Last updated: November 8th, 2022
1.1 The Services. We operate a proprietary Payment Platform that utilises PSD2 & Open Banking to initiate payments from a user’s bank account, with settlement of funds directly into your nominated bank account; instantly, on a daily or weekly basis, at your option (the “Services”).
Prior to such settlement, we may hold the funds on your behalf of and for your exclusive benefit (or, where applicable, shall arrange for the funds to be held in such a manner) and we will keep (and where appropriate shall ensure that our agents and sub-contractors will keep) sufficient records of the funds in such a manner that the assets are appropriately distinguished with respect to applicable legislation regarding matters of bankruptcy and general insolvency.
Citizen is authorised by the Financial Conduct Authority (the “FCA”) under the Regulations for the provision of payment services (including the Services) with Firm Reference Number 826720.
2. USE OF THE PAYMENT PLATFORM AND THE SERVICES
2.1 Ownership and Use.
Citizen owns all rights, title and interest in the Payment Platform and our proprietary technology, including our software (in source and object forms), algorithms, user interface designs, architecture, and documentation (both printed and electronic), network designs, know-how, and trade secrets, and including any modifications, improvements, and derivative work thereof (the “Citizen Technology”).
It is your responsibility to ensure that the Payment Platform is only accessed by you or your Authorised Persons and that you, including your Authorised Persons, employees and agents, keep your login details, passwords, or other security features associated with your access safe and secure. If you have any knowledge or any suspicion that any of these security features have been stolen, misappropriated, improperly disclosed to a third party or used without authorisation or otherwise compromised you must contact Client Support provided in your SLA immediately.
2.3 Suspension of Access.
You must provide and/or obtain any equipment or telecommunications lines and links that may be necessary for you to use the Payment Platform, and you acknowledge that certain software and equipment used by you may not be capable of supporting certain features of the Payment Platform. For the avoidance of doubt, we are not responsible for providing you with any equipment or telecommunications lines and links that may be necessary for you to use the Payment Platform.
2.5 Principal Only.
You hereby (i) confirm, represent and warrant to us at all times that you are acting either on your own account or, where applicable, for the benefit of your End Customer, and not on behalf of any other person, and (ii) acknowledge that we shall not be a principal to any transaction or be responsible for or otherwise guarantee the performance of any transaction entered into by you with an End Customer.
2.6 End Customer Responsibilities.
We shall not treat End Customers as our client for the purposes of providing the Services. You are solely responsible and liable for all acts and omissions of End Customers including without limitation (i) all Know Your Customer ("KYC") and/or customer due diligence ("CDD") requirements relating to End Customers and the on-boarding of End Customers, (ii) all operational matters relating to End Customers including inputting any manual End Customer's payment details, chasing End Customers for payment details, any late arrival of funds, settlement with End Customers, (v) all sales, marketing and account management in relation to End Customers, and training End Customers on the use of the Platform Services.
3. DATA PROTECTION LEGISLATION
3.1 Personal Data.
By asking us to provide you with the Services, you will be providing us with information which includes Personal Data. In relation to such Personal Data, we shall act as: (i) a Data Controller in respect of our use of such Personal Data to (a) conduct KYC, CDD and other checks as part of our process of accepting you as a Client (as detailed in Section 7.1), (b) comply with any legal and/or regulatory requirements to which we are subject from time to time, including but not limited to FCA requirements, (c) determine how best to provide the Services and our risks in doing so, and (d) prevent fraud or financial crime.
We may conduct searches through an identity-referencing agency and through other sources of information and use scoring methods both to allow us to provide you with the Services and to assess our risks in doing so, including credit standing and compliance with all KYC/CDD requirements. A record of this process will be kept and may be used to allow our Group Companies to similarly provide you with services and to assess our risks in doing so. Information may also be passed to other organisations or persons to prevent fraud. Additionally, information may be passed to governmental, regulatory or judicial organisations to prevent fraud or financial crime where we consider it appropriate. The foregoing use of Personal Data may render us a Data Controller.
3.4 Data Lawfully Obtained.
3.5 Responsibility for Data.
You are solely responsible for the content, quality, accuracy and completeness of any Personal Data, any End Customer data, and any other data provided or transmitted by you or on your behalf via or in connection with the use of the Payment Platform and the Services.
3.6 Record Keeping.
Each party shall maintain records of all processing operations under its responsibility that contain at least the minimum information required by the Data Protection Legislation and shall make such information available to any DP Regulator on request.
3.7 Complaints, Notices or Communications.
If either party receives any complaint, notice or communication which relates directly or indirectly to the processing of Personal Data or to either party's compliance with the Data Protection Legislation, it shall as soon as reasonably practicable notify the other party and provide the other party with commercially reasonable co-operation and assistance in relation to any such complaint, notice or communication.
