Legal

Our policies & practices

Learn about the legal side of Percent. Here’s where you’ll find information on our terms of business.

Standard Terms and Conditions

Percent Client Standard Terms and Conditions

Effective Date: March 1, 2024

  1. Interpretation
    1. These Percent Client Standard Terms and Conditions (“Standard Terms“) together with any attached schedules, any Additional Service Terms,  and any Service Orders, set out the basis upon which Percent will provide the Services to the Client.
    2. The definitions and rules of interpretation in this paragraph apply in these Standard Terms. Capitalised terms used in these Standard Terms shall have the meaning given to them in the relevant Service Order, unless otherwise defined in these Standard Terms.
    3. Definitions:
      Additional Service Terms:  means any additional Percent terms and conditions which apply to a specific service.
      API:  any application programming interface provided by Percent which, once configured, enables the Client to connect to access the Services or any one of them.
      Applicant:  any entity or individual on which Percent performs a Vetting and Validation Check, including but not limited to Charities.
      Authorised Users:  those employees, agents and independent contractors of the Client who are authorised by the Client to use the Services, as further described in paragraph 2.2.
      Business Day:  a day other than a Saturday, Sunday or public holiday in England.
      Business Hours:  9.00 am to 5.00 pm local UK time, each Business Day.
      Charity:  a charitable organisation (as defined by applicable law) to which the Client may (i) request Percent perform its Vetting & Validation Service via the Platform, or (ii) request the Foundation make Donations.
      Client:  shall have the meaning given in the relevant Service Order.
      Client Account:  the limited rights purchased by the Client pursuant to these Standard Terms which entitle an Authorised User to access and use the Services in accordance with these Standard Terms.
      Client Data:  the data inputted via the API as integrated into Client’s website or otherwise provided by Client to Percent and that does not constitute Percent Data.
      Client End User:  a customer, employee, or client of the Client.
      Data Protection Legislation:  means collectively, all now existing or hereinafter enacted or amended laws, rules, regulations (including, without limitation, self-regulatory obligations), and/or sanctions programs regarding data protection that are applicable to a Party’s performance of the Agreement.
      Derived Data:  any data which has been combined or aggregated (wholly or in part) with other data or information or adapted such that it cannot be identified as originating or deriving directly from the original data and cannot be reverse-engineered such that it can be so identified.
      Donation Service:  Percent’s technical assistance in relation to Client’s payment of a Donation in accordance with the Donation Services Additional Terms, if purchased by the Client under a Service Order.
      Donation:  means either or both (as applicable):  (a) a sum of money paid by the Client through the Platform to the Foundation; and/or (b) a subsequent donation from the Foundation to a Charity.
      Donation Service Additional Terms:  means the Donation Service Additional Terms.
      Effective Date:  the date of signature of relevant Service Order by both parties.
      Employee Engagement Solution: Percent’s employee engagement services, if purchased by a Client under a Service Order.
      Employee Engagement Solution Additional Terms: means the Employee Engagement Solution Additional Terms.
      Fees:  the fees payable by the Client to Percent for the Service(s) and use of the Platform (if applicable), as set out in a Service Order and as may be amended from time to time in accordance with paragraph 8 (Charges and payment), for the right to use the Services and the Platform pursuant to these Standard Terms.
      Foundation: a third-party entity which has partnered with Percent to make Donations to Charities.
      Initial Subscription Term:  means the period commencing on the Effective Date and continuing for the period specified in the relevant Service Order.
      Intellectual Property Rights:  patents, rights to inventions, copyright and related rights, moral rights, trade marks, business names and domain names, rights in get-up, goodwill and the right to sue for passing off, rights in designs, rights in computer software, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.
      Marks: means: –
      (a) any trade marks, trade names, service marks, trade dress, logos, URLs and domain names;
      (b) any identifying slogans and symbols;
      (c) any abbreviation, contraction or simulation of any of the items in paragraph (a) or paragraph (b); and
      (d) the “look and feel”,
      of a party to this Agreement, whether or not registered.
      Notices:  has the meaning given in paragraph 24.1.
      Personal Data:  has the meaning given to it in the Data Protection Legislation.
      Percent:  has the meaning given in a Service Order.
      Percent Data:  any data that is submitted via Percent’s hosted Services or that Percent otherwise collects where Percent has a direct contractual relationship with the submitting party.
      Platform:  the platform operated by Percent through which Percent provides the Services, including any Software.
      Privacy Policy:  Percent’s privacy policy which explains what Personal Data Percent collects and how it uses, process and stores such data.
      Renewal Term:  has the meaning given in paragraph 15.1.
      Services:  the Services listed in a Service Order which Percent will provide to the Client in accordance with the terms of the Agreement.
      Service Order:  a service order pursuant to which Percent will provide Services to Client.
      Services Start Date:  the date set out in the relevant Service Order.
      Software:  the online software applications provided by Percent as part of the Platform, including any API (or other communications method agreed to by the Client and Percent).
      Subscription Term:  the period, comprising the Initial Subscription Term and any Renewal Terms entered into pursuant to paragraph 15.1.
      Usage Data:  any usage and statistical data relating to the Client’s use of the Services.
      Vetting & Validation Service:  Percent’s vetting and validation service for Applicants, if purchased by a Client under a Service Order.
      Vetting & Validation Service Additional Terms:  means the Vetting & Validation Service Additional Terms.
      Virus:  any thing or device (including any software, code, file or programme) which may:  prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, Trojan horses, viruses and other similar things or devices.
      Vulnerability:  a weakness in the computational logic (for example, code) found in software and hardware components that when exploited, results in a negative impact to confidentiality, integrity, or availability, and the term Vulnerabilities shall be construed accordingly.
    4. A person includes an individual, corporate or unincorporated body (whether or not having separate legal personality).
    5. A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.
    6. Unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular.
    7. Unless the context otherwise requires, a reference to one gender shall include a reference to the other genders.
    8. A reference to a statute or statutory provision is a reference to it as it is in force as at the date of these Standard Terms.
    9. A reference to a statute or statutory provision shall include all subordinate legislation made as at the date of these Standard Terms under that statute or statutory provision.
    10. References to “includes” or “including” mean “includes, without limitation” and “including, without limitation,” respectively.
  2. Right to Use
    1. Subject to the Client paying the applicable Fees in accordance with paragraph 8, the restrictions set out in this paragraph 2, paragraph 3 and the other terms and conditions of these Standard Terms, Percent hereby grants to the Client a non-exclusive, non-transferable right, without the ability to grant such right to third parties, to permit the Authorised Users to use the Services during the Subscription Term, solely for the Client’s internal business operations.
    2. In relation to the Authorised Users, the Client undertakes that:
      1. If applicable, each Authorised User shall keep a secure password for their use of the Services, that such password shall be changed regularly and that each Authorised User shall keep their password confidential; and
      2. it shall maintain a record of current Authorised Users and provide such list to percent within 5 Business Days of Percent’s written request.
    3. The rights provided under this paragraph 2 are granted to the Client only, and shall not be considered granted to any subsidiary or holding company of the Client.
  3. Restrictions
    1. During the course of its use of the Services, the Client must not access, store, distribute, transmit or submit any Viruses or any material that is, or potentially is, offensive, explicit, illegal, harmful or prejudicial to any person or property. Percent reserves the right, without liability to the Client or prejudice to its other rights, to delete or disable the Client’s access to any material that breaches the provisions of this paragraph.
    2. The Client must not:
      1. except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties and except to the extent expressly permitted under these Standard Terms:
        1. attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Software in any form or media or by any means; or
        2. attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Software; or
      2. access or use all or any part of the Software and Services in order to build a product or service which competes with the Services or the business of Percent; or
      3. use or facilitate the use of the Software, Services other than as expressly permitted by the terms of these Standard Terms.
    3. The Client must use all reasonable endeavours to prevent any unauthorised access to, or use of, the Software and/or Services and, in the event of any such unauthorised access or use, promptly notify Percent.
    4. In the event of:
      1. any use of the Services by Client personnel other than by Authorised Users; or
      2. any use of the Services by Authorised Users that in Percent’s reasonable judgement threatens the security, integrity or availability of the Services (or services provided by Percent to its other Clients); or
      3. any use of the Services that breaches the provisions of paragraphs 3.1, 3.2 or 3.3; or
      4. any use of the API by any third party,
        Percent reserves the right, without liability to the Client or prejudice to its other rights, to suspend its provision of the Services, provided that Percent will use commercially reasonable efforts to notify the Client and provide the Client with an opportunity to remedy such violation or threat prior to such suspension.
  4. Services
    1. Percent shall make available the Services to the Client during the Subscription Term, subject to the Client’s compliance with any specifications, installation instructions and systems requirements for the Services and API (or other communications methods as agreed by the Client and Percent) as notified to the Client by Percent.
    2. Percent shall provide the Client with the Services indicated in the relevant Service Order, subject to the terms of these Standard Terms, any applicable Additional Terms, and subject to any limitations, exclusions or system requirements notified by Percent to the Client in writing.
    3. If the Client has purchased the Donation Service, as agreed in a Service Order, then the Donation Service Additional Terms shall also apply.
    4. If the Client has purchased the Vetting & Validation Service, as agreed in a Service Order, then the Vetting & Validation Service Additional Terms shall also apply.
    5. If the Client has purchased the Employee Engagement Solution, as agreed in a Service Order, then the Employee Engagement Solution Additional Terms shall also apply.
  5. Personal Data
    1. Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 5.1 is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under the Data Protection Legislation.
    2. Percent will use the Personal Data in accordance with the Privacy Policy.
    3. The parties shall process any Personal Data included within Client Data and Percent Data in accordance with Percent’s Data Processing Agreement (the “DPA”).
  6. Percent’s Rights and Obligations
    1. During the Subscription Term, Percent undertakes that the Services will be performed with reasonable care and skill.
    2. The commitments contained in paragraph 6.1 shall not apply to the extent of any non-conformance which is caused by, and Percent is not responsible for any delays, delivery failures, or any other loss or damage resulting from:
      1. use of the Services contrary to Percent’s instructions, or modification or alteration of the Services by any party other than Percent or Percent’s duly authorised contractors or agents; or
      2. the transfer of data over communications networks and facilities, including the internet (and the Client acknowledges that the Services may be subject to limitations, delays and other problems inherent in the use of such communications facilities); or
      3. any period of force majeure as defined in paragraph 15; or
      4. the Client’s failure to fulfil its responsibilities as set out in these Standard Terms.
    3. Notwithstanding the foregoing, Percent does not warrant that:
      1. the Client’s use of the Services will be uninterrupted or error-free;
      2. that the Services, and/or the information obtained by the Client through the Services will meet their requirements; or
      3. the Software or the Services will be free from Vulnerabilities or Viruses.
    4. Percent shall have the right to use the Client’s name and Marks (a) in a list of Percent’s Clients in any medium or in any link from the Software or Services to the Client’s website, and (b) in any medium for promotional, marketing and financial reporting purposes. The Client warrants that it has in place and will maintain all necessary rights or licences in respect of the Client’s name and Marks in order for Percent to exercise its rights under this paragraph 6.4.
  7. Client’s Obligations
    1. The Client shall:
      1. provide Percent with:
        1. all necessary co-operation in relation to the Agreement; and
        2. all necessary access to such information as may be required by Percent, to provide the Services, including but not limited to Client Data, security access information and configuration services;
      2. comply with all applicable laws and regulations with respect to its activities in connection with the Agreement and the Services;
      3. carry out all other Client responsibilities set out in the Agreement in a timely and efficient manner. In the event of any delays in the Client’s provision of such assistance as agreed by the parties, Percent may adjust any agreed timetable or delivery schedule as reasonably necessary;
      4. configure its access to the Services via the Platform (or other communications method as agreed by the Client and Percent), as applicable, in accordance with Percent’s instructions;
      5. ensure that the Authorised Users use the Services in accordance with the Agreement and shall be responsible for any breach of the Agreement caused or contributed to by any acts or omissions on the part of any Authorised User;
      6. obtain and shall maintain all necessary licences, consents, and permissions that it requires in order for Percent, its contractors and agents to perform their obligations and exercise their rights under the Agreement, including the Services;
      7. have sole responsibility for the legality, reliability, integrity, accuracy and quality of all Client Data;
      8. as between the parties, be responsible for responding to all third party requests concerning the use of the Services by the Client; and
      9. be, to the extent permitted by law and except as otherwise expressly provided in these Standard Terms, solely responsible for:
        1. procuring, maintaining and securing its network connections and telecommunications links from its systems to Percent’s data centres; and
        2. all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to its network connections or telecommunications links or caused by the internet.
  8. Charges and Payment
    1. In consideration of the rights granted in paragraph 2, and the provision of the Services during the Subscription Term, the Client shall pay the Fees for the Service that the Client has purchased, in accordance with this paragraph 8 and the relevant Service Order, within 30 days of the date of Percent’s invoice or as otherwise agreed in the Service Order.
    2. Percent may change the Fees payable for each Renewal Term by providing written notification to the Client, provided that Percent provides any notification of increases at least 20 Business Days prior to the start of the applicable Renewal Term in order to give the opportunity for the Client to cancel its subscription in accordance with paragraph 15.1.
    3. If Percent has not received payment when due under paragraph 8.1, and without prejudice to any other rights and remedies of Percent:
      1. Percent may, without liability to the Client, disable the Client’s password, account and access to all or part of the Services and Percent shall be under no obligation to provide any or all of the Services while the invoice(s) concerned remain unpaid; and
      2. interest shall accrue on a daily basis on such due amounts at an annual rate equal to 4% over the then current base lending rate of the Bank of England from time to time, commencing on the due date and continuing until fully paid, whether before or after judgement.
    4. All amounts and fees stated or referred to in these Standard Terms:
      1. are non-cancellable and non-refundable, except in accordance with paragraph 13.2.3; and
      2. are exclusive of value added tax or any other equivalent sales tax or similar taxes.
  9. Intellectual Property Rights
    1. Percent and/or its licensors own all Intellectual Property Rights in the Platform, the Percent Data and the Services. Except as expressly stated herein, the Client acknowledges and agrees nothing in the Agreement grants the Client any rights to, under or in, any Intellectual Property Rights in respect of the Platform, the Percent Data or the Services.
    2. The Client acknowledges and agrees that Percent and/or its licensors shall own all Intellectual Property Rights in any improvements, amendments or additions to the Platform, the Percent Data and the Services, including improvements, amendments and additions made as a result of comments, information, opinions or suggestions made by the Client or otherwise.
  10. Licence of Data
    1. The Client grants to Percent a non-exclusive, royalty-free perpetual, irrevocable worldwide licence, with no end date, for Percent to (i) access, view and use the Client Data for the purpose of providing of the Services and in accordance with the DPA, and (ii) access, view, use, store, modify, combine and aggregate the Usage Data, for any purpose and in any way whatsoever, and (iii) use the Usage Data to create Derived Data.
    2. Percent shall own all Intellectual Property Rights in the Derived Data and the Client acknowledges that it shall have no rights in relation to the Derived Data.
  11. Confidentiality
    1. In this paragraph 11, “Confidential Information” means any and all non-public information that would be regarded as confidential by a reasonable business person and relating to the business plans, financial information, operations, processes, know-how, designs, trade secrets or services of the disclosing party as well as such information with respect to a third party disclosed by or on behalf of one party to the other party in connection with the Agreement and the Services, whether marked confidential or not.
    2. Each party undertakes that it shall not at any time use or disclose to any person (and shall use its best endeavours to prevent the use, publication or disclosure of) any Confidential Information except as permitted by paragraph 11.3.
    3. Each party may disclose the other party’s Confidential Information:
      1. to its employees, officers, representatives, subcontractors or advisers who need to know such information for the purposes of carrying out the party’s obligations under the Agreement. Each party shall ensure that its employees, officers, representatives, subcontractors or advisers to whom it discloses the other party’s confidential information comply with this paragraph; and
      2. as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority.
    4. Neither party shall use any other party’s Confidential Information for any purpose other than to perform its obligations under the Agreement.
  12. Marketing and Promotional Activities  Client and Percent will participate in the following promotional activities:
    1. After the Effective Date, Percent may issue a press release that identifies Client as a new user of the Services (“Press Release”). Percent will provide a draft of the Press Release to Client for approval, which Client will not unreasonably withhold or delay. Upon Percent’s request, Client will provide to Percent a quote from a Client executive regarding Client’s motivation for partnering with Percent, which Percent may include in the Press Release.
    2. Upon Percent’s request, Client will participate in up to 3 reference calls with Percent’s customers during the first 2 years of the Subscription Term.
    3. Upon Percent’s request, Client will participate in at least 1 written or video case study, or other agreed upon co-marketing activity (“Marketing Materials”). Percent will provide a draft of the Marketing Materials to Client for approval, which Client will not unreasonably withhold or delay. Percent may use and distribute the Marketing Materials on Percent’s website and social media channels, and in sales presentations and written communications (e.g., email) to prospective Percent customers.
  13. Indemnity
    1. Percent shall defend, indemnify and hold harmless the Client against all claims, actions, proceedings, losses, damages, expenses and costs (including court costs and reasonable legal fees) attributable exclusively to a claim (a “Claim“) that the use of the Platform or Services (“Indemnified Items“) infringes a third party’s Intellectual Property Rights in the United Kingdom.
    2. If any Indemnified Item is found to infringe in the United Kingdom a third party’s Intellectual Property Rights, or in the reasonable opinion of Percent is likely to be the subject of a Claim, Percent may, at its option:
      1. obtain for the Client the right to use the Indemnified Item;
      2. replace or modify the Indemnified Item so that it becomes non-infringing; or
      3. remove the Indemnified Item and refund any prepaid portion of the Fees paid in advance in respect of any affected Services for the period following such removal.
    3. Percent shall have no liability or obligation to the extent that any Claim results from:
      1. use of any Indemnified Item in combination with any software, hardware, Intellectual Property Rights, products or other equipment or materials not supplied by or approved in writing by Percent;
      2. Percent’s compliance with designs or specifications of the Client;
      3. use of an allegedly infringing version of the Indemnified Item, if the infringement could have been avoided by the use of a later version made available to the Client by Percent;
      4. the Client’s use of an Indemnified Item in a manner contrary to the instructions given to the Client by Percent;
      5. the Client’s use of an Indemnified Item after notice of the alleged or actual infringement from Percent or the third party; or
      6. modification, repair, adjustment or enhancement of the Indemnified Item other than by or on behalf of Percent or at Percent’s written direction.
    4. In no circumstances shall Percent be liable for any losses, costs or expenses incurred by the Client for any indirect, consequential or special loss or damage.
    5. The provisions of this paragraph 12 state the entire liability and obligation of Percent and exclusive remedy of the Client for claims that any Indemnified Item infringes a third party’s intellectual property rights.
    6. The Client shall defend, indemnify and hold harmless Percent against all claims, actions, proceedings, losses, damages, expenses and costs (including court costs and reasonable legal fees) arising out of or in connection with:
      1. the Client’s use of and access to the Services;
      2. the Client’s Marks or use of Percent’s Intellectual Property Rights in conjunction with such Marks; and
      3. a Claim that use of the Client Data infringes a third party’s Intellectual Property Rights.
    7. With respect to the indemnity obligations in paragraphs 13.1 and 13.6:
      1. the indemnified party must give written Notice of the Claim promptly to the indemnifying party;
      2. the indemnified party must give the indemnifying party sole control of the defence and settlement of the Claim;
      3. the indemnified party must not compromise or settle such Claim;
      4. the indemnified party must provide to the indemnifying party, at the indemnifying party’s expense, all reasonable information and assistance; and
      5. the indemnified party must use all reasonable endeavours to mitigate any losses or damage.
  14. Limitation of Liability
    1. Except as expressly and specifically provided in these Standard Terms:
      1. the Client assumes sole responsibility, and Percent shall have no liability, for results obtained from the use of the Services by the Client for conclusions drawn by the Client from such use, and for any actions taken by the Client in consequence of such results or conclusions;
      2. Percent shall have no liability for any damage caused by errors, inaccuracies or omissions in the Client Data or Percent Data or any other information or instructions provided by the Client in connection with the Services, or any actions taken by Percent at the Client’s direction; and
      3. all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this Agreement.
    2. Nothing in these Standard Terms excludes or limits the liability of either party:
      1. for death or personal injury caused negligence;
      2. for fraud or fraudulent misrepresentation;
      3. for breach of the obligations implied by section 12 of the Sale of Goods Act 1979, or section 2 of the Supply of Goods and Services Act 1982; or
      4. any other liability which may not be excluded by law.
    3. Subject to paragraph 14.2 Percent shall not be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for:
      1. any loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss; or
      2. any special, indirect or consequential loss, costs, damages, charges or expenses; in either case, however arising in connection with the Services.
    4. Subject to paragraphs 14.1, 14.2 and 14.3, Percent’s total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of the Services shall, in respect of any claim, be limited to the total Fees paid in respect of the Service Order relevant to such claim during the 12 months immediately preceding the date on which the claim arose.
  15. Term and Termination
    1. The Agreement shall, unless otherwise terminated as provided in this paragraph 14, commence on the Effective Date and each Service Order shall continue in force until the end of the Initial Subscription Term applicable to such Service Order. Thereafter the relevant Service Order will automatically renew for further successive 12-month periods (each a “Renewal Term“) on the same terms and conditions (subject to any change in the Fees in accordance with paragraph 8) unless either party provides the other with its written intention not to renew at least 30 days’ prior to the end of the Initial Subscription Term or the then-current Renewal Term, as applicable.
    2. Percent may terminate the Agreement or any Service Order for convenience at any time by giving not less than 30 days’ prior written Notice to the Client, and provided that Percent shall refund the Client any prepaid portion of the applicable Fees in respect of the remainder of the applicable Subscription Term following the effective date of termination.
    3. Without affecting any other right or remedy available to it, either party may terminate the Agreement or any Service Order with immediate effect by giving written Notice to the other party if:
      1. the other party fails to pay any amount due in connection with the Agreement on the due date for payment and remains in default not less than 10 Business Days after being notified in writing to make such payment;
      2. the other party commits a material breach of any other term of the Agreement which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 30 days after being notified in writing to do so;
      3. the other party takes any step or action in connection with its entering administration, provisional liquidation or any composition or arrangement with its creditors (other than in relation to a solvent restructuring), being wound up (whether voluntarily or by order of the court, unless for the purpose of a solvent restructuring), having a receiver appointed to any of its assets or ceasing to carry on business; or
      4. the other party suspends, or threatens to suspend, or ceases or threatens to cease to carry on all or a substantial part of its business.
    4. On termination of the Agreement or any Service Order for any reason:
      1. all Client Accounts and all rights granted under the Agreement or the relevant Service Order (as applicable) shall immediately terminate and the Client shall immediately cease all use of the Platform and the Services in relation to such;
      2. each party shall return and make no further use of any equipment, property and other items (and all copies of them) belonging to the other party; and
      3. any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the Agreement which existed at or before the date of termination shall not be affected or prejudiced.
  16. Force Majeure
    1. Neither party shall have any liability to the other party if it is prevented from or delayed in performing its obligations under the Agreement, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, including strikes, lock-outs or other industrial disputes (whether involving the workforce of the party the subject of the force majeure event, or any other party), failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, malicious damage, pandemic, epidemic, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or sub-contractors, provided that the other party is notified of such an event and its expected duration.
  17. Waiver
    1. No failure or delay by a party to exercise any right or remedy provided under these Standard Terms or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.
  18. Rights and Remedies
    1. Except as expressly provided in these Standard Terms, the rights and remedies provided under these Standard Terms are in addition to, and not exclusive of, any rights or remedies provided by law.
  19. Severance
    1. If any provision or part-provision of the Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of the Agreement, and the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
  20. Entire Agreement
    1. The Agreement constitutes the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter.
    2. Each party acknowledges that in entering into the Agreement it has not relied on any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in the Agreement.
    3. Neither Percent or the Client shall have a claim for innocent or negligent misrepresentation based on any statement in the Agreement.
    4. We reserve the right, at our sole discretion, to change or modify portions of the Agreement at any time. If we do this, we will post the changes here and will indicate at the top of the page the date the changes become effective. Your continued use of the Services on or after the date any such changes become effective constitutes your acceptance of the new Agreement.
  21. Assignment
    1. The Client shall not, without the prior written consent of Percent, assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under the Agreement.
    2. Percent may at any time (i) engage subcontractors in the provision of the Services and (ii) by Notice to the Client (and without any requirement to seek consent of the Client) assign all or any of its rights under the Agreement to a third party.
  22. No Partnership or Agency
    1. Nothing in the Agreement is intended to or shall operate to create a partnership between the parties, or authorise either party to act as agent for the other, and neither party shall have the authority to act in the name or on behalf of or otherwise to bind the other in any way (including, but not limited to, the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).
  23. Third Party Rights
    1. The Agreement does not confer any rights on any person or party (other than the parties to these Standard Terms and, where applicable, their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.
  24. Notices
    1. Any notice required to be given under these Standard Terms, including notices of early termination, breach and the like, (“Notices“) shall be in writing and in English and, where sent (i) in physical form, shall be sent by commercial courier, or a Royal Mail service that provides for evidence of time and date of delivery, to the other party at its address set out in the relevant Service Order, or such other address as may have been notified by that party for such purposes; and (ii) by email to the representative email address notified by that party in the relevant Service Order and shall be deemed received when sent, provided no bounce back or notification of failed delivery has been received by the sender.
  25. Governing Law
    1. The Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales.
  26. Jurisdiction
    1. The Client and Percent irrevocably agree that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with the Agreement or its subject matter or formation (including non-contractual disputes or claims).

