1. KNEWTE Master Business SaaS Terms

Effective date: 13 April 2026

These Master Business SaaS Terms (the Terms) govern access to and use of the KNEWTE platform, KNEWTE websites, KNEWTE applications made available through the platform, related services, support, and documentation (together, the Service).

By creating an account, clicking to accept these Terms, purchasing a Subscription, topping up Credits, starting a Trial, or otherwise accessing or using the Service for business purposes, you agree to be bound by these Terms.

If you accept these Terms on behalf of a company, LLP, partnership, sole trader business, charity, public body, or other organisation, you represent and warrant that you have authority to bind that entity. In that case, Customer, you, and your mean that entity.

1. About KNEWTE

The Service is operated by KNEWTE UK LIMITED (KNEWTE, we, us, our), a company registered in England and Wales with company number 13980396 and registered office at Suite 11 Continental House, 497 Sunleigh Road, Wembley, Middlesex, United Kingdom, HA0 4LY.

Legal and support contact: support@knewte.co.uk

2. Business Use Only

2.1 The Service is made available only for business use.

2.2 Subscriptions may only be purchased for a business, including a company, LLP, partnership, sole trader business, charity, public body, or other organisation.

2.3 You must not purchase or use a Subscription in your personal capacity or for personal, family, or household purposes.

2.4 You must be legally capable of entering into a binding contract and, where applicable, authorised to act on behalf of the relevant business or organisation.

3. Definitions

• Account means the KNEWTE account used to access the Service.
• App means any application, module, feature, or service made available through the KNEWTE platform.
• App-Specific Terms means any additional terms, usage rules, fair use rules, pricing rules, or policies that apply to a particular App, feature, Trial, or Beta Service.
• Authorised User means an individual permitted by the Customer to access or use the Service under the Customer's Account.
• Beta Service means any alpha, beta, preview, early-access, evaluation, or test feature or service identified by us as such.
• Confidential Information means information disclosed by one party to the other that is marked confidential or that ought reasonably to be understood to be confidential given its nature and the circumstances of disclosure, including business information, technical information, security information, pricing, and non-public product plans, but excluding information that: (a) is or becomes public through no breach of these Terms; (b) was lawfully known to the receiving party without restriction before disclosure; (c) is lawfully received from a third party without breach of confidentiality; or (d) is independently developed without use of the other party's Confidential Information.
• Content means data, text, documents, files, records, messages, images, configuration data, and other materials submitted to, uploaded to, stored in, generated through, or otherwise processed using the Service by or on behalf of the Customer or its Authorised Users.
• Credits means prepaid usage credits purchased by the Customer and applied to eligible pay-as-you-go App features.
• Customer Personal Data means any personal data processed by us on behalf of the Customer in providing the Service.
• Documentation means the user guides, support materials, product descriptions, help pages, and technical information we make available for the Service.
• Order means a purchase, checkout, online order, activation, top-up, or other commercial transaction through which the Customer purchases a Subscription or Credits.
• Subscription means paid access to an App or Service on a recurring monthly basis or on another pricing model that we make available.
• Subscription Term means the period during which a Subscription remains active.
• Trial means a free trial of an App or feature made available by us for a limited period.

4. The Service

4.1 KNEWTE is a cloud-based enterprise apps platform that enables businesses to discover, purchase, activate, and use Apps and related services.

4.2 The KNEWTE platform may include a free account tier that allows account creation, business profile setup, business contact setup, and other basic account administration features.

4.3 Different Apps may have different features, functionality, usage models, eligibility rules, App-Specific Terms, and pricing.

4.4 We may introduce, withdraw, suspend, update, replace, or modify Apps, features, integrations, user interfaces, pricing structures, and service models from time to time. Material pricing changes will not apply to an active paid Subscription until the next renewal and we will give at least 30 days' prior notice.

5. Accounts and Authorised Users

5.1 You must provide accurate, complete, and up-to-date account, billing, and business information.

5.2 You are responsible for all activity under your Account, including activity by your Authorised Users.

5.3 You must keep login credentials confidential and ensure that Authorised Users use the Service only in accordance with these Terms and any App-Specific Terms.