3.8 Independent Controllers
126.96.36.199 comply at all times with its responsibilities and obligations under the applicable Data Protection Legislation, more specifically as set out in art. 5 of the GDPR, including but not limited to fair and lawful processing, data retention and deletion and safeguarding data subjects’ rights, having appropriate regard to the related guidelines and guidance notes issued from time to time by the European Data Protection Board and all other relevant regulatory bodies;
188.8.131.52 co-operate with each other to set out the requirements to meet relevant obligations of Data Protection Legislation (for example in respect of data portability, subject access, lawful access requests and requests for rectification, amendment and disposal);
184.108.40.206 ensure that it has taken adequate security safeguards, including by implementing appropriate technical, physical and organizational safeguards, to ensure the confidentiality, integrity and availability of Personal Data.
3.8.2 In the event either party becomes aware of an actual or suspected breach to the security, confidentiality or integrity of the Personal Data of the other party when those data are being Processed both parties agree to notify the other affected party within 24 hours of identification of the breach and to consult with one another about such steps as may reasonably be necessary or appropriate to investigate, mitigate and remediate the breach and otherwise to discharge their respective obligations under applicable Data Protection Legislation.
4. FEES AND AMOUNTS TO BE PAID
All fees for the Services shall be as set out in the Commercial Agreement.
All Fees are stated exclusive of all taxes and similar fiscal charges now in force or enacted in the future, all of which you will be responsible for and must pay in full.
4.3 Default Interest, Suspension, and Reconnection.
4.4 Set Off.
You agree that we may set off any amount you owe us against any sums owed by us to you, provided we have given you 10 (ten) days prior written notice of such intention and document the amount to be deducted and the reasons for the same.
5. CLIENT HELP CENTRE AND SERVICE LEVELS
5.1 Payment Processing Compliance.
In accordance with the PSD2 Regulations communicated to you, Citizen will satisfy the maximum execution time for a payment, the charges payable by you in respect of a payment, the cut-off time for the payment system we use to transmit your payment, and (where applicable) will provide a breakdown of the amounts of any charges. In all cases, the maximum execution time to process payment instructions (as opposed to currency conversions) shall be five (5) Business Days. However, in many cases and where required by the Regulations, Citizen may process a payment much faster.
5.2 Telephone Conversations.
Any telephone conversations we have with you or Authorised Persons may be monitored and recorded by us and we may also maintain records of emails sent by or to you and your Authorised Persons. You agree that we may use these telephone recordings and any transcripts or email records for training and quality control purposes or to resolve any disputes, and also in the prevention and detection of crime. However, we may not make or maintain such recordings or records for you or be able to make them available to you.
5.3 Service Levels.
We shall use our best endeavours to ensure that the Payment Platform is available 99.9% of the time during each calendar month (“Availability”). Availability excludes unavailability due to scheduled maintenance or a force majeure event (described below in section 11.10). In any case, we will promptly inform you if the Services or the Payment Platform becomes unavailable.
5.4 Help Desk.
You may report incidents requiring our help by contacting Client Support by telephone or by sending an email which will be acknowledged by email or telephone during UK office hours within one (1) hour of the incident report. Reported incidents will be assigned to a Client Support representative, who shall coordinate support efforts with you through resolution of the reported problem. We will use all reasonable endeavours to resolve any incidents or problems relating to the Services as soon as is reasonably possible.
5.5 Limits on Support Services.
5.6 Scheduled Maintenance.
We may suspend access to the Payment Platform outside of UK Business Hours for no more than fifteen minutes to upgrade the Payment Platform. We will, to the extent practicable, provide you with advance notice of any other scheduled maintenance, including details of the expected Payment Platform downtime. Payment Platform downtime during scheduled maintenance carried out by us in accordance with this section shall not be counted as downtime for the purposes of Availability.
6. CONFIDENTIAL INFORMATION
7. OUR AGREEMENT WITH YOU
7.1 Our Acceptance of You as a Client.
7.2 Your Representations and Warranties.
7.3 Our Representations and Warranties.
8. RELIANCE ON INSTRUCTIONS
Citizen is authorised and entitled to rely upon, and act in accordance with, any instruction which may from time to time be, or purport to be, given by Authorised Persons. Citizen is entitled to treat any instruction as fully authorised by, and binding upon you, and entitled (but not bound) to take any steps in connection with, or in reliance upon that instruction which Citizen in its absolute discretion may consider appropriate, and notwithstanding any error or misunderstanding or lack of clarity in the terms of that instruction. If Citizen receives what it considers to be conflicting or ambiguous instructions from any Authorised Person, Citizen may, in its absolute discretion and without any liability on its part, decline to act whilst seeking clarification of that instruction, as Citizen in its discretion deems appropriate. For the avoidance of doubt, a payment instruction shall be regarded as having been authorised by you for the purposes of the Payment Services Regulations 2009 if an Authorised Person has given his/its consent.