Additional Terms – Donation Service

Percent Donation Service Additional Terms

Effective Date: March 1, 2024

Capitalized terms used herein shall have the meaning ascribed to them in the Standard Terms, unless otherwise stated.

  1. General
    1. If the Client has purchased the Donations Service from Percent, the terms and conditions of these Donation Service Additional Terms shall also apply and form part of the Agreement between Percent and the Client.
    2. The Client may use the Donation Service to:
      1. Make payments of Donations on its own behalf and/or on behalf of Client End Users to the Foundation;
      2. Track the number and volume of Donations which it makes to the Foundation and which the Foundation makes to Charities through the Platform.
    3. The Client acknowledges and agrees that in providing the Donation Service Percent is not providing the Client with any fundraising advice or recommendations.
  2. Donations Process
    1. The Client will:
      1. provide Percent with any specific information which it or the Foundation needs from the Client to comply with tax or charity laws in connection with Donations;
      2. if applicable, use the Platform to notify Percent of the estimated Donations each month (“Estimated Donations);
      3. if applicable, use the Platform to make Donations to the Foundation and to provide instructions about the recommended Charities to which the Donation(s) may be made by the Foundation and in what amounts;
      4. inform Percent if the Client experiences any issues with the Platform that may prevent the Client from carrying out its obligations under this paragraph 3 and provide Percent with reasonable assistance to remedy such issues.
    2. Percent will:
      1. make payment details for the payment of the Donation to the Foundation available to the Client;
      2. once the Foundation has received payment of the Donation in cleared funds, Percent will use its reasonable endeavors to procure that the Foundation takes into consideration the recommendations about the intended Charity to which the Donation(s) should be made by the Foundation and in what amounts;
      3. facilitate the provision to the Client of a tax receipt from the Foundation in respect of any Donation within 14 days of the Foundation receiving the payment in cleared funds.
    3. Percent may terminate the Agreement immediately if the Client fails to pay the Donation in accordance with the terms of paragraph 3.1 of these Donation Service Additional Terms.
  3. Right to Deduct Fees from Donations
    1. Without prejudice to paragraph 8 of the Standard Terms, the Foundation may, prior to the Foundation making an onward payment to a Charity, deduct from the Donation and remit to Percent any fees owed by the Client to Percent in relation to the Client’s use of the Services.
  4. Service Limitations
    1. The Client acknowledges and accepts that:
      1. Once a Donation is paid to the Foundation it is non-refundable.
      2. The Foundation retains exclusive control over all Donations made to it, and Donations will be delivered as per the Foundation’s Donation Delivery Policy. The Foundation will use reasonable efforts to make Donations to the Charities in accordance with the Client’s recommendation.  If the intended Charity beneficiary is not willing or able to accept the Donation or it fails to satisfactorily complete the Foundation’s due diligence, the Foundation will apply its Undeliverable Donation Policy.
      3. Percent will use reasonable efforts to secure the Foundation’s compliance with the terms of its contract with Percent, which includes obligations related to the treatment of Donations. Apart from as described in the previous sentence, to the maximum extent permitted by applicable law, Percent is not responsible for the actions or inactions of the Foundation.
  5. Client End User Terms
    1. Where the Client collects Donations from Client End Users for payment to the Foundation, it shall:
      1. Ensure that it has all consents, permissions, and licenses required in order to collect Donations from Client End Users for payment by the Client to the Foundation.
      2. Ensure that each Client End User pays any Donations to the Client in cleared funds;
      3. Ensure that each Client End User understands and accepts the Service Limitations set out in clause 4.1;
      4. Ensure that each Client End User understands and accepts that it will not receive a receipt from the Foundation in relation to any Donation.
      5. Ensure that each Client End User understands and accepts that Percent may deduct fees from the Donation in accordance with clause 3 (if applicable).
      6. Ensure that each Client End User accepts and agrees to terms and conditions which reflects the limitations contained in the Agreement, including, by way of example only, clause 2.3 (no fundraising advice) above, and clause 14 of the Standard Terms (Limitations of Liability).
      7. To the extent that Client shares Personal Data of Client End Users with Percent so that Percent may share that data with the Charities who receive the Donations (the “Client End User Data”), Client shall ensure that it has obtained all necessary consents from Client End Users for Percent to (i) use the Client End User Data to complete the Donations, and (ii) share the Client End User Data with the applicable Charities.
    2. The Client shall defend, indemnify and hold harmless Percent against all claims, actions, proceedings, losses, damages, expenses and costs (including without limitation court costs and reasonable legal fees) arising from or in relation to the Client’s failure to comply with the terms of clause 5.1 (inclusive).

Additional Terms – Hosted Donation Gateway

Percent Hosted Donation Gateway Additional Terms

Effective Date: March 1, 2024

Capitalised terms used herein shall have the meanings ascribed to them in the Standard Terms, unless otherwise stated.

  1. Extra Definitions Used in These Hosted Donation Gateway Additional Terms
    Dashboard”: means the dashboard that enables Authorised Users to see certain information relating to Donations. The Dashboard constitutes “Software” as defined in the Standard Terms.
    Donor”: means a user of your service that wishes to make a Donation via the Hosted Donation Gateway Service.
    “End User Hosted Donation Gateway Additional Terms”: means the hosted donation terms and conditions entered into between Percent and each Donor found here.
    Hosted Donation Gateway Service”: means the website operated by Percent that provides technical assistance to Donors making Donations pursuant to the End User Hosted Donation Gateway Additional Terms.
    Payment Provider”: a third-party entity or entities which we have partnered with to facilitate Donations.
  2. General
    1. These Hosted Donation Gateway Additional Terms shall apply and form part of the Agreement between Percent and the Client where the Client has purchased access to the Hosted Donation Gateway Service for Donors.
    2. The Client may:
      1. refer Donors to the Hosted Donation Gateway Service; and
      2. use the Dashboard to track the number and volume of Donations that Donors make to the Foundation through the Hosted Donation Gateway Service and that the Foundation makes to Charities.
    3. In order to make Donations via the Hosted Donation Gateway Service, each Donor is required to enter into the End User Hosted Donation Gateway Additional Terms directly with Percent.
  3. Partner Foundation
    1. Percent partners with a Foundation which makes Donations to Charities. When Donors choose to make a Donation to a Charity through the Hosted Donation Gateway Service, their Donation will be paid, using their preferred payment method through our Payment Provider, to the Foundation. Percent will inform the Foundation of which Charity the Donor wishes to make the Donation to.
    2. The Foundation retains exclusive control over all Donations made to it, and Donations will be delivered as per the Foundation’s Donation Delivery Policy. The Foundation will use reasonable efforts to make Donations to the Charities in accordance with each Donor’s recommendation. If the intended Charity beneficiary is not willing or able to accept the Donation or it fails to satisfactorily complete the Foundation’s due diligence, the Foundation will apply its Undeliverable Donation Policy.
  4. No Endorsement or Advice
    In providing the Hosted Donation Gateway Service, Percent does not provide the Client or any Donor with any tax, accounting or financial advice or recommendations. We do not endorse the Foundation or any specific Charity or their activities. Percent does not represent or warrant that Donations will be used for any particular purpose by the Foundation or Charity. Percent will use reasonable efforts to secure the Foundation’s compliance with the terms of its contract with Percent, which includes obligations related to the treatment of Donations. Apart from as described in the previous sentence, to the maximum extent permitted by applicable law, Percent is not responsible for the actions or inactions of the Foundation.
  5. Donations 
    1. Without prejudice to clause 14 of the Standard Terms and clause 10 of the End User Hosted Donation Gateway Additional Terms, Percent has no liability to the Client or Donor for any Donations made through the Hosted Donation Gateway Service.
    2. The Client acknowledges that Donations made through the Hosted Donation Gateway Service are non-refundable to any Donor.
  6. Disclaimer
    1. The Hosted Donation Gateway Service is provided on an “as is” basis without warranties of any kind, either express or implied. Use of the Hosted Donation Gateway Service is at Donor’s sole risk.
    2. To the extent permitted by law, Percent disclaims all warranties, express or implied, arising by law or otherwise, including, without limitation any warranties relating to merchantability, non-infringement, title, or fitness for a particular purpose, with respect to any error, defect, deficiency, infringement, or noncompliance in the Hosted Donation Gateway Service provided by, through, or on behalf of Percent.

Additional Terms – Vetting & Validation Service

Percent Vetting & Validation Service Additional Terms

Effective Date: March 1, 2024

Capitalised terms used herein shall have the meaning ascribed to them in the Standard Terms, unless otherwise stated.

1. Extra Definitions Used in These Vetting & Validation Additional Terms

“Client Validation Data”: has the meaning set out in paragraph 2.2 of these Validation Additional Terms.

“Organisation Database”: Percent’s database of information that is one of the tools that Percent uses to conduct Vetting and Validation Checks.

“Validation(s)”: has the meaning set out in paragraph 2.4 of these Validation Additional Terms.

“Vetting and Validation Check”: the checks carried out by Percent cross-referencing data obtained from the Client or Applicants against the Percent Data.

2. Vetting & Validation Service

2.1 If the Client has purchased the Vetting & Validation Service from Percent, the terms and conditions of these Validation Additional Terms shall also apply and form part of the Agreement between Percent and the Client.

2.2 Percent will inform the Client of what Client Data, if any, it needs to receive from or on behalf of the Client in relation to an Applicant in order to perform the Vetting & Validation Service (“Client Validation Data”).

2.3 The Client will provide the Client Validation Data to Percent through the API or other communication methods as agreed by the Client and Percent.

2.4 Percent will then perform the Vetting and Validation Check and return the result of the Vetting and Validation Check to the Client via the API or through another communications method agreed by the Client and Percent (the “Validation”). Client shall only use the Validation for its own internal purposes and in accordance with the DPA.

2.5 If the Client uses all of its allotted Validations prior to the end of the Subscription Term, Percent will charge the Client and the Client will pay for each additional Validation based on the Fees set out in the Order Form.

2.6 Client shall procure that each Applicant or agent of an Applicant that submits Client Data using the Services (the “Applicant Data”) understands and accepts that:

2.6.1 Percent will use the Applicant Data to perform the Services; and

2.6.2 Percent will add the Applicant Data to Percent’s Organisation Database which Percent uses to offer its various Services to third parties. Percent will process Personal Data within the Applicant Data in accordance with Percent’s Privacy Policy.

2.7 The Vetting & Validation Service is provided on an “as is” basis without warranties of any kind, either express or implied. Use of the Vetting & Validation Service is at Client’s sole risk.

2.8 To the extent permitted by law, Percent disclaims all warranties, express or implied, arising by law or otherwise, including, without limitation any warranties relating to merchantability, non-infringement, title, or fitness for a particular purpose, with respect to any error, defect, deficiency, infringement, or noncompliance in the Vetting & Validation Service provided by, through, or on behalf of Percent.

2.9 Without limiting paragraph 2.7 and/or paragraph 2.8, neither Percent nor its licensors warrant that Validation or Percent Data is accurate, reliable, or correct; that the data or support will meet the Client’s requirements; that the Percent Data will be available at any particular time or location, uninterrupted or secure; that any defects or errors will be corrected; or that the Percent Data is free of viruses or other harmful components.

2.10 The Client agrees to defend, indemnify and hold harmless Percent and its employees, its employees, contractors, agents, officers, and directors, from and against any and all claims, damages, obligations, losses, liabilities, costs or debt, and expenses (including legal fees) arising out of or related to the Client’s use of the Vetting & Validation Service.

