Terms and conditions

Last updated: 06 May 2022


Agreed terms

  1. Interpretation

    The following definitions and rules of interpretation apply in this Agreement.

    1. Definitions

      Account Manager: the person responsible for the management of the Customer's access to the Services, as he/she is to be designated by COVVE to the Customer

      Applicable Laws: all applicable laws, statutes, regulations from time to time in force.

      Business Day: a day, other than a Saturday, Sunday.

      Card(s): the contactless business card(s) provided to the Customer as part of the Services, which card(s) function and are supported by smart phones and tablets with a camera via QR code and NFC on compatible devices.

      Card Holder(s): the person(s) within the Customer's organisation for whom the Customer wishes to issue Card(s) with their respective contact and business details.

      Card Holder(s) Data: The data of the Card Holder(s) to be populated in the Card(s).

      Confidential Information: means all material, non-public, business-related information, written or oral, whether or not it is marked as such, that is disclosed or made available to the receiving party, directly or indirectly, through any means of communication or observation.

      Controller, processor, data subject, personal data, personal data breach, processing and appropriate technical measures: as defined in the Data Protection Legislation.

      Critical Issues: is an issue which prevents the majority of Card Holders from receiving the Services.

      Customer Design Specifications: The design specifications, details of which are to be provided by the Customer to COVVE with the Order Form.

      Data Processing Agreement: the Data Processing Agreement to be signed between COVVE (as the processor) and the Customer (as the controller) as per Schedule 3 to this Agreement.

      Data Protection Legislation: the GDPR, any national Data Protection legislation that may be applicable and all other legislation and regulatory requirements in force from time which apply to a party relating to the use of personal data.

      Deliverables: any output of the Services to be provided by COVVE to the Customer.

      Fees: the fees payable by the Customer to COVVE for the provision of Services, as agreed alongside the first order form.

      Intellectual Property Rights: patents, utility models, rights to inventions, copyright and related rights, moral rights, trade marks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, rights in computer software, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.

      Order Form: the Order Form as per Schedule 4 to be filled in and provided to COVVE by the Customer, with details of specific Deliverables and with the Customers' Design Specifications, that the Customer wishes to order from COVVE under this Agreement.

      Page(s): the online page(s) of the Card(s) that will be available on COVVE's web platform which will show the respective data and information of the Card(s) Holder.

      Services: the Card services as set out in Schedule 1.

      VAT: value added tax.
  2. Services

    1. COVVE shall, during the term of this Agreement, provide the Services to the Customer subject to the terms of this Agreement.
  3. Commencement, Term and Termination

    1. This Agreement shall, unless otherwise terminated as provided in this clause 3, commence on the date of the first order form that is submitted (whether using the order form in Appendix 6 or by other means ("Effective Date") and shall continue for a period of 12 months (Initial Term) and, thereafter, this Agreement shall be automatically renewed for successive periods of 12 months (each a Renewal Period), unless:

      • Either Party notifies the other that it wishes to terminate the Agreement, in writing, at least 30 days before the end of the Initial Term or any Renewal Period, in which case this Agreement shall terminate upon the expiry of the applicable Initial Term or Renewal Period; or
      • otherwise terminated in accordance with the provisions of this Agreement;

      and the Initial Term together with any subsequent Renewal Periods shall constitute the Term.
    2. Following the expiry of the Initial Term and in case of automatic renewal of the Agreement as per clause 3.1, the Customer shall then be entitled to terminate this Agreement at any time, prior to the expiry of the Renewal Period, on no less than 90 days prior written notice to the COVVE.
    3. Without affecting any other right or remedy available to it, either party may terminate this Agreement with immediate effect by giving written notice to the other party, if:

      • the Customer fails to pay any amount due under this Agreement on the due date for payment and remains in default not less than 60 days after being notified in writing to make such payment;
      • the other party commits a material breach of any other term of this Agreement which breach is irremediable or if such breach is remediable fails to remedy that breach within a period of 15 days after being notified in writing to do so;
      • the other party repeatedly breaches any of the terms of this Agreement in such a manner as to reasonably justify the opinion that its conduct is inconsistent with it having the intention or ability to give effect to the terms of this Agreement;
    4. On termination of this Agreement for any reason:

