Oneboard - Terms and conditions

Contacts

Name and address
Oneboard AG
Dr. Grass Strasse 12FL-9490 Vaduz
Fürstentum Liechtenstein

‍Contact information
Phone +423 794 04 54
support@oneboard.li
‍www.oneboard.li

Registration Number
FL-0002.686.816-9

Terms and Conditions

1. Definitions and Interpretations

‍1.1. In these Terms and Conditions, the followingdefinitions shall apply:
API
means the Service Provider’s application programming interface, which is a setof functions and procedures that facilitate the submission of applications foraccess to the features and functionalities of the System and communicationbetween the System and the Customer Platform.

Applicant
means an end user of the Customer Platform (whether natural person or legalentity) providing documents, images, and other input data in respect of whichthe Service Provider performs Checks and other Services.

Authorized User
means any member of the Customer's personnel or another individual authorizedby the Customer to access and/or use the System on behalf of the Customer.

Billing Start Date
means (i) the date when the Customer indicates its payment method and billingdetails and activates the chosen Pricing Plan in the Dashboard; or (ii) expiryof the Trial Period, if any, whichever is later. The Services shall becomechargeable as per the applicable Pricing Plan upon the Billing Start Date.

Business Purpose
means the permitted purpose for which the Customer may use the System and/orthe Services. For clarity, the Customer may use the System and/or the Servicesfor lawful purposes of remote identity verification, fraud prevention,compliance with AML/CFT laws and regulations, internal risk management and duediligence procedures, and other essentially similar purposes. The Customer isnot allowed to resell, sublicense, redistribute, or otherwise make the Systemand/or the Services (or any materials or results derived therefrom) availableto any third party without the Service Provider’s prior written consent (whichthe Service Provider shall not unreasonably withhold if it is required underapplicable laws or regulations or a lawful request by a competent governmentauthority to make the System and/or the Services available to a third party).

Check
means a subcategory of the Services with the following characteristics: (i) aCheck is deemed completed when the Applicant in respect of which it has beenconducted is assigned a “Rejected”, “Approved”, or “Resubmission requested”status in the Dashboard; and (ii) if any Check is reiterated in respect of thesame Applicant later than one calendar month from the moment when the firstsuch Check was completed or, irrespectively of the timing, by the Customer orat the Customer's request, such reiteration shall be considered a new Checkand, therefore, billed separately.

Commencement Date
means the date on which the Customer

(i) expresses its consent to be bound by these Terms and Conditions via theWebsite; or

(ii) starts using or otherwise accesses the System and/or the Services in theabsence of a commercial agreement in force between the Parties,

(whichever is earlier).Confidential Information

means information disclosed by (or on behalf of) the Service Provider to theCustomer in connection with or in anticipation of these Terms and Conditionsthat is marked as confidential or, from its nature, content, or thecircumstances in which it is disclosed, could reasonably be deemedconfidential. It does not include information (i) that the Customer had alreadypossessed on a lawful basis prior to the disclosure, (ii) that becomes publicthrough no fault of the Customer, (iii) that was independently developed by theCustomer, (iv) that was lawfully transferred to the Customer by a third partybearing no confidentiality obligation towards the Service Provider; or (v) thatis approved for disclosure by the Service Provider in writing.Customer Platform

means the information technology system owned and/or operated by the Customer,if any, which receives data from the Service Provider and/or the System basedon these Terms and Conditions.DPA

means the Data Processing Agreement as contained in Annex 3 to these Terms andConditions.Fees

means the charges payable by the Customer to the Service Provider under theseTerms and Conditions, including in particular Annex 2 hereto (“Payment Terms”),as per the applicable Pricing Plan or as otherwise agreed by the Parties.Intellectual Property Rights

means all patents, rights to inventions, utility models, copyright and relatedrights, trademarks, service marks, trade, business and domain names, rights intrade dress or get-up, rights in goodwill or to sue for passing off, unfaircompetition rights, rights in designs, rights in computer software, databaserights, topography rights, moral rights, rights in Confidential Information(including know-how and trade secrets) and any other intellectual propertyrights, in each case whether registered or unregistered and including allapplications for and renewals or extensions of such rights, and all similar orequivalent rights or forms of protection in any part of the world.Malicious Code

means viruses, worms, time bombs, Trojan horses, and other similar malware,files, scripts, agents, or programs.New Release

means (i) architectural changes in the System and/or Services; (ii)improvements and bug corrections of the System and/or Services; or (iii)maintenance releases not impacting the visible performance of the System and/orServices.Pricing Plan

means the tariff as chosen by the Customer via the Dashboard (or, where it ispermitted or prescribed under these Terms and Conditions, enabled by theService Provider for the Customer), entitling the Customer to use Services ofsuch types and volumes and on such conditions as specified in the respectivePricing Plan. Current Pricing Plans offered by the Service Provider areavailable at: https://oneboard.li/pricingand in the Dashboard. The Customer may at any time enable or disable any of theServices covered by the applicable Pricing Plan via the Dashboard or, ifnecessary, by contacting the Service Provider at business-support@oneboard.li (forclarity, disabling a Service only results in a reduction of payable Fees if itis explicitly so provided under the respective Pricing Plan). Where theCustomer enables a Service not covered by the Pricing Plan applicable to theCustomer at the relevant time (other than in accordance with Clause 3.5 ofthese Terms and Conditions), the Service Provider may, at its sole discretion,(i) transfer the Customer to a Pricing Plan that includes the Service inquestion, and/or (ii) charge the Customer for its usage of the Service inquestion as per the Pricing Plan including the said Service, and/or (iii)suspend or limit the Customer’s access to the System and/or the Services. Anyapplicable Pricing Plan shall be considered an inherent part of these Terms andConditions.Reusable KYC

means a Service provided by the Service Provider as described in clause 12 ofthese Terms and Conditions.SDK

means the software code supplied by the Service Provider to be embedded intothe Customer Platform and any technical documentation relating to thecorresponding integration.Security Feature

means any key, login, PIN, password, etc. as may be provided by the ServiceProvider to the Customer or created by the Customer for the purposes ofaccessing the System.SLA

means the Service Level Agreement as contained in Annex 1 to these Terms andConditions.Specification

means the list and description of Services corresponding to the Pricing Planapplicable to the Customer at the relevant time. The Service Provider reservesthe right to modify the Specification from time to time, subject to reasonableprior written notice to the Customer in case such modification significantlyimpairs the scope or quality of the Services available to the Customeraccording to the then-current Specification.System

means a set of computer programs and databases owned and/or operated by theService Provider to render the services described in the Specification (the “Services”),including API and SDK. The System includes an interactive software toolfacilitating the communication between the Service Provider and the Customerand ensuring the management and processing of requests as submitted by theCustomer or by its Applicants (the “Dashboard“).Trial Period

means a limited period of time during which the Customer may be entitled to usea limited number of Checks (as determined in the applicable Pricing Plan) freeof charge and for the purposes of testing the Services and the functionality ofthe System.Website