Data Processing Agreement

Percent Data Processing Agreement

Effective Date: March 1, 2024

This Data Processing Agreement (including any terms set forth in a schedule, appendix or addendum hereto, “DPA”), dated as of the effective date of the Service Agreement (“Effective Date”), is by and between the customer identified in the Service Agreement (“Customer”), and We Are Percent Limited (“Vendor”).  Customer and Vendor may be referred to herein together as the “Parties”, and each may be referred to herein as a “Party”. To the extent that the Parties have entered into a prior agreement governing the processing of personal data (the “Prior Agreement”), the Parties understand and agree that this DPA shall supersede and replace such Prior Agreement. For good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, Customer and Vendor hereby agree as follows:

  1. Definitions.  
    1. Applicable Laws” means, collectively, all now existing or hereinafter enacted or amended laws, rules, regulations (including, without limitation, self-regulatory obligations), and/or sanctions programs applicable to a Party’s performance hereunder and/or obligations with respect to data protection. 
    2. CCPA” means the California Consumer Privacy Act of 2018 (Title 1.81.5 of the Civil Code of the State of California), together with all effective regulations adopted thereunder (in each case, as amended from time to time).
    3. Customer Data” has the meaning assigned to it in Section 2.1(a). 
    4. Controller” means (i) under and in the context of European Data Protection Law, the data “controller” (as defined by GDPR), (ii) under and in the context of CCPA, the “business” (or third party) (each, as defined by CCPA), and (iii) under and in the context of any other privacy or data protection law, rule, or regulation applicable to a Party’s performance hereunder, a “controller”, “business”, or corresponding term denoting a substantially similar definition, role, and obligations under such law, rule or regulation.
    5. EU GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (and each successor regulation, directive or other text of the foregoing, in each case as amended from time to time).
    6. European Data Protection Law” means each of EU GDPR, UK GDPR, and the Federal Data Protection Act of 19 June 1992 (Switzerland) (as the same may be superseded by the Swiss Data Protection Act 2020 and as amended from time to time).
    7. GDPR” means, as applicable, (i) the EU GDPR and/or (ii) the UK GDPR.
    8. Personal Data” means any information that constitutes (a) “personal information” (as defined by, and in the context of, CCPA), (b) “personal data” (as defined by, and in the context of, European Data Protection Law), and/or (c) “personal data,” “personal information,” or other term denoting a substantially similar definition and obligations under, and in the context of, any other Applicable Laws, in each case that is (i) made available or otherwise provided by Customer to Vendor or by Vendor to Customer in connection with the Services and/or (ii) collected or accessed by Vendor under a Service Agreement(s) via a pixel, cookie, tag, or similar technology on any of Customer’s digital properties.
    9. Process” means any operation or set of computer operations performed on Personal Data, including, but not limited to, collection, recording, organization, structuring, storage, access, adaptation, alteration, retrieval, consultation, use, transfer, transmit, sale, rental, disclosure, dissemination, making available, alignment, combination, deletion, erasure, or destruction.
    10. Processor” means (i) under and in the context of European Data Protection Law, the data “processor” (as defined by GDPR), (ii) under and in the context of CCPA, a “service provider” (as defined by CCPA), and (iii) under and in the context of any other privacy or data protection law, rule, or regulation applicable to a Party’s performance hereunder, a “processor”, “service provider”, or corresponding term denoting a substantially similar definition, role, and obligations under such law, rule or regulation.
    11. Security Incident” means (i) any accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure of, or access to, Customer Data or (ii) any other event that constitutes a “security breach”, “personal data breach”, or substantially similar term with respect to Customer Data under an Applicable Law(s).
    12. Service Agreements” or “Agreement” means, collectively, the agreements and/or terms of service (including, as applicable, each of the Statements of Work/SOWs/Service Orders/Order Forms and exhibits thereunder) between Customer and Vendor.
    13. Services” means, collectively, the products and/or services provided by Vendor to Customer under the Service Agreements.
    14. Sub-Processor” means a contractor, subcontractor, consultant, third-party service provider, or agent engaged by Vendor for further Processing of Customer Data.
    15. UK GDPR” has the meaning ascribed thereto in section 3(10) (as supplemented by section 205(4)) of the UK Data Protection Act 2018 (as amended from time to time).
    16. Vendor Data” has the meaning assigned to it in Section 2.1(a). 
  2. Data Processing Obligations.  
    1. General.  
      1. Each Party shall comply with its obligations relating to Personal Data under this DPA and under Applicable Laws at its own cost. With respect to Personal Data that Vendor obtains from data subjects that have a direct contractual relationship with Vendor (“Vendor Data”), (i) Vendor is a Controller and (ii) Customer is an independent Controller. With respect to Personal Data that Vendor processes pursuant to the instructions of Customer (including pursuant to the applicable Service Agreement) in order to provide the Services and that is not otherwise Vendor Data (“Customer Data”), (i) Customer is a Controller and (ii) Vendor is a Processor.
      2. With regard to each Party’s employees engaged in Processing Personal Data, the Party shall ensure that such employees are informed of the confidential nature of the Personal Data and are subject to appropriate confidentiality obligations sufficient to comply with the terms of the applicable Service Agreement(s) and this DPA, which confidentiality obligations shall survive following termination of this DPA for at least as long as the period(s) required by the applicable Service Agreement(s) and this DPA.
      3. Customer will have sole responsibility for the legality of Customer Data and the means by which Customer obtained the Customer Data, including, without limitation, obtaining appropriate consent to collect the Customer Data and share such data with Vendor in accordance with Applicable Laws.
      4. Vendor will have sole responsibility for the legality of Vendor Data and the means by which Vendor obtained the Vendor Data, including, without limitation, obtaining appropriate consent to collect the Vendor Data and share such data with Customer in accordance with Applicable Laws.
    2. Customer Data SCCs.  If Vendor Processes Customer Data relating to an EEA, United Kingdom, or Switzerland data subject (including, without limitation, the transfer of such Customer Data from the EEA, United Kingdom, or Switzerland to a third country not providing an adequate level of protection) outside of the EEA, United Kingdom, and Switzerland, the Processing will be further governed by Schedule I to this Agreement, with Customer as data exporter and Vendor as data importer (together with all Appendixes and Annexes thereto, and as the same may be amended, supplemented, or otherwise modified from time to time, “Customer Data SCCs”), which is incorporated by reference into this DPA solely with respect to Customer Data relating to EEA, United Kingdom and/or Switzerland data subjects.  If there is any conflict between (x) the terms and conditions of either this DPA or the applicable Service Agreement(s), on the one hand, and (y) the terms and conditions of the Customer Data SCCs, on the other hand, then, with respect to Customer Data relating to an EEA, United Kingdom and/or Switzerland data subject(s), the terms and conditions of the Customer Data SCCs will prevail and control.  Vendor may only transfer Customer Data relating to an EEA, United Kingdom, or Switzerland data subject outside the EEA, United Kingdom, and Switzerland in compliance with Applicable Laws and the Customer Data SCCs.
    3. Vendor Data SCCs. If Customer Processes Vendor Data relating to an EEA, United Kingdom, or Switzerland data subject (including, without limitation, the transfer of such Vendor Data from the EEA, United Kingdom, or Switzerland to a third country not providing an adequate level of protection) outside of the EEA, United Kingdom, and Switzerland, the Processing will be further governed by Schedule II, with Vendor as data exporter and Customer as data importer (together with all Appendixes and Annexes thereto, and as the same may be amended, supplemented, or otherwise modified from time to time, “Vendor Data SCCs”), which is incorporated by reference into this DPA solely with respect to Vendor Data relating to EEA, United Kingdom and/or Switzerland data subjects.  If there is any conflict between (x) the terms and conditions of either this DPA or the applicable Service Agreement(s), on the one hand, and (y) the terms and conditions of the Vendor Data SCCs, on the other hand, then, with respect to Vendor Data relating to an EEA, United Kingdom, and/or Switzerland data subject(s), the terms and conditions of the Vendor Data SCCs will prevail and control.  Customer may only transfer Vendor Data relating to an EEA, United Kingdom, or Switzerland data subject outside the EEA, United Kingdom, and Switzerland in compliance with Applicable Laws and the Vendor Data SCCs.
    4. CCPA Without limiting any of the restrictions on or obligations of Vendor under this DPA, under any of the Service Agreements, or under Applicable Laws, with respect to Customer Data relating to a California “consumer” (as defined by CCPA) or household (“CCPA Personal Data”):
      1. Customer shall be disclosing such CCPA Personal Data under the applicable Service Agreement(s) to Vendor for a “business purpose” (as defined by CCPA), and Vendor shall Process such CCPA Personal Data solely on behalf of Customer and only as necessary to perform such business purpose for Customer; and
      2. Vendor shall not: (i) “sell” (as defined by CCPA) CCPA Personal Data; or (ii) retain, use, or disclose CCPA Personal Data (x) for any purpose (including a “commercial purpose” (as defined by CCPA)) other than for the specific purpose of performing for Customer the services specified in the particular Service Agreement(s) or (y) outside of the direct business relationship between Vendor and Customer; Vendor certifies that it understands the restrictions set forth in this Section 2.3(b) and shall comply with them; and
      3. Notwithstanding anything to the contrary in this DPA (including, for purposes of clarification and without limitation, clauses (a) and (b) of this Section 2.3), in no event shall Vendor process any CCPA Personal Data in such a manner as would constitute (i) a sale (as defined by CCPA) of CCPA Personal Data by Customer to Vendor or (ii) on or after January 1, 2023, the sharing (as defined under CCPA (as amended by the California Privacy Rights Act of 2020)) of CCPA Personal Data by Customer with Vendor; and
      4. If directed by Customer with regard to a particular California consumer or household, Vendor shall delete the CCPA Personal Data of such consumer or household.
    5. Changes in Applicable Laws.  If, due to any change in Applicable Laws, a Party reasonably believes that (a) Vendor ceases to be able to provide a Service(s) in whole or in part (e.g., with respect to a particular jurisdiction) and/or Customer ceases to be able to use a Service(s) in whole or in part under the then-current terms and conditions of the applicable Service Agreement(s) and this DPA, each Party may terminate the applicable Service Agreement(s) (in whole or, if reasonably practicable, in part).
  3. Security.  
    1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, each Party will implement and maintain appropriate technical and organizational measures to ensure a level of security appropriate to the risks. Such measures will include reasonable administrative, physical, and technical security controls (including those required by Applicable Laws) that prevent the collection, use, disclosure, or access to Personal Data and Customer confidential information that the Service Agreements do not expressly authorize, including maintaining a comprehensive information security program that safeguards Personal Data and Customer confidential information. These security measures include, but are not limited to: (i) the pseudonymization and encryption of personal data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; and (iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident. 
    2. When assessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed.
  4.  Supplementary Measures and Safeguards.
    1. Assistance; Risk Assessment.
      1. Vendor shall assist Customer to ensure compliance with Applicable Laws in connection with the Processing of Customer Data.
    2. Orders. Vendor shall notify Customer in writing of any subpoena or other judicial or administrative order by a government authority or proceeding seeking access to or disclosure of Customer Data. Customer shall have the right to defend such action in lieu of and/or on behalf of Vendor. Customer may, if it so chooses, seek a protective order. Vendor shall reasonably cooperate with Customer in such defense.
  5. Notifications.
    1. Security Incidents Vendor has and will maintain a security incident response plan that includes procedures to be followed in the event of a Security Incident. Vendor will provide Customer with written notice promptly after discovering a Security Incident (including those affecting Vendor or its Sub-Processors), including any information that Customer is required by law to provide to an applicable regulatory agency or to the individuals whose personal data was involved in the Security Incident.
    2. Data Subject Requests.  Vendor shall (i) promptly notify Customer about any request under Applicable Law(s) with respect to Customer Data received from or on behalf of the applicable data subject and (ii) reasonably cooperate with Customer’s reasonable requests in connection with data subject requests with respect to Customer Data.  Vendor shall assist Customer, through appropriate technical and organizational measures, to fulfill its obligations with respect to requests of data subjects seeking to exercise rights under Applicable Law with respect to Customer Data.
  6. Sub-Processors.
    1. Vendor shall not have Customer Data Processed by a Sub-Processor unless such Sub-Processor is bound by a written agreement with Vendor that includes data protection obligations at least as protective as those contained in this DPA and the applicable Service Agreement(s) and that meet the requirements of Applicable Laws. Vendor is and shall remain fully liable to Customer for any failure by any Sub-Processor to fulfill Vendor’s data protection obligations under Applicable Laws.
    2. Vendor provides a list of all Sub-Processors who access Customer Data, available at: https://app.conveyor.com/profile/percent (the “Website”). Customer specifically authorizes and instructs Vendor to engage the Sub-Processors listed on the Website as of the Effective Date. Vendor will notify Customer of any changes to the Sub-Processors listed on the Website and grant Customer the opportunity to object to such change. Upon Customer’s request, Vendor will provide all information necessary to demonstrate that the Sub-Processors will meet all requirements pursuant to Section 6.1. In the case Customer objects to any Sub-Processor, Vendor can choose to either not engage the Sub-Processor or to terminate this DPA with thirty (30) days’ prior written notice.
    3. Third-party providers that maintain IT systems whereby access to Customer Data is not needed but can technically also not be excluded do not qualify as Sub-Processors within the meaning of this Section 6. They can be engaged based on regular confidentiality undertakings and subject to Vendor’s reasonable monitoring.
  7. Deletion. Vendor shall, at the request of Customer: (i) delete or return all Customer Data to Customer after such Customer Data is no longer necessary for the provision of the Services, and (ii) delete existing copies of such Customer Data.
  8. Documentation.
    1. or shall, upon Customer’s request, provide Customer (a) comprehensive documentation of Vendor’s technical and organizational security measures, (b) any and all third-party audits and certifications available with respect to such security measures, and (c) and all other information reasonably necessary to demonstrate compliance with the Vendor’s obligations under this DPA and/or under Applicable Laws.
  9. Term; Termination This DPA shall remain in effect until (a) all Service Agreements have terminated and (b) all obligations that Vendor has under the Service Agreements and under Applicable Laws with respect to Personal Data, and all rights that Customer has under the Service Agreements and under Applicable Laws with respect to Personal Data, have terminated.  Notwithstanding termination of this DPA, any provisions hereof that by their nature are intended to survive, shall survive termination.
  10. Miscellaneous.
    1. Any notice made pursuant to this DPA will be in writing and will be deemed delivered on (a) the date of delivery if delivered personally, (b) five (5) calendar days (or upon written confirmed receipt) after mailing if duly deposited in registered or certified mail or express commercial carrier, or (c) one (1) calendar day (or upon written confirmed receipt) after being sent by email, addressed to Customer at the address or email address on record with Vendor in Customer’s account information, or addressed to Vendor at the address or email address set forth below, or to such other address or email address as may be hereafter designated by either Party: Data Protection Officer, We Are Percent Limited, Unit 2.05 12-18 Hoxton Street, London, England, N1 6NG, dpo@poweredbypercent.com.
    2. This DPA shall be governed by and construed in accordance with governing law and jurisdiction provisions in the applicable Service Agreements, unless required otherwise by Applicable Laws.
    3. Neither Party may assign or transfer any part of this DPA without the written consent of the other Party; provided, however, that this DPA, collectively with all Service Agreements, may be assigned without the other Party’s written consent by either Party to a person or entity who acquires, by sale, merger or otherwise, all or substantially all of such assigning Party’s assets, stock or business.  Subject to the foregoing, this DPA shall bind and inure to the benefit of the Parties, their respective successors and permitted assigns.  Any attempted assignment in violation of this Section 12.3 shall be void and of no effect.
    4. This DPA is the Parties’ entire agreement relating to its subject and supersedes any prior or contemporaneous agreements on that subject; provided, however, that, notwithstanding the foregoing but subject to the last sentence of this Section 10.4, nothing in this DPA shall be deemed to supersede any of the Service Agreements. Vendor may modify the terms of this DPA if, as reasonably determined by Vendor, such modification is (i) reasonably necessary to comply with Applicable Laws or any other law, regulation, court order or guidance issued by a governmental regulator or agency; and (ii) does not: (a) result in a degradation of the overall security of the Services, (b) expand the scope of, or remove any restrictions on, Vendor’s processing of Personal Data, and (c) otherwise have a material adverse impact on Customer’s rights under this DPA. Any other amendments must be executed by both of the Parties and expressly state that they are amending this DPA.  Failure to enforce any provision of this DPA shall not constitute a waiver.  If any provision of this DPA is found unenforceable, it and any related provisions shall be interpreted to best accomplish the unenforceable provision’s essential purpose.  The headings contained in this DPA are for reference purposes only and shall not affect in any way the meaning or interpretation of this DPA.  In the event of a conflict between the terms and conditions of this DPA and the terms and conditions of any Service Agreement, the terms and conditions of this DPA shall govern.

SCHEDULE I 

Customer Data SCCs

  1. Definitions
    1. EU SCCs” means the Standard Contractual Clauses issued pursuant to Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, available at http://data.europa.eu/eli/dec_impl/2021/914/oj and completed as described in this Schedule I.
    2. UK SCCs” means the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses, available as of the DPA Effective Date at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/ and completed as described in this Schedule I.
  2. With respect to Customer Data transferred from the European Economic Area, the EU SCCs will apply and form part of this Schedule I, unless the European Commission issues updates to the EU SCCs, in which case the updated EU SCCs will control. Undefined capitalized terms used in this provision will have the meanings given to them (or their functional equivalents) in the definitions in the EU SCCs. For purposes of the EU SCCs, they will be deemed completed as follows:
    1. Because Customer is a Controller and Vendor is a Processor of the Customer Data, Module 2 applies.
    2. Clause 7 (the optional docking clause) is not included.
    3. Under Clause 11 (Redress), the optional requirement that data subjects be permitted to lodge a complaint with an independent dispute resolution body is inapplicable. 
    4. Under Clause 17 (Governing law), the Parties select Option 1 (the law of an EU Member State that allows for third-party beneficiary rights).  The Parties select the law of Ireland.
    5. Under Clause 18 (Choice of forum and jurisdiction), the Parties select the courts of Ireland.
    6. Annexes I, II and III of the EU SCCs are set forth in Exhibit A to this Schedule I.
    7. By entering into this DPA, the Parties are deemed to be signing the EU SCCs.
  3. With respect to Customer Data transferred from the United Kingdom for which the law of the United Kingdom (and not the law in any European Economic Area jurisdiction) governs the international nature of the transfer, the UK SCCs form part of this Schedule I and take precedence over the rest of this Schedule I as set forth in the UK SCCs, unless the United Kingdom issues updates to the UK SCCs, in which case the updated UK SCCs will control. Undefined capitalized terms used in this provision will have the meanings given to them (or their functional equivalents) in the definitions in the UK SCCs. For purposes of the UK SCCs, they will be deemed completed as follows:
    1. Table 1 of the UK SCCs:
      1. The Parties’ details are the Parties and their affiliates to the extent any of them is involved in such transfer, including those set forth in Exhibit A.
      2. The Key Contacts are the contacts set forth in Exhibit A.
    2. Table 2 of the UK SCCs: The Approved EU SCCs referenced in Table 2 are the EU SCCs as executed by the Parties pursuant to this Schedule I.
    3. Table 3 of the UK SCCs: Annex 1A, 1B, II and III are set forth in Exhibit A.
    4. Table 4 of the UK SCCs: Either party may terminate the Service Agreements as set forth in Section 19 of the UK SCCs.
    5. By entering into this DPA, the Parties are deemed to be signing the UK SCCs and their applicable Tables and Appendix Information
  4. With respect to Customer Data transferred from Switzerland for which Swiss law (and not the law in any European Economic Area jurisdiction) governs the international nature of the transfer, the EU SCCs will apply and will be deemed to have the following differences to the extent required by the Swiss Federal Act on Data Protection (“FADP”):
    1. References to the GDPR in the EU SCCs are to be understood as references to the FADP insofar as the data transfers are subject exclusively to the FADP and not to the GDPR.
    2. The term “member state” in the EU SCCs will not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c) of the EU SCCs.
    3. References to Personal Data in the EU SCCs also refer to data about identifiable legal entities until the entry into force of revisions to the FADP that eliminate this broader scope.
    4. Under Annex I(C) of the EU SCCs (Competent supervisory authority): where the transfer is subject exclusively to the FADP and not the GDPR, the supervisory authority is the Swiss Federal Data Protection and Information Commissioner, and where the transfer is subject to both the FADP and the GDPR, the supervisory authority is the Swiss Federal Data Protection and Information Commissioner insofar as the transfer is governed by the FADP, and the supervisory authority is as set forth in the EU SCCs insofar as the transfer is governed by the GDPR.