      • COVVE shall terminate all Services provided under this Agreement and the Customer shall immediately cease all use of the Cards and the Services;
      • COVVE may delete or otherwise dispose of any of the Card Holder(s) Data in its possession; and
      • any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the Agreement which existed at or before the date of termination shall not be affected or prejudiced.
  4. COVVE's responsibilities

    1. COVVE shall use reasonable endeavours to provide the Services and the Deliverables, in accordance with this Agreement in all material respects and to meet any deadlines set out in this Agreement.
    2. COVVE shall use commercially reasonable endeavours to make the Services available 24 hours a day, seven days a week, except for:

      • scheduled maintenance in which case COVVE shall give the Customer at least 10 days; and
      • emergency maintenance required for the resolution of an issue or for maintaining the security of the solution.
    3. COVVE shall use reasonable endeavours and skills to design the Card(s) and the Page(s) of the Customer, as per the Order Form and the Customer Design Specifications to be provided by the Customer as per clause 5.1.
    4. COVVE is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the Services may be subject to limitations, delays and other problems inherent in the use of such communications facilities.
    5. This Agreement shall not prevent COVVE from entering into similar Agreements with third parties, or from independently developing, using, selling or licensing products and/or services which are similar to those provided under this Agreement.
  5. Customers' responsibilities

    1. The Customer shall:

      • co-operate with COVVE in all matters relating to the Services;
      • promptly provide COVVE after the signing of this Agreement in electronic form by email, the duly completed Order Form in Schedule 4 and, if population by COVVE is required, the duly completed form in Schedule 2 with the Card Holder(s) Data;
      • pay for each Card provided, for a period no less than the Initial Term;
      • promptly provide COVVE with any clarification and/or other additional material and/or information as may be requested by COVVE for the purpose of providing the Services;
      • carry out its payment obligations and other responsibilities set out in this Agreement in a timely and efficient manner.
    2. Without affecting its other obligations under this Agreement, the Customer shall

      • comply with all applicable laws and regulations with respect to its activities under this Agreement and shall also:
      • carry out all other Customer responsibilities set out in this Agreement in a timely and efficient manner. In the event of any delays in the Customer's provision of such assistance as agreed by the parties or as may reasonably be requested by COVVE, COVVE may adjust any agreed timetable or delivery schedule as reasonably necessary;
      • obtain and shall maintain all necessary licences, consents, and permissions necessary for COVVE, its contractors and agents to perform their obligations under this Agreement, including without limitation the Services;
      • ensure that its mobile device(s) and/or network and/or systems comply with the relevant specifications provided by the COVVE from time to time; and
      • be, to the extent permitted by law and except as otherwise expressly provided in this Agreement, solely responsible for procuring, maintaining and securing its mobile and/or network connections and telecommunications links from its devices and/or systems to the COVVE's data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Customer's network connections or telecommunications links or caused by the internet.
    3. The Customer shall not access, store, distribute or transmit any viruses, or any unlawful material during the course of its use of the Services.
    4. The Customer shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Services and, in the event of any such unauthorised access or use, promptly notify COVVE.
  6. Fees and payment

    1. The Fees chargeable for the Service will be agreed between Covve and the Customer on submission of the first Order Form.
    2. The Customer shall settle the invoice within thirty (30) days from the date of its issue. Failure to do so, it will result to an interest which will accrue on a daily basis on such due amounts at an annual rate equal to 3%, commencing on the due date and continuing until fully paid.
    3. All amounts and fees stated or referred to in this Agreement:

      • are exclusive of value added tax which, wherever applicable, shall be added accordingly to COVVE's invoice(s) at the appropriate rate.
  7. Intellectual property rights