5.4 You are responsible for assigning and managing user roles, permissions, and access levels.

5.5 You must notify us promptly if you become aware of any unauthorised use of your Account, compromise of credentials, or security incident affecting the Service.

5.6 We may reject account applications or require additional verification where necessary for legal, compliance, fraud-prevention, sanctions-screening, or security reasons.

6. Free Accounts, Trials, and Beta Services

6.1 Free Accounts

A free KNEWTE platform account does not itself create any obligation on us to provide any paid App, any minimum feature set, or any ongoing availability of free features.

6.2 Trials

(a) We may offer a Trial of an App for up to 7 days or such other period as we state.

(b) Trials may be limited by App, functionality, usage, geography, customer type, business verification status, or other eligibility criteria.

(c) Unless we expressly state otherwise, a Trial ends automatically at the end of the stated trial period.

(d) We may modify, restrict, suspend, or withdraw a Trial at any time.

(e) Trial use may be subject to App-Specific Terms.

6.3 Beta Services

(a) Beta Services are provided for evaluation and testing purposes.

(b) Beta Services may be incomplete, unavailable, or changed without notice.

(c) To the fullest extent permitted by law, Beta Services are provided without any commitment of availability, support, service level, or continued release.

7. Orders, Subscriptions, Credits, Billing, and Payment

7.1 Orders

By placing an Order, you agree to pay the applicable fees, charges, taxes, and levies shown at checkout or otherwise communicated to you.

7.2 Monthly Subscriptions

(a) Monthly Subscription charges begin on the date the Subscription is purchased or activated.

(b) Monthly Subscriptions are billed using the payment method associated with your Account and may renew automatically only if auto-renew is switched on for that Subscription.

(c) If auto-renew is switched off, the Subscription will expire at the end of the current Subscription Term unless renewed by the Customer.

(d) If a Subscription expires, the Customer will have up to 30 days to reactivate that Subscription, subject to payment of applicable charges and any applicable product availability.

(e) Unless App-Specific Terms state otherwise, cancellation by the Customer terminates access to the relevant Subscription immediately.

7.3 Credits and Pay-As-You-Go Use

(a) Certain Apps or features may be used through Credits on a pay-as-you-go basis.

(b) Credits are prepaid and are deducted when an eligible App feature is used.

(c) We will display the applicable Credit usage for the relevant feature before or at the point of use, where reasonably practicable.

(d) The minimum top-up or transaction amount may be 3 Credits or such other minimum amount as we state in the Service.

(e) Credits expire 12 months after purchase unless we state otherwise.

(f) Unused Credits are non-refundable, including where a Subscription is cancelled, expires, or is suspended or terminated.

7.4 Payment Processing

(a) Payment processing, card storage, and related payment services may be provided by Stripe or other third-party payment providers.

(b) You authorise us and our payment processors to charge the applicable fees and taxes using your selected payment method.

(c) Your use of third-party payment services may also be subject to the third party's own terms and privacy policy.

7.5 Taxes

Unless expressly stated otherwise, fees are exclusive of taxes. You are responsible for all taxes, duties, levies, or similar governmental charges arising from your purchase or use of the Service, excluding taxes based on our net income.

7.6 Price Changes

We may change fees, Credit pricing, feature pricing, package structure, and charging models by giving at least 30 days' prior notice. Price changes will apply from the next renewal, next top-up, or next purchase, as applicable.

7.7 No Refunds; Limited Billing Adjustments

(a) Except where required by law, fees, Subscription charges, top-ups, and Credits are non-refundable.

(b) Notwithstanding clause 7.7(a), we may issue a refund, reversal, adjustment, or service credit, in whole or in part, where we determine in our reasonable discretion that:

1. a duplicate charge was processed by KNEWTE and notified to us within 60 days of the charge;
2. a billing or charging error occurred due to an error in the Service or our billing process;
3. Stripe, a bank, or another payment provider confirms that a payment received by us was unauthorised, in which case any refund or reversal may be made through the original payment channel; or
4. we choose to provide a goodwill credit or adjustment.