EXHIBIT A TO SCHEDULE 1

Annexes to Customer Data SCCs

ANNEX I

LIST OF PARTIES

Data exporter(s): 

Name: Entity identified as “Customer” in the DPA and Agreement.

Address: See the Agreement.

Contact person’s name, position and contact details: See the Agreement.

Activities relevant to the data transferred under these Clauses: To provide Customer with the Services (as defined in the DPA), namely, donation services.

Signature and date: See the Agreement.

Role (controller/processor): Controller.

Data importer(s): 

Name: We Are Percent Limited (“Vendor”)

Address:

We Are Percent Limited

Unit 2.05 12-18 Hoxton Street, London, England, N1 6NG 

Contact person’s name, position and contact details: Tom Shields, Data Protection Officer, dpo@poweredbypercent.com.

Activities relevant to the data transferred under these Clauses: To provide Customer with the Services (as defined in the DPA), namely, donation services.

Role (controller/processor): Processor.

DESCRIPTION OF TRANSFER

Categories of data subjects whose personal data is transferred

Customer employees, end users of Customer, representatives of Charities and other Applicants (both as defined in the Service Agreement) (collectively, “Users”).

Categories of personal data transferred

First name, last name, email address, mailing address.

Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

None.

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).

Continuously, for the duration of the Services pursuant to the Agreement.

Nature of the processing

Vendor will process the Personal Data as necessary to provide the Services pursuant to the Service Agreements, and Customer will process the Personal Data as necessary to receive the Services.

Purpose(s) of the data transfer and further processing

For Vendor to provide the Services to Customer pursuant to the Service Agreements and for Customer to receive the Services pursuant to the Service Agreements. 

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

As long as necessary to provide the Services pursuant to the Agreement. Charity and Applicant data will be retained until Customer requests deletion, unless the Service Agreements permit Vendor to retain such information for purposes other than as a Processor on behalf of Customer.

For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing

To provide the Services pursuant to the Agreement.

COMPETENT SUPERVISORY AUTHORITY

Identify the competent supervisory authority/ies in accordance with Clause 13

The Supervisory Authority where the Data Exporter is located.

ANNEX II

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

Vendor uses a combination of policies as per our ISMS which adheres to the ISO27001 standard and the following technical controls to safeguard at multiple levels:

  • MDM – to control what is run on employees laptops
  • Malware protection – to limit the damage of malware and continuously scan
  • Password managers – to ensure strong, unique passwords are being used
  • Least privileged access – to provide access on as needed basis, with regular reviews
  • 2fa – to provide protection, should passwords be leaked
  • WAF – firewall to block malicious requests and prevent DDoS
  • VPC – Virtual Private Clouds with public and private subnets to limit what is accessible to machines internally and external from the internet
    • Route tables – to limit what is accessible between subnets 
    • Network ACL – to limit what can enter a subnet
  • Security groups – to limit what ports and IPs are accessible on a host
  • IDS – to alert to suspicious activity
  • Encryption in transit – to prevent man in the middle attacks and ensure confidentiality across a network
  • Encryption at rest – to limit the risk of direct access to storage
  • Security scan – security scans are performed during build pipelines
  • Security training – every employee has general security training which is renewed annually. Developers also have OWASP training.

All the above are reviewed for compliance at policy review sessions annually and scheduled audits confirm configurations are intact.

 

ANNEX III

LIST OF SUB-PROCESSORS

The controller has authorised the use of the following sub-processors:

Please see: https://app.conveyor.com/profile/percent

 

SCHEDULE II

Vendor Data SCCs

  1. Definitions
    1. EU SCCs” means the Standard Contractual Clauses issued pursuant to Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, available at http://data.europa.eu/eli/dec_impl/2021/914/oj and completed as described in this Schedule II.
    2. UK SCCs” means the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses, available as of the DPA Effective Date at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/ and completed as described in this Schedule II.
  2. With respect to Vendor Data transferred from the European Economic Area, the EU SCCs will apply and form part of this Schedule II, unless the European Commission issues updates to the EU SCCs, in which case the updated EU SCCs will control. Undefined capitalized terms used in this provision will have the meanings given to them (or their functional equivalents) in the definitions in the EU SCCs. For purposes of the EU SCCs, they will be deemed completed as follows:
    1. Because Vendor and Customer are both Controllers, Module 1 applies.
    2. Clause 7 (the optional docking clause) is not included.
    3. Under Clause 11 (Redress), the optional requirement that data subjects be permitted to lodge a complaint with an independent dispute resolution body is inapplicable. 
    4. Under Clause 17 (Governing law), the Parties select Option 1 (the law of an EU Member State that allows for third-party beneficiary rights).  The Parties select the law of Ireland.
    5. Under Clause 18 (Choice of forum and jurisdiction), the Parties select the courts of Ireland.
    6. Annexes I and II of the EU SCCs are set forth in Exhibit A to this Schedule II.
    7. By entering into this DPA, the Parties are deemed to be signing the EU SCCs.
  3. With respect to Vendor Data transferred from the United Kingdom for which the law of the United Kingdom (and not the law in any European Economic Area jurisdiction) governs the international nature of the transfer, the UK SCCs form part of this Schedule II and take precedence over the rest of this Schedule II as set forth in the UK SCCs, unless the United Kingdom issues updates to the UK SCCs, in which case the updated UK SCCs will control. Undefined capitalized terms used in this provision will have the meanings given to them (or their functional equivalents) in the definitions in the UK SCCs. For purposes of the UK SCCs, they will be deemed completed as follows:
    1. Table 1 of the UK SCCs:
      1. The Parties’ details are the Parties and their affiliates to the extent any of them is involved in such transfer, including those set forth in Exhibit A.
      2. The Key Contacts are the contacts set forth in Exhibit A.
    2. Table 2 of the UK SCCs: The Approved EU SCCs referenced in Table 2 are the EU SCCs as executed by the Parties pursuant to this Schedule II. 
    3. Table 3 of the UK SCCs: Annex 1A, 1B, and II are set forth in Exhibit A.
    4. Table 4 of the UK SCCs: Either party may terminate the Service Agreements as set forth in Section 19 of the UK SCCs.
    5. By entering into this Schedule II, the Parties are deemed to be signing the UK SCCs and their applicable Tables and Appendix Information.
  4. With respect to Vendor Data transferred from Switzerland for which Swiss law (and not the law in any European Economic Area jurisdiction) governs the international nature of the transfer, the EU SCCs will apply and will be deemed to have the following differences to the extent required by the Swiss Federal Act on Data Protection (“FADP”):
    1. References to the GDPR in the EU SCCs are to be understood as references to the FADP insofar as the data transfers are subject exclusively to the FADP and not to the GDPR.
    2. The term “member state” in the EU SCCs will not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c) of the EU SCCs.
    3. References to Personal Data in the EU SCCs also refer to data about identifiable legal entities until the entry into force of revisions to the FADP that eliminate this broader scope.
    4. Under Annex I(C) of the EU SCCs (Competent supervisory authority): where the transfer is subject exclusively to the FADP and not the GDPR, the supervisory authority is the Swiss Federal Data Protection and Information Commissioner, and where the transfer is subject to both the FADP and the GDPR, the supervisory authority is the Swiss Federal Data Protection and Information Commissioner insofar as the transfer is governed by the FADP, and the supervisory authority is as set forth in the EU SCCs insofar as the transfer is governed by the GDPR.

EXHIBIT A TO SCHEDULE II

Annexes to Vendor Data SCCs

ANNEX I

LIST OF PARTIES

Data exporter(s): 

Name: We Are Percent Limited 

Address: Unit 2.05 12-18 Hoxton Street, London, England, N1 6NG

Contact person’s name, position and contact details

Tom Shields, Data Protection Officer

We Are Percent Limited

Unit 2.05 12-18 Hoxton Street, London, England, N1 6NG

dpo@poweredbypercent.com

 

Activities relevant to the data transferred under these Clauses: To provide Customer with the Services (as defined in the DPA).

Role (controller/processor): Controller

Data importer: 

Name: As specified in the Service Agreements.

Address:  As specified in the Service Agreements.

Activities relevant to the data transferred under these Clauses: Receipt of Services (a defined in the DPA).

Role (controller/processor): Controller

DESCRIPTION OF TRANSFER 

Categories of data subjects whose personal data is transferred

Customer employees, end users of Customer, representatives of Charities and other Applicants (both as defined in the Service Agreement).

Categories of personal data transferred

First name, last name, email address, mailing address

Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

     N/A

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).

Continuously, for the duration of the Service Agreements.

Nature of the processing

Vendor will process the Personal Data as necessary to provide the Services pursuant to the Service Agreements, and Customer will process the Personal Data as necessary to receive the Services.

Purpose(s) of the data transfer and further processing

For Vendor to provide the Services to Customer pursuant to the Service Agreements and for Customer to receive the Services pursuant to the Service Agreements.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

Vendor Data will be retained for the length of time necessary to provide and benefit from the Services under these Service Agreements, or as otherwise required by applicable law.

COMPETENT SUPERVISORY AUTHORITY

Identify the competent supervisory authority/ies in accordance with Clause 13.

The parties will follow the rules for identifying such authority under Clause 13 and, to the extent legally permissible, select the Irish Data Protection Commission.

 

ANNEX II

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. 

  1. General Security MeasuresCustomer will comply with industry-standard security measures (including with respect to personnel, hardware and software, storage and networks, access controls, monitoring and logging, vulnerability and breach detection, and incident response measures necessary to protect against unauthorized or accidental access, loss, alteration, disclosure or destruction of personal data), as well as with all applicable data privacy and security laws, regulations and standards.  
  2. Information Security ProgramCustomer shall establish, implement, and maintain an information security program that includes technical and organizational security and physical measures as well as policies and procedures to protect Vendor Data against accidental loss; destruction or alteration; unauthorized disclosure or access; or unlawful destruction.
  3. Human Resources SecurityCustomer shall maintain a policy that defines requirements around enforcing security measures as they relate to employment status changes. This includes performing background checks, acknowledging and complying with Customer’s security policies, and utilizing onboarding and termination checklists for employees and third parties.
  4. Data Classification & ProtectionCustomer shall maintain policies and procedures for data classification and protection, along with requirements for the classification of data containing personal data in consideration of applicable laws, regulations, and contractual obligations. Customer shall also maintain requirements on data encryption and rules for transmission of data along with requirements on how access to these data should be governed.
  5. Physical and Environmental SecurityCustomer shall maintain policies and procedures for physical and environmental security and ensure that critical information services be protected from interception, interference, or damage
  6. Access ControlCustomer shall maintain access control measures designed to limit access to Customer’s facilities, applications, systems, network devices, and operating systems to a limited number of personnel who have a business need for such access. Customer shall ensure such access is removed when no longer required and shall conduct access reviews periodically.

End User Hosted Donation Gateway Additional Terms

Percent End User Hosted Donation Gateway Terms

Effective date: May 15, 2023

  1. INTERPRETATION
    1.1 These End User Hosted Donation Gateway Terms (“Terms”) constitute a legally binding contract between you and Percent and apply to your use of the Donation Service, powered by Percent. Your use of the Donation Service is subject to these Terms and by using the Donation Service you accept these Terms. We may update these Terms from time to time and it is your responsibility to review the Terms whenever you make use of the Donation Service.
    1.2 Percent supports businesses to help their customers and users make donations to Charities through the Foundation. In conjunction with our services, we offer you the opportunity to make a payment to the Foundation which then distributes your payment to a Nonprofit as described in these Terms (the “Donation Service”). Percent is the trading name of We Are Percent LTD (UK registered company number 09387321, located at Unit 2.05 12-18 Hoxton Street, London, England, N1 6NG (“Percent”, “we”, “us”). If you have questions, please contact us at: hello@poweredbypercent.com.
    1.3 If we need to contact you, we will use the contact details which you provide to us as part of making the donation.
    1.4 Definitions:
    Charity”: a charitable organisation to which you can request that the Foundation make a donation using our Donation Service.
    Foundation”: the third-party entity which we have partnered with to receive and distribute donations made via the Donation Service.
    Partner”: the business which requested that Percent make the Donation Service available to you.
    Payment Provider”: a third-party entity or entities which we have partnered with to enable payments for the Donation Service.
  2. PERSONAL DATA
    If you provide consent, we will provide the following categories of personal data to the Charity that you identify for your donation: name, email, and address. If, after giving consent, you subsequently decide you would not like your personal data to be shared with the Charity, you can let us know by emailing dpo@poweredbypercent.com. For more information about the processing of personal data for the Donation Service, please see our Privacy Policy.
  3. CONDITION OF PARTICIPATION
    3.1 You can use the Donation Service if you are a natural person who has reached the age of 18. If you use the Donation Service on behalf of a company or organisation, you confirm to us that you are authorised to act on behalf of that company or organisation and you enter into these Terms on their behalf.
  4. DONATION VIA PARTNER FOUNDATION
    4.1 We partner with a Foundation which makes donations to Charities. If you choose to make a donation to a Nonprofit through our Donation Service, your donation will be paid, using your preferred payment method through our Payment Provider, to the Foundation by clicking on the button provided for this purpose (referred to as “Donate” or similar). We will inform the Foundation to which Charity you wish to make the donation.
    4.2 Once you make the donation, the Foundation retains exclusive control over it, and the donation will be delivered as per the Donation Delivery Policy. If the intended Charity beneficiary is not willing or able to accept the donation or it fails to satisfactorily complete the Foundation’s due diligence, the Foundation will apply the Undeliverable Donation Policy.
  5. NO ENDORSEMENT OR ADVICE
    In providing this Donation Service, we are not providing you with any tax, accounting or financial advice or recommendations. We do not endorse the Foundation or any specific Charity or their activities. We do not represent or warrant that your donations will be used for any particular purpose by the Foundation or Charities.
  6. NON-REFUNDABLE DONATIONS
    Except as expressly provided by applicable law, your donation through our Donation Service is non-refundable.
  7. YOUR DUTIES OF CARE
    7.1 You must use the Donation Service solely in compliance with all applicable laws. You are prohibited from using the Donation Service to support activities that may cause us or the Foundation to violate applicable law.
    7.2 You are also prohibited from:

    1. searching, retrieving, copying or monitoring the Donation Services and/or its content using a program, algorithm or comparable method for collecting or extracting data (such as using automated tools like bots, spiders or scrapers),
    2. damaging, disrupting or otherwise impairing the operation of the Donation Service as well as the systems, infrastructure and/or applications used to operate it, which includes sending, transmitting or implementing files that contain viruses, worms, Trojan horses or other harmful or destructive features,
    3. investigating, scanning or testing vulnerabilities of the Donation Service or circumventing or compromising security and/or authentication measures designed to protect the Donation Service; or
    4. copying, translating, disassembling, decompiling, reverse engineering or otherwise modifying the software of the Donation Service in whole or in part, or creating derivative works thereof.
  8. SERVICE FEES
    1. A service fee and transaction costs (including debit and credit card charges) may be deducted from your donation, unless the Partner has agreed to pay these fees and costs. We will inform you of the amount of the service fees and transaction costs that will be deducted from your donation (if any) before you finalise the donation.
  9. TAXES
    9.1 The Foundation may provide you with an acknowledgment letter or tax receipt for your donation. Percent and the Foundation do not guarantee that you will receive any particular tax treatment for your donation, and the Foundation and Percent provide no comment or advice on the tax consequences or obligations arising from your donation. Please consult your professional tax advisor to discuss your individual circumstances and whether there are any tax implications or related obligations.
  10. DISCLAIMER
    Except as expressly stated in these Terms, and except where such is not legally permitted, we exclude all terms, conditions, warranties or guarantees which might apply to your use of the Donation Services.
  11. RESPONSIBILITY FOR FOUNDATION
    11.1 We will use reasonable efforts to secure the Foundation’s compliance with the terms of its contract with us, which includes obligations related to the treatment of donations. Apart from as described in the previous sentence, to the maximum extent permitted by applicable law, we are not responsible for the actions or inactions of the Foundation.
  12. LIMITATION OF LIABILITY
    12.1 Nothing in these terms limits our liability for (a) intentional acts and gross negligence; (b) personal injury; and (c) liability that cannot be limited under applicable law.
    12.2 Subject to Section 12.1, and to the maximum extent permitted by applicable law, Percent is not liable, whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for (a) any loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss; or (b) any special, indirect or consequential loss, costs, damages, charges or expenses, in either case, however arising in connection with the Donation Service.
    12.3 Subject to Sections 12.1 and 12.2, and to the maximum extent permitted by applicable law, Percent’s total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of the Donation Service shall, in respect of any claim, be limited to fees received by Percent with respect to donations you make via the Donation Service during the 12 (twelve) months immediately preceding the date on which the claim arose.
    12.4 The above limitations of liability also apply regarding our liability for our agents, employees and legal representatives.
  13. THIRD PARTY WEBSITES
    Our Donation Service pages might contain links to websites or resources owned by third parties. Where we provide these links, we are not responsible for any content, services or products available through them. You are responsible for your use of any third party links or resources and for reviewing and understanding any additional terms and conditions which such third parties might apply to your use of its links, resources, content, services or products.
  14. INTELLECTUAL PROPERTY RIGHTS
    14.1 We reserve all copyrights and other proprietary rights to the Donation Service. You may use the Donation Service and the content presented by the Donation Service only for your own personal and non-commercial purposes. Any use of the Donation Service and the content presented therein for commercial purposes (i.e. for your own profit) is prohibited, unless we have given our prior written consent.
    14.2 You are not permitted to use our name or our trade mark without our written permission. If other trade marks appear on our site or service pages, you may not use these without the permission of the trade mark owner.
  15. THIRD PARTY TERMS
    A person who is not a party to these Terms has no right to enforce any term of these Terms.
  16. RIGHT OF WITHDRAWAL
    Depending upon your location, you may ordinarily have a right to withdraw from contracts for services concluded online within a cancellation period (e.g. 14 days from the date the contract was entered into) without giving any reason. Consumers exercise this right by notifying the provider of the service of the decision to withdraw from the contract. However, where the consumer wishes the service to be provided before the expiration of the cancellation period, the cancellation right is lost upon complete provision of the service. In the case of the Donation Service, we withdraw your donation funds and any service fees and transaction costs immediately once you confirm the donation, and it is not possible to refund those payments to you if you change your mind. Accordingly, if you wish to use the Donation Service, you expressly waive your right of withdrawal when you submit your donation.
  17. GOVERNING LAW
    17.1 Unless applicable law requires otherwise, the laws of England govern these Terms, and disputes in relation to these terms must be brought in courts located in England.
    17.2 Depending upon your location, you may be entitled to submit a dispute relation to the Donation Service to the European Commission’s platform for online dispute resolution.
  18. SEVERANCE
    If any provision or part-provision of these Terms is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of these Terms.