means www.oneboard.li and its subdomains.1.2 No provision of these Terms and Conditions shall beconstrued against or interpreted to the disadvantage of any Party by reason ofsuch Party having or being deemed to have structured or drafted such provision.1.3 Any reference to "days" shall mean calendardays unless qualified by the word "business", in which instance a"business day" shall be any day other than a Saturday, Sunday, bankholiday, or a public holiday in the Service Provider’s jurisdiction ofincorporation.1.4 Any provision conferring rights or imposing obligationson a Party and contained in any of the definitions listed in clause 1.1 orelsewhere in these Terms and Conditions shall be given effect as if it were asubstantive provision within the body of these Terms and Conditions.1.5 Where figures are referred to in numerals and in words,and there is any conflict between the two, the words shall prevail.1.6 Where the expressions “include(s)ª”, “including” or “in particular”are used in these Terms and Conditions, the list of words following them shallnot be considered exhaustive unless explicitly indicated otherwise.1.7 References to sections, clauses, or Annexes are to theseTerms and Conditions' respective sections, clauses, and Annexes.1.8 A reference to a Party includes its successors andpermitted assigns.1.9 The headings in these Terms and Conditions are for easeof reference only and shall not affect their interpretation.1.10 In these Terms and Conditions, if the context sorequires, references to the singular shall include the plural and vice versa.2. Term2.1 These Terms and Conditions shall become binding betweenthe Parties on the Commencement Date and remain in full force and effect for 12months following the Billing Start Date (cumulatively, the “Initial Period”).Once the Initial Period expires, these Terms and Conditions shall automaticallybe renewed for subsequent periods of 12 months each (the “Renewal Period(s)”).The Initial Period and any Renewal Periods as may follow shall togetherconstitute the “Term”.2.2. Notwithstanding clause 2.1, on the date when theCustomer (i) fully expends any given Pre-Payment (if applicable) or (ii)changes its Pricing Plan to one including a Pre-Payment among the payable Fees,the Initial Period or then-current Renewal Period shall automatically expire,with the subsequent Renewal Period commencing on the following day.3. Connection to the System3.1 The Service Provider shall grant the Customer fullaccess to the System and the Services as purchased under the respective PricingPlan immediately upon the Billing Start Date. Notwithstanding the foregoing:3.1.1) a limited scope of the System’s functionalities (notincluding, in particular, any chargeable Services), determined at the ServiceProvider’s sole discretion, may become available to the Customer upon theCommencement Date, subject to the Customer following the instructions forwardedby the Service Provider to the email address specified by the Customer via theWebsite (if applicable). The Customer shall not upload any personal data(except that of the individual uploading it, unless that individual is also anApplicant) into the System before the Billing Start Date. Any output generatedby the Service Provider in relation to any data uploaded by the Customer intothe System prior to the Billing Start Date is a mere demonstration of theSystem’s capabilities and may not be regarded as processing similar orequivalent to that constituting the Services;3.1.2) immediately upon the Commencement Date, as well asupon the beginning of the Trial Period (or, if there is no Trial Period, themoment the Customer starts using the chargeable Services) and thereafter, theCustomer shall be obliged, when requested to do so, to submit to the ServiceProvider certain information about itself as further specified by the ServiceProvider via the Website, by email or otherwise for due diligence purposes(including, but not limited to, personal details of Authorized Users; billingdetails as required under the applicable Pricing Plan; company details,ownership and control structure, personal details of ultimate beneficial ownersand senior officers, supporting corporate documents; nature of business and anyrequired licenses, registrations, certifications, approvals (if applicable);website address; and other data as may be requested by the Service Provider).The Service Provider may, in its sole discretion, disregard any updates made bythe Customer to the previously submitted information, to the extent suchupdates do not amount to an assignment permitted under clause 11.7 below. TheService Provider shall be entitled, at its sole discretion, to suspend or limitthe Customer’s access to the System and/or the Services and/or terminate theTerms and Conditions as between itself and the Customer where (i) the Customerfails to timely provide the requested information (in full or in part); (ii)the information provided by the Customer is false, incomplete, inconsistent, orincorrect; (iii) the Service Provider may not or is recommended not to continuea business relationship with the Customer as per the Service Provider’s duediligence policies and procedures; or (iv) in any other case as may be definedby these Terms and Conditions. The Service Provider shall not be obliged todisclose the scope or results of its due diligence procedures. Where theService Provider has informed the Customer that its due diligence procedureshave rendered a final negative result and has withdrawn the Customer’s accessto its account in the System’s production environment, these Terms andConditions shall be considered terminated with immediate effect; should theaccess to the same account be subsequently restored, the Terms and Conditionsshall be considered to have continued in force, starting from the moment ofsuch restoration, on the same terms as were in effect between the Partiesimmediately prior to the termination, unless a newer version of these Terms andConditions has been adopted, in which case the updated version shall apply fromits effective date or from the date of restoration, whichever is later.3.2. On or after the Commencement Date (but not before theCustomer indicates its payment method, company details and billing details andactivates the chosen Pricing Plan in the Dashboard), the Service Provider may,at its sole discretion, grant the Customer an option to activate a TrialPeriod, the exact duration and scope of which shall be specified in theDashboard. The Trial Period may only be activated by the Customer. The Customeracknowledges that not all features and functionalities of the System may beavailable during the Trial Period. Upon the expiry of the Trial Period, theServices shall immediately and automatically become chargeable as per theapplicable Pricing Plan.3.3 For the duration of the Term, the Service Provider shallsupply the Customer with (i) Services based on the Pricing Plan applicable atany relevant time and the SLA; (ii) as soon as reasonably practicable, any NewReleases; and (iii) technical support, including maintaining the Systemup-to-date, in good working order, and free from Malicious Code, and restoringit to normal operational conditions if inaccessible.3.4 The Customer acknowledges that for any reason, at anytime, and without prior notice, the Service Provider may issue New Releases,and agrees to implement such New Releases promptly. Failure of the Customer toupdate its version of the System to the New Release within 60 days ofnotification from the Service Provider shall, for the avoidance of doubt, beconsidered a breach as per clause 10.2(i) of these Terms and Conditions. TheService Provider shall not be in any way liable for the System's incorrectoperation, unavailability, or any other deficiencies that are due to theCustomer's failure to timely comply with its obligations as set out in thisclause 3.4.3.5 The Customer may activate Services not included in itscurrent Pricing Plan (as listed in the Dashboard) by using the Dashboardactivation functionality and providing the required consent via the Dashboard.The Service description, Fees, and any service-specific conditionsdisplayed/referenced in the Dashboard at activation govern use of the activatedService and are incorporated into these Terms and Conditions by reference. Byproviding consent and proceeding with activation, the activating Authorized Userrepresents and warrants that they are duly authorized to bind the Customer tothe activation, the Fees, and the conditions applicable to the relevant Serviceas displayed in the Dashboard. Fees for any Service activated under this clauseaccrue from activation, are recurring and/or usage-based as indicated in theDashboard, and shall be billed and payable in accordance with these Terms andConditions.4. Intellectual Property Rights4.1 The Customer acknowledges and agrees that allIntellectual Property Rights in the System and the Services belong to theService Provider or its licensors (as the case may be) and the Customer shallhave no rights to or interest in the System and/or Services other than thoseexpressly granted under these Terms and Conditions. The Customer undertakes,during the Term and at any time thereafter, not to challenge the IntellectualProperty Rights of the Service Provider or its licensors, nor to assist any thirdparty directly or indirectly to do so.4.2 Subject to clause 4.1, the Service Provider grants theCustomer a worldwide, non-exclusive, non-transferable, non-sublicensable,revocable license for the duration of the Term to use the System and/orServices solely for the Business Purpose, in accordance with these Terms andConditions, and conditional on the Customer’s compliance therewith.4.3. The Customer is not permitted to modify, adapt,translate, process, reverse engineer, rearrange or otherwise rework or makederivative works of any elements of the System, or reproduce the resultsachieved from any of these acts.5. Fees5.1 For the provision of the Services and use of the System,including receipt of any New Releases, support, or maintenance as per theseTerms and Conditions, the Customer shall pay the Service Provider Fees asdetailed in the applicable Pricing Plan and Annex 2 hereto. The Customer mayconvert to another Pricing Plan at any time through the Dashboard or, ifnecessary, by contacting the Service Provider at business-support@oneboard.li. If,as a result of such conversion, the Commitment payable by the Customerregularly as per Annex 2: (i) increases or remains the same compared to theprevious Pricing Plan – the conversion becomes effective immediately, with theFees payable under the new Pricing Plan in the then-current month recalculatedin proportion to the number of days remaining in that month; (ii) decreasescompared to the previous Pricing Plan – the conversion becomes effectivestarting from the first day of the month immediately following the conversion.5.2 The Service Provider reserves the right, in the eventthat a specific Pricing Plan chosen by the Customer is discontinued, to convertthe Customer to another Pricing Plan that includes substantially the sameServices, provided that the Customer is notified no less than fifteen (15)days prior to the effective date of such change. The details of theconversion will be outlined in the relevant notice issued by the ServiceProvider.5.3 Unless it follows otherwise from Annex 2 or theapplicable Pricing Plan, any payable Fees will be automatically withdrawn fromthe bank account specified by the Customer in the Dashboard as furtherspecified in Annex 2. The Customer shall ensure in advance the availability ofsufficient funds on its bank account; where a withdrawal is not successful forany reason, the Service Provider may make multiple repeated attempts, providedthat the amount actually withdrawn never exceeds the amount outstanding underthese Terms and Conditions. Time of payment will be of the essence.5.4 The Service Provider shall have the right to suspend orlimit the Customer’s access to the Services and/or the System: (i) in case anyamounts payable by the Customer are overdue – until all such amounts arereceived by the Service Provider in full; and (ii) in case any amounts payableby the Customer are due and outstanding (without necessarily being overdue) –as described in Annex 2. Additionally, the Service Provider shall be entitledto claim interest on any overdue sum from the due date until payment of theoverdue sum in full, whether before or after judgment. Interest under thisclause 5.3 shall be in the amount of 0,1% of the overdue sum per each day ofdelay.6. Confidentiality and Data Protection6.1 The Customer shall: (i) maintain all ConfidentialInformation in strict and absolute secrecy and refrain from any publication,communication, or any other disclosure of Confidential Information, in whole orin part, to any third party whatsoever; (ii) take all necessary precautions tokeep Confidential Information secure and apply the same security measures anddegree of care to Confidential Information as the Customer applies to its ownconfidential information; and (iii) immediately inform the Service Provider ofany damage to or accidental loss of Confidential Information, includingtransfer to or use by unauthorized persons.6.2 The Customer shall not: (i) use Confidential Informationin order to build a product or service which competes with the Services; (ii)attempt to copy, modify, duplicate, create derivative works from, frame,mirror, republish, download, display, transmit, or distribute all or anyportion of Confidential Information (as applicable) in any form or media or byany means to any individual or entity; or (iii) reverse engineer, decompile ordisassemble Confidential Information.6.3 The Customer shall not be prevented from