(c) Nothing in this clause obliges us to provide a refund, reversal, or credit except as expressly stated or where required by law.

7.8 Failed Payments and Non-Payment

If payment fails, is reversed, is subject to chargeback, or remains overdue, we may suspend or restrict access to the affected Subscription, App, or Account without liability until the issue is resolved.

8. Customer Responsibilities

You must:

(a) use the Service only for lawful business purposes and in accordance with these Terms;

(b) ensure that all Content and all use of the Service by you and your Authorised Users complies with applicable law and does not infringe the rights of any person;

(c) maintain appropriate internal security controls, device security, malware protection, password security, and user access controls;

(d) ensure that you have all rights, permissions, consents, notices, and lawful bases required to submit Content to the Service and to instruct us to process Customer Personal Data on your behalf;

(e) ensure that your Authorised Users are aware of and comply with these Terms and any App-Specific Terms;

(f) promptly cooperate with reasonable requests relating to security, fraud prevention, sanctions compliance, and lawful investigations.

9. Acceptable Use Restrictions

You must not, and must not permit any third party to:

(a) use the Service for unlawful, fraudulent, misleading, harmful, or abusive purposes;

(b) upload, store, transmit, or process Content that is unlawful, defamatory, infringing, deceptive, harassing, discriminatory, or otherwise objectionable;

(c) use the Service in violation of sanctions, export controls, trade restrictions, anti-money laundering laws, or other applicable compliance requirements;

(d) use the Service in any country, territory, or situation prohibited by applicable law or sanctions;

(e) copy, frame, mirror, republish, scrape, or otherwise exploit the Service except as expressly permitted by these Terms;

(f) reverse engineer, decompile, disassemble, or attempt to derive source code, trade secrets, or underlying ideas from the Service except to the extent such restriction is prohibited by law;

(g) probe, scan, test, or circumvent the security, authentication, usage limits, or integrity of the Service;

(h) introduce malware, malicious code, harmful files, worms, ransomware, spyware, or other harmful material;

(i) interfere with or disrupt the Service, servers, networks, or other users' access;

(j) use robots, crawlers, automation, or scripted means to access the Service except through permitted APIs or features;

(k) resell, sublicense, lease, bureau, or commercially exploit the Service except where expressly authorised in writing by us; or

(l) submit or process special category personal data, criminal offence data, children's data, or other highly sensitive data through the Service unless the relevant App expressly supports it and you have implemented all required safeguards and legal bases.

10. Content and Data

10.1 Ownership

As between the parties, you retain all right, title, and interest in and to your Content. We do not acquire ownership of your Content.

10.2 Licence to KNEWTE

You grant us a non-exclusive, worldwide, royalty-free licence to host, store, process, transmit, copy, display, adapt, and otherwise use your Content only to the extent necessary to provide, secure, maintain, back up, support, improve, and administer the Service, perform our obligations, comply with law, and enforce these Terms.

10.3 Customer Responsibility for Content

You are solely responsible for the legality, quality, integrity, accuracy, and appropriateness of your Content and for obtaining all necessary rights and permissions for its use in the Service.

10.4 Aggregated and De-Identified Data

We may generate and use aggregated, anonymised, or de-identified data derived from use of the Service for analytics, security, service improvement, benchmarking, product development, and business operations, provided that such data does not identify the Customer or any individual.

10.5 Deletion and Retention

(a) Where a Subscription or Account ends, we may retain data for up to 90 days before deletion, unless a longer period is required by law, regulation, dispute resolution, fraud prevention, tax, accounting, audit, security, or legitimate internal record-keeping purposes.

(b) Certain financial, tax, contract, and compliance records may be retained for up to 6 years or such longer period as required or permitted by law.