Employee Donation Additional Terms

Employee Donation Additional Terms

Effective date: January 1, 2024

  1. INTERPRETATION
    1.1 These Employee Donation Additional Terms (“Terms”) constitute a legally binding contract between you and Percent and apply to your use of Percent’s platform for employee Donations (the “Employee Engagement Platform”). Your use of the Employee Engagement Platform is subject to these Terms and by using the Employee Engagement Platform you accept these Terms. We may update these Terms from time to time and it is your responsibility to review the Terms whenever you make use of the Employee Engagement Platform.
    1.2 Percent supports businesses to help their employees make donations to Charities through the Foundation. In conjunction with our services, we offer you the opportunity to make a payment to the Foundation which then distributes your payment to a Charity as described in these Terms. If eligible, your payment may be matched by your employer.
    1.3 Percent is the trading name of We Are Percent LTD (UK registered company number 09387321, located at Unit 2.05 12-18 Hoxton Street, London, England, N1 6NG (“Percent”, “we”, “us”). If you have questions, please contact us at: hello@poweredbypercent.com.
    1.4 If we need to contact you, we will use the contact details which you provide to us as part of making the donation.
    1.5 Additional Definitions:
    “Charity”: a charitable organisation to which you can request that the Foundation make a donation using our Employee Engagement Platform.
    “Employer”: the business which requested that Percent make the Employee Engagement Platform available to you.
    “Foundation”: the third-party entity which we have partnered with to receive and distribute donations made via the Employee Engagement Platform.
    “Payment Provider”: a third-party entity or entities which we have partnered with to enable payments for the Employee Engagement Platform.
  2. PERSONAL DATA
    If you provide consent, we will provide the following categories of personal data to the Charity that you identify for your donation: name, email, and address. If, after giving consent, you subsequently decide you would not like your personal data to be shared with the Charity, you can let us know by emailing dpo@poweredbypercent.com. For more information about the processing of personal data for the Employee Engagement Platform, please see our Privacy Policy.
  3. CONDITION OF PARTICIPATION
    You can use the Employee Engagement Platform if you are a natural person who has reached the age of 18.
  4. DONATION VIA PARTNER FOUNDATION
    4.1 We partner with a Foundation which makes donations to Charities. If you choose to make a donation to a Charity through our Employee Engagement Platform, your donation will be paid to the Foundation either using your preferred payment method through our Payment Provider or through a payroll deduction implemented through your Employer. We will inform the Foundation to which Charity you wish to make the donation.
    4.2 Once you make the donation, the Foundation retains exclusive control over it, and the donation will be delivered as per the Donation Delivery Policy. If the intended Charity beneficiary is not willing or able to accept the donation or it fails to satisfactorily complete the Foundation’s due diligence, the Foundation will apply the Undeliverable Donation Policy.
    4.3 If you make a donation to a Charity that your Employer has identified as being eligible for a matching donation from the Employer, Percent will notify your Employer of your donation so that the Employer can make a matching donation. The amount of the matching donation may vary, depending on the Employer’s preferences. Despite your Employer’s offer to make a matching donation, Percent does not guarantee that your Employer will make the matching donation. If you have any concerns about whether your Employer will make a matching donation, you should contact your Employer directly.
  5. NO ENDORSEMENT OR ADVICE
    In providing the Employee Engagement Platform, we are not providing you with any tax, accounting or financial advice or recommendations. We do not endorse the Foundation or any specific Charity or their activities. We do not represent or warrant that your donations will be used for any particular purpose by the Foundation or Charities.
  6. NON-REFUNDABLE DONATIONS
    Except as expressly provided by applicable law, your donation through the Employee Engagement Platform is non-refundable.
  7. YOUR DUTIES OF CARE
    7.1 You must use the Employee Engagement Platform solely in compliance with all applicable laws. You are prohibited from using the Employee Engagement Platform to support activities that may cause us or the Foundation to violate applicable law.
    7.2 You are also prohibited from:
    searching, retrieving, copying or monitoring the Employee Engagement Platforms and/or its content using a program, algorithm or comparable method for collecting or extracting data (such as using automated tools like bots, spiders or scrapers),
    damaging, disrupting or otherwise impairing the operation of the Employee Engagement Platform as well as the systems, infrastructure and/or applications used to operate it, which includes sending, transmitting or implementing files that contain viruses, worms, Trojan horses or other harmful or destructive features,
    investigating, scanning or testing vulnerabilities of the Employee Engagement Platform or circumventing or compromising security and/or authentication measures designed to protect the Employee Engagement Platform; or
    copying, translating, disassembling, decompiling, reverse engineering or otherwise modifying the software of the Employee Engagement Platform in whole or in part, or creating derivative works thereof.
  8. SERVICE FEES
    A service fee and transaction costs (including debit and credit card charges) may be deducted from your donation, unless your Employer has agreed to pay these fees and costs. We will inform you of the amount of the service fees and transaction costs that will be deducted from your donation (if any) before you finalise the donation.
  9. TAXES
    The Foundation may provide you with an acknowledgment letter or tax receipt for your donation. Percent and the Foundation do not guarantee that you will receive any particular tax treatment for your donation, and the Foundation and Percent provide no comment or advice on the tax consequences or obligations arising from your donation. Please consult your professional tax advisor to discuss your individual circumstances and whether there are any tax implications or related obligations.
  10. DISCLAIMER
    Except as expressly stated in these Terms, and except where such is not legally permitted, we exclude all terms, conditions, warranties or guarantees which might apply to your use of the Employee Engagement Platform.
  11. RESPONSIBILITY FOR FOUNDATION
    We will use reasonable efforts to secure the Foundation’s compliance with the terms of its contract with us, which includes obligations related to the treatment of donations. Apart from as described in the previous sentence, to the maximum extent permitted by applicable law, we are not responsible for the actions or inactions of the Foundation.
  12. LIMITATION OF LIABILITY
    12.1 Nothing in these terms limits our liability for (a) intentional acts and gross negligence; (b) personal injury; and (c) liability that cannot be limited under applicable law.
    12.2 Subject to Section 12.1, and to the maximum extent permitted by applicable law, Percent is not liable, whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for (a) any loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss; or (b) any special, indirect or consequential loss, costs, damages, charges or expenses, in either case, however arising in connection with the Employee Engagement Platform or donations you make through the Employee Engagement Platform.
    12.3 Subject to Sections 12.1 and 12.2, and to the maximum extent permitted by applicable law, Percent’s total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of the Employee Engagement Platform shall, in respect of any claim, be limited to fees received by Percent with respect to donations you make via the Employee Engagement Platform during the 12 (twelve) months immediately preceding the date on which the claim arose.
    12.4 The above limitations of liability also apply regarding our liability for our agents, employees and legal representatives.
  13. THIRD PARTY WEBSITES
    Our Employee Engagement Platform pages might contain links to websites or resources owned by third parties. Where we provide these links, we are not responsible for any content, services or products available through them. You are responsible for your use of any third party links or resources and for reviewing and understanding any additional terms and conditions which such third parties might apply to your use of its links, resources, content, services or products.
  14. INTELLECTUAL PROPERTY RIGHTS
    14.1 We reserve all copyrights and other proprietary rights to the Employee Engagement Platform. You may use the Employee Engagement Platform and the content presented by the Employee Engagement Platform only for your own personal and non-commercial purposes. Any use of the Employee Engagement Platform and the content presented therein for commercial purposes (i.e. for your own profit) is prohibited, unless we have given our prior written consent.
    14.2 You are not permitted to use our name or our trade mark without our written permission. If other trade marks appear on our site or service pages, you may not use these without the permission of the trade mark owner.
  15. THIRD PARTY TERMS
    A person who is not a party to these Terms has no right to enforce any term of these Terms.
  16. RIGHT OF WITHDRAWAL
    Depending upon your location, you may ordinarily have a right to withdraw from contracts for services concluded online within a cancellation period (e.g. 14 days from the date the contract was entered into) without giving any reason. Consumers exercise this right by notifying the provider of the service of the decision to withdraw from the contract. However, where the consumer wishes the service to be provided before the expiration of the cancellation period, the cancellation right is lost upon complete provision of the service. In the case of the Employee Engagement Platform, we withdraw your donation funds and any service fees and transaction costs immediately once you confirm the donation, and it is not possible to refund those payments to you if you change your mind. Accordingly, if you wish to use the Employee Engagement Platform, you expressly waive your right of withdrawal when you submit your donation.
  17. GOVERNING LAW
    17.1 Unless applicable law requires otherwise, the laws of England govern these Terms, and disputes in relation to these terms must be brought in courts located in England.
    17.2 Depending upon your location, you may be entitled to submit a dispute relation to the Employee Engagement Platform to the European Commission’s platform for online dispute resolution.
  18. SEVERANCE
    If any provision or part-provision of these Terms is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of these Terms.

Applicant Validation Terms

Percent Applicant Validation Terms

Effective Date: May 15, 2023

Please read these terms carefully.

By submitting data to Percent (defined immediately below) you are agreeing to be bound by these terms. If you do not agree to be bound by these terms and conditions, do not submit any data to Percent.

This agreement is a legal agreement between (the individual or entity agreeing to these terms (the “Applicant) and We Are Percent Limited of Unit 2.05, 12-18 Hoxton Street, London N1 6NG (“Percent”) for the use of Percent’s Vetting & Validation Services and Platform so that the Applicant can apply to be validated as meeting applicable criteria and have the opportunity to access discounted third party products and services from Percent’s Clients.

If the Applicant is an entity, the individual accepting these terms on behalf of the Applicant hereby represents and warrants that it has the capacity to enter into these terms on behalf of the Applicant.

Contact information
If you need to contact Percent please email hello@poweredbypercent.com. If Percent needs to contact an Applicant it will do so using the contact details provided by the Applicant to Percent.

  1. DEFINITIONS AND INTERPRETATION

    API:     any application programming interface provided by Percent which, once configured, enables the Client or the Applicant to connect to or access the Vetting & Validation Service.
    Applicant: a customer or potential customer of the Clients who submits Applicant Data to Percent in order for Percent to carry out a Vetting & Validation Check and then share the Vetting & Validation Outcome with the Clients.
    Applicant Data: the data provided by the Applicant to Percent (whether through the Platform or otherwise) for the use of the Vetting & Validation Services.
    Charity: a charitable organisation (as defined by applicable law).
    Client: Percent’s clients which have asked Percent to carry out Vetting & Validation Checks on Applicants in order for the clients to receive the Vetting & Validation Outcome relating to an Applicant.
    Data Protection Legislation: means all applicable data protection and privacy legislation in force from time to time including, but not limited to the Data Protection Act 2018 (and regulations made thereunder); and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended.
    Derived Data: any data which has been combined or aggregated (wholly or in part) with other data or information or adapted such that it cannot be identified as originating or deriving directly from the Applicant Data and cannot be reverse-engineered such that it can be so identified.
    Intellectual Property Rights: patents, rights to inventions, copyright and related rights, moral rights, trade marks, business names and domain names, rights in get-up, goodwill and the right to sue for passing off, rights in designs, rights in computer software, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.
    Percent Data: a set of data which Percent owns or has the rights to use in order to perform the Vetting & Validation Service.
    Platform: The platform operated by Percent through which Percent provides the Vetting & Validation Service, including any Software.
    Privacy Policy: Percent’s privacy policy which explains what personal data percent collects and how it uses, processes and stores such data, available here.
    Software: any software made available by Percent to an Applicant in connection with usage of or access to the Vetting and Validation Service, including any APIs.
    Usage Data: any usage and statistical data relating to the Applicant’s use of the Vetting & Validation Service.
    Vetting & Validation Check: the checks carried out by Percent cross-referencing data obtained from the Applicant against the Percent Data to confirm whether the Applicant meets applicable criteria determined by Percent and its Clients.
    Vetting & Validation Service: Percent’s vetting & validation service, where Percent carries out a Vetting & Validation Check for an Applicant and then shares the Vetting & Validation Outcome with the Clients.
    Vetting & Validation Outcome: the result of the Vetting & Validation Check carried out by Percent, consisting of confirmation of the Applicant’s corporate name and whether it has passed or failed the Vetting & Validation Check. The Vetting & Validation Outcome may also include information such as: (i) the Applicant’s website, (ii) the Applicant’s address, (iii) the name and contact information of a representative of the Applicant, and (iv) any other information that may be relevant to the Client(s) for which the Applicant is requesting the Vetting & Validation Check.
    Virus: any thing or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, Trojan horses, viruses and other similar things or devices.
  2. VETTING & VALIDATION SERVICE
    1. Percent grants the Applicant a limited licence to access the Vetting & Validation Service to apply for a Vetting and Validation Check in order to confirm the Applicant’s eligibility for the Clients’ products and services. 
    2. The Applicant acknowledges and accepts that:
      1. The Vetting & Validation Service is provided on an “as is” basis without warranties of any kind, either express or implied. To the extent permitted by law, Percent disclaims all warranties, express or implied, arising by law or otherwise, including, without limitation any warranties relating to merchantability, non-infringement, title, or fitness for a particular purpose, with respect to any error, defect, deficiency, infringement, or noncompliance in the Vetting & Validation Service provided by, through, or on behalf of Percent. Use of the Vetting & Validation Service is at the Applicant’s sole risk.
      2. Without limiting paragraph ‎2.‎2.1, neither Percent nor its licensors warrant that Percent Data is accurate, reliable, or correct:; that the data or support will meet the Applicant’s desired outcomes or Client requirements; that the Percent Data will be available at any particular time or location, uninterrupted or secure; that any defects or errors will be corrected; or that the Percent Data is free of viruses or other harmful components. 
    3. The Applicant understands that Percent makes no guarantees about the availability of or the standards or quality of any products or services which might be offered to an the Applicant by any Client.  Any agreement between any Client and an the Applicant for such products or services is strictly between the Applicant and the Client.
  3. USE OF DATA
    1. Each party will comply with all applicable requirements of the Data Protection Legislation.
    2. The Applicant and Percent agree and acknowledge that:
      1. Applicant Data is provided to Percent in order for it to perform the Vetting & Validation Check;
      2. Percent will add the Applicant Data to the Percent Data, to be held and used in accordance with the Privacy Policy;
      3. Percent will collect, use and store the Validation & Validation Outcome in accordance with the Privacy Policy;
      4. The Applicant is responsible for ensuring that they have read and understood Percent’s Privacy Policy;
      5. The Applicant agrees that Percent shall be entitled to share the Vetting & Validation Outcome with the Clients.
  4. RESTRICTIONS

    1. During the course of its use of the Vetting & Validation Service, the Applicant shall not access, store, distribute, transmit or submit any Viruses or any material that is, or potentially is, offensive, explicit, illegal, harmful or prejudicial to any person or property.  Percent reserves the right, without liability to the Applicant or prejudice to its other rights, to delete or disable the Applicant’s access to any material that breaches the provisions of this paragraph.
    2. The Applicant shall not:
      1. except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties and except to the extent expressly permitted under this agreement:
        1. attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Platform in any form or media or by any means; or
        2. attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Platform; or
      2. access or use all or any part of the Platform and/or the Vetting & Validation Services in order to build a product or service which competes with the Vetting & Validation Services or the business of Percent; or
      3. use or facilitate the use of the Software, Vetting & Validation Services other than as expressly permitted by this agreement.
    3. The Applicant shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Platform and/or Vetting & Validation Services and, in the event of any such unauthorised access or use, promptly notify Percent.
    4. In the event of:
      1. any use of the Vetting & Validation Services that breaches the provisions of paragraphs 4.1, 4.2, or 4.3; or
      2. any use of the Platform (or other communications method made available by Percent to Clients or the Applicant in order for the Clients or the Applicant to use the Services) by any third party; Percent reserves the right, without liability to the Applicant or prejudice to its other rights, to suspend its provision of the Vetting & Validation Services, provided that Percent will use commercially reasonable efforts to notify the Applicant and provide the Applicant with an opportunity to remedy such violation or threat prior to such suspension.
  5. APPLICANT’S OBLIGATIONS
    1. The Applicant shall:
      1. comply with all applicable laws and regulations with respect to its activities in connection with the agreement and the Vetting & Validation Services; and
      2. have sole responsibility for the legality, reliability, integrity, accuracy and quality of all Applicant Data.
  6. LICENCE OF DATA
    1. The Applicant grants to Percent a non-exclusive, royalty-free worldwide licence for Percent to access, view and use the Applicant Data (i) to provide the Vetting & Validation Services; (ii) to add the Applicant Data to the Percent Data to enhance Percent’s delivery of the Vetting & Validation Services; and (iii) in accordance with Percent’s Privacy Policy.
    2. Applicant grants to Percent a non-exclusive, royalty-free, perpetual, irrevocable worldwide licence for Percent to (i) access, view, use, store, modify, combine and aggregate the Usage Data, for any purpose and in any way whatsoever, and (ii) use the Usage Data to create Derived Data.
    3. Percent shall own all Intellectual Property Rights in the Derived Data and the Applicant acknowledges that it shall have no rights in relation to the Derived Data.
  7. LIMITATION OF LIABILITY
    1. Except as expressly and specifically provided in these terms:
      1. The Applicant assumes sole responsibility, and Percent shall have no liability, for results obtained from the use of the Vetting & Validation Services by the Applicant and/or the Clients, for conclusions drawn by the Applicant and/or the Clients from such use, and for any actions taken by the Applicant and/or the Clients in consequence of such results or conclusions;
      2. Percent shall have no liability for any damage caused by errors, inaccuracies or omissions in the Percent Data or Applicant Data or any other information or instructions provided by the Applicant in connection with the Vetting & Validation Services, or any actions taken by Percent at the Applicant’s direction; and
      3. all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this agreement.
    2. Nothing in this agreement excludes or limits the liability of either party:
      1. for death or personal injury caused negligence;
      2. for fraud or fraudulent misrepresentation;
      3. for breach of the obligations implied by section 12 of the Sale of Goods Act 1979, or section 2 of the Supply of Goods and Services Act 1982; or
      4. any other liability which may not be excluded by law.
    3. Subject to paragraph 7.2 Percent shall not be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for:
      1. any loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss; or
      2. any special, indirect or consequential loss, costs, damages, charges or expenses; in either case, however arising in connection with the Vetting & Validation Services.
    4. Subject to paragraphs 7.1 and 7.3, Percent’s total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of the Vetting & Validation Services shall, in respect of any claim, be limited to £20.
  8. GOVERNING LAW
    1. This agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales.
  9. JURISDICTION
    1. The Applicant and Percent irrevocably agree that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this agreement or its subject matter or formation (including non-contractual disputes or claims).