disclosingConfidential Information to members of personnel or professional advisors (“Representatives”)who need to know it and who have agreed in writing to confidentialityobligations no less restrictive than those contained herein. The Customer shallensure that any Representatives: (i) use Confidential Information only for thepurposes of these Terms and Conditions; and (ii) keep such ConfidentialInformation secret and secure. The Customer shall remain liable for any act oromission by its Representatives as if they were its own.6.4 In the event that the Customer or any of itsRepresentatives are requested pursuant to any applicable law or regulation orby legal process to disclose any Confidential Information, the Customer shallgive the Service Provider prompt notice of such request or legal process inorder to enable the Service Provider: (i) to seek an appropriate protectiveorder or other remedy; or (ii) to consult with the Customer with respect totaking steps to resist or narrow the scope of such request or legal process. Inthe event that such protective order or other remedy is not obtained, theCustomer shall use commercially reasonable efforts to disclose only thatportion of Confidential Information which is legally required to be disclosedand to require that all Confidential Information that is so disclosed will beaccorded confidential treatment.6.5 If so requested by the Service Provider at any time bywritten notice to the Customer, the Customer shall promptly: (i) destroy orreturn to the Service Provider all documents and materials (and any copiesthereof) containing, reflecting, incorporating or based on the ConfidentialInformation; (ii) erase all Confidential Information from its computer andcommunications systems, devices and other means of electronic storage; and(iii) certify in writing to the Service Provider that it has complied with therequirements of this clause 6.5.6.6 Without affecting any other rights and remedies that theService Provider may have, the Customer hereby agrees that damages would not bean adequate remedy for any breach of this section 6 by the Customer and thatthe Service Provider shall be entitled to remedies of injunction, specificperformance and other equitable relief for any threatened or actual breach ofthis section 6. The Customer’s liability for any breach of the provisions ofthis section 6 shall not be subject to any liability limitation otherwiseapplicable under these Terms and Conditions.6.7 Notwithstanding anything to the contrary, clauses6.1-6.6 shall survive the expiry or termination of these Terms and Conditionsindefinitely.6.8 The Service Provider shall guarantee protection ofpersonal data received under these Terms and Conditions as set out in Annex 3hereto.6.9 The Customer grants the Service Provider permission touse personal data transferred to the Service Provider under these Terms andConditions for: (i) developing and testing the Services and/or the System toimprove their capabilities for detection and prevention of fraud, including bymeans of artificial intelligence (e.g. machine learning models); (ii)fulfilling its commitments under the Terms and Conditions and providing acompetitive service; (iii) identifying, flagging, monitoring, and reporting potentiallyfraudulent patterns and other signs of suspicious behaviour which could lead toor signal any illicit activity; (iv) producing anonymised and/or aggregatedstatistical reports and research; and (v) producing and storing audit logrecords and reports based on internal information security and personal dataprotection requirements.6.10 Where these Terms and Conditions are terminated for anyreason (including termination resulting from a final negative outcome of theService Provider’s due diligence procedures in accordance with clause 3.1.2herein), the Service Provider shall, (i) subject to the Customer’s writtenrequest and unless the Customer is in breach of these Terms and Conditions asof the termination date, enable the Customer to retrieve all personal datarelated to its Applicants as may be stored at the relevant time in theCustomer’s dedicated account in the Dashboard, free of charge, within 30 daysfollowing the termination date; and subsequently (ii) delete all such personaldata (excluding any data that the Service Provider may be permitted or obligedto retain under these Terms and Conditions or the applicable laws andregulations) from the System in the absence of the Parties’ mutual agreement tothe contrary.6.11 In addition to the foregoing, where the Customer hascancelled its subscription to the applicable Pricing Plan and/or has suspendedthe provision of the Services by submitting a request via the Dashboard, theService Provider shall, following a period of one (1) year of continuousinactivity in the Customer’s dedicated account in the Dashboard (in the absenceof the Parties’ mutual agreement to the contrary) delete all personal datarelating to the Customer’s Applicants stored in such account, excluding anydata the Service Provider is permitted or obliged to retain under these Termsand Conditions or applicable laws and regulations.7. Security7.1 The Customer shall not permit, enable, or provide accessto the System to anyone except the Authorized Users. In particular, where theCustomer uses Security Features or other credentials in relation to the System,the Customer shall keep those confidential and not share them other than withthe Authorized Users.7.2 Where an Authorized User requires a separate set ofSecurity Features or other credentials to access the System, a request forthese shall only be submitted to the Service Provider by another AuthorizedUser.7.3 All and any actions carried out in the System and/or inthe Dashboard with the use of Security Features or other credentials previouslyissued by the Service Provider to the Customer or its Authorized Users orcreated by the Customer or its Authorized Users shall be regarded as performedby Authorized Users and attributed to the Customer. The Service Provider shallnot be in any way liable for the consequences of such actions. Additionally,the Service Provider shall be in no way liable for the consequences ofunauthorized third parties gaining access to such Security Features through nofault of the Service Provider.7.4. The Customer shall be responsible and liable for anyacts or omissions of its Authorized Users (and any third parties that may beregarded as Authorized Users under clause 7.3) as if they were its own.7.5 The Customer is solely responsible for (i) selecting,vetting, and supervising Authorized Users; (ii) defining and assigning toAuthorized Users roles and permissions available in the System according to theprinciple of least privilege; and (iii) regularly (including, where applicable,upon notice from the Service Provider) reviewing the roles and permissionsthen-currently assigned to each Authorized User.8. Liability8.1 SUBJECT TO CLAUSE 8.2, THIS SECTION 8 SETS OUT THEENTIRE FINANCIAL LIABILITY OF THE SERVICE PROVIDER (INCLUDING ANY LIABILITY FORTHE ACTS OR OMISSIONS OF ITS EMPLOYEES, AGENTS AND SUB-CONTRACTORS) IN RESPECTOF: (i) ANY BREACH OF THESE TERMS AND CONDITIONS; (ii) ANY USE MADE BY THECUSTOMER OF THE SERVICES OR ANY PART THEREOF; AND (iii) ANY REPRESENTATION,STATEMENT OR TORTIOUS ACT OR OMISSION (INCLUDING NEGLIGENCE) OR BREACH OFSTATUTORY DUTY ARISING UNDER OR IN CONNECTION WITH THE TERMS AND CONDITIONS.8.2. NEITHER PARTY EXCLUDES OR LIMITS LIABILITY TO THE OTHERPARTY FOR: (i) FRAUD OR FRAUDULENT MISREPRESENTATION; (ii) PAYMENT OF SUMSPROPERLY DUE AND OWING TO THE OTHER PARTY IN THE COURSE OF NORMAL PERFORMANCEOF THESE TERMS AND CONDITIONS; (iii) ANY INDEMNITIES UNDER THESE TERMS ANDCONDITIONS; OR (iv) ANY MATTER FOR WHICH IT WOULD BE UNLAWFUL FOR THE PARTIESTO EXCLUDE OR LIMIT LIABILITY.8.3 SUBJECT TO CLAUSE 8.2, THE SERVICE PROVIDER SHALL NOT INANY CIRCUMSTANCES BE LIABLE, WHETHER IN CONTRACT, TORT (INCLUDING FORNEGLIGENCE AND BREACH OF STATUTORY DUTY HOWSOEVER ARISING), MISREPRESENTATION(WHETHER INNOCENT OR NEGLIGENT), RESTITUTION OR OTHERWISE, FOR: (i) ANY LOSS OFPROFITS, INCOME, GOODWILL, REVENUE, REPUTATION, OR BUSINESS OPPORTUNITIES; (ii)ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES NOT COVERED UNDER SUBCLAUSE8.3(i); (iii) ANY LOSS OR CORRUPTION OF DATA OR INFORMATION, EXCEPT IF IT WASCAUSED BY A BREACH OF THESE TERMS AND CONDITIONS BY THE SERVICE PROVIDER.8.4 SUBJECT TO CLAUSE 8.2, THE SERVICE PROVIDER’S TOTALAGGREGATE LIABILITY IN CONTRACT, TORT (INCLUDING NEGLIGENCE AND BREACH OFSTATUTORY DUTY HOWSOEVER ARISING), MISREPRESENTATION (WHETHER INNOCENT ORNEGLIGENT), RESTITUTION OR OTHERWISE, ARISING IN CONNECTION WITH THEPERFORMANCE OR CONTEMPLATED PERFORMANCE OF THESE TERMS AND CONDITIONS OR ANYCOLLATERAL CONTRACT SHALL IN ALL CIRCUMSTANCES BE LIMITED TO: (i) 100% OF THETOTAL FEES PAID BY THE CUSTOMER TO THE SERVICE PROVIDER DURING THE 3-MONTHPERIOD IMMEDIATELY PRECEDING THE DATE ON WHICH THE CAUSE OF ACTION FIRST AROSE;OR (ii) 5,000 (FIVE THOUSAND) USD, WHICHEVER IS LESS. THIS LIABILITY LIMITATIONIS CUMULATIVE AND THE EXISTENCE OF MORE THAN ONE CLAIM WILL NOT ENLARGE IT.8.5 THE CUSTOMER ASSUMES SOLE RESPONSIBILITY FOR ANYCONCLUSIONS DRAWN FROM USE OF THE SERVICES.8.6 THE CUSTOMER SHALL INDEMNIFY, DEFEND, AND HOLD HARMLESSTHE SERVICE PROVIDER, ITS AFFILIATES AND THEIR RESPECTIVE OFFICERS,SHAREHOLDERS, DIRECTORS, AND PERSONNEL (AND KEEP THEM INDEMNIFIED ON A FULLINDEMNITY BASIS) FROM AND AGAINST ANY THIRD PARTY CLAIMS, SUITS, HEARINGS,ACTIONS, DAMAGES, LIABILITIES, FINES, PENALTIES, COSTS, LOSSES, JUDGMENTS OREXPENSES (INCLUDING ALL ATTORNEY FEES) ARISING OUT OF OR IN CONNECTION WITH THECUSTOMER’S USE OF THE SERVICES OR THE CUSTOMER’S PERFORMANCE UNDER THESE TERMSAND CONDITIONS (COLLECTIVELY, “CLAIMS”), PROVIDED AND TO THE EXTENT THATSUCH CLAIMS ARE NOT DIRECTLY ATTRIBUTABLE TO ANY BREACH HEREOF BY THE SERVICEPROVIDER.8.7 IT IS EXPRESSLY UNDERSTOOD AND AGREED THAT EACH ANDEVERY PROVISION OF THESE TERMS AND CONDITIONS WHICH ESTABLISHES A LIMITATION OFLIABILITY, DISCLAIMER, WARRANTY OR EXCLUSION OF DAMAGES IS INTENDED BY THEPARTIES TO BE SEVERABLE AND INDEPENDENT OF ANY OTHER PROVISION AND SHALL BEENFORCED AS SUCH.9. Representations and Warranties9.1 The Customer warrants, represents and covenants that:(i) it is duly incorporated, organized and validly existing under theapplicable law; (ii) it has good and sufficient capacity, power, authority andright to enter into, execute and deliver these Terms and Conditions, tocomplete the transactions contemplated hereby and to duly observe and performthe covenants and obligations contained herein; and (iii) all necessarycorporate action has been taken by it to authorize and approve the execution anddelivery of these Terms and Conditions, the completion of the transactionscontemplated hereby and the observance and performance of the covenants andobligations contained herein.9.2 The Customer shall not: (i) use the System and/or theServices to discriminate against any Applicant or in a manner that causesdamage or injury to any person or property or is otherwise incompatible withany applicable law or regulation; (ii) use the System and/or the Services forany purposes other than the Business Purpose; (iii) use the System and/or theServices in a manner that could be reasonably expected to bring the ServiceProvider into disrepute or otherwise harm its reputation; or (iv) act or omitto act in a way that interferes with or compromises the integrity or securityof the System and/or the Services.9.3 No conditions, warranties or other terms apply to theSystem and/or any Services supplied by the Service Provider under these Termsand Conditions other than those expressly set forth herein. The ServiceProvider hereby disclaims any implied warranties whether arising under law,through course of dealing, or otherwise, including any implied warranties ofnon-infringement, title, satisfactory quality, fitness for purpose,merchantability or conformance with description. In addition, the Service Providerdoes not warrant or enter into any other term to the effect that the Servicesor any other technology provided in connection with these Terms and Conditionswill be entirely free from defects or errors. The Customer acknowledges thatthe Services are provided on an “as is” basis. The Services are not intended tobe used as the sole basis for any business decision (including where thosebusiness decisions concern Applicants). The Customer agrees that the ServiceProvider has no liability for any inaccuracy, incompleteness or other error inthe Services which is attributable to data provided by the Customer or anythird party, including cases where the provision of a Service may be limited,suspended or discontinued due to a deficiency and/or unavailability of datasubmitted by an external third-party source the Service Provider may engage toprovide the relevant Service. The Service Provider is not a consumer reportingagency and none of the information provided through the Services constitute a"consumer report" as such term is defined in the Fair CreditReporting Act (15 U.S.C. § 1681 et seq). The Services are expressly limited toproviding supplemental information in support of the Customer’s anti-fraud,customer due diligence and identity verification procedures only. The Servicesare based on information that was not collected, in whole or in part, for thepurpose of serving as a factor in establishing a consumer's eligibility forcredit or insurance, being used primarily for personal, family or household purposes,employment, or any other similar purpose.9.4 This clause 9.4 shall apply if: (a) the ServiceProvider is ONEBOARD AG as stated in the section “Parties to these Termsand Conditions” above, and (b) the Customer is not incorporated andregistered in Cyprus.