(c) At the end of the applicable retention period, data will be deleted in accordance with our retention practices, except for data retained in backups or archives for a limited period or where storage is legally required.

(d) Data will be deleted only and not returned, except where the relevant App itself provides export, download, copy, or similar functionality.

11. Intellectual Property Rights

11.1 We and our licensors own all right, title, and interest in and to the Service, including all software, code, interfaces, workflows, designs, graphics, trade marks, branding, know-how, Documentation, and all related intellectual property rights, excluding your Content.

11.2 Subject to these Terms and payment of applicable fees, we grant the Customer a limited, non-exclusive, non-transferable, non-sublicensable right during the applicable Subscription Term to access and use the Service for its internal business purposes.

11.3 Except as expressly permitted by these Terms, the Customer must not copy, modify, adapt, distribute, create derivative works from, sell, lease, or otherwise exploit any part of the Service.

11.4 If you provide feedback, suggestions, ideas, or recommendations relating to the Service, we may use them without restriction and without any obligation to you.

12. Third-Party Services and Integrations

12.1 The Service may interoperate with, connect to, or rely on third-party services, content, software, payment processors, cloud providers, messaging providers, authentication providers, and integrations.

12.2 Third-party services may be governed by separate terms and privacy policies.

12.3 We are not responsible for third-party services, including their availability, security, changes, failures, API changes, acts, omissions, or outages, except to the extent caused by our own breach of these Terms.

12.4 We may add, remove, or change third-party integrations at any time.

13. Security

13.1 We will implement and maintain reasonable technical and organisational measures designed to protect the Service and Customer Personal Data, taking into account the nature of the Service and the risks presented.

13.2 Such measures may include encryption in transit, encryption or other protections for certain stored personal data, access controls, role-based access, system monitoring, backup practices, and other safeguards that we consider appropriate.

13.3 The Customer acknowledges that no method of transmission over the internet or method of electronic storage is completely secure.

13.4 We are not responsible for security incidents, unauthorised access, or losses caused by the Customer's or its Authorised Users' failure to maintain secure credentials, maintain secure devices, manage permissions correctly, or follow reasonable security practices.

14. Data Protection

14.1 Each party will comply with applicable data protection laws in connection with its performance under these Terms.

14.2 To the extent we process Customer Personal Data on behalf of the Customer, the Customer is the controller and we act as processor unless otherwise stated for a particular processing activity.

14.3 The Customer instructs us to process Customer Personal Data only as necessary to provide the Service, perform these Terms, comply with documented lawful instructions, maintain security, prevent fraud and abuse, provide support, create backups, and comply with applicable law.

14.4 The parties agree that a separate Data Processing Addendum may apply to Customer Personal Data processing and, where made available by us and accepted or incorporated, will form part of these Terms.

14.5 We may use affiliates and subprocessors, including cloud hosting, email delivery, payment processing, backup, and infrastructure providers, provided that appropriate contractual and legal safeguards are in place.

14.6 Customer Personal Data may be accessed or processed outside the United Kingdom only where lawful safeguards are in place and such access or processing is permitted under applicable data protection laws.

14.7 If we become aware of a personal data breach affecting Customer Personal Data, we will notify the Customer in accordance with applicable law and our internal incident response procedures.

14.8 Nothing in these Terms prevents us from processing personal data where we act as an independent controller for our own legitimate business purposes, such as account administration, billing, fraud prevention, legal compliance, platform security, and service analytics, as described in our Privacy Policy.

15. Confidentiality

15.1 Each party must keep the other party's Confidential Information confidential and must not use or disclose it except as permitted by these Terms.

15.2 A receiving party may use the disclosing party's Confidential Information only as necessary to exercise its rights or perform its obligations under these Terms.

15.3 A receiving party may disclose Confidential Information to its employees, contractors, professional advisers, auditors, insurers, affiliates, and subprocessors who need to know it for purposes related to these Terms, provided that they are bound by confidentiality obligations.

15.4 A receiving party may disclose Confidential Information where required by law, regulation, court order, or competent authority, provided that where legally permitted it gives advance notice to the disclosing party.