    1. In relation to the Customer Design Specifications and Card Holder(s) Data, the Customer:

      • shall retain ownership of any respective Intellectual Property Rights therein; and
      • grants COVVE a non-exclusive, royalty-free, non-transferable licence to copy and/or modify the Customer Design Specifications and Card Holder(s) Data for the term of this Agreement for the purpose of providing the Services to the Customer.
    2. In relation to the Services,

      • COVVE shall retain ownership of all Intellectual Property Rights in the Card(s), the Services and Deliverables, excluding the Customer Design Specifications and Card Holder(s) Data; and
      • Subject to payment by the Customer of the Fees, COVVE grants the Customer a worldwide, non-exclusive, royalty free licence during the term of this Agreement, to use the Card(s) and Services.
  8. WARRANTIES

    1. COVVE:

      • warrants that the provision to and the use of the Services and the Card(s) by the Customer shall not infringe the Intellectual Property Rights, of any third party;
      • shall, subject to clause 12 (Limitation of liability), indemnify the Customer against all direct liabilities, costs, expenses, damages and losses suffered or incurred by the Customer arising out of or in connection with any claim brought against the Customer for actual or alleged infringement by COVVE of a third party's Intellectual Property Rights, arising out of, or in connection with, the receipt, use or supply of the Services; and
      • shall not be in breach of the warranty at clause 8.1(a), and the Customer shall have no claim under the indemnity at clause 8.1(b), to the extent the infringement arises from:

        • the Order Form or the Customer Design Specifications or the Card Holder(s) Data provided by the Customer;
        • any unauthorised modification(s) of the Card(s) and/or Deliverables, by the Customer or by a third party, unless such modification(s) are made with the express prior written consent of COVVE; and
        • compliance with the Order Form, Customer Design Specifications and Card Holder(s) Data or with Customer instructions, where infringement could not have been avoided while complying with such Customer Design Specifications or Card Holder(s) Data or instructions and provided that COVVE shall notify the Customer if it knows or suspects that compliance with such specifications, data or instructions may result in infringement.
    2. The Customer:

      • warrants that the receipt and use of the Order Form, Customer Design Specifications and Card Holder(s) Data in the performance of this Agreement by COVVE, its agents, subcontractors or consultants shall not infringe the rights, including any Intellectual Property Rights, of any third party; and
      • shall indemnify COVVE in full against all liabilities, costs, expenses, damages and losses (including any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal costs (calculated on a full indemnity basis) and all other reasonable professional costs and expenses) suffered or incurred by COVVE arising out of or in connection with any claim brought against COVVE, its agents, subcontractors or consultants for actual or alleged infringement of a third party's Intellectual Property Rights, to the extent that the infringement or alleged infringement results from copying, arising out of, or in connection with, the receipt or use in the performance of this Agreement of the Order Form, Customer Design Specifications and Card Holder(s) Data.
    3. If either party (the Indemnifying Party) is required to indemnify the other party (the Indemnified Party) under this clause 8, the Indemnified Party shall:

      • notify the Indemnifying Party in writing of any claim against it in respect of which it wishes to rely on the indemnity at clause 8.1(b) or clause 8.2(b) (as applicable) (IPRs Claim);
      • allow the Indemnifying Party, at its own cost, to conduct all negotiations and proceedings and to settle the IPRs Claim, always provided that the Indemnifying Party shall obtain the Indemnified Party's prior approval of any settlement terms, such approval not to be unreasonably withheld;
      • provide the Indemnifying Party with such reasonable assistance regarding the IPRs Claim as is required by the Indemnifying Party, subject to reimbursement by COVVE of the Indemnified Party's reasonable costs so incurred; and
      • not, without prior consultation with the Indemnifying Party, make any admission relating to the IPRs Claim or attempt to settle it, provided that the Indemnifying Party considers and defends any Intellectual Property Rights Claim diligently, using competent counsel and in such a way as not to bring the reputation of the Indemnified Party into disrepute.
  9. Data protection