The Customer hereby represents and warrants that the use and enjoyment of theServices will exclusively take place outside Cyprus (for clarity, the mere factan Applicant may be a resident of or be located in Cyprus does not constitute abreach of this clause 9.4). The Customer also hereby represents and warrantsthat it does not have any affiliated organizations, branches, representativeoffices, permanent establishments (or any other forms of conducting business)in the territory of Cyprus and does not engage in commercial activities using theServices through such forms.10. Suspension and Termination10.1 Either Party may terminate these Terms and Conditionsat any time for convenience by giving the other Party written notice at least30 (thirty) days prior to the purported termination date. In addition, theCustomer may at any time suspend the provision of Services (without prejudiceto the effect of the provisions of these Terms and Conditions unaffected bysuch suspension) by making a request via the Dashboard, such suspensionbecoming effective on the first day of the month immediately following themonth of the request; for clarity, the Services remain chargeable until thesuspension becomes effective and shall become chargeable again immediately oncethe suspension is removed by the Customer or upon the Customer’s request.10.2 Either Party may terminate these Terms and Conditionswith immediate effect by giving written notice to the other Party if: (i) theother Party is in breach of these Terms and Conditions; (ii) the other Party isin violation of any applicable law or legal regulation; or (iii) the otherParty enters into an arrangement or composition with or for the benefit of itscreditors, goes into administration, receivership or administrativereceivership, is declared bankrupt or insolvent or is dissolved or otherwiseceases to carry on business, or any analogous event happens to the other Partyin any jurisdiction in which it is incorporated or resident or in which itconducts business or has assets.10.3 Any provision of these Terms and Conditions thatexpressly or by implication is intended to come into or continue in force on orafter the termination of these Terms and Conditions shall remain in full forceand effect. Termination of these Terms and Conditions for any reason shall notaffect the accrued rights, remedies, obligations or liabilities of the Partiesthat may have accrued by the termination date.10.4 The Service Provider reserves the right, at its solediscretion, to limit or suspend the Customer’s or any Authorized User’s accessto the System and/or the Services and/or terminate these Terms and Conditionswith immediate effect where it knows or reasonably suspects that:
(i) the Customer is in breach of any warranties, representations, orobligations set out in clauses 9.1-9.2;
(ii) the Customer (including any of its affiliates and their respectiveultimate beneficial owners, directors, officers, agents, or employees) is inbreach of any applicable laws or regulations or is subject to any local orinternational sanctions or restrictions;
(iii) the Customer infringes on the Intellectual Property Rights of the ServiceProvider, its affiliates or its counterparties;
(iv) the Customer has disclosed any Confidential Information in a manner notpermitted under these Terms and Conditions;
(v) a third party has gained unauthorised access to the System and/or theServices as a result of the Customer’s actions or omissions or by using theSecurity Features or other credentials previously issued by the ServiceProvider to the Customer or its Authorized User;
(vi) the Customer’s actions may, in the Service Provider’s reasonable opinion,be detrimental to the legitimate interests or business reputation of theService Provider or its counterparties; or
(vii) the Customer’s usage of the Services exceeds 1000 Checks or 1000Applicants within any given calendar day. In case of suspension, full access tothe System and/or the Services may be restored by the Service Provider at itssole discretion and subject to the Customer taking such actions and providingsuch information as the Service Provider may further determine.10.5. Where the Service Provider is permitted to suspend orlimit the Customer’s access to the System and/or the Services under these Termsand Conditions, it shall be entitled to do so, in all cases in its solediscretion, (i) with immediate effect and with no prior notice; or (ii) inseveral consecutive steps (e.g., by disabling the Customer's access to theDashboard and subsequently stopping the provision of Services altogether); or(iii) in any other manner.11. General11.1 A Party shall not be considered to be in breach ofthese Terms and Conditions, and shall be excused from performance or liabilityfor damages to the other Party (or any third party), if and to the extent it isdelayed in or prevented from performing or carrying out any of the provisionsof these Terms and Conditions due to a labor disturbance, sabotage, act of thepublic enemy, war, invasion, insurrection, riot, fire, storm, flood,earthquake, explosion, epidemic, or any other cause beyond such Party’sreasonable control, including, but not limited to, any curtailment, order,regulation, or restriction imposed by governmental, military or lawfullyestablished civilian authorities, or by making of repairs necessitated by anemergency circumstance not limited to those listed above upon the property orequipment of the Party or property or equipment of others which is deemed underthe operational control of the Party (“Force Majeure”). Any Partyclaiming a Force Majeure event shall use reasonable diligence to remove thecondition that prevents performance and shall not be entitled to suspendperformance of its obligations in any greater scope or for any longer durationthan is required by the Force Majeure event. Each Party shall use its bestefforts to mitigate the effects of the Force Majeure event, remedy itsinability to perform, and resume full performance of its obligations hereunder.Either Party shall be entitled to terminate these Terms and Conditions withimmediate effect by giving the other Party written notice if the Force Majeureevent remains unremedied for a period of 60 consecutive days.11.2 The Service Provider may update these Terms andConditions occasionally from time to time at its sole discretion. The ServiceProvider shall use reasonable endeavours to notify the Customer of such updatesby email and/or via the Dashboard and/or via the Website. The Customer issolely responsible for ensuring it has read, acknowledged, and agreed to theupdated version of these Terms and Conditions. For the avoidance of doubt, theCustomer’s continued usage of the System and/or the Services or the fact theCustomer had not objected to the updates made to these Terms and Conditionsbefore they became effective shall be regarded as acceptance of the updates.
For clarity and subject to the provision above, in the event of any suspensionof the Services and/or the Customer’s access to the Dashboard, and thesubsequent lifting of such suspension and/or restoration of access, the versionof the Terms and Conditions in effect at the time of such restoration shallgovern the Customer’s use of the Services from the date of restoration. Bycontinuing to use the Services following such suspension removal and/or accessrestoration, the Customer acknowledges and agrees to be bound by the version ofthe Terms and Conditions in effect at that time.11.3 Failure or delay of either Party in exercising anyright or remedy under these Terms and Conditions shall not constitute a waiverof such (or any other) right or remedy. The use of any remedy by either Partyshall not constitute an election of that remedy to the exclusion of any otherright or remedy.11.4 If any provision of these Terms and Conditions (or partof any provision) is found by any court or other authority of competentjurisdiction to be invalid, illegal or unenforceable, that provision orpart-provision shall, to the extent required, be deemed not to form part ofthese Terms and Conditions.11.5 These Terms and Conditions constitute the wholeagreement between the Parties and supersede any previous arrangement,understanding or agreement between them relating to the subject matter of theseTerms and Conditions (unless expressly agreed otherwise by the Parties). EachParty acknowledges that in entering into these Terms and Conditions, it has notrelied upon any oral or written statements, collateral or other warranties,assurances, representations or undertakings which were made by or on behalf ofthe other Party in relation to the subject matter of these Terms and Conditionsother than those which are set out herein (or those which the Terms andConditions explicitly refer to).11.6 Except as expressly stated otherwise, nothing in theseTerms and Conditions shall create or confer any rights or other benefits infavour of any person other than the Parties. Except as expressly statedotherwise, nothing in these Terms and Conditions shall create an agency,partnership or joint venture of any kind between the Parties. Neither Partyshall have authority to act in the name of or on behalf of the other, or toenter into any commitment or make any representation or warranty or otherwise bindthe other in any way.11.7 The Customer may not assign any of its rights orobligations under these Terms and Conditions without the prior written consentof the Service Provider, such consent not to be unreasonably withheld. Ifpermitted under the applicable laws and regulations, the Service Provider mayassign its rights and/or obligations to one of its affiliates (meaning entitiescontrolled by, controlling, or under common control with the Service Provider)without the Customer’s consent. Notwithstanding the foregoing, either Party mayassign, subject to advance written notice, its rights or obligations underthese Terms and Conditions to an acquirer of all or substantially all of theassets of such Party without the consent of the other.11.8 The Customer is only permitted to make publicannouncements and/or publish written materials concerning the Service Providerand/or the existence and nature of the business relationship between theParties subject to the Service Provider’s prior written consent, except asrequired by law, any governmental or regulatory authority (including, withoutlimitation, any relevant securities exchange), any court or other authority ofcompetent jurisdiction. The Service Provider may freely use the Customer’s trademarks(including logos) in its promotional or marketing materials, on the Website,etc., for the purpose of publicly identifying the Customer as its counterparty.11.9 Unless specified otherwise in these Terms andConditions, any notice or communication required or permitted to be givenhereunder shall be in writing and in English. It may be delivered:
(i) by hand to a responsible person during ordinary business hours at the thencurrent physical address as indicated by the receiving Party and shall bedeemed received on the day of delivery,
(ii) by email to the receiving Party’s chosen email address and shall be deemedreceived on the date and at the time recorded by the recipient’s email server(unless there is evidence to the contrary that it was delivered on a differentdate or at a different time),
(iii) via Dashboard, or
(iv) via other means mutually and explicitly agreed in writing by the Parties,and shall be deemed received by written or automated receipt or electronic log(as applicable). The Parties may update their email and physical addresses fornotices or communication at any time by notice in writing, or through theDashboard, or as otherwise provided under this clause 11.9.11.10 The Parties shall: (i) comply with all applicablelaws, statutes and regulations relating to anti-bribery and anti-corruption ;(ii) promptly report to the other Party any request or demand for any unduefinancial or other advantage of any kind received by it in connection with theperformance of these Terms and Conditions.11.11 Governing Law and Dispute Resolution The Service Provider Governing Law and jurisdictionThis Agreement and all disputes and claims arising out of orin connection with it are governed by English law.