Global Charity Terms and Conditions

Percent Global Charity Donation Terms and Conditions

Effective Date: June 1, 2023

We Are Percent Limited of Unit 2.05 12-18 Hoxton Street, London, England, N1 6NG (company number 09387321) (“Percent,” “We,” “Us,” or “Our”) makes available Our “Causes Portal” located at https://causes.poweredbypercent.com (including any updated or new features, functionality and technology related thereto (the “Platform”, and collectively with the other technology and services made available by Us in connection therewith, the “Service”). All access and use of the Service is subject to the terms and conditions contained in these Global Charity Donation Terms and Conditions (as amended from time to time, these “Terms and Conditions”). By checking a box indicating Your acceptance of these Terms and Conditions or otherwise accessing the Service, You acknowledge that You have read, understood, and agree to be bound by these Terms and Conditions.  For purposes of these Terms and Conditions, except in this sentence and the following sentence, “You” or “Your” means the charity that you represent and whose Profile (as defined below) you are claiming or have claimed via the Platform, and you represent and warrant that you have the authority to bind such charity.  If you do not have such authority, or if you (or the charity that you represent) do not accept these Terms and Conditions, you may not access or otherwise use the Service.  

We reserve the right, at our sole discretion, to change or modify portions of these Terms and Conditions at any time. If we do this, we will post the changes on this page and will indicate at the top of this page the date these Terms and Conditions were last revised. You may read a current, effective copy of these Terms and Conditions by visiting the “Global Charity Terms & Conditions” link located at https://poweredbypercent.com/legal. We will also notify you of any material changes, either through the Service user interface, a pop-up notice, email, or through other reasonable means. Your continued use of the Service after the date any such changes become effective constitutes your acceptance of the new Terms and Conditions. You should periodically visit this page to review the current Terms and Conditions so you are aware of any revisions. If you do not agree to abide by these or any future Terms and Conditions, you may not access, browse, or use (or continue to access, browse, or use) the Service.

Your Privacy: At Percent, we respect the privacy of our users. For more information please see our Privacy Policy, located at https://poweredbypercent.com/legal/#privacy-policy (the “Privacy Policy”). By using the Service, you consent to our collection, use and disclosure of personal data and other data as outlined therein.

Platform and Service Description: The Platform allows charities to claim their Profiles and manage and update the information and content regarding such charities.  By claiming Your Profile, you can ensure You are accurately represented to users of the Service. The Service enables its users to view information about, and donate to, charities via a checkout process embedded on Organisation websites or directly through the Platform. The Service also enables You to gain access to new donors and insights and to grow Your brand by integrating with major Organisations through their digital interfaces.

Additional Terms: In addition, when using certain features through the Service, You will be subject to any additional terms applicable to such features that may be posted on or within the Service from time to time, such as the Donation Delivery Policy.  All such terms are hereby incorporated by reference into these Terms and Conditions. 

1. Glossary of defined terms:

  1. For the purposes of these Terms and Conditions,
    1. Australian Consumer Law” means Schedule 2 of the Competition and Consumer Act 2010 (Cth); 
    2. Bank Account” and “Bank Details” means the details of Your bank account provided to Us by You;
    3. Data Protection Legislation” means:
      1. If You are a UK or International based charity, any applicable legislation protecting the personal data of natural persons, including: (i) the Data Protection Act 2018 (ii) the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) and (iii) any successor legislation to the GDPR or the Data Protection Act 2018, together with binding guidance and codes of practice issued from time to time by relevant supervisory authorities.  The terms “data”, “personal data”, “controller”, “processor”, “data subject” and “process” or “processing” have the same meanings as used in the Data Protection Legislation;
      2. If You are an Australian based charity, any applicable legislation protecting the personal data of natural persons, including: (i) Australian Privacy Act 1988 (Cth), Spam Act 2003 (Cth) and the Do Not Call Register Act 2003 (Cth); and (ii) any successor legislation to the Australian Privacy Act 1988 (Cth), together with binding guidance and codes of practice issued from time to time by relevant supervisory authorities; and
      3. If You are a United States based charity, any applicable legislation protecting the personal data of natural persons, including state, federal, and municipal laws, together with binding guidance and regulations issued from time to time by relevant supervisory authorities. 
    4. Donor” is a user of the Service that makes a Donation to the Foundation on a Donor Advised Basis;
    5. Donor Advised Basis” means that the Donor will advise the Foundation of the charity that Donor recommends receives the Donation.  The Donation is an outright donation to the Foundation and the application of the Donation for charitable purposes is at the sole discretion of the Foundation.  However, subject to the completion of satisfactory due diligence, the Foundation will seek where possible to make grants in accordance with the recommendations of Donors;
    6. Donation” is a donation made by a Donor to the Foundation using the Service to be held and applied by the Foundation on a Donor Advised Basis;
    7. Eligible Entity” is a charity that is not a Registered Charity that the requirements set out in Schedule 2 to these Terms and Conditions;
    8. Foundation” means, as of the date of these Terms and Conditions:
      1. If You are a UK or International based charity, the Intelligent Foundation (a charitable incorporated organisation that is registered with the Charity Commission for England and Wales under number 1192508) or such other charitable entity registered with the Charity Commission for England and Wales selected by Us that receives Donations on a Donor Advised Basis via the Service;
      2. If You are an Australian based charity, The Trustee for Intelligent Foundation (a public ancillary fund that is registered with the Australian Charities and Not-for-profits Commission with Australian Business Number 48156978613) or such other charitable entity selected by Us; and
      3. If You are a United States based charity, Percent Impact Foundation, a nonprofit Delaware corporation qualifying for United States Federal tax exemption under Section 501(c)(3) of the Internal Revenue Code of 1986, as amended (the “U.S. Code”) with Federal Tax ID: 87-3165286 or such other charitable entity registered with the Internal Revenue Service selected by Us.
    9. International” means any country outside of the United States, UK and Australia.
    10. Organisations” are third party business organisations that may encourage their various stakeholders, including their staff and customers, to make donations of time and money to charities and other good causes, and to facilitate matched giving donations by the organisations themselves, by providing them access to the Service;
    11. Personal Data” has the meaning ascribed to such term, or equivalent thereof, in the applicable Data Protection legislation; and 
    12. Profile” means Your charity’s profile on the Platform.
    13. “Registered Charity”  means a (i) UK Charity established under the law of England and Wales, or Scotland or Northern Ireland, as applicable, and registered with the Charity Commission for England and Wales, the Office of the Scottish Charity Regulator or the Charity Commission for Northern Ireland or are recognized as a charity by HM Revenue and Customs; (ii) Australian Charity established under the laws of the Commonwealth of Australia or its states or territories as applicable and registered with the Australian Charities and Non-for-profits Commission; or (iii) US Charity recognized by the Internal Revenue Service as exempt from Federal income tax under Section 501(c)(3) of the Code and classified as a public charity under Section 509(a)(1) or 509(a)(2) of the Code on the Internal Revenue Service’s Exempt Organizations Business Master File Extract. You must promptly notify Us of any changes to your status as a Registered Charity.

2. Use of Service

  1. Acceptance of Your registration to use the Platform and/or be featured on the Service is at Our sole discretion.
  2. If you are not a Registered Charity, you must meet the requirements to qualify as an Eligible Entity in order to use the Platform and be featured on the Service.  This will be assessed by Us once You have completed an eligibility application.
  3. If Your registration to use the Platform is accepted, We will provide You with access to the Platform unless and until it is suspended or terminated in accordance with these Terms and Conditions.
  4. If We accept Your registration to use the Service, You must set up a user ID and password.  You will be responsible for the proper use of Your user ID and password and taking all necessary steps to keep these confidential and secure, to use them properly and not to make these available to unauthorised people.
  5. You must complete Your Profile and provide Your Bank Details, and be accepted by Us, in order to access and use the Service.  The Bank Account must be in Your name.  You must provide any documentation that we request to enable Us to verify Your Bank Details.  You must keep Your Profile regularly updated and inform Us straight away if Your Bank Details change.
  6. You warrant and represent that the information in Your Profile and Your Bank Details are true and accurate and must not be misleading.  It must accurately reflect Your charitable purposes.  It must not contain any inappropriate content.  We reserve Our absolute right to remove Your Profile from the Service in the event that We, in our sole discretion, determine any content provided by You is inappropriate or inaccurate or misleading.  
  7. If you are a United States based charity, You bear responsibility for complying with all laws, rules and regulations applicable to your status as a charity exempt from Federal income tax under Section 501(c)(3) of the Code.  You understand that you may have obligations to register under US state or local laws regarding charitable solicitations; that We have no obligation to assist with any such registration and no liability for your failure to register properly.  You agree to bear all costs associated with your compliance with such requirements. You agree that, for purposes of state charitable solicitation laws or regulations, nothing in these Terms and Conditions is intended to cause Us in any way to act as a professional fundraiser or fundraising counsel on your behalf. 
  8. We may seek further information from You, and relevant third parties, to verify and audit the accuracy of the information provided by You.  We may also ask You to provide further information as part of our due diligence procedures. If you fail to provide such information, We retain absolute discretion to reject Your registration or remove Your Profile from the Service. 
  9. You will only use monies received from the Foundation for purposes that are charitable under (i) if You are an Australian based charity, the laws of the Commonwealth of Australia and its states and territories; (ii) if You are a United States based charity, the laws of the United States including. but not limited to, Section 501(c)(3) of the Code, and (iii) if You are a UK or International based charity, the laws of England and Wales, and in particular those purposes set out in Your Profile (collectively, “Charitable Purposes”).  Depending on the level of the Donations, You may be required to provide a confirmatory letter to the Foundation or to enter into a grant agreement with the Foundation.
  10. We retain absolute discretion to remove Your Profile from the Service if as a result of our due diligence procedures, We consider that it is inappropriate for You to remain on the Service.  The reasons for this include, but are not limited to, that You do not meet the requirements to qualify as an Eligible Entity, if applicable, or that You are not up-to-date with Your filing requirements with the relevant charity regulator or that You are subject to regulatory action by such regulator.
  11. If a Donor’s recommendation in relation to their Donation relates to You and You are no longer on the Service or have not been accepted by Us, the Donation shall be dealt with in accordance with the Undeliverable Donations Policy, which can be found here.

3. The Service

  1. We make Your Profile available on the Service to third parties to enable Donors to identify the charity that they would wish to support.  This will include Your Profile appearing on websites, services and platforms of Organisations that enable access to the Service so that their customers and/or employees can make Donations.
  2. We will not charge You any fees for using the Service.  In some cases the Foundation may be charged a fee for applying Donations, in which case the Donors will be made aware of this.
  3. Grants made by the Foundation to charities listed on the Service will be disbursed by the Foundation.  Further details are set out in the payment procedures located on Our website.
  4. Donors make donations to the Foundation and not to You or other charities.  As a result, any donations You receive pursuant to these Terms and Conditions are made by the Foundation, not by Donors.  The Foundation retains exclusive legal control over all donations received by it from Donors and the Foundation exercises its discretion in making grants, if any, to You.

4. Continuity of Service

  1. You acknowledge We are granting access to use the Service to certain Organisations and users to allow them to make Donations.  However, We are not providing any sort of fundraising advice or services to You and do not guarantee You will receive any Donations.
  2. Subject to applicable law, including but not limited any consumer guarantees applicable to Your use of the Service (including under the Australian Consumer Law if you are an Australian based charity), You agree that the Service is provided on an “as is” and “as available” basis and that Your use of the Service is at Your sole risk.  We will make reasonable efforts to ensure that the Service is provided in a professional and timely manner and that the Service is available continuously, but We reserve the right to modify, suspend or discontinue all or any part of the Service (including the Platform) at any time with or without notice.
  3. We do not guarantee continuous uninterrupted or secure access to the Service.  We may without any liability to You suspend the use and operation of the Service or any portion thereof at any time, for example for systems maintenance or upgrades.  The use and operation of the Service may also be interrupted by factors that are outside our control.  Except as expressly set out in these Terms and Conditions and, if you are an Australian based charity, under any applicable consumer guarantees under the Australian Consumer Law, We do not provide any representations or warranties in relation to the Service and to the extent permitted by law exclude all representations, warranties and conditions implied by law.

5. Data Protection

  1. Both parties will comply with all applicable requirements of the Data Protection Legislation.  This clause 5 is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under the Data Protection Legislation.
  2. If You are an Australian based charity, You acknowledge that we collect and process the information set out in Schedule 1 and You warrant that You will obtain all necessary and appropriate consents and provide all notices required by applicable Data Protection Legislation in place to enable the lawful transfer of the Personal Data to Us for the duration and purposes of these Terms and Conditions.  
  3. If You are a non-Australian based charity: 
    1. Schedule 1 sets out the scope, nature and purpose of processing of Your Personal Data by Us, the duration of the processing and the types of Personal Data and categories of Data Subject.
    2. Without prejudice to the generality of clause 1, You will ensure that all necessary and appropriate consents and notices are in place to enable the lawful transfer of the Personal Data to Us for the duration and purposes of these Terms and Conditions.
    3. Without prejudice to the generality of clause 5.1, We shall, in relation to any Personal Data processed in connection with the performance by Us of Our obligations under these Terms and Conditions:
      1. process that Personal Data only on Your documented written instructions which are set out in Schedule 1 unless We are required by applicable law to otherwise process that Personal Data.  Where We are relying on applicable law as the basis for processing Personal Data, We shall promptly notify You of this before performing the processing required by applicable law unless the applicable law prohibits Us from so notifying You;
      2. ensure that We have in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);
      3. ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential;
      4. not transfer any Personal Data outside of the UK unless Your prior written consent has been obtained and the following conditions are fulfilled:
        1. either You or Us have provided appropriate safeguards in relation to the transfer;
        2. the data subject has enforceable rights and effective legal remedies;
        3. We comply with our obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and
        4. We comply with reasonable instructions notified to Us in advance by You with respect to the processing of the Personal Data;
      5. assist You, at Your cost, in responding to any request from a Data Subject and in ensuring compliance with your obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
      6. notify You without undue delay on becoming aware of a Personal Data Breach;
      7. at Your written direction, delete or return Personal Data and copies thereof to You on termination of these Terms and Conditions unless required by applicable law to store the Personal Data; and
      8. maintain complete and accurate records and information to demonstrate its compliance with this clause 5.
  4.  When Donors use the Service and make a Donation that they advise they would like to be received by You, We will ask them if they agree to be contacted by You.  If they agree We will provide You with contact details of the Donor in Your account report and You agree that You will not use any Donor personal information (“Donor Data”) We give You for any purpose other than in accordance with Our Privacy Policy and in no event for the purpose of direct marketing or sending a commercial electronic message unless you have directly received the express consent of the Donor to do so and comply with at all times the applicable Data Protection Legislation. Where We transfer Donor Data to You in accordance with the Donor’s direct consent, both You and Us are Controllers in our own right. Where we transfer Donor Data to You in accordance with the Donor’s consent that has been obtained by an Organisation, we are a Processor of the Donor Data and you are a “Third Party” as that term is defined in the Data Protection Legislation. Regardless of whether you are a Controller or Third Party with respect to the Donor Data, you agree that the provisions set forth in this Section 5 and Schedule 3 apply to Our transfer of Donor Data to You and your processing of the Donor Data.
  5. We will ensure that we have in place all necessary notices and/or consents to enable the lawful transfer of personal data to You.
  6. The parties agree to comply with their respective obligations under the Data Protection Legislation.
  7. If a Donor subsequently asks for their details to be updated or removed from the Service and our records (“Donor Request”) We will update or delete their Personal Data in accordance with the Donor Request and You shall do the same on receipt of our notification to You or if You receive a Donor Request directly.  You agree to (i) comply promptly with any Donor Request and (ii) regularly update Your own records and only to use the records applicable to You in respect of any Donor Data captured using the Service to ensure that You do not contact Donors who have withdrawn their consent to be contacted by You.

6. Intellectual Property Rights

  1. Intellectual Property Rights means patents, trademarks, service marks, rights (whether registered or unregistered) in any designs, trade or business names and copyright (including rights in computer software), database rights, and topography rights, know-how, lists of suppliers and customers and other confidential and proprietary knowledge and information, rights protecting goodwill and reputation, applications for any of the foregoing and all rights or forms of protection of a similar nature or having equivalent effect anywhere in the world.
  2. You hereby grant Us a non-exclusive, royalty free and world-wide license to use and display Your name and logo, and the content of Your Profile on the Service and to sub-license the same to the Organisations and their and Our service providers to enable Us and the Organisations to provide the Service. In addition, you hereby grant Us a non-exclusive, royalty free, and world-wide license to use and display Your name and logo to identify You as an Eligible Entity in our marketing materials, including but not limited to, marketing emails and content on Our website. You warrant You are the owner of the Intellectual Property Rights in the name and logo and the content uploaded to Your Profile, that they do not infringe any third-party Intellectual Property Rights and that You are entitled to grant the license in this clause to Us.  This license will terminate in the event these Terms and Conditions terminate.  You may inform Us if you do not want any Organisation to use Your name and logo and We will discuss this matter with You.
  3. Any Intellectual Property Rights in Your name, logo and the content of Your Profile remain vested in You and all goodwill generated as a result of Our use of Your name and logo shall vest in You.
  4. Our name and logo and all content of the Service and all Intellectual Property Rights therein are owned by Us or licensed to Us and are protected by applicable Intellectual Property Rights and laws.  The Service itself and any Intellectual Property Rights therein (including without limitation in the website design, any related wireframes, source code or databases) remain vested in Us and all goodwill generated as a result of Your use of Our name and logo shall vest in Us.  You may not disassemble, decompile, reverse translate or in any other manner decode the Service or any portion thereof, except as permitted by applicable law.

7. Representations and Warranties

  1. You represent and warrant to Us and to the Foundation that:
    1. If you are not a Registered Charity, You meet the requirements to qualify as an Eligible Entity;
    2. If You are a UK based charity, You are a charity established under the law of England and Wales, or Scotland or Northern Ireland, as applicable;
    3. If You are a UK based charity, You are registered with the Charity Commission for England and Wales, the Office of the Scottish Charity Regulator or the Charity Commission for Northern Ireland or are recognized as a charity by HM Revenue and Customs;
    4. If You are an Australian based charity, You are a charity established under the laws of the Commonwealth of Australia or its states or territories as applicable; 
    5. If You are an Australian based charity, You are registered with the Australian Charities and Non-for-profits Commission;
    6. If You are a United States based charity, (i) You are recognized by the Internal Revenue Service as exempt from Federal income tax under Section 501(c)(3) of the Code and classified as a public charity under Section 509(a)(1) or 509(a)(2) of the Code on the Internal Revenue Service’s Exempt Organizations Business Master File Extract; (ii) You are solely responsible for maintaining Your exempt status and classification as a public charity at all times during the term of these Terms and Conditions and you will promptly notify Us of any changes to your exempt status and classification as a public charity; (iii) You will at all times use the Platform and Service in compliance with all applicable laws, rules and regulations, including any requirements governing charitable status and solicitation of charitable donations; You will apply monies received from the Foundation as a result of Donations made through the Service to further Your charitable purposes in accordance with all applicable laws;
    7. You will apply any monies received from the Foundation only for Charitable Purposes;
    8. You have the requisite power and authority to enter into these Terms and Conditions and to carry out and perform Your obligations under these Terms and Conditions;
    9. Compliance with these Terms and Conditions does not and will not conflict with, or constitute a default under any contract, agreement, instrument, order, statute, rule or regulation applicable to You.