15.5 The obligations in this clause survive termination of these Terms for 5 years, except for trade secrets, which remain protected for so long as they remain trade secrets under applicable law.

16. Availability, Maintenance, and Support

16.1 We will use reasonable efforts to make the Service available, but we do not guarantee uninterrupted, error-free, or continuous operation.

16.2 We may perform scheduled or emergency maintenance, updates, patches, upgrades, or changes that may affect availability.

16.3 Support is provided by email only, Monday to Friday, 10:00 to 16:00 UK time, excluding public holidays in England, unless we state otherwise.

16.4 We may prioritise support requests based on severity, security, platform integrity, and operational impact.

17. Suspension

17.1 We may suspend or restrict access to any Account, App, feature, Subscription, or Content immediately if we reasonably believe that:

(a) there is a security risk or suspected security incident;

(b) there is suspected fraud, unlawful activity, or misuse of the Service;

(c) sanctions, export control, anti-money laundering, or compliance concerns arise;

(d) payment has failed, been reversed, or remains overdue;

(e) the Customer or an Authorised User has committed a material breach of these Terms; or

(f) suspension is necessary to protect the Service, us, other customers, or third parties.

17.2 For a breach that is capable of remedy and is not serious, we may notify the Customer and require the breach to stop or be remedied. Any repeat of the same or a similar breach after such notice may be treated as a material breach and may result in immediate suspension.

17.3 We will restore access when the relevant issue has been resolved to our reasonable satisfaction, provided we are not required or entitled to terminate under these Terms.

18. Termination and Effects of Termination

18.1 Termination by the Customer

The Customer may cancel a Subscription at any time through the Service or by any other method we make available. Unless we state otherwise for a particular App, cancellation takes effect immediately and access to the relevant Subscription will end immediately.

18.2 Termination by KNEWTE

We may terminate any Subscription, App access, or these Terms immediately by notice if:

(a) the Customer materially breaches these Terms;

(b) the Customer repeatedly breaches these Terms after notice under clause 17.2;

(c) the Customer fails to pay applicable charges;

(d) we are required to do so by law or competent authority; or

(e) continuing to provide the Service creates legal, regulatory, sanctions, operational, or security risk.

18.3 Effect of Termination

Upon expiry, cancellation, suspension, or termination:

(a) the Customer's right to access and use the affected Service ends immediately unless we state otherwise;

(b) we may disable Account access, remove Content, and cease processing activities related to the affected Service, subject to applicable retention obligations;

(c) accrued fees, payment obligations, and rights that arose before termination remain payable and enforceable;

(d) unused Credits remain non-refundable and may expire without value; and

(e) clauses which by their nature should survive will continue in force, including clauses relating to fees, liability, confidentiality, intellectual property, data protection, indemnity, governing law, and dispute resolution.

19. Warranties and Disclaimers

19.1 Each party warrants that it has the power and authority to enter into these Terms.

19.2 The Customer warrants that it is purchasing and using the Service solely for business purposes and not as a consumer.

19.3 Except as expressly set out in these Terms, the Service, Trials, Beta Services, and all related components are provided on an as is and as available basis.

19.4 To the fullest extent permitted by law, we disclaim all implied conditions, warranties, representations, and other terms, including any implied terms of satisfactory quality, fitness for a particular purpose, and non-infringement.

19.5 We do not warrant that the Service will be uninterrupted, error-free, compatible with all systems, or suitable for every business purpose.

19.6 The Service does not constitute legal, tax, accounting, HR, safeguarding, employment, regulatory, or professional advice, and the Customer remains responsible for its own decisions, compliance, records, and business processes.

20. Indemnity

20.1 The Customer will indemnify and keep indemnified KNEWTE, its affiliates, officers, employees, and contractors against losses, liabilities, damages, costs, claims, actions, fines, penalties, and expenses (including reasonable legal fees) arising out of or in connection with:

(a) the Customer's or any Authorised User's unlawful use of the Service;

(b) the Customer's Content;

(c) the Customer's breach of these Terms or applicable law; or

(d) any third-party claim arising from data, materials, instructions, or processing activities provided or authorised by the Customer.