All disputes arising out of or in connection with this Agreement shall bereferred to and finally resolved by arbitration administered by theInternational Court of Arbitration of the International Chamber of Commerce inaccordance with the Rules of Arbitration of the International Chamber ofCommerce.
The parties agree, pursuant to Article 30(2)(b) of the Rules of Arbitration ofthe International Chamber of Commerce, that the Expedited Procedure Rules shallapply irrespective of the amount in dispute.
The number of arbitrators shall be one.
The law governing this arbitration clause shall be English law.
The seat of the arbitration shall be London, England.
The language of the arbitration shall be English.

No award or procedural order made in the arbitration shall be published. TheParties shall at all times treat all matters relating to the proceedings andany arbitral award as confidential. ONEBOARD TECHNOLOGY LLCThis Agreement and all disputes and claims arising out of orin connection with it are governed by English law.
All disputes arising out of or in connection with this Agreement shall bereferred to and finally resolved by an arbitration administered by theSingapore International Arbitration Centre (“SIAC”) under the Arbitration Rulesof the Singapore International Arbitration Centre (“SIAC Rules”) for the timebeing in force, which rules are deemed to be incorporated by reference intothis clause.
The Parties agree, pursuant to Rule 5.1(b) of the SIAC Rules, that theExpedited Procedure shall apply.
The number of arbitrators shall be one. The law governing this arbitrationclause shall be English law.
The seat of the arbitration shall be Singapore.
The language of the arbitration shall be English.

In respect of any court proceedings in Singapore commenced under theInternational Arbitration Act 1994 in relation to the arbitration, the partiesagree (a) to commence such proceedings before the Singapore InternationalCommercial Court (“the SICC”); and (b) in any event, that such proceedingsshall be heard and adjudicated by the SICC. Oneboard Inc.This Agreement and all disputes and claims arising out of orin connection with it are governed by the laws of the State of New York.
With the sole exception of any application for injunctive relief, the Partiesirrevocably agree that the courts of the State of New York have exclusivejurisdiction to settle any dispute or claim (whether contractual ornon-contractual) arising out of or in connection with this Agreement (includingtheir subject matter or formation).
The Parties agree that the prevailing Party shall be entitled to recover, on afull indemnity basis, from the other Party the costs and disbursements itincurs in the proceedings, including any attorney’s fees. Oneboard AGThis Agreement and all disputes and claims arising out of orin connection with it are governed by the laws of Singapore.