8. Monitoring and audit

  1. You shall maintain records of receipts of funds received from the Foundation via the Service and the expenditure of those funds for at least 7 years.
  2. You shall promptly respond to any request from Us or from the Foundation for information about the application of funds received from the Foundation via the Service.  We or the Foundation will make such a request (a) where You have received substantial amounts from the Foundation via the Service; (b) if We or the Foundation have concerns that You may not have applied funds received for Charitable Purposes or (c) as part of Our or the Foundation’s overall monitoring and audit policies and procedures to ensure that Donations are only applied for Charitable Purposes.

9. Repayment

  1. You shall promptly repay to the Foundation any money incorrectly paid to You either as a result of an administrative error or otherwise.  This includes (without limitation) situations where either an incorrect sum of money has been paid to You or where monies have been paid to You in error.
  2. The Foundation may at its discretion withhold or suspend the making of any grants to you and/or require repayment of any grants made to You if:
    1. You use the grant for purposes that are not Charitable Purposes; 
    2. You provide Us or the Foundation with any materially misleading or inaccurate information; 
    3. You cease to operate for any reason, or You pass a resolution (or any court of competent jurisdiction makes an order) that You be wound up or dissolved (other than for the purpose of a bona fide and solvent reconstruction or amalgamation); or
    4. You breach any of the representations and warranties as set out in clause 7.

10. Termination

  1. The Foundation may terminate these Terms and Conditions immediately without cause and without the need to compensate the other party, at any time, with written notice to You (including by email).  Upon receipt of notice, You will have no right to use the Service and Your Profile shall be removed from the Service.
  2. You may terminate these Terms and Conditions without cause and without the need to compensate the Foundation, at any time, by giving 28 days written notice (including by email) to the Foundation. At the end of this period, You will have no right to use the Service and Your Profile shall be removed from the Service. 
  3. To the extent permitted by applicable laws, either party may terminate the provision or use of the Service (as the case may be) with immediate effect by written notice (including by email) to the other party if the other party (i) is unable to pay its debts as they fall due, (ii) passes a resolution for winding up (other than for the purposes of a solvent amalgamation or reconstruction) or if a court of competent jurisdiction makes an order to that effect, (iii) enters into a composition or scheme of arrangement with its creditors or if a receiver, manager, administrator or administrative receiver is appointed over any of its assets, (iv) ceases or threatens to cease to do business; or (v) an analogous event occurs to the other party in any jurisdiction.
  4. Either party may terminate the provision or use of the Service (as the case may be) with immediate effect by written notice (including by email) to the other party if the other party does or suffers to be done anything that is likely to bring that party’s name or reputation into disrepute.
  5. We may terminate the provision of the Service to You with immediate effect by written notice (including by email) to You if (i) You fail materially to comply with Your obligations under these Terms and Conditions or (ii) You provide any materially misleading or inaccurate information.
  6. Termination of these Terms and Conditions for any reason shall not affect any rights, remedies or obligations of the Parties that have accrued or become due prior to termination.
  7. The provisions of clauses 5, 7, 8, 9, 11 and 12 shall continue in full force and effect after termination or expiry of these Terms and Conditions.

11. Liability

  1. NOTHING IN THESE TERMS AND CONDITIONS SHALL SEEK TO EXCLUDE OR LIMIT THE LIABILITY OF EITHER PARTY TO THE EXTENT SUCH LIMITATION OR EXCLUSION IS NOT PERMITTED BY APPLICABLE LAW:
    1. FOR DEATH OR PERSONAL INJURY CAUSED BY THE NEGLIGENCE OF A PARTY OR ITS DIRECTORS, EMPLOYEES, AGENTS OR SUBCONTRACTORS;
    2. FOR ANY FRAUD OR FRAUDULENT MISREPRESENTATION OR, IF YOU ARE AN AUSTRALIAN BASED CHARITY, UNDER THE AUSTRALIAN CONSUMER LAW;
    3. TO THE EXTENT SUCH LIMITATION OR EXCLUSION IS NOT PERMITTED BY LAW.
  2. SUBJECT TO CLAUSE 11.1, OUR LIABILITY TO YOU FOR ANY AND ALL LOSS, INJURY OR DAMAGE SUFFERED IN CONNECTION WITH THESE TERMS AND CONDITIONS SHALL TO THE EXTENT PERMITTED BY APPLICABLE LAW:
    1. FOR EACH EVENT OR SERIES OF CONNECTED EVENTS, BE LIMITED TO THE SUM OF £50.
  3. WE SHALL NOT BE LIABLE, WHETHER IN CONTRACT, TORT (INCLUDING FOR NEGLIGENCE AND BREACH OF STATUTORY DUTY HOWSOEVER ARISING), MISREPRESENTATION (WHETHER INNOCENT OR NEGLIGENT), RESTITUTION OR OTHERWISE, FOR:
    1. ANY LOSS (WHETHER DIRECT OR INDIRECT) OF DONATIONS OR GIFT AID, PROFITS, BUSINESS, BUSINESS OPPORTUNITIES, REVENUE, TURNOVER, REPUTATION OR GOODWILL;
    2. ANY LOSS (WHETHER DIRECT OR INDIRECT) OF ANTICIPATED SAVINGS OR WASTED EXPENDITURE (INCLUDING MANAGEMENT TIME); 
    3. ANY LOSS OR LIABILITY (WHETHER DIRECT OR INDIRECT) UNDER OR IN RELATION TO ANY OTHER CONTRACT; OR
    4. ANY OTHER INDIRECT, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR SPECIAL DAMAGES.

12. Rights of the Foundation

The Foundation shall have the right to enforce the terms of clauses 7, 8 and 9 of these Terms and Conditions, and is hereby deemed an intended third-party beneficiary of these Terms and Conditions.

13. General

  1. Force Majeure” means any event beyond the reasonable control of either of the Parties including but not limited to:  any Act of God, act or threat of terrorism, war or government action or restriction; any strike, lock-out, industrial action; any fire, flood, drought, tempest, epidemic or pandemic or any failure of any utility or computerised telephonic or on-line systems operated by any third party.
  2. If We are affected by Force Majeure We will seek to notify You by email of the nature and extent of the circumstances in question and shall use reasonable endeavours to find alternative ways to continue to fulfill Our obligations under these Terms and Conditions.
  3. Notwithstanding any other provision of these Terms and Conditions We shall not be deemed to be in breach of these Terms and Conditions or otherwise liable to the other for any delay in the performance or non-performance of any of Our obligations under these Terms and Conditions to the extent that the delay or non-performance is due to any Force Majeure and the time for performance of that obligation shall be extended accordingly.
  4. If the relevant Force Majeure prevails for a continuous or aggregate period in excess of fourteen (14) days after the date on which the Force Majeure begins, We may elect to terminate these Terms and Conditions.
  5. No failure or delay by either Party to exercise any right, power or remedy will operate as a waiver of it nor will any partial exercise preclude any further exercise of the same or of some other power, right or remedy.
  6. If any provision of these Terms and Conditions shall in whole or in part be held to any extent to be illegal or unenforceable under any enactment or rule of law then such provision shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable and the enforceability of the remainder of these Terms and Conditions shall not be affected.
  7. These Terms and Conditions and the documents referred to in it including Your Profile, contains the entire agreement between Us relating to the Service being provided by Us.  We each acknowledge that, in entering into these Terms and Conditions, neither of Us has relied on, and shall have no right or remedy in respect of, any statement, representation, assurance or warranty (whether made negligently or innocently) other than as expressly set out in these Terms and Conditions or, if you an Australian based charity, under the Australian Consumer Law.  Nothing in this clause shall exclude or limit any liability for fraud.
  8. You may not assign or purport to assign the benefit of any of its rights under these Terms and Conditions without our prior written consent.  We may assign these Terms and Conditions in our discretion, including to any successor that purchases all or substantially all of Our business or assets to which these Terms and Conditions relate.
  9. Subject to clause 12, which confers the right on the Foundation to enforce specified provisions of these Terms and Conditions, nothing in these Terms and Conditions shall confer on any third party the right under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of these Terms and Conditions.
  10. If You are an Australian based charity: 
    1. These Terms and Conditions and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of New South Wales, Australia.
    2. Each Party irrevocably agrees that the courts of New South Wales, Australia shall have exclusive jurisdiction over any dispute or claim arising out of or in connection with these Terms and Conditions or its subject matter or formation (including non-contractual disputes or claims).
  11. If You are based in the United States: 
    1. These Terms and Conditions and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of the State of Delaware without regards to the principles of conflicts of law.
    2. Unless otherwise elected by US in a particular instance, you hereby expressly agree to submit to the exclusive personal jurisdiction of the federal and state courts of the State of Delaware for the purpose of resolving any dispute or claim arising out of or in connection with these Terms and Conditions or its subject matter or formation (including non-contractual disputes or claims).
  12. If You are not based in Australia or the United States: 
    1. These Terms and Conditions and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of England and Wales. 
    2. Each Party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction over any dispute or claim arising out of or in connection with these Terms and Conditions or its subject matter or formation (including non-contractual disputes or claims).

14. Notices

  1. We may give notice to You under these Terms and Conditions by email to the email address included in Your Profile and such notice will be effective when sent.  If you fail to provide or update valid contact information in Your Profile You waive your right to receive notice under these Terms and Conditions during the period of such failure.
  2. You may give notice to Us under these Terms and Conditions by email:  hello@poweredbypercent.com.  Such notice will be effective when sent.

Schedule 1 – Processing of Your Personal Data

Scope, nature & purpose of processing – the provision of the Service by Percent for You.

Duration of the processing – term of the Terms and Conditions and as otherwise permitted or required under the Data Protection Legislation.

Types of personal data:

  • Identity data:  names of your employees or representatives.
  • Contact data:  Your representative’s email addresses, your representative’s telephone number(s)
  • Profile & technical data:  data linked to each user’s use of the Service Marketing & communications data:  including any marketing and communication preferences.
  • Charity Platform account information:  information about your Platform account, including log-in details, details of these Terms and Conditions, communications through the Platform.
  • Transaction & payment information:  bank account details which you provide to Us in order to receive Donations; information about payments which we make to you.
  • Categories of data subject:  Your employees and authorised representatives.

Schedule 2 – Requirements for an organisation to qualify as an “Eligible Entity”

1. All of the purposes of the organisation must fall within the following headings.  The organisation cannot exist for a mixture of charitable and non-charitable purposes.

(a) The prevention or relief of poverty;

(b) The advancement of education;

(c) The advancement of religion;

(d) The advancement of health or the saving of lives;

(e) The advancement of citizenship or community development;

(f) The advancement of the arts, culture, heritage or science;

(f) The advancement of amateur sport;

(g) The advancement of human rights (in accordance with the guidance RR12 published by the Charity Commission for England Wales (the “Charity Commission”), conflict resolution or reconciliation or the promotion of religious or racial harmony or equality and diversity;

(h) The advancement of environmental protection or improvement;

(i) The relief of those in need because of youth, age, ill-health, disability, financial hardship or other disadvantage;

(j) The advancement of animal welfare;

(k) Any other charitable purpose that is similar to the one above and which has been recognised as charitable by the English Courts or by the Charity Commission.

AND

2. The purpose(s) must be for the public benefit as that term is understood under the law relating to charities in England and Wales.  This means that:

(a) The purpose must be beneficial.

(b) Any detriment or harm that results from the purpose must not outweigh the benefit.

(c) The purpose must benefit the public in general or a significant section of the public; and

(d) The purpose must not give rise to more than incidental private benefit.

For further information, see the Charity Commission’s Guidance on Public Benefit:  Public benefit:  the public benefit requirement – GOV.UK (www.gov.uk).

AND

3. The organisation must have accepted the terms of use for non-UK charities using the Service.

AND

4. The organisation must have registered as a charity where registration is possible in the applicable jurisdiction.

AND

5. The organisation must not exist for a political purpose, i.e., any purpose directed at furthering the interests of any political party, or securing or opposing a change in the law, policy or decisions.  It can campaign in furtherance of its charitable purposes in line with the Guidance published by the Charity Commission in CC9 (Campaigning and political activity guidance for charities – GOV.UK (www.gov.uk)).

AND

6. The organisation cannot operate in any sanctioned countries and regions listed in any sanctions-related list maintained by any of the following: the Government of Canada, the UK Government, the Office of Foreign Assets Control of the U.S. Department of the Treasury, the U.S. Department of State, the United Nations Security Council, the European Union, or any European Union member state.

Schedule 3 – Your Processing of Donor Data

  1. Definitions
    1. EU SCCs” means the Standard Contractual Clauses issued pursuant to Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, available at http://data.europa.eu/eli/dec_impl/2021/914/oj and completed as described in this Schedule 3.
    2. UK SCCs” means the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses, available as of the DPA Effective Date at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/ and completed as described in this Schedule 3 (International Data Transfers).
  2. With respect to Donor Data transferred from the European Economic Area, the EU SCCs will apply and form part of these Terms and Conditions, unless the European Commission issues updates to the EU SCCs, in which case the updated EU SCCs will control. Undefined capitalized terms used in this provision will have the meanings given to them (or their functional equivalents) in the definitions in the EU SCCs. For purposes of the EU SCCs, they will be deemed completed as follows:
    1. Because You and We are both Controllers, Module 1 applies.
    2. Clause 7 (the optional docking clause) is not included.
    3. Under Clause 11 (Redress), the optional requirement that data subjects be permitted to lodge a complaint with an independent dispute resolution body is inapplicable. 
    4. Under Clause 17 (Governing law), the Parties select Option 1 (the law of an EU Member State that allows for third-party beneficiary rights).  The Parties select the law of Ireland.
    5. Under Clause 18 (Choice of forum and jurisdiction), the Parties select the courts of Ireland.
    6. Annexes I and II of the EU SCCs are set forth in Exhibit A to this Schedule 3.
    7. By entering into this DPA, the Parties are deemed to be signing the EU SCCs.
  3. With respect to Personal Data transferred from the United Kingdom for which the law of the United Kingdom (and not the law in any European Economic Area jurisdiction) governs the international nature of the transfer, the UK SCCs form part of this Schedule 3 and take precedence over the rest of this Schedule 3 as set forth in the UK SCCs, unless the United Kingdom issues updates to the UK SCCs, in which case the updated UK SCCs will control. Undefined capitalized terms used in this provision will have the meanings given to them (or their functional equivalents) in the definitions in the UK SCCs. For purposes of the UK SCCs, they will be deemed completed as follows: 
    1. Table 1 of the UK SCCs:
      1. The Parties’ details are the Parties and their affiliates to the extent any of them is involved in such transfer, including those set forth in Exhibit A.  
      2. The Key Contacts are the contacts set forth in Exhibit A.
    2. Table 2 of the UK SCCs: The Approved EU SCCs referenced in Table 2 are the EU SCCs as executed by the Parties pursuant to this Schedule 3. 
    3. Table 3 of the UK SCCs: Annex 1A, 1B, and II are set forth in Exhibit A.
    4. Table 4 of the UK SCCs: Either party may terminate these Terms and Conditions as set forth in Section 19 of the UK SCCs.
    5. By entering into this Schedule 3, the Parties are deemed to be signing the UK SCCs and their applicable Tables and Appendix Information.
  4. With respect to Personal Data transferred from Switzerland for which Swiss law (and not the law in any European Economic Area jurisdiction) governs the international nature of the transfer, the EU SCCs will apply and will be deemed to have the following differences to the extent required by the Swiss Federal Act on Data Protection (“FADP”):
    1. References to the GDPR in the EU SCCs are to be understood as references to the FADP insofar as the data transfers are subject exclusively to the FADP and not to the GDPR.
    2. The term “member state” in the EU SCCs will not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c) of the EU SCCs.
    3. References to Personal Data in the EU SCCs also refer to data about identifiable legal entities until the entry into force of revisions to the FADP that eliminate this broader scope.
    4. Under Annex I(C) of the EU SCCs (Competent supervisory authority): where the transfer is subject exclusively to the FADP and not the GDPR, the supervisory authority is the Swiss Federal Data Protection and Information Commissioner, and where the transfer is subject to both the FADP and the GDPR, the supervisory authority is the Swiss Federal Data Protection and Information Commissioner insofar as the transfer is governed by the FADP, and the supervisory authority is as set forth in the EU SCCs insofar as the transfer is governed by the GDPR.

 

Exhibit A

Annexes to EU SCCs

ANNEX I

A. LIST OF PARTIES

Data exporter(s): 

Name: We Are Percent Limited 

Address: Unit 2.05 12-18 Hoxton Street, London, England, N1 6NG

Contact person’s name, position and contact details: Tom Shields, Information Security

Officer, dpo@poweredbypercent.com

Activities relevant to the data transferred under these Clauses: Providing the Service set forth in the Terms and Conditions.

Role (controller/processor): Controller

Data importer: 

Name: As specified in the Terms and Conditions

Address:  As specified in the Terms and Conditions.

Activities relevant to the data transferred under these Clauses: Receipt of Service set forth in the Terms and Conditions.

Role (controller/processor): Controller

B. DESCRIPTION OF TRANSFER 

Categories of data subjects whose personal data is transferred

The personal data transferred concern the following categories of data subjects or consumers:

Donors

Categories of personal data transferred

The categories of personal data may include, but are not limited to, the following: 

Such personal data that We request from or allow our Donors to provide through the Service, which may include, but is not limited to, name, email address, and mailing address.      

Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

     N/A

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).

Continuously, for the duration of the Terms and Conditions.

Nature of the processing

We will process the Personal Data as necessary to provide the Service pursuant to the Terms and Conditions, and You will process the Personal Data as necessary to receive the Service.

Purpose(s) of the data transfer and further processing

For Us to provide the Service to You pursuant to the Terms and Conditions and for You to receive the Service.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

Personal Data will be retained for the length of time necessary to provide and benefit from the Service under these Terms and Conditions, or as otherwise required by applicable law.

C. COMPETENT SUPERVISORY AUTHORITY

Identify the competent supervisory authority/ies in accordance with Clause 13.

The parties will follow the rules for identifying such authority under Clause 13 and, to the extent legally permissible, select the Irish Data Protection Commission.

 

ANNEX II

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. 

1. General Security Measures

You will comply with industry-standard security measures (including with respect to personnel, hardware and software, storage and networks, access controls, monitoring and logging, vulnerability and breach detection, and incident response measures necessary to protect against unauthorized or accidental access, loss, alteration, disclosure or destruction of personal data), as well as with all applicable data privacy and security laws, regulations and standards.  

2. Information Security Program

You shall establish, implement, and maintain an information security program that includes technical and organisational security and physical measures as well as policies and procedures to protect Donor Data against accidental loss; destruction or alteration; unauthorized disclosure or access; or unlawful destruction.

3. Human Resources Security

You shall maintain a policy that defines requirements around enforcing security measures as they relate to employment status changes. This includes performing background checks, acknowledging and complying with Your security policies, and utilizing onboarding and termination checklists for employees and third parties.

4. Data Classification & Protection

You shall maintain policies and procedures for data classification and protection, along with requirements for the classification of data containing personal data in consideration of applicable laws, regulations, and contractual obligations. You shall also maintain requirements on data encryption and rules for transmission of data along with requirements on how access to these data should be governed.

5. Physical and Environmental Security

You shall maintain policies and procedures for physical and environmental security and ensure that critical information services be protected from interception, interference, or damage.