    1. Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 9 (Data protection) is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the Data Protection Legislation.
    2. The parties acknowledge that to the extent COVVE processes any personal data of the Card Holder(s) under this Agreement,

      • the Customer is the Controller and COVVE is the Processor of the personal data of the Card Holder(s).
      • the personal data may be transferred or stored outside the EEA or the country where the Customer is located in order to carry out the Services and COVVE's other obligations under this Agreement.
    3. The Parties shall comply with the Data Processing Agreement signed between them, which forms an integral part of this Agreement and which sets out the scope, nature and purpose of processing by COVVE, the duration of the processing and the types of personal data and categories of data subjects.
    4. Without prejudice to the generality of clause 9, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the personal data of the Card Holder(s) to COVVE for the duration and purposes of this Agreement so that COVVE can lawfully use, process and transfer the personal data in accordance with this Agreement on the Customer's behalf.
    5. Without prejudice to the generality of clause 9.1, COVVE shall, in providing the Services, comply with its privacy policy available at https://covve.com/files/ecardprivacy.pdf or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by COVVE in its sole discretion.
    6. Each party shall ensure that it has in place appropriate technical and organisational measures, to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it).
  10. Confidentiality

    1. Each Party may be given access to Confidential Information from the other party in order to perform its obligations under this Agreement. A party's Confidential Information shall not be deemed to include information that:

      • is or becomes publicly known other than through any act or omission of the receiving party;
      • was in the other party's lawful possession before the disclosure;
      • is lawfully disclosed to the receiving party by a third party without restriction on disclosure; or
      • is independently developed by the receiving party, which independent development can be shown by written evidence.
    2. Subject to clause 10.5, each party shall hold the other's Confidential Information in confidence and not make the other's Confidential Information available to any third party, or use the other's Confidential Information for any purpose other than the implementation of this Agreement.
    3. Each party shall take all reasonable steps to ensure that the other's Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of this Agreement.
    4. A party may disclose Confidential Information to the extent such Confidential Information is required to be disclosed by law, by any governmental or other regulatory authority or by a court or other authority of competent jurisdiction, provided that, to the extent it is legally permitted to do so, it gives the other party as much notice of such disclosure as possible and, where notice of disclosure is not prohibited and is given in accordance with this clause 10.4, it takes into account the reasonable requests of the other party in relation to the content of such disclosure.
    5. The Customer acknowledges that details of the Services, and the results of any performance tests of the Services, constitute COVVE's Confidential Information.
    6. COVVE acknowledges that the Card Holder(s) Data is the Confidential Information of the Customer.
    7. No party shall make, or permit any person to make, any public announcement concerning this Agreement without the prior written consent of the other parties (such consent not to be unreasonably withheld or delayed), except as required by law, any governmental or regulatory authority, any court or other authority of competent jurisdiction.
    8. The above provisions of Confidentiality shall survive termination of this Agreement, however arising.
  11. Limitation of liability

    1. Scope of this clause. References to liability in this clause 11 include every kind of liability arising under or in connection with this Agreement including but not limited to liability in contract, tort (including negligence), misrepresentation, restitution or otherwise.
    2. No limitation of the Customer's payment obligations. Nothing in this this clause 11 shall limit the Customer's payment obligations under this Agreement.
    3. COVVE shall have no liability for any damage caused by errors or omission in any information, instructions or scripts provided to COVVE by the Customer in connection with the Services, or any actions taken by COVVE at the Customer's direction.
    4. Liabilities which cannot legally be limited. Nothing in this Agreement limits any liability which cannot legally be limited, including liability for:

      • death or personal injury caused by negligence;
      • fraud or fraudulent misrepresentation; and
      • Liability under identified clauses. Nothing in this Agreement shall limit the Customer's liability under clause 8 (WARRANTIES).
    5. COVVE's total liability to the Customer:
      Subject to Clauses 11.1 and 11.3:

