Welcome to Belvo!
The Belvo Terms of Service is an agreement between Belvo Finance, S.L. (“Belvo”, “we”, “us”, “our”) and an application (“the Client”, “Client”, “you”) that wishes to use Belvo’s services. The Terms of Service listed below are the fundamental provisions that will govern a legal relationship between Belvo and a Client, not all the legal provisions. Should you wish to enter into an agreement with us, please email us at firstname.lastname@example.org, and we shall send through the full agreement including schedules and fees.
Section 1: About Belvo Finance, S.L.
Section 2: Definitions
Section 3: Scope of the Agreement
Section 4: Services
Section 5: Fees
Section 6: Intellectual Property Rights
Section 7: Clients’ Obligations
Section 8: Guarantees and Liability
Section 9: Reports and Audit
Section 10: Personal Data Protection
Section 11: Term and Termination
Section 12: Confidentiality
Section 13: Notices
Section 14: Entire Agreement, Modification, No Waiver
Section 15: Severability
Section 16: Force Majeure
Section 17: Governing Law and Jurisdiction
Annex I: Services Provided by Belvo
Annex II: Data Processing Agreement
Other relevant policies to be read alongside these Terms of Service:
Belvo Finance, S.L. is a Spanish limited company duly incorporated and validly existing under the laws of Spain, domiciled at Calle Guilleries 12, 2º, 08012 – Barcelona, holder of tax identification number B67433219 (“Belvo”, “Company”, “we”, “us, “our”);
Belvo is a technology company whose main activity is the development and maintenance of a software platform (the “Platform”) and tool designed to connect consumers, financial institutions and developers (the “Tool”), and to provide such technology to partners (such as the Client) in order for them to offer end-users a wide range of financial services and tailored solutions in this field, on an on-demand basis (the “End-Users”). The Client wishes to make the Tool accessible to End-Users through the Client Website or Application in order to extract, systematize and access its End-Users’ financial data. The Agreement (the “Agreement” or the “Services Agreement”) shall govern Belvo’s provision to the Client of an application programming interface (the “API”) from which the Tool can be integrated into, and accessed by End-Users via, the Client Website or Application.
Definitions in this Agreement shall have the following meanings:
“Account Information” means, in relation to an End-User, information on one or more Bank, Financial or Payment Accounts held by that End-User with a Bank, Financial or Payment Service Provider or with more than one Bank, Financial or Payment Service Provider, including (but not limited to) such information set out in Annex I.
“Agreement” means this Services Agreement as well as each of its annexes.
“API” means the application programming interface provided by Belvo for purposes of enabling the Tool to be integrated into, and accessed by, End-Users via the Client’s Website or application.
“Confidential Information” shall mean all scientific, technical, technological, regulatory, marketing, financial, legal, and commercial information or data, as well as trade secrets, whether communicated in written, oral, graphic, electronic or visual form, that is provided by one Party to the other Party under this Agreement. By way of example only, Confidential Information of Belvo includes Belvo’s Intellectual Property Rights and any invention disclosed by Belvo to the Client, and Confidential Information of the Client includes any information to which Belvo or the auditor appointed by Belvo may have access under clause 8.
“End-User” means the Client’s end-users.
“Documentation” means the API integration user guides and SDKs, as amended by Belvo from time to time.
“Intellectual Property Rights” shall mean all industrial and/or intellectual property rights of any kind existing in the world whether or not registered, such as copyrights, Trademarks, service marks, trade secrets, trade names, software, domain names, moral rights, database rights, design rights, patents and other rights in goodwill, rights in know-how, trade secrets and other confidential information as well as other proprietary right that is recognized under the Laws and shall include all re-examinations, reissues, extensions and any other post-issuance counterparts to any of the foregoing, and applications or registrations for any of the foregoing, including provisionals, new versions, developments, divisionals, substitutions and continuations (in whole or part).
“Platform” includes any data, images, text, and content, including but not limited to any Software, application program interfaces, tools or other information or materials provided, made available and/or integrated into the Client’s software by Belvo and accessible by the Client through Belvo’s website/app, API or SDK and by means of which the Services are rendered.
“Provider” shall mean the Party that discloses Confidential Information to the other Party under this Agreement.
“Recipient” shall mean the Party that receives Confidential Information from the other Party under this Agreement.
“SDK” shall mean Belvo’s software development kit that allows for the creation of applications for a certain software package, software framework, hardware platform, computer system, operating system, or similar development platform.
“Services” means the services to be rendered by Belvo, according to the terms set forth in this Agreement, as further described in Annex I.
“Software” means all software which is included in the Platform and used in order to provide the Services, including any present or future enhancements and extension thereof.
“Tool” means the tool provided by Belvo that allows End-Users to access and share Account Information with the Client.
“Trademark” shall mean any word, name, symbol, color, designation or device or any combination thereof that functions as a source identifier, including any trademark, trade dress, service mark, trade name, logo, design mark or domain name, whether or not registered.
Further to other undertakings set forth in this Services Agreement, the Client hereby agrees to undertake the following obligations:
The Services provided by Belvo generally include access to End-user Account Information. This access shall be provided as further explained below:
|1. Make the Platform available to the Client through an integration process to be carried out by the Client with Belvo’s support|
|2. Connection through the Platform to extract, systematize and access to the End-Users’ bank and financial data|
|3. Maintenance of the technology that allows Client to access the Platform and its updates, modifications, new features, new functionalities, upgrades or new versions implemented by Belvo from time to time.|
Account Information shall include, but not be limited to, the following Financial and Personal Information:
The Parties enter into the following data processing agreement (the “Data Processing Agreement”) in compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) or any other data protection regulations that may modify, develop, repeal or consolidate them.