9.1 Unauthorised or Incorrectly Executed Payments.
Under the Regulations you may be entitled to redress for any unauthorised or incorrectly executed payments. In the case of an executed payment not authorised by you or an Authorised Person, we will refund the amount of the unauthorised payment to you, and where applicable, restore the debited payment account to the state it would have been in had the unauthorised payment not taken place. If we fail to execute, or incorrectly execute, a payment, unless we can establish that the beneficiary’s payment service provider received the amount of the payment transaction, we will refund to you the amount of the non-executed or defective payment transaction promptly after becoming aware of the error, and, where applicable, restore the debited payment account to the state in which it would have been had the defective payment transaction not taken place. We will also refund to you any direct charges for which you are responsible and any interest which you must pay as a consequence of the non-execution or defective execution of the payment transaction. Beyond this, we have no further liability to you for any unauthorised or incorrectly executed payments.
9.2 Incorrect Information or Payee/Beneficiary Bank Failure.
We will not be liable to you for the nonexecution of a payment or for the defective execution of a payment if the information you provide is incorrect. We will not be liable for errors, mistakes, or non-performance arising from the payee/beneficiary bank if the payee/beneficiary bank fails to process the payment correctly. In either case, we will make reasonable efforts to recover the funds involved in the payment. You will be responsible for the costs incurred by us for any such recovery.
9.3 Our Negligence.
If a Loss is incurred due to our negligence or breach of contract, we will promptly attempt to correct the error. Subject to Section 9.5, we will be liable for any direct losses such as bank fees and interest incurred as a result of our negligence or breach of contract. In no circumstances will we be liable for any indirect, unforeseeable or incidental losses incurred, such as loss of opportunity.
9.5 Aggregate Liability.
For the avoidance of doubt, the foregoing limitation shall not limit our liability in respect of any obligation of ours to make a remittance, payment or settlement hereunder.
Subject to Section 9.4. (Non-Exclusion), in no event shall either party be liable to the other for any loss of data, loss of profits. or any special, incidental, indirect or consequential loss, howsoever arising.
9.6 Your Indemnities.
You agree to fully defend us on demand from and against any third-party claim (i) alleging that your actions in connection with your use of the Payment Platform or the Services violates any third party’s rights of privacy or violates any privacy laws; and (ii) arising from or relating to End Customer data. You will, in either case, indemnify us (and our directors, employees and officers) against all damages awarded against us or agreed to in a written settlement agreement signed by you arising out of such claim. We shall: (a) promptly notify you in writing of any such claim; (b) authorise you to control the defence and all related settlement negotiations; (c) provide you with the assistance and information reasonably necessary to defend and/or settle any such claim; (d) in no event jeopardise, settle or admit liability with respect to any such claim without your prior written consent, and (e) use reasonable endeavours to mitigate any such claim.
9.7 Our Indemnities.
10.2 Termination for Cause.
10.3 Additional Grounds for Termination.
10.4 Effect of Termination.
11.1 Relationship between the Parties.
11.2 Changes to the Payment Platform.
We reserve the right to modify and make changes to the Payment Platform at any time as we deem necessary to comply with Applicable Law and regulations or business needs, provided that such modification shall not in our reasonable opinion degrade or materially alter the functionality of the Payment Platform. Where possible, we shall notify you of such modification as soon as is reasonably practicable following our determining to make the modification.
11.4 Governing Law and Forum.
Subject to the following, we may with your prior written consent include your name, logo and contact information in directories of our service subscribers and other general promotional materials for the purpose of promoting the use of the Payment Platform generally. However, we shall immediately cease using your name, logo and contact information if you request us to do so. Neither party shall issue a press release relating to their business relationship without the written consent of the other party. Neither party may use the trademark or trade name of the other party without the written consent of such party.
11.6 Entire Agreement and Waiver.
11.10 Force Majeure.
11.11 Third Party Rights.
11.12 Notices and Communications.
If you feel that we have not met your expectations in the delivery of our services or if you think we have made a mistake, please let us know. We have internal procedures for handling complaints fairly and promptly in accordance with the FCA requirements. A copy of our complaints procedure is available upon request and on the Website. If you are not satisfied with the decision in our final response, you may be able to refer your complaint to the Financial Ombudsman Service should you not be satisfied with our final response. Eligibility criteria and the procedures involved, are available from the Financial Ombudsman Service, Exchange Tower London E14 9SR.