All disputes arising out of or in connection with this Agreement shall bereferred to and finally resolved by arbitration administered by the SingaporeInternational Arbitration Centre (“SIAC”) under the Arbitration Rules of theSingapore International Arbitration Centre (“SIAC Rules”) for the time being inforce, which rules are deemed to be incorporated by reference into this clause.
The Parties agree, pursuant to Rule 5.1(b) of the SIAC Rules, that theExpedited Procedure shall apply.
The number of arbitrators shall be one.
The law governing this arbitration clause shall be Singapore law.
The seat of the arbitration shall be Singapore.
The language of the arbitration shall be English.

In respect of any court proceedings in Singapore commenced under theInternational Arbitration Act 1994 in relation to the arbitration, the partiesagree (a) to commence such proceedings before the Singapore InternationalCommercial Court (“the SICC”); and (b) in any event, that such proceedingsshall be heard and adjudicated by the SICC.12. Reusable KYC Service12.1 This сlause 12 sets out the description andfunctionality of the Reusable KYC Service, together with the terms andconditions applicable to its provision to the Customer.12.2 Reusable KYC Service enables the Customer to:
(i) upon request from a Reusable KYC Recipient, share all or some of the datathen-currently stored in the Dashboard profile of a given Customer’s Applicant,to the extent facilitated by the Service Provider at the relevant time, withthat Reusable KYC Recipient, thereby acting as a “Reusable KYC Donor”. “ReusableKYC Recipient” shall mean any legal entity with an active Dashboard account(operated as per any binding agreement between either (a) the Customer and theService Provider (or any of the latter’s affiliates, as the case may be); or(b) the respective legal entity and the Service Provider (or any of thelatter’s affiliates, as the case may be)) and authorized access to the ReusableKYC Service or the CopyApplicant Service; and
(ii) receive, from another Reusable KYC Donor (subject to the latter’sauthorization), all or some of the data then-currently stored in the Dashboardprofile of a given Applicant of that Reusable KYC Donor, thereby acting as aReusable KYC Recipient itself;
on the following conditions: •any sharing or receiving of data as described above shall only be conducted via the System and between the Dashboard accounts of the Reusable KYC Donor and the Reusable KYC Recipient engaged in the respective transfer; •any data transferred to the Customer acting as a Reusable KYC Recipient shall undergo such Checks and other Services (chargeable separately) as are purchased under these Terms and Conditions and required as per the Customer’s Dashboard settings (if applicable); •for the Customer to be able to share any Applicant data with any Reusable KYC Recipient or receive any Applicant data from any Reusable KYC Donor, the Customer shall, via the Dashboard (or otherwise if the required functionality is not available in the Dashboard at the relevant time), (i) communicate this intention to the respective Reusable KYC Recipient or Reusable KYC Donor (as the case may be) and (ii) obtain their confirmation. By accepting these Terms and Conditions, the Customer agrees to automatically join the network of Reusable KYC Recipients and Reusable KYC Donors available in the Dashboard (as may be facilitated by the Service Provider at the relevant time) and acknowledges every other participant of the said network as eligible to engage in data sharing with the Customer for the purposes of this Service both as a Reusable KYC Recipient and as a Reusable KYC Donor; conditions (i) and (ii) shall be deemed fulfilled in relation to such participants; •the Customer acknowledges that the Service Provider does not in any way guarantee (i) the willingness of any Reusable KYC Donor or Reusable KYC Recipient to transfer Applicant data to or from the Customer; or (ii) the sufficiency or suitability of any Applicant data transferred by or to the Customer for any particular purpose; or (iii) the availability of any specific Applicant data for the Customer’s receipt; or (iv) any other features or characteristics of the Service not explicitly detailed hereunder; •for the purposes of all data processing activities necessary to provide this Service to the Customer, the Service Provider remains a data processor acting in accordance with the Customer’s instructions (as detailed in the DPA). The Customer and any Reusable KYC Donors and/or Reusable KYC Recipients exchanging Applicant data with the Customer for the purposes of this Service shall, in relation to one another, be considered by the Service Provider as independent data controllers (unless the Customer demonstrates the existence of a joint data controller relationship instead, in which case the Customer shall also instruct the Service Provider on how the data controller rights and obligations are allocated between the relevant parties); •the Customer warrants that it has a legal basis, under the applicable data protection laws and regulations, (i) as a Reusable KYC Donor – to transfer its Applicants’ data to any of its Reusable KYC Recipients and (ii) as a Reusable KYC Recipient – to receive, from any of its Reusable KYC Donors, any of the latter’s Applicants’ data; •the Customer acting as a Reusable KYC Donor additionally warrants that it has a legal basis, under the applicable data protection laws and regulations, permitting the Service Provider to search through the profiles of all Applicants whose personal data is then-currently being processed by the Service Provider on behalf of the Customer via their email addresses or other identifiers and that it has informed its Applicants about such data processing as required by the applicable data protection laws. This search is initiated when an Applicant seeks verification with a Reusable KYC Recipient (in the SDK implementation of the Service) or when a data transfer is requested by a Reusable KYC Recipient (in the API implementation of the Service) and is intended to locate the personal data of the Applicant they may have previously provided to one of the Reusable KYC Donors; •any transfer of the Applicant’s data between a Reusable KYC Donor and a Reusable KYC Recipient will be carried out by the Service Provider subject to the following conditions: (i) the Dashboard settings for the Reusable KYC Donor and the Reusable KYC Recipient are compatible with the execution of the transfer; (ii) the Applicant’s profile has enough data to fulfill the requirements of the Dashboard configuration of the Reusable KYC Recipient; (iii) specifically and only with regard to the SDK implementation of the Service – the Applicant has made a request, referred to as a "Data Portability Request", to transfer their personal data previously provided to the Reusable KYC Donor for verification with the Reusable KYC Recipient. The Service Provider will implement a technical feature within the System to allow Applicants to submit Data Portability Requests. By acting as a Reusable KYC Donor, the Customer authorizes the Service Provider to process and fulfill any such Data Portability Request submitted by any of the Customer’s Applicants; •The Service Provider may maintain a data log to record all transfers of data which have been carried out as part of this Service. The data log may include, without limitation, the following data items: timestamp, Reusable KYC Donor’s identity, Reusable KYC Recipient’s identity, Applicant’s ID. 12.3 The Service Provider may, in its sole discretion,suspend or discontinue the provision of Reusable KYC Service to the Customer(or its respective affiliate, as the case may be) should any of theaforementioned conditions be breached.12.4 Reusable KYC Service is available in (i) the SDKimplementation; (ii) the API implementation; and (iii) a combination of both,to be chosen by the Customer at its own discretion. The Customer acknowledgesthat a data transfer executed via the API implementation is conducted withoutreal-time authorization of the respective Applicant, which shall not in any waydiminish the Customer’s obligations under the applicable data protection lawsas set out above.

Privacy Notice

1. Preamble
OneBoard AG, located at Dr. Grass-Strasse 12, 9490 Vaduz (hereinafter "OneBoard"), processes information and personal data relating to you (hereinafter "data subject"). Generally, this information processing by OneBoard occurs within the framework of existing or prospective business relationships, including the use of the website.OneBoard is committed to the best possible protection of your personal data.The controller within the meaning of the EU General Data Protection Regulation (GDPR) is OneBoard.This privacy policy describes the processing of personal data in connection with the provision of services by OneBoard and its website. The basis for this privacy policy is the GDPR, the Data Protection Act (DSG), and the relevant special statutory provisions.OneBoard reserves the right to adapt the privacy policy as necessary. You should regularly check whether you agree with the changes made.

2. Personal DataPersonal data are all information through which a natural person can be directly or indirectly identified. This includes, for example, name, address, email address, phone number, date of birth, age, gender, tax identification number. Sensitive data (a particularly protected data category), such as health data or data in connection with a criminal proceeding, are also included.OneBoard collects, processes, and uses your personal data exclusively in accordance with the provisions of Articles 5 and 6 of the GDPR (contract, legal obligation, legitimate interest, or consent of the data subject).Only such personal data are collected that are necessary for the execution and processing of OneBoard's services or that have been voluntarily provided by you.