This Data Processing Agreement is part of the SAAS AGREEMENT (the “Main Agreement“) which govern the service provided by BELVO FINANCE, S.L. (“Belvo” and/or “Data Processor”) for the Client (the “Client” and/or “Data Controller”).
For the purpose of the Data Processing Agreement, the Client and Belvo agree that the Client shall be the Data Controller of its personal data and from its own End-Users and/or end-users, and that Belvo shall be Data Processor of those data, except that (a) the Client acts in the capacity of Data Processor, then Belvo acts as sub-processor, or (b) if otherwise agreed between the Parties.
Hereafter, each party will be referred to as “Party” and jointly as the “Parties”.
Belvo is authorized to process, on behalf of the Client, personal data to the extent that it is or becomes necessary to provide the service in accordance with the Main Agreement, and as specified in this Data Processing Agreement.
Belvo undertakes to process personal data only in order to provide to the Client the services in accordance with the Main Agreement and, for purposes compatible with the provision of such services. Belvo shall not process such personal data for any purpose other than that stipulated in this Data Processing Agreement.
Personal data will also be used for technical security and diagnostic purposes of the services, and for improving its machine learning algorithms and technology, as for statistical reasons, in an anonymized form.
The nature of the processing activities carried out by Belvo are: collection, structuring, use, access, organization, consultation, combination and interconnection.
The categories of data subjects are the Data Controller End-Users, Users and/or End-Users.
The categories of personal data types being processed are: identifying data; personal characteristics; goods and services transactions, social circumstances and/or economic and financial data.
Belvo shall not disclose or otherwise reveal any personal data covered by the Data Processing Agreement, except (1) as instructed by the Client and/or (2) as required by law, court or official authority.
When data processed under this Data Processing Agreement is transferred from a country within the European Economic Area (EEA) to a country outside the EEA, the Data Processor shall ensure that the personal data are adequately protected. To achieve this, the Data Processor shall unless agreed otherwise, rely on European Union approved standard contractual clauses for the transfer of personal data.
The Client, as Data Controller, undertakes to (1) ensure that the data processor complies with all the obligations set out in this Data Processing Agreement; (2) comply with its obligations as data controller according to the regulations in force.; and (3) provide to its clients, users and/or end-users the necessary information required by article 13 GDPR.
Belvo, as Data Processor, undertakes to:
Belvo shall keep in writing a record of all the categories of processing activities carried out on behalf of the Controller in compliance with article 30.2 GDPR, and as long as it is applicable to the processing of personal data carried out on behalf of the Client, Belvo shall make such record available to the Client on request.
Belvo shall assist the Client in fulfilling its duty of answering requests from data subjects in the exercise of their rights of access, rectification, erasure and objection, restriction of processing and data portability. In the unlikely event that Belvo receives a request from a data subject exercising its rights, BELVO shall send it to the Client without undue delay, and in any case within five (5) working days after receipt.
Belvo shall notify the Client before the maximum period of seventy-two (72) hours and through the e-mail address indicated by the Client, any know personal data breach, together with all relevant information to document and report the incident. This notification shall contain, at least, the information required by article 33.3 GDPR.
Belvo shall immediately inform the Client if there’s a believe that any of the instructions violate the GDPR or any other applicable data protection provision.
Belvo shall make available to the Client on request all information necessary to demonstrate compliance with this Data Processing Agreement, and shall allow for and contribute to audits, including inspections, by the Client or an auditor mandated by the Client in relation to the processing of done by Belvo on behalf of the Client.
Audits shall be carried out upon notification during normal working hours and without interruption of Belvo s business activity and operations.
Belvo shall provide reasonable assistance to the Client when carrying out any Data Protection Impact Assessment (“PIA”), and in prior consultations with Supervising Authorities or other competent Data Privacy Authorities, when appropriate.
Upon the termination of the provided service and the processing-related services, Belvo shall erase all personal data, including any media or document regarding the personal data.
Notwithstanding the foregoing, Belvo may retain the personal data duly blocked during the period in which responsibilities may arise from its relationship with the Client, in compliance with the applicable regulations in force.
Belvo requires subcontracting third parties who will process the personal data under the responsibility of the Client. Some of these subcontracts are necessary in order to provide the service, since the functioning and operativity of Belvo systems and the provision of certain services depend on them. Specifically, the services are listed as follows:
|Amazon||Amazon AWS cloud services and products|
With all of them, Belvo maintains an agreement in which data protection obligations are set out, providing sufficient guarantees to implement appropriate technical and organizational measures to the processing. The Client hereby authorizes those subcontracting and sub-processors in the current terms.
Belvo shall notify the Client, previously and in writing, if there’s an intention of replacing or engaging with a new sub-processor. Belvo shall indicate the processing activities that will be subcontracted and clearly identify the company which will be sub-processor. Subcontracting may be carried out provided that the Client has not objected to it within ten (1) working days after notification.
The Parties undertake to indemnify, keep indemnified and hold harmless each other from and against any type of administrative sanctions imposed by the corresponding authorities and third-party loss, harm, cost (including reasonable legal fees and expenses), expense and liability that may suffer, arise or incur as a result from the other Party’s non-compliance with its obligations under data protection regulation and/or its responsibilities under this Data Processing Agreement.
If one of the Parties has to pay an amount of money by way of penalty, sanction, indemnification and damages for the non-compliance of the other Party, the Party that hasn’t complied shall pay and/o reimburse to the other Party the corresponding amounts.
This Data Processing Agreement is valid for as long as Belvo is processing personal data on behalf of the Client under the Main Agreement and this Data Processing Agreement.