      • COVVE shall not be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for any loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, or for any special, indirect or consequential loss, costs, damages, charges or expenses however arising under this Agreement; and
      • COVVE's total aggregate liability in contract (including in respect of the indemnity clause 8), tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of this Agreement shall be limited to the total Fees paid for the Services during the 12 months immediately preceding the date on which the claim arose.
  12. Force majeure

    1. Force Majeure Event means any circumstance not within a party's reasonable control including, without limitation:

      • acts of God, flood, drought, earthquake or other natural disaster;
      • epidemic or pandemic;
      • terrorist attack, civil war, civil commotion or riots, war, threat of or preparation for war, armed conflict, imposition of sanctions, embargo, or breaking off of diplomatic relations;
      • nuclear, chemical or biological contamination or sonic boom;
      • any law or any action taken by a government or public authority, including imposing an export or import restriction, quota or prohibition[, or failing to grant a necessary licence or consent];
      • collapse of buildings, fire, explosion or accident; and
      • interruption or failure of utility service.
    2. Provided it has complied with clause 12.3, if a party is prevented, hindered or delayed in or from performing any of its obligations under this Agreement by a Force Majeure Event (Affected Party), the Affected Party shall not be in breach of this Agreement or otherwise liable for any such failure or delay in the performance of such obligations. The time for performance of such obligations shall be extended accordingly.
    3. The Affected Party shall:

      • as soon as reasonably practicable after the start of the Force Majeure Event but no later than 7 days from its start, notify the other party of the Force Majeure Event, the date on which it started, its likely or potential duration, and the effect of the Force Majeure Event on its ability to perform any of its obligations under the Agreement; and
      • use all reasonable endeavours to mitigate the effect of the Force Majeure Event on the performance of its obligations.
    4. If the Force Majeure Event prevents, hinders or delays the Affected Party's performance of its obligations for a continuous period of more than two months, the party not affected by the Force Majeure Event may terminate this Agreement by giving 2 weeks' written notice to the Affected Party.
  13. Assignment and other dealings

    1. This Agreement is personal to the Customer and the Customer shall not assign, transfer, subcontract, delegate or deal in any other manner with any of its rights and obligations under this Agreement, to any third party, including a subsidiary or a holding company of COVVE.
    2. COVVE may at any time assign, mortgage, charge, declare a trust over or deal in any other manner with any or all of its rights under this Agreement, provided that COVVE gives prior written notice of such dealing to the Customer. The Customer agrees to sign any further Agreements or other documents as may be required by COVVE in order to give effect to any of the aforesaid assignment or other dealing with respect to its rights under this Agreement.
  14. Severance

    1. If any provision or part-provision of this Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of this Agreement.
    2. If any provision or part-provision of this Agreement is deemed deleted under clause 14.1 the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
  15. Entire Agreement

    1. This Agreement constitutes the entire Agreement between the parties and supersedes and extinguishes all previous Agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter.
    2. Each party agrees that it shall have no remedies in respect of any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in this Agreement. Each party agrees that it shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on any statement in this Agreement.
  16. Conflict

    1. The preamble and attached Schedules constitute integral parts of this Agreement. In case of inconsistency between any of the provisions of this Agreement and the provisions of the Schedules, the provisions of this Agreement shall prevail, with the exception of the provisions of the DPA in Schedule 3.
  17. No partnership or agency

    1. Nothing in this Agreement is intended to, or shall be deemed to, establish any partnership or joint venture between any of the parties, constitute any party the agent of another party, or authorise any party to make or enter into any commitments for or on behalf of any other party.
    2. Each party confirms it is acting on its own behalf and not for the benefit of any other person.
  18. Notices