3. Use of Personal DataOneBoard is subject to confidentiality and secrecy obligations derived from data protection law, contract law, or OneBoard's code of conduct. When processing personal data, OneBoard is bound by these obligations. The processing of personal data takes place (i) for the fulfillment of contracts, (ii) for compliance with legal or regulatory obligations, (iii) for the pursuit of legitimate interests, and (iv) for the performance of tasks in the public interest (e.g., to prevent or detect crimes).Personal data are usually processed based on a contractual relationship, i.e., to establish, manage, and carry out contractual relationships. Additionally, data processing takes place for the purpose of maintaining and upholding customer relationships and for purposes of self-promotion.The following data are processed:
‍Inventory data (e.g., names, addresses, birth dates, nationality, civil status, title, gender)
‍Contact data (e.g., email addresses, phone numbers, billing address)
‍Usage data (e.g., visited websites, interest in content, access times)
‍Meta/communication data (e.g., device information, IP addresses)
‍Technical data (e.g., Internet Service Provider, browser type, browser fingerprint, time zone settings, location, operating system, mobile network information)
‍Identification features assigned to you (e.g., customer number)

3.1 NewsletterYou have the option to subscribe to a newsletter via the OneBoard website. For this, we need your email address and your declaration that you agree to receive the newsletter and the storage, processing, and maintenance of the data.You can cancel your newsletter subscription at any time.We send our newsletter with MailChimp and use features of the MailChimp newsletter service from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA, to collect newsletter registrations.
‍General Information on MailChimp:The Rocket Science Group LLC (MailChimp) operates online platforms that allow their users to stay in contact with their subscribers, primarily via email. It allows users to upload email addresses and other subscriber profile information, such as name, physical address, and other demographic information, into the MailChimp database. This information is used to send emails and to use certain other MailChimp features for these users. In accordance with published privacy policies, MailChimp shares some information with third parties to provide and support the services MailChimp offers to users. MailChimp also shares some information with third-party advertising partners to better understand the needs and interests of users, so that more relevant content and targeted advertising can be provided to these users and others.
‍Newsletter Registration:When you register for our newsletter on our website, the data you enter will be stored by MailChimp.
‍Deletion of Your Data:You can revoke your consent to receive our newsletter at any time by clicking the link in the footer of the newsletter. If you unsubscribe by clicking the unsubscribe link, your data will be deleted by MailChimp.
‍Newsletter Evaluation:When you receive a newsletter via MailChimp, information such as IP address, browser type, and email program are stored to provide us with information on the performance of our newsletter. MailChimp can determine whether the email has been delivered, whether it has been opened, and whether links have been clicked using the images embedded in the HTML emails called web beacons (more information can be found at https://kb.mailchimp.com/reports/about-open-tracking). All this information is stored on MailChimp servers, not on this website.Information on MailChimp's privacy policy can be found at https://mailchimp.com/legal/privacy/.

3.2 CookiesOneBoard uses cookies on its website to obtain information about the use of the website. Cookies are small files stored on your computer that serve to store page settings. This way, certain information does not need to be repeated on a subsequent visit to the website. You can prevent the installation of cookies by setting your browser software accordingly and delete any cookies set by a OneBoard website. By not taking these measures, you agree to the use of cookies when using the company's website.When using the company's website, access data (e.g., log files, IP address, date and time of access, name of the accessed file, access status, top-level domain, used web browser, used operating system) are stored. OneBoard uses this data for statistical purposes as well as for technical evaluations, for the optimization of the server infrastructure, to determine the frequency of access, and finally to draw conclusions for improving user-friendliness and functionalities.The following cookie types and functions are distinguished:
‍Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their browser.
‍Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be stored or preferred content can be displayed directly when the user visits a website again. Likewise, user interests, which are used for range measurement or marketing purposes, can be stored in such a cookie.
‍First-party cookies: First-party cookies are set by OneBoard itself.
‍Third-party cookies: Third-party cookies are mainly used by advertisers (so-called "third parties") to process user information.
‍Necessary (also: essential or absolutely necessary) cookies: Cookies can be necessary for the operation of a website (e.g., to store logins or other user entries or for security reasons).Further information on cookies can be found in our cookie policy or within the framework of obtaining consent.3.3 LinkedInThis website integrates a component of LinkedIn Corporation. LinkedIn is an internet-based social network that allows users to connect with existing business contacts and establish new business contacts. Over 400 million registered people use LinkedIn in more than 200 countries, making LinkedIn the largest platform for business contacts and one of the most visited websites in the world.The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For data protection matters outside the USA, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.With each individual call-up of the OneBoard website, which is equipped with a LinkedIn plugin (LinkedIn button), this plugin causes the browser used by the data subject to download a corresponding representation of the LinkedIn plugin. More information on LinkedIn plugins can be found at https://developer.linkedin.com/plugins. In the course of this technical procedure, LinkedIn receives knowledge of which specific subpage of our website is visited by the data subject.If the data subject is simultaneously logged in to LinkedIn, LinkedIn recognizes with each call-up of our website by the data subject—and for the entire duration of their stay on our website—which specific subpage of our website was visited by the data subject. This information is collected through the LinkedIn plugin and linked to the respective LinkedIn account of the data subject. If the data subject clicks one of the LinkedIn buttons integrated into our website, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores the personal data.LinkedIn receives information via the LinkedIn plugin that the data subject has visited our website, provided that the data subject is logged in to LinkedIn at the time of the call-up to our website. This occurs regardless of whether the person clicks on the LinkedIn plugin or not. If such a transmission of information to LinkedIn is not desired by the data subject, it may be prevented by logging off from their LinkedIn account before calling up our website.LinkedIn provides the possibility to unsubscribe from email messages, SMS messages, and targeted ads, as well as manage ad settings at https://www.linkedin.com/psettings/guest-controls. LinkedIn also partners with Quantcast, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame, which may set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy. The applicable LinkedIn privacy policy is available at https://www.linkedin.com/legal/privacy-policy. The LinkedIn cookie policy is available at https://www.linkedin.com/legal/cookie-policy.

3.4 Google MapsFor our website, we use Google Maps to display our location and create a route description. This is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google."If you access the Google Maps component integrated into our website, Google stores a cookie on your device via your Internet browser. To display our location and create a route description, your user settings and data are processed. We cannot exclude that Google uses servers in the USA.Legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in optimizing the functionality of our website.By connecting to Google, Google can determine from which website your request was sent and to which IP address the route description is to be transmitted.If you do not agree with this processing, you have the option of preventing the installation of cookies by setting your browser software accordingly. Further details can be found above under the section "Cookies."In addition, the use of Google Maps and the information obtained via Google Maps is governed by the Google Terms of Use https://policies.google.com/terms?gl=DE&hl=de and the Google Maps Terms and Conditions https://www.google.com/intl/de_de/help/terms_maps/.Google also offers more detailed information at https://adssettings.google.com/authenticated and https://policies.google.com/privacy.

3.5 Google Tag ManagerFor our website, we use the Google Tag Manager tool provided by Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible. The Google Tag Manager is used for managing and controlling cookies, conversion pixels, or tracking codes from various programs. The information collected through cookies on the website is directly forwarded to the respective tools for further processing. Working with the Tag Manager is efficient and simplifies the management of tracking and cookies. Additionally, the Tag Manager provides support for tag organization, version control of third-party and community-developed tag templates, as well as features for collaboration and enterprise security.3.6 Use of Facebook Social PluginsThis website uses so-called social plugins ("Plugins") of the social network Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The plugins are marked with a Facebook logo or the addition "Social Plugin from Facebook" or "Facebook Social Plugin." An overview of the Facebook Plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins.When you access the OneBoard website, which contains such a plugin, your browser establishes a direct connection to Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of the OneBoard website, even if you do not have a Facebook profile or are not logged into Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there. If you are logged into Facebook, Facebook can immediately assign your visit to our website to your Facebook profile. If you interact with the plugins, for example by pressing the "Like" button or leaving a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for the protection of your privacy, can be found in Facebook's data protection information: http://www.facebook.com/policy.php.If you do not want Facebook to immediately assign the data collected via our website to your Facebook profile, you must log out of Facebook before visiting our website. You can also completely prevent the loading of Facebook plugins with add-ons for your browser, e.g., for Mozilla Firefox: https://addons.mozilla.org/de/firefox/addon/facebook-blocker/, for Opera: https://addons.opera.com/de/extensions/details/facebook-blocker/?display=en, for Chrome: https://chrome.google.com/webstore/detail/facebookblocker/chlhacbfddknadmnmjmkdobipdpjakmc?hl=de.