20.2 This clause does not require the Customer to indemnify us to the extent a claim is finally determined by a court of competent jurisdiction to have been caused solely by our own breach of these Terms or unlawful conduct.

21. Limitation of Liability

21.1 Nothing in these Terms excludes or limits liability for:

(a) death or personal injury caused by negligence;

(b) fraud or fraudulent misrepresentation; or

(c) any liability that cannot lawfully be excluded or limited.

21.2 Subject to clause 21.1, we will not be liable for any:

(a) indirect or consequential loss;

(b) loss of profits, revenue, business, contracts, anticipated savings, goodwill, or reputation;

(c) loss, corruption, or inaccuracy of data;

(d) business interruption; or

(e) costs of substitute goods or services.

21.3 Subject to clause 21.1, we are not liable for any loss, damage, or liability arising from:

(a) use of the Service contrary to these Terms or Documentation;

(b) misconfiguration of permissions or workflows by the Customer;

(c) unauthorised access caused by compromised credentials, weak passwords, password sharing, insecure devices, or failures within the Customer's own systems;

(d) third-party services, processors, networks, telecoms, cloud services, internet outages, or API changes outside our reasonable control; or

(e) suspension or termination permitted by these Terms.

21.4 Subject to clause 21.1, our total aggregate liability arising out of or in connection with these Terms, the Service, any Subscription, any Trial, any Beta Service, and any related claim, whether in contract, tort (including negligence), misrepresentation, restitution, breach of statutory duty, or otherwise, will not exceed the total fees actually paid by the Customer to us for the relevant Service during the 6 months immediately preceding the event giving rise to the claim.

22. Changes to the Service and These Terms

22.1 We may modify the Service, these Terms, the Documentation, App-Specific Terms, pricing, technical requirements, support model, security controls, and platform rules from time to time.

22.2 We may update these Terms from time to time by posting a revised version on our website or in the Service.

22.3 Minor changes, non-material administrative changes, changes made to reflect changes in law, regulation, security requirements, or changes that do not materially adversely affect the Customer may take effect when posted or on any later date stated by us.

22.4 If we make a material change to these Terms that affects an active paid Subscription, we will give the Customer reasonable prior notice. Unless the change is required by law, regulation, security requirements, or to prevent abuse or harm, the change will take effect on the date stated in the notice or, where applicable, from the Customer’s next renewal, next top-up, or next purchase.

22.5 Continued access to or use of the Service after the effective date of an updated version of these Terms constitutes acceptance of the updated Terms.

22.6 If the Customer does not agree to an updated version of these Terms, the Customer must stop using the affected Service and, where applicable, cancel the relevant Subscription before the effective date of the updated Terms.

23. Publicity

Unless we agree otherwise in writing, the Customer may not use our name, logos, or trade marks without our prior written consent.

24. Notices

24.1 Any legal notice to KNEWTE under these Terms must be sent by post to the registered office stated in clause 1.

24.2 We may give notices to the Customer through the Service, by email to the account contact details held on file, or by post.

24.3 Notices sent by post are deemed received 2 business days after posting within the United Kingdom and 7 business days after international posting, unless shown otherwise.

25. General

25.1 Entire agreement. These Terms, together with any applicable Order, App-Specific Terms, Data Processing Addendum, Privacy Policy, Cookie Policy, Data Retention Policy, and any other policy expressly incorporated by reference, form the entire agreement between the parties relating to the Service and supersede all prior discussions, understandings, and agreements relating to that subject matter.

25.2 Conflict order. In the event of conflict, the following order of precedence applies unless an Order expressly states otherwise: (a) Order; (b) App-Specific Terms; (c) Data Processing Addendum; (d) these Terms; (e) Documentation and policies.