    1. Any notice required to be given under this Agreement shall be in writing and shall be delivered by hand or delivery post to the other party at its address set out in this Agreement, or such other address as may have been notified by that party for such purposes, or sent by email or by fax to the other party's respective email address or fax number as set out in this Agreement.
      COVVE
      Address: 8 Michalaki Karaoli, Nicosia 1095, Cyprus
      Email address: admin@covve.com
      Fax Number: +357 22 396999
      CUSTOMER
      Customer contact details to be provided by the Customer to Covve on submission of the first order form.
    2. A notice delivered by hand shall be deemed to have been received when delivered (or if delivery is not in business hours, at 9 am on the first business day following delivery). A notice sent by fax shall be deemed to have been received at the time of transmission (as shown by the timed printout obtained by the sender) and a notice sent by email shall be deemed to have been received at the time sent by the other party.
  19. Counterparts

    1. This Agreement may be executed in any number of counterparts, each of which shall constitute a duplicate original, but all the counterparts shall together constitute the Agreement.
  20. Governing law


    This Agreement and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the law of the Republic of Cyprus.
  21. Jurisdiction


    Each party irrevocably agrees that the courts of the Republic of Cyprus shall have jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with this Agreement or its subject matter or formation.

This Agreement has been entered into on the Effective Date.





Schedule 1 Covve's Services

  1. Setting up of account and provision of cards
    Based on the specific Order Form to be provided by the Customer, COVVE's service shall consist of:

    • Designing the contactless business Card, customised to the branding of the Customer, as per the Customer Design Specifications to be provided by the Customer in the Order Form;
    • Designing the colour and header of the Page as per the Customer Design Specifications to be provided by the Customer in the Order Form;
    • Upon request by Customer in an Order Form, COVVE shall, at no extra cost, carry out the population of the data for each of the Cards in accordance with Customer Holder(s) Data to be provided in electronic form in the form of Schedule 2;
    • Supply of the ordered Cards.
  2. Support services

    COVVE shall appoint an Account Manager who will be responsible for the management of the Customer's access to the Services, to include processing:

    • Requests by Customer for Issuance of additional Card(s)
    • Requests for Amendment of the content of the Card Holder(s) Data
    • Replacement of lost and/or damaged Card(s) to the Customer
    • Service support in case of Critical Issues, as follows:

      • For any Critical Issues reported by the Customer, the Account Manager will respond to the Customer within 2 hours, from 7am to 7pm EET, Business Days only (the "Business Hours"); and
      • A lead engineer will be assigned to the issue and will commence investigation as a first priority during Business Hours. COVVE will use reasonable endeavours and skills to ensure that any Critical Issues reported by Customer are resolved promptly.
  3. Digital Business Card by Covve mobile application
    COVVE shall make available the "Digital Business Card by Covve" application on supported Android and iOS devices, allowing users to view and, optionally to edit, their contactless card details and share them electronically.




Schedule 2 Form of Card Holder(s) data

An electronic version of this form will be provided by COVVE:

Full nameCompanyJob titleEmailMobile phoneLandlineFaxFull address




Schedule 3 Data Processing Agreement

DATA PROCESSING AGREEMENT

regarding the engagement as Processor pursuant to Article 28 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR")

between

The CUSTOMER, referred to as "Controller"

- and -

COVVE, referred to as "Processor"

hereinafter collectively referred to as the "Parties".

  1. This Data Processing Agreement is entered into between the Parties in the context of the provision of Contactless Card Services provided by the Processor to the Controller pursuant to the terms of the Contactless Business Card Service Agreement to which this Data Processing Agreement is attached (referred to as the "Service Agreement");
  2. Personal data specified in paragraph 4 hereof (hereinafter referred to as "Data") will be processed by the Processor from the "Effective Date" as stipulated in the Service Agreement for the sole purpose of the Service Agreement execution. Data will continue to be processed until the end of the said Service Agreement, unless otherwise directly instructed by the Controller.
  3. The Controller engages the Processor to provide Services (as defined and specified in the Service Agreement) to the Controller.
    Data may also be processed in order to comply with disclosure requirements arising by virtue of operation of law. In this case the Processor shall notify the Controller in advance about such requirements as set forth in paragraph 5 below.
    The Processor will not access the data, unless this is necessary in order to improve the quality of the Services or where he is obliged to do so in order to comply with a legal obligation, or unless otherwise instructed to do so by the Controller.
  4. The following categories of Data of the following categories of data subjects will be processed:

