding any information shared by the Company with Kloo for the performance of this Agreement, such as billing details, any information provided during onboarding and opening the Kloo Account etc.).
Fees means the amounts we charge you for the use of our Subscribed Services as set out in the Quote (including Subscription Fees and any Add-on Fees).
Integrated Services means services that are provided by third parties connected to or provided through the Services which may include platforms such as Xero, Quickbooks, Freshbooks, Microsoft Dynamics, used for accounting or expense management.
Issuer means Modulr.
Kloo Account means Your electronic account linked to the Services, which is not a bank account.
Kloo Analytics means the basic Kloo service available to any Kloo Account holder and helps them visualize their spend and income data, and which may, from time time and at Kloo’s absolute discretion, be provided as a service free of charge or as a Subscribed Service.
Kloo Mobile App means Our mobile application available for free on iOS and/or Android, including elements of a range of Kloo products, the scope of which may change from time to time.
Kloo Platform means our website, desktop platform, and the Kloo Mobile App together, which are all governed by the Kloo’s Terms and Conditions here.
Linked Account means any electronic money account that is held and maintained by Modulr that has financial data linked to your Kloo Account.
Notice means any physical or electronic communication or legal notices provided to You, Administrators or Users related to this Agreement, through text or SMS, email, your Kloo Account, or by other means.
Services means the services we may make available to you as part of our Subscribed Services or free of charge, which includes, without limitation, the services set out in clause 2 below.
Subscribed Services means any paid Kloo services such as Kloo Cards and Payments, Kloo Accounts Payable, or any other service we may make available to you from time to time in return for a fee.
User means any employees, contractors or other individuals permitted to use the Cards or Services on behalf of the Company.
We, Us or Our means Kloo and/or the Issuer.
Yes, Kloo will review the Fees annually to ensure that the current negotiated prices are reflected. Kloo may, at its absolute discretion, increase the Fees accordingly once every twelve (12) months.
No, the parties are independent contractors and nothing in this Agreement constitutes, or shall be deemed to constitute, a partnership between the parties nor make any party the agent of another party.
What law governs this Agreement?
This Agreement and any dispute or claim arising out of, or in connection with, it, its subject matter or formation (including non-contractual disputes or claims) shall be governed by, and construed in accordance with English law.
The parties irrevocably agree that the courts of England shall have exclusive jurisdiction to settle any dispute or claim arising out of, or in connection with, this Agreement, its subject matter or formation (including non-contractual disputes or claims
“Data Controller” has the meaning given to ‘Data Controller’, or ‘Controller’ as appropriate, in the Data Protection Laws;
“Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed;
“Data Processor” has the meaning given to ‘Data Processor’, or ‘Processor’ as appropriate, in the Data Protection Laws;
“Data Protection Laws” means any and all laws, statutes, enactments, orders or regulations or other similar instruments of general application and any other rules, instruments or provisions in force from time to time relating to the processing of personal data and privacy applicable to the performance of this Agreement, including where applicable the Data Protection Act 1998, the Data Protection Act 2018, the Regulation of Investigatory Powers Act 2000, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI2426/2003) and the GDPR (Regulation (EU) 2016/679), as amended or superseded;
“GDPR” Means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC as updated, superseded or repealed from the time to time;
“Personal Data” has the meaning given in the Data Protection Laws.
“Sub-Processor” means any processor engaged by KLOO (or by any other Sub-Processor) for carrying out any processing activities in respect of the Personal Data provided by the Company.
Where KLOO, pursuant to this Agreement, processes Personal Data on behalf of the Company, KLOO acknowledges that the Company is the Data Controller and the owner of such Personal Data, and that KLOO is the Data Processor.
COMPLIANCE WITH DATA PROTECTION LAWS
The Data Processor warrants that it has complied, and shall continue to comply, with the requirements of the applicable Data Protection Laws and all other data protection legislation in any jurisdiction relevant to the exercise of its rights or the performance of its obligations under this Agreement.
In respect of any Personal Data to be processed by the Data Processor pursuant to this Agreement for which the Company is Data Controller, the Data Processor shall:
have in place and at all times maintain appropriate technical and organisational measures in such a manner as is designed to ensure the protection of the rights of the data subject and to ensure a level of security appropriate to the risk and shall implement any reasonable security measures as requested by the Company from time to time;
not engage any sub-processor without the prior specific or general written authorisation of the Company (and in the case of general written authorisation; the Data Processor shall inform the Company of any intended changes concerning the addition or replacement of other processors and the Company shall have the right to object to such changes);
ensure that each of the Data Processor’s employees, agents, consultants, subcontractors and sub-processors are made aware of the Data Processor’s obligations under this Schedule and enter into binding obligations with the Data Processor to maintain the levels of security and protection required under this Schedule. The Data Processor shall ensure that the terms of this Schedule are incorporated into each agreement with any sub-processor, subcontractor, agent or consultant to the effect that the sub-processor, subcontractor, agent or consultant shall be obligated to act at all times in accordance with duties and obligations of the Data Processor under this Schedule. The Data Processor shall at all times be and remain liable to the Company for any failure of any employee, agent, consultant, subcontractor or sub-processor to act in accordance with the duties and obligations of the Data Processor under this Schedule;
process that Personal Data only on behalf of the Company in accordance with the Company’s instructions and to perform its obligations under this Agreement or other documented instructions from the Company and for no other purpose save to the limited extent required by law;
(at no additional cost to the Company) within 7 days following the end of the term of this Agreement, deliver to the Company (in such format as the Company may require) a full and complete copy of all Personal Data, and, following confirmation of receipt from the Company, permanently remove the Personal Data (and copies) from the Data Processor’s systems, and the Data Processor shall certify to the Company that it has complied with these requirements, and such Personal Data shall remain confidential in perpetuity;