11.15 English Text Prevails.
Payments + Bank Account Linking
1. If the functionality is available, the Services may allow Client to link a bank account (the Linked Bank Account) to an Account. If Client chooses to do this, it will be redirected from the Services platform to the clients bank’s app or website where the Client will be informed by them of the information the Client agrees with them that they may share with Citizen (the Shared Banking Information). The Shared Banking Information will include, but is not necessarily limited to, the Client’s name, your bank account number and sort code and details of the Clients bank account transactions.
2. If the Client agrees to make the Shared Banking Information available to Citizen:
2.1 A representation of the Linked Bank Account will be shown in the Services Platform with the last 4 digits of the account number visible
2.2 Any new transactions made on the Linked Bank Account will be sent to and stored by Citizen
3. The Client may, at any time, revoke the Citizen access to the Linked Bank Account by using the Clients bank's app or website to remove Citizens’s permissions to access the Shared Banking Information. Such revocation of permission will not require Citizen to delete Shared Banking Information already held by Citizen.
4. The Clients bank (and not Citizen) is solely responsible for the provision, availability, security and all other aspects of the API that will be used by the Services to access the Linked Bank Account. Citizens use of such API will be subject to the terms and conditions issued by the Clients bank.
5. If the functionality is available, the Services may also allow the Client to initiate payments from its linked bank account directly to Citizen’s escrow account by way of payment initiation. Consent may be given in writing within the relevant section of the Citizen platform.
6. Citizen may use the OAuth Open Banking standard to authorise payment initiation consent. Citizen will not store the Client’s bank data at any time. Payment initiation requests are deemed to have been received as soon as this consent is given and consent cannot be revoked after this point.
7. Citizen will always require the Client’s consent for each individual payment initiation; at the time of writing the functionality is not available to authorise consent for multiple payments.
Authorised Persons: means the Client or any person (including any individual or entity) authorised by the Client to act on its behalf in the performance of any act, discretion or duty under this Agreement (including, for the avoidance of doubt, any officer or employee of such person) in a notice reasonably acceptable to Citizen.
AISP (“Account Information Services”): an Account Information Service Provider provides account information services as an online service to provide consolidated information on one or more payment accounts held by a payment service user with one or more payment service provider(s).
ASPSP (“Account Servicing Payment Service Provider”): Account Servicing Payment Service Providers provide and maintain a payment account for a payer as defined by the PSRs and, in the context of the Open Banking Ecosystem are entities that publish Read/Write APIs to permit, with customer consent, payments initiated by third party providers and/or make their customers’ account transaction data available to third party providers via their API end points.
“Applicable Law” means all applicable legislation, regulations and any and all directives, standards and/or guidelines of any applicable regulatory, governmental or other authority, settlement, card scheme or banking or payment network (including PCI Security Standards Council) relating to a party's obligations under and/or pursuant to these Terms.
Citizen: means the Company and the Company Subsidiaries of Citizen UK Holding Limited.
Citizen Technology means Citizen’s proprietary technology, including our software (in source and object forms), algorithms, user interface designs, architecture, and documentation (both printed and electronic), network and software designs, know-how, and trade secrets, and including any modifications, improvements, and derivative work thereof.
Client: means you.
Confidential Information: means information in whatever form (including, without limitation, in written, oral, visual or electronic form or on any magnetic or optical disk or memory and wherever located) relating to the transactions processed hereunder, business, customers, products, affairs and finances of either party hereto and trade secrets including, without limitation, technical data and know-how relating to the business of either party or any of its suppliers, customers, agents, distributors, shareholders, management or business contacts.
Customer Data: means any customer data or other data or information collected by or on behalf of Citizen.
CDD (“Customer Due Diligence”): means any action required by Citizen to check the legal or financial status of its customers, for compliance with the FCA guidelines on payment processing or any other legal basis.
Data Controller: is a person, company, or other body that determines the purpose and means of personal data processing (this can be determined alone, or jointly with another person/company/body). For the official GDPR definition of “data controller”, please see Article 4.7 of the GDPR.
Data Processing Policy: the Data Processing Policy sets out how Citizen handles the Personal Data of our customers.
End Customer: means any person using the Platform Services.
FCA (“Financial Conduct Authority”): means the regulator of the financial services industry in the UK.
KYC (“Know Your Customer”): means all documentation and other information about the Company and the Company Subsidiaries required under applicable “know your customer” and anti-money laundering rules and regulations.
Linked Bank Account: means the customer bank account connected via Citizen’s AISP services.
Open Banking: means the UK implementation of PSD2
Payment Initiation: means the process of initiating a payment request via Citizen’s PISP services.
Payment Platform: the technology solution deployed to provide payment services to the Client (including, for the avoidance of doubt, any button or web page required to direct the end user payment journey)
Payment Service Directive 2(“PSD2”): means the EBA payment service directive 2 (https://eba.europa.eu/regulation-and-policy/payment-services-and-electronic-money)
If you have any questions about these Terms, please contact us.