6. Access Control

You shall maintain access control measures designed to limit access to Your facilities, applications, systems, network devices, and operating systems to a limited number of personnel who have a business need for such access. You shall ensure such access is removed when no longer required and shall conduct access reviews periodically.

Privacy Policy

Percent Privacy Policy

Effective Date: March 1, 2024

This privacy policy (“Policy”) describes how We Are Percent Limited (“Percent”, “us”, “we”, “our”) collect, use and share Personal Data of individual users of our website (https://poweredbypercent.com) and our services (“Services”). Our individual users may be associated with, or may be, any of the following: 

  • Clients (as defined in the Standard Terms and Conditions), 
  • Charities and Applicants (both as defined in the Standard Terms and Conditions), 
  • Donors (as defined in the End User Hosted Donation Gateway Additional Terms),
  • Client Employees (as defined in the Employee Engagement Solution Additional Terms), and
  • Any visitors to our website. 

Please take a moment to read this Policy as it includes important information. By using our Services and providing us with your Personal Data, you acknowledge and agree that your Personal Data may be processed for the purposes identified in this Policy. Please note that our Cookie Policy also applies to your use of our website.

This Policy sets out:

  • who we are;
  • the Personal Data we collect about you;
  • how we use your Personal Data;
  • the circumstances in which we may share your Personal Data with third parties;
  • how we may contact you for marketing purposes;
  • the circumstances in which we may transfer Personal Data outside of the European Economic Area;
  • how we protect your Personal Data;
  • how we may retain your Personal Data;
  • your legal rights in relation to your Personal Data; and 
  • who we may disclose your Personal Data to.

You can find out more about Percent on our website and in our contract with you.

1. WHO WE ARE & CONTACT INFORMATION

We Are Percent Limited is a company registered in England and Wales with registered company number 09387321 and having its registered office address at Unit 2.05 12-18 Hoxton Street, London, England, N1 6NG.

We have appointed a data privacy manager who is responsible for overseeing questions in relation to this policy. If you have any questions about this policy, including any requests to exercise your legal rights, please contact our Data Protection Officer at dpo@poweredbypercent.com or write to us using the details set out above. 

You have the right to make a complaint at any time to the supervisory authority for data protection issues for your country (“Data Protection Authority”). We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Authority so please contact us in the first instance.

2. WHAT WE COLLECT

a. Personal Data you disclose to us 

“Personal Data” means any information which, either alone or in combination with other information in our possession, enables you to be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of Personal Data about you which you provide to us when you contact us and/or when you use the Services.  The types of information which we may collect includes:

  • Identity Data includes first name, last name, username or similar identifier, job title, social media handles/URLs.
  • Contact Data includes your address, email address and telephone numbers.
  • Financial Data includes any financial information about you which you provide to us.
  • Transaction Data includes details about payments to and from you through our website.
  • Profile Data includes your username and password, your interests, preferences, feedback and survey responses.  
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share aggregated data such as statistical or demographic data for any purpose (“Aggregated Data”). Aggregated Data may be derived from your Personal Data but is not considered Personal Data under applicable law as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this privacy policy.

b. Information automatically collected when you use our website

We automatically collect certain information when you visit, use or navigate our website. This information does not reveal your specific identity (unless your device name is the same as your name) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, browsing patterns, clicks you make on a page, and other information about how and when you use the website and other technical information. This information is primarily needed to maintain the security and operation of the website, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies. You can find out more about this in our Cookie Policy.

3. HOW WE USE PERSONAL DATA

We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

Generally, we do not rely on consent as a legal basis for processing your Personal Data other than when legally required before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

We have set out below a description of all the ways we plan to use your Personal Data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your Personal Data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your Personal Data where more than one ground has been set out in the table below.

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To register you as a new Client or other type of registered user (a) Identity 

(b) Contact

 (a) Performance of a contract with you or the entity you represent
To process and deliver Services:

(a) Manage payments, fees and charges

(b) Collect and recover money owed to us

(c) Facilitate and enable the payment of charitable donations through the Services, and related services such as the provisions of receipts or remittances and gift aid statements 

(d) Add data to our Organisation Database (as defined in the Vetting and Validation Service Additional Terms) to help provide the Services, including validation of Applicants

 (a) Identity 

(b) Contact 

(c) Financial 

(d) Transaction 

(e) Marketing and Communications

 (a) Performance of a contract with you or the entity you represent

(b) Necessary for our legitimate interests (to recover debts due to us)

(c) Consent
To manage our relationship with you which will include:

(a) Notifying you about changes to our legal terms, Privacy Policy, or Cookie Policy

(b) Asking you to leave a review or take a survey

 (a) Identity 

(b) Contact 

(c) Profile 

(d) Marketing and Communications

 (a) Performance of a contract with you or the entity that you represent

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/Services)

(d) Consent 
To enable you to partake in a prize draw, competition or complete a survey (a) Identity 

(b) Contact 

(c) Profile 

(d) Usage 

(e) Marketing and Communications

 (a) Performance of a contract with you or the entity that you represent

(b) Necessary for our legitimate interests (to study how customers use our Services, to develop them and grow our business)

(c) Consent 
To administer and protect our business and the website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)   (a) Identity

(b) Contact

(c) Technical

 (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation
To deliver relevant content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you (a) Identity 

(b) Contact 

(c) Profile 

(d) Usage 

(e) Marketing and Communications 

(f) Technical 

 Necessary for our legitimate interests (to study how customers use our products/Services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/Services, marketing, customer relationships and experiences (a) Technical 

(b) Usage 

 Necessary for our legitimate interests (to define types of customers for our products/Services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you (a) Identity 

(b) Contact 

(c) Technical 

(d) Usage 

(e) Profile 

 (a) Necessary for our legitimate interests (to develop our products/Services and grow our business)

(b) Consent 

 

4. MARKETING AND OPTING OUT 

You hereby consent to us contacting you for marketing purposes with information about our Services, promotions and special offers. If you no longer wish to receive such marketing information, you can withdraw your consent at any time by contacting us as indicated in Section 1 above or unsubscribing from the communications.

If you have given consent, we may share your information with carefully selected third party organisations and business partners and they may contact you directly. If you would prefer to no longer receive direct marketing communications from third parties and partners after previously giving your consent, please contact those third parties and partners directly to withdraw the consent. 

If you reside in California, you have the right to ask us one time each year if we have shared personal information with third parties for their direct marketing purposes. To make a request, please contact us as indicated in Section 1 above. Indicate in your email or letter that you are a California resident making a “Shine the Light” inquiry.

5. INTERNATIONAL TRANSFER OF PERSONAL DATA

Many of our external third parties are based throughout the world so their processing of your Personal Data may involve a transfer of data outside of your country of residence.  

Whenever we transfer your Personal Data out of your country of residence, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your Personal Data using processes that have been deemed to provide an adequate level of protection for Personal Data. 
  • Where we use certain service providers, we may use specific contracts approved for use by the UK and the EU which give Personal Data the same protection it has in the UK and EU. 

Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Data out of your country of residence.

6. PROTECTING YOUR INFORMATION

We want you to feel confident about using our website, and we are committed to protecting the Personal Data we collect. We limit access to Personal Data about you to employees who reasonably need access to it, to provide products or services to you or in order to do their jobs. We maintain appropriate technical and organisational physical, electronic, and procedural safeguards to protect the Personal Data that you provide to us against unauthorised or unlawful processing and against accidental loss, damage or destruction.

We have also put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

7. RETENTION OF PERSONAL DATA

We retain your Personal Data for no longer than is necessary for the purposes as described in this Policy above.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

You can obtain details of retention periods for different aspects of your Personal Data by contacting us.

8. YOUR PRIVACY RIGHTS

Under certain circumstances, if you have a direct contractual relationship with Percent, you may have rights under data protection laws in relation to your Personal Data. You can learn more about your rights further down in this section. However, if we have collected your Personal Data as a result of agreements we have in place with our Clients, those Clients control our use of your Personal Data and determine how and for what purpose we process Personal Data.

If we do not have a direct contractual relationship with you, but you have any questions or concerns about how your Personal Data is handled or would like to exercise your rights as a data subject, you should contact the Client who has contracted with us to use the Services to process your Personal Data. We will provide assistance to the Client to address any concerns you may have, in accordance with the terms of our contract with them and applicable law.

If you have a direct contractual relationship with Percent, in certain circumstances, you have the right to:

  • Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.  Where we have good reason, and where data protection law permits, we can refuse your request for a copy of your information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reason(s) for doing so. 
  • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. 
  • Right to Object to or Restrict Processing.  In certain circumstances, you have the right to object to our processing of your information (for example, if we are processing your information on the basis of our legitimate interests but there are no longer any compelling legitimate grounds to justify our processing overriding your rights and interests).
  • You may also have the right to restrict our use of your information, for example during a period in which we are verifying the accuracy of your information in circumstances where you have challenged the accuracy of that information.
  • Request the transfer of your Personal Data to you or to a third party. In certain instances, you have a right to receive the information that we hold about you (or a portion thereof) in a structured, commonly used and machine-readable format.
  • In such circumstances, you can ask us to transmit your information to you or directly to a third-party organisation on your behalf.
  • While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third-party organisation’s systems. We are also unable to comply with requests that relate to personal information of others without their consent.
  • Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact us

NO FEE USUALLY REQUIRED

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

WHAT WE MAY NEED FROM YOU

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

TIME LIMIT TO RESPOND

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

CHANGE OF PURPOSE 

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us

If we need to use your Personal Data for an unrelated purpose, we will notify you to obtain consent or to explain the legal basis which allows us to use the Personal Data for the unrelated purpose.

Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

9. WHEN WE MIGHT DISCLOSE YOUR PERSONAL DATA

We only share and disclose your information in the following situations:

  • Contractual. We may share information with brand providers, charities and other Nonprofits, and partners to facilitate the provision of services. 
  • Compliance with Legal Obligations. We may disclose your information where we are legally required to do so in order to comply with applicable laws, governmental requests, judicial proceedings, court orders, or legal processes, such as in response to a court order or a subpoena (including in response to requests from public authorities in order to meet national security or law enforcement requirements).
  • Third Party Service Providers. We may share your information with third party vendors, service providers, contractors or agents who perform services and require access to such information to carry out that work. Examples include: service providers acting as processors who provide IT and system administration services. They will only have access to your information to the extent that they need to perform those services. They are required to keep your information confidential and may not use it other than as we ask them to and always in accordance with this Policy.  We also store information through Amazon Web Services, a cloud storage services provider.  
  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • Third Party Advertisers. We may use third party advertising companies to serve ads when you visit our website. These companies may use information about your visits to the website and other websites that are contained in web cookies and other tracking technologies in order to provide personalised advertisements about goods and services that may be of interest to you. See our Cookie Policy for further information
  • Business Partners. Provided you have given us consent to do so we may share your information with our business partners to offer you certain products, services or promotions.
  • With your consent. We may disclose your information for any other purpose with your consent.

We may disclose aggregated, anonymous information (i.e. information from which you cannot be personally identified), or insights based on such anonymous information, to selected third parties, including (without limitation) analytics and search engine providers to assist us in the improvement and optimisation of the Services. In such circumstances we will not disclose any information which can identify you personally.

10. THIRD PARTY WEBSITES

Our website may feature links to third party websites or contain advertisements from third parties that are not affiliated with us and which may link to other websites, online services or mobile applications. We cannot guarantee the safety and privacy of data you provide to any third parties. Any data collected by third parties is not covered by this Policy. 

We are not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services or applications that may be linked to or from the website. You should review the policies of such third parties and contact them directly if you have any related questions.

Please note that if you link your profile to third party sites such as Twitter, Facebook, Google +, Linkedin or Tumblr then your use of those sites is subject to the respective third party’s terms and conditions. We recommend that you read any third-party terms and conditions before linking your profile.  If you consent, we may collect information about you from those third-party sites, for example a list of your Facebook friends and, where you consent, that information may be shared with Clients and Charities.

Cookie Policy

Percent Cookie Policy

Effective Date: June 1, 2023

Our website (“Website”), like most websites, uses cookies and other similar technologies such as ‘web beacons’, which allow us to check what content you have accessed.

What is a Cookie?

Cookies are text files containing small amounts of information which are downloaded to your device when you visit a Website. Cookies then send information back to the originating site on each subsequent visit, or to another site that recognises those cookies. You can find out more information about cookies at www.allaboutcookies.org.

Cookies are widely used in order to make sites work, or to work more efficiently, as well as to provide information to the owners of the platform.

We use cookies to enhance the online experience of our visitors (for example, by remembering your language and / or product preferences) and to better understand how our Website is used. Cookies may tell us, for example, whether you have visited our Website before or whether you are a new visitor. They can also help to ensure that adverts you see online are more relevant to you and your interests.

Types of Cookies

  • Strictly necessary cookies. These cookies are required for the operation of the Website. They include, for example, cookies that enable you to log into secure areas of the Website, or make use of e-billing services.
  • Analytical/performance cookies. These cookies allow us to recognise, and count the number of, visitors and to see how visitors move around the Website when they are using it. This helps us to improve the way the Website works, for example by ensuring that users are finding what they are looking for easily.
  • Functionality cookies. These cookies enable us to recognise you when you return to the Website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
  • Targeting cookies. These cookies record your visit to the Website, the pages you have visited and the links you have followed. We will use this information to make the Website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for related purposes.

What cookies do we use?

Our Website uses the following types of cookies:

Cookies necessary for essential purposes

These cookies are essential to provide you with services available through our Website and to use some of its features, such as access to secure areas. Without these cookies, services you have asked for, like transactional pages and secure login accounts, would not be possible.

Analytics/Performance Cookies

These cookies are used to collect information about how visitors use our Website, so that we can analyse traffic and understand how our users use our Website.

The information gathered is aggregated and we do not use it to identify any individual user. It includes the number of visitors to our Website, the location at which they have used our Website and any problems such as crashes that might occur when they visited our Website.

We use this information to help operate our Website more efficiently, to gather broad demographic information and to monitor the level of activity on our Website.

For example, we use Google Analytics to help us to: (a) estimate our audience size and usage pattern; (b) understand how visitors navigate to and through the Website; (c) track the effectiveness of digital marketing campaigns; (d) recognise you when you return to the Website. You can find out more about Google Analytics here

Functionality Cookies

These cookies allow our Website to remember choices you make (such as your username) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of the web pages that you can customise.

Social Media Cookies

These cookies are used when you share information using a social media sharing button or “like” button on our Website or you link your account or engage with our content on or through a social networking site such as Facebook, Twitter or Instagram. The social network will record that you have done this. This information may be linked to targeting / advertising activities.

Third-party social media platforms may set cookies which can identify you as an individual, even when you are not logged in to their services. This means that such platforms may be collecting information about your broader online activities, as well as your activities whilst browsing the Site. We do not control these cookies and you should therefore check the relevant third-party platform to understand how your information is or might be used and to determine how to opt out.

How to control or delete cookies

You have the right to choose whether or not to accept cookies and we have explained how you can exercise this right below. However, please note that if you choose to refuse cookies you may not be able to use the full functionality of our Website.

You can set your cookie preferences by changing your browser settings so that cookies from this Website cannot be placed on your mobile device. In order to do this, follow the instructions provided by your browser (usually located within the “help” “tools” or “settings” facility).

For further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org and www.youronlinechoices.eu.

Donation Delivery Policy

Percent Donation Delivery Policy

Effective Date: November 1, 2023

Donation policy

All donations made via Percent partner programs are delivered exclusively to the relevant registered nonprofit foundation (as highlighted at the point of donation):

  • Intelligent Foundation (registered with the Charity Commission for England and Wales, Registration Number 1192508), 
  • Intelligent Foundation (registered with the Australian Charities and Not-for-profits Commission, ABN 48156978613); or 
  • Percent Impact Foundation (registered with the U.S. Internal Revenue Service, Federal Tax ID: 87-3165286)

(each a “Foundation” and collectively, the “Foundations”) with each donor recommending a charitable organisation (as defined by applicable law) (each, a “Charity”) to which the donor wishes funds to be granted.

Percent works with the Foundations to collect and grant donations made via Percent partner programs in the most tax effective manner based on the donor’s original donation currency.

All donations are made to the respective Foundation, and the application of the donation for charitable purposes is at the discretion of the Foundation.  However, subject to the completion of satisfactory due diligence, the Foundation will seek where possible to make grants in accordance with donor recommendations.

The schedule of disbursing donations to recommended Charities depends on whether the Charity has registered with Percent to receive regular disbursements through bank transfer.

Claimed Charities

If the recommended Charity has registered with Percent to receive payouts, grants due to the Charity will be disbursed (net any applicable fees) on a monthly basis so long as the payout has reached the minimum disbursement amount. If the recommended Charity has signed up with Percent and provided verified bank details, any funds due will be delivered via bank transfer into the account registered by the Charity and verified by Percent.

If aggregated donations do not meet the minimum disbursement amount, funds are held until they equal the threshold.  However, if after twelve months funds are still being held, the Foundation will disburse all pending donations to the Charity regardless of whether the minimum disbursement amount has been met.

Aggregating payments and setting a minimum threshold reduces the administrative burden for Charities.  In addition, claimed Charities can review donation reporting in their cause dashboard, accessible via Percent.

Unclaimed Charities

Donors on occasion may also have the option to recommend funds to be granted to Charities not yet registered with Percent to receive payouts.  In these instances, the Charity information is drawn from publicly available databases from Charity country regulators, such as the Charity Commission of England and Wales or Australian Charities for Not-for-profits Commission.

Every effort is made to register unclaimed Charity, so that the Foundation can make grant disbursements per the donor’s recommendation.  Specifically, Percent contacts all unclaimed Charities due funds (above the minimum disbursement amount), asking them to onboard with Percent to receive funds swiftly and securely into their bank account.

If after repeated attempts to contact a Charity, typically over a 60-day period, Percent is unable to onboard them, we may then reassign funds based on the Undeliverable Donation Policy.

To receive funds from the Foundation, all benefiting charities need to pass rigorous due diligence checks, including governance and reputational verifications, to ensure only legitimate Charities entities receive grants.

Undeliverable Donation Policy

Percent Undeliverable Donation Policy

Effective Date: November 1, 2023

Capitalized terms used herein shall have the meaning ascribed to them in the Donation Delivery Policy, unless otherwise stated.

While all donations are legally made to the relevant registered nonprofit Foundation, every effort is made to deliver funds to the donor’s recommended Charity.

In rare instances where funds cannot be granted to the donor’s recommended cause – such as when the cause:

  • fails to meet the due diligence requirements;
  • closes down their operation; or
  • does not onboard with Percent to receive funds

– then the Foundation reserves the right to reassign funds to another Charity.

In the event that funds need to be reassigned, the donor will be contacted (if possible) to request they select a new onboarded nonprofit to receive their donation.

If the donor is unreachable, then a similar Charity (based on the overall mission area of the recommended cause) will be selected to receive the funds. Where it is not possible to match the cause area of the donor’s recommended cause, funds will be granted to a Charity with a wide-ranging charitable mission.

Note, the tax status of a donation remains unchanged given the Foundation has received the donation and a donation receipt has been issued to the donor.