ensure that all persons authorised to access the Personal Data are subject to obligations of confidentiality and receive training to ensure compliance with this Agreement and the Data Protection Laws;
make available to the Company all information necessary to demonstrate compliance with the obligations laid out in Article 28 of GDPR and this Schedule and allow for and contribute to audits, including inspections, conducted by the Company or another audit or mandated by the Company, of the Data Processor’s data processing facilities, procedures and documentation (and the facilities, procedures and documentation of any sub-processors) in order to ascertain compliance with Article 28 GDPR and this Schedule, within 5 working days of request by the Company, and, following any such audit, without prejudice to any other rights of the Company, the Data Processor shall implement such measures which the Company considers reasonably necessary to achieve compliance with the Data Processor’s obligations under this Schedule; provided that, in respect of this provision the Data Processor shall immediately inform the Company if, in its opinion, an instruction infringes Data Protection Laws;
taking into account the nature of the processing, provide assistance to the Company, within such timescales as the Company may require from time to time, at no charge to the Company, in connection with the fulfilment of the Company’s obligation as Data Controller to respond to requests for the exercise of data subjects’ rights pursuant to Chapter III of the GDPR to the extent applicable;
provide the Company with assistance in ensuring compliance with articles 32 to 36 (inclusive) of the GDPR (concerning security of processing, data breach notification, communication of a personal data breach to the data subject, data protection impact assessments, and prior consultation with supervisory authorities) to the extent applicable to the Company, taking into account the nature of the processing and the information available to the Data Processor;
(at no additional cost to the Company) deal promptly and properly with all enquiries or requests from the Company relating to the Personal Data and the data processing activities, promptly provide to the Company in such form as the Company may request, a copy of any Personal Data requested by the Company;
(at no additional cost to the Company) assist the Company (where requested by the Company) in connection with any regulatory or law enforcement authority audit, investigation or enforcement action in respect of the Personal Data;
immediately notify the Company in writing about:
any Data Breach or any accidental loss, disclosure or unauthorised access of which the Data Processor becomes aware in respect of Personal Data that it processes on behalf of the Company;
any request for disclosure of the Personal Data by a law enforcement authority (unless otherwise prohibited);
any access request or complaint received directly from a data subject (without responding other than to acknowledge receipt); and
maintain a record of its processing activities in accordance with Article 30 of the GDPR.
In respect of any Personal Data to be processed by a party acting as Data Processor pursuant to this Agreement for which the other party is Data Controller, the Data Processor shall not transfer the Personal Data outside the EEA or to an international organisation without:
obtaining the written permission of the Data Controller;
ensuring appropriate levels of protection, including any appropriate safeguards if required, are in place for the Personal Data in accordance with the Data Protection Laws;
notifying the Data Controller of the protections and appropriate safeguards in paragraph 5.1.2 above;
Where Kloo acts as a Data Processor on behalf of the Company
The following table sets out the details of processing as required by Article 28 of GDPR:
Purposes for which the Personal Data shall be processed
Please specify the purposes for which KLOO intends to process the Personal Data.
KLOO, when acting as Data Processor on behalf of the Company, shall process the Personal Data described in this table for the sole purpose of delivering the Services; ensuring quality, maintaining safety, and improving the Services and customizing customer experience as described under this Agreement.
Description of the categories of the data subjects
Please specify the categories of data subject whose Personal Data shall be processed under this Agreement.
Description of the categories of Personal Data
Please specify the categories of Personal Data that shall be processed under this Agreement.
The following data fields may be processed by KLOO on behalf of the Company:
Description of transfers of Personal Data to a country outside of the EAE
Please record transfers of Personal Data outside of the EEA, recording the country and/or international organisation and, where applicable, please document suitable safeguards.
The envisaged time limits for erasure of the different categories of Personal Data
Please specify how long you think the Personal Data will be retained for, where possible.
All Personal Data shall be deleted within 5 years from termination or performance of the Services by means of encryption solutions or deletion from the Servers where they have been stored.
General description of technical and organisational security measures
Where possible, please describe the measures put in place under Article 32(1) GDPR.
List the sub-processors who will process Personal Data.
Please see Annex B to this Schedule below – all of the sub-processors listed in Annex B to this Schedule are hereby authorised by the Company to act as sub-processors for and on behalf of KLOO.
List of trusted third parties where data is hosted in the EEA or in the United Kingdom:
|Address||Reason for data sharing||Impacted individuals|
|Modulr FS Limited||Scale Space, 58 Wood Lane, London, W12 7RZ||For Modulr to issue physical or virtual corporate payment cards and provide money account(s) linked to the Kloo Account||Employees, contractors, Administrators, Cardholders, Users, or other individuals given access to the Services and the Kloo Account|
|PenTest People||The Coachworks, 21 The Calls, Leeds, LS2 7EH, United Kingdom||Penetration testing services||Employees, contractors, Administrators, Cardholders, Users, or other individuals given access to the Services and the Kloo Account|
|Codat||301 Ink Rooms, 28 Easton St, London WC1X 0BE||Integration with accounting software via API||Employees, contractors, Administrators, Cardholders, Users, or other individuals given access to the Services and the Kloo Account|
|Nitecrest||32a Marathon Pl, Moss Side Industrial Estate, Leyland PR26 7QN||Production of physical cards||Employees, contractors, Administrators, Cardholders and Users|
|Tell.Money||20 Red Lion Street, Holborn, WC1R 4PS||PSD2 dedicated interface|
|Blenheim Chalcot LTF||58 Wood Lane, W12 7RZ||Product management, HR, legal support and accounting support|