25.3 Assignment. The Customer may not assign, transfer, subcontract, declare a trust over, or otherwise deal with any of its rights or obligations under these Terms without our prior written consent. We may assign or transfer these Terms to an affiliate or in connection with a merger, reorganisation, sale of business, or transfer of substantially all relevant assets.

25.4 No partnership or agency. Nothing in these Terms creates any partnership, agency, joint venture, employment, or fiduciary relationship between the parties.

25.5 Severance. If any provision of these Terms is held invalid, unlawful, or unenforceable, the remaining provisions will continue in full force and effect.

25.6 Waiver. A failure or delay in exercising any right under these Terms is not a waiver of that right.

25.7 Third-party rights. A person who is not a party to these Terms has no right under the Contracts (Rights of Third Parties) Act 1999 to enforce any provision of these Terms, except that our affiliates and indemnified persons may rely on any provision expressed to benefit them.

25.8 Governing law and jurisdiction. These Terms and any non-contractual obligations arising out of or in connection with them are governed by the laws of England and Wales. The courts of England and Wales have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with these Terms or the Service.

---

Incorporated Policies

• Privacy Policy: https://www.knewte.com/PrivacyPolicy
• Cookie Policy: https://www.knewte.com/Cookies
• Data Retention Policy: https://www.knewte.com/DataRetention
• Data Processing Addendum: set out in section 2 of this page.
• Reference Check App Terms: set out in section 3 of this page.

2. KNEWTE Data Processing Addendum (UK GDPR)

Effective date:13 April 2026

This Data Processing Addendum (the DPA) forms part of and is incorporated into the KNEWTE Master Business SaaS Terms, Order, and any applicable App-Specific Terms between KNEWTE UK LIMITED (KNEWTE, Processor, we, us, our) and the customer entity accepting this DPA or the agreement into which it is incorporated (Customer, Controller, you, your).

If there is a conflict between this DPA and the KNEWTE Master Business SaaS Terms in relation to the processing of Customer Personal Data, this DPA prevails to the extent of that conflict.

1. Purpose and Scope

1.1 This DPA applies where KNEWTE processes Customer Personal Data on behalf of the Customer in connection with the Service.

1.2 This DPA does not apply to processing where KNEWTE acts as an independent controller, including processing for its own account administration, billing, fraud prevention, sanctions screening, legal compliance, security monitoring, platform administration, service analytics, and similar business purposes described in the Privacy Policy.

1.3 This DPA is intended to satisfy Article 28 of the UK GDPR and related requirements under applicable UK data protection law.

2. Roles of the Parties

2.1 The parties acknowledge and agree that, in respect of Customer Personal Data processed under this DPA:

(a) the Customer is the controller; and

(b) KNEWTE is the processor, unless the parties expressly agree otherwise for a specific processing activity.

2.2 The Customer remains responsible for:

(a) determining whether the Service is appropriate for its intended processing;

(b) complying with transparency, lawful basis, fairness, minimisation, retention, and other controller obligations;

(c) issuing lawful and documented instructions to KNEWTE; and

(d) ensuring that it has all rights, permissions, notices, and lawful bases necessary for the processing of Customer Personal Data via the Service.

3. Definitions

• Applicable Data Protection Law means the UK GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (where applicable), and any other applicable law relating to privacy, data protection, international transfers, or security of personal data, as amended or replaced from time to time.
• Customer Personal Data means personal data processed by KNEWTE on behalf of the Customer in connection with the Service.
• Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Customer Personal Data.
• Restricted Transfer means a transfer of Customer Personal Data that is restricted by Applicable Data Protection Law.
• Sub-processor means another processor engaged by KNEWTE to process Customer Personal Data on behalf of the Customer.
• UK GDPR means the retained and amended form of Regulation (EU) 2016/679 as it forms part of the law of England and Wales, Scotland, and Northern Ireland.