3.7 Integration of Third-Party Software, Scripts, or FrameworksWe integrate software into our online offer that we retrieve from servers of other providers (e.g., functional libraries we use to display or improve the user-friendliness of our online offer). In this process, the respective providers collect the IP addresses of users and may process them for the purpose of transmitting data to the browsers of users as well as for security and evaluation and optimization of their offers.Processed data types: usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses), contact data (e.g., email addresses, phone numbers), content data (e.g., text inputs, photographs, videos).Affected persons: users (e.g., website visitors, users of online services), communication partners.Processing purposes: providing our online offer and user-friendliness, contact requests and communication, direct marketing (e.g., by email or post), tracking (e.g., interest/behavior-based profiling, use of cookies), interest-based and behavior-based marketing, profiling (creating user profiles), contractual services, and service.Legal bases: consent (Art. 6 para. 1 lit. a GDPR), legitimate interests (Art. 6 para. 1 lit. f GDPR).Following third-party software, scripts, or frameworks are used:
‍Google Font API: On our website, we use Google Fonts. These are the "Google fonts" of the company Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. For more information, visit https://fonts.google.com/ or https://developers.google.com/fonts/faq/. No cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you do not need to worry that your Google account data will be transmitted to Google while using Google Fonts. Google records the use of CSS and the fonts used and stores this data securely. The privacy policy can be found at https://www.google.com/intl/de/policies/privacy/.
‍Viewport Meta: As Viewport (German: Sichtfenster, Sichtöffnung) is generally referred to the size of the available display on mobile devices. This can be, for example, the display of a smartphone, tablet, or phablet. The term viewport has a more specific meaning as a meta element in HTML5 and is an important part of mobile optimization. It serves to make optimal use of the display size by scaling the displayed content. The meta element viewport ensures that the content is displayed correctly and, above all, fully and legibly. This is done by adjusting the width and length of a website so that a mobile browser can optimally display this page. The possibility of zooming into a website can also be defined with the viewport element. Mozilla Corporation, Attn: Legal Notices – Privacy, 331 E. Evelyn Ave, Mountain View, CA 94041, Email: compliance@mozilla.com, https://developer.mozilla.org/de/docs/Mozilla/Mobile/Viewport_meta_tag. The privacy policy can be found at https://www.mozilla.org/de/privacy/websites/.
‍LocalBusiness Schema: By adding LocalBusiness schema markup to your website, we can achieve rich results. These results can help us stand out in search results, increase click-through rates, generate more organic traffic, and drive more conversions. More information can be found at https://schema.org/LocalBusiness.
‍Content Delivery Network: A content delivery network, or CDN, is a network of regionally distributed and interconnected servers via the Internet that delivers content, especially large media files.
‍Contact Form 7: Contact Form 7 can manage multiple contact forms. Forms and email contents can be customized flexibly with simple markup. The form allows for Ajax-powered submission, CAPTCHA, Akismet spam filtering, and more. More information can be found at https://de.wordpress.org/plugins/contact-form-7/.The websites may be linked to websites of other operators or contain content on the websites of other operators. OneBoard has no influence on the websites of other operators (hereinafter "third-party websites") and can therefore neither be responsible nor liable for the accuracy, completeness, timeliness, or legality of the content of third-party websites or their data processing practices. Please also note the privacy policies of the respective third-party websites.Data transmission over the Internet can have security vulnerabilities. Therefore, absolute data protection (e.g., against access by third parties) cannot be guaranteed.4. Data CollectionEach time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.The following data are collected:Information about the browser type and version usedOperating system usedDevice typeReferrer URL (the previously visited website)Hostname of the accessing computer (IP address)The identification number of your device (UDID)Date and time of the server requestAmount of data transferredNotification of successful retrievalWe store this information for a maximum of six months. The storage is carried out for data security reasons to ensure the stability and operational security of our system. The data are used internally for forensic investigations in the event of hack attacks or other security-relevant analyses. This guarantees the security of your data on our systems and ensures that in cases of suspicion, rapid countermeasures can be taken to protect your data. Otherwise, there is no evaluation of the previously mentioned visitor and usage data. These data are also not combined with other data.The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, as we need the automatically collected data for the effective provision of the website within the framework of the pre-contractual relationship, and Art. 6 para. 1 lit. f GDPR, as the storage serves OneBoard's legitimate interest in ensuring the stability and security of the website.We use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser during your visit to our website. You can recognize whether an individual page of our website is transmitted encrypted by the closed display of the key or lock symbol in the address bar of your browser. We also use other suitable technical and organizational security measures (e.g., encryption, access restrictions, access restrictions and controls, confidentiality agreements, staff training) to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.5. Transfer of Personal Data to Third PartiesThe personal data collected within the scope of OneBoard's business activities are generally not passed on to third parties.However, it is possible that your data will be passed on to third parties due to processing requirements or legal provisions to fulfill business orders. Your data will be forwarded in accordance with the provisions of the GDPR.Furthermore, we inform you that OneBoard may obtain information about you from third parties in the course of its business activities and to fulfill legal due diligence obligations.OneBoard transfers your personal data only to countries to which the EU Commission has attested an adequate level of data protection. If OneBoard transfers your personal data to countries that do not have an adequate level of data protection, OneBoard will take measures to ensure the protection of your data by contracting with recipients in those countries to the standard contractual clauses.6. Protection of Personal DataOneBoard takes appropriate technical and organizational measures to protect all data against loss, unauthorized access, or misuse in terms of data processing and storage and in terms of its website.Despite the measures taken to protect the data, you must be aware that data transmission over the Internet—applies to websites as well as email services—is uncontrolled and cross-border. Even if the sender and recipient are in the same country, cross-border data transmission may be given. OneBoard cannot therefore guarantee the confidential treatment of data transmitted over the Internet. If you disclose personal data over the Internet, you must be aware that third parties can access, read, alter, forge, monitor, destroy, or misuse the data. Data transmission may also be delayed. In addition, the data may be lost during transmission. Furthermore, third parties could infer the existence of business relationships. Therefore, no responsibility can be accepted for the security of your data during transmission over the Internet. We disclaim any liability for direct and indirect damages.7. Retention of Personal DataThe systems required for data processing at OneBoard are located in the EEA. The data you transmit will be stored for at least six months and remain stored as long as it is operationally necessary or legally required.8. Data Collection for Job ApplicantsBy submitting your application documents, you agree that personal data will be processed for the purpose of our personnel selection. This data includes name, title, address, phone number, date of birth, education, work experience, salary expectations, as well as data and images contained in the cover letter, CV, motivational letter, certificates, or other documents submitted to us.Your data will not be passed on to third parties without your consent. No automated decision-making takes place according to Art. 22 GDPR. Data processing is based on the legal provisions of Art. 6 para. 1 lit. a (consent) and lit. b (necessary for contract fulfillment) GDPR. If no employment is made, we will delete your data within 6 months (to provide documentation for any legal proceedings, they are stored for this period). Upon your request, we will delete the data immediately if the application process does not lead to employment.9. Automated Decision-Making and ProfilingNo automated decision-making or profiling takes place.10. Your Rights
‍Right to InformationYou have the right to request information about the data stored about you by OneBoard. A request for information must be sent in writing to OneBoard along with proof of identity.After receiving your request for information, you will be provided with the information within the legal period of 30 days. The information may be refused, restricted, or postponed as far as this is legally provided for or due to the overriding interest of a third party or OneBoard.The request for information can be combined with a request for correction or deletion of data.
‍Right to Correction or DeletionYou have the right to request the correction or deletion of data relating to you in writing and free of charge, provided that these are incorrect or unlawfully stored or processed. A justified request for correction or deletion must be sent to OneBoard together with proof of identity.Your request for correction or deletion will be processed within a reasonable period after receipt. The processing of your request for correction or deletion will be confirmed to you.Legal regulations may oppose a deletion. In such a case, OneBoard will further process the data relating to you only to the extent necessary to fulfill legal obligations.
‍Right to Objection or RevocationYou have the right to object to the processing of data relating to you in whole or in part in writing or to revoke your consent to data processing. An objection or revocation must be sent to OneBoard in writing together with proof of identity.The receipt of your objection or revocation will be confirmed to you, and the relevant data will be deleted subsequently.Legal regulations may oppose compliance with an objection or revocation. In such a case, OneBoard will further process the data relating to you only to the extent necessary to fulfill legal obligations.
‍Right to RestrictionYou have the right to restrict the transfer of data relating to you to third parties. A request for restriction must be sent to OneBoard in writing together with proof of identity.The receipt of your request for restriction will be confirmed to you, and your request will be processed within a reasonable period.Legal regulations may oppose a restriction. In such a case, OneBoard will only pass on the data relating to you to third parties to the extent necessary to fulfill legal obligations.
‍Right to ComplainYou have the right to lodge a complaint with the competent data protection authority in Liechtenstein. You can also contact another supervisory authority of an EU or EEA member state, e.g., at your place of residence or work or the place of the alleged infringement.The contact details of the data protection authority in Liechtenstein are as follows:
‍Data Protection Authority Liechtenstein
‍Staedtle 38PO Box 684LI-9490 Vaduz+423 236 60 90info.dss@llv.li

‍11. Contact
If you have any questions about data protection and data processing, please contact OneBoard in writing. You can reach us as follows:
‍OneBoard AG
‍Dr. Grass-Strasse 12LI-9490 Vaduz+423 237 90 09info@oneboard.li