    Categories of data subjects

    Categories of Data

    People selected by the Controller to receive the Services (Card Holders)Name, contact details (email/phone), address, company, job title, website, other notes.
    Representatives of the Controller communicating with the Processor's support team for the purposes of supportName, email and telephone number
  5. The Processor is obliged to adhere to all applicable data privacy regulations. In particular, the following obligations apply:

    1. The Processor processes the Data only on documented instructions from the Controller, including with regard to transfers of Data to a third country or an international organisation, unless required to do so by European Union or Member State law to which the Processor is subject; in such a case, the Processor shall inform the Controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest. Unless otherwise directly instructed by the Controller, this Agreement constitutes such written instruction of the Controller for the processing of Data. The Processor ensures that access to Data is granted to persons under its authority only on a need to know basis and such persons authorised to process Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. In particular Processor's employees as well as any Sub-processors or their employees, shall have committed themselves to confidentiality or shall be under an appropriate statutory obligation of confidentiality.
    2. The Processor takes all measures required pursuant to Article 32 of the GDPR.
      The Processor shall engage sub-processors for the provision of the Services and the Controller hereby approves the sub-processors listed in the table below:

      Name Place of processing Purpose of use
      MicrosoftEuropeMicrosoft Azure is used for the hosting of the entire solution.
      LogentriesEuropeLogentries provide management for technical logs generated by the system.
      F5EuropeF5 provides CDN and Web Application Firewall services for increased performance and security of the service.


      The Processor shall inform the Controller of any intended changes concerning the addition or replacement of other subprocessors, thereby giving the Controller the opportunity to object to such changes. The Controller may object to the addition or replacement of subprocessors within 7 days after the Processor's notification of the intended change. If the Controller neither approves nor objects within such period, the respective subprocessor shall be deemed as approved. The Controller shall not unreasonably object to any intended change.
    3. Where the Processor engages a sub-processor for carrying out specific processing activities on behalf of the Controller, the same data protection obligations as set out in this Agreement shall be imposed on the sub-processor. Where the sub-processor fails to fulfil its data protection obligations, the Processor shall remain fully liable to the Controller for the performance of the sub-processor's obligations.
    4. Taking into account the nature of the processing, the Processor assists the Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the data subject's rights pursuant to Chapter III of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR").
    5. Further, the Processor assists the Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to the Processor. If the Processor needs any information or other assistance from the Controller to make the processing of Data in line with GDPR, the Processor shall directly inform the Controller about that.
    6. At the choice of the Controller, the Processor shall delete or return all the Data to the Controller after the termination of the Service Agreement or the end of the provision of Services relating to Data processing and shall delete existing copies unless European Union and/or Member State law requires storage of the Data.
    7. The Processor makes available to the Controller all information necessary to demonstrate compliance with the obligations laid down in this Agreement and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.
      The Processor shall immediately inform the Controller if, in its opinion, an instruction infringes the GDPR or other European Union or Member State data protection provisions.
    8. The Processor guarantees that it implemented all appropriate technical and organisational measures to ensure that processing of Data will meet GDPR requirements and data subjects' rights will be protected as well as to ensure confidentiality, integrity and availability of Data processed on behalf of the Controller. Namely, the Processor deployed technical security measures appropriate to the provision of the Services including use of firewalls and data encryption and undertakes regular staff training.
  6. This Agreement and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the law of the Republic of Cyprus.




Schedule 4 Order Form

  1. Order form for new Cards
    An electronic version of this Form will be provided to the Customer:

    order card form
  2. Order Form for replacement Cards
    An electronic version of this form will be provided to the CUSTOMER:

    Number of Cards to be replaced:
    Details of Cards to be replaced (name of person or ID of Card)
    Do you want the Card Holder(s) Data to be populated on the replacement Cards by COVVE?YES/NO
    If Yes, please complete and attach to this order form the Card Holder's Data Form in Schedule 2