3.2 Capitalised terms not defined in this DPA have the meanings given in the Master Business SaaS Terms.

4. Customer Instructions

4.1 KNEWTE will process Customer Personal Data only on the Customer's documented instructions, including with regard to Restricted Transfers, unless KNEWTE is required to do otherwise by applicable law. Where KNEWTE is required by law to process Customer Personal Data other than on the Customer's instructions, KNEWTE will inform the Customer of that legal requirement before processing unless prohibited by law.

4.2 The parties agree that the Master Business SaaS Terms, the applicable Order, the Documentation, the configuration and ordinary use of the Service by the Customer and its Authorised Users, and any written instructions agreed between the parties together constitute the Customer's documented instructions.

4.3 The Customer may issue additional reasonable written instructions consistent with the Service and this DPA. If complying with an additional instruction would require material changes to the Service, additional cost, or is not technically feasible, KNEWTE will notify the Customer and the parties will act reasonably to discuss the request.

4.4 KNEWTE will promptly inform the Customer if, in KNEWTE's opinion, an instruction infringes Applicable Data Protection Law.

5. Confidentiality

5.1 KNEWTE will ensure that any person it authorises to process Customer Personal Data is subject to a duty of confidentiality, whether contractual, statutory, or otherwise legally binding.

5.2 KNEWTE will ensure that access to Customer Personal Data is limited to personnel who need that access for the purposes of providing, securing, supporting, or administering the Service, or otherwise complying with this DPA.

6. Security of Processing

6.1 KNEWTE will implement and maintain appropriate technical and organisational measures designed to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access, taking into account the state of the art, the costs of implementation, the nature, scope, context, and purposes of processing, and the risks to individuals.

6.2 The measures implemented by KNEWTE include, as appropriate to the Service:

(a) encryption in transit;

(b) encryption or equivalent protections for certain stored personal data;

(c) role-based access controls and access limitation;

(d) logical segregation and authentication controls;

(e) backup and recovery processes;

(f) system monitoring, logging, and incident management processes; and

(g) organisational measures relating to confidentiality, access management, and security governance.

6.3 The Customer acknowledges that no security measure is infallible and that the Customer remains responsible for secure use of the Service, including managing user access, device security, passwords, and local environment security.

7. Use of Sub-processors

7.1 The Customer gives KNEWTE general written authorisation to appoint and use Sub-processors in accordance with this clause.

7.2 KNEWTE may engage Sub-processors to provide hosting, infrastructure, storage, backup, email delivery, support tooling, analytics, security, communications, and other services reasonably required to provide the Service.

7.3 KNEWTE will maintain a list of authorised Sub-processors in Schedule 4 or by another written notice mechanism made available to the Customer.

7.4 If KNEWTE intends to add or replace a Sub-processor in a manner that materially affects the processing of Customer Personal Data, KNEWTE will provide prior notice where reasonably practicable. The Customer may object on reasonable data protection grounds by written notice within 15 days of the notice. If the parties cannot resolve the objection within a reasonable period, either party may terminate the affected processing or affected Service on written notice.

7.5 KNEWTE will enter into a written contract with each Sub-processor imposing data protection obligations that provide a level of protection for Customer Personal Data equivalent to those set out in this DPA, to the extent applicable to the services provided by that Sub-processor.

7.6 KNEWTE remains responsible for the performance of its Sub-processors' obligations to the extent required by Applicable Data Protection Law.

7.7 A payment provider such as Stripe may act as an independent controller for some payment, fraud, anti-money laundering, or regulatory processing activities. To the extent such a provider acts as an independent controller rather than as a Sub-processor, this clause 7 does not apply to that provider in relation to that independent controller processing.

8. Assistance with Data Subject Rights

8.1 Taking into account the nature of the processing, KNEWTE will provide reasonable assistance to the Customer, through appropriate technical and organisational measures where possible, to help the Customer respond to requests from individuals exercising their rights under Applicable Data Protection Law.

8.2 If KNEWTE receives a request from an individual relating to Customer Personal Data and identifies it as intended for the Customer, KNEWTE may:

(a) refer the individual to the Customer;

(b) notify the Customer of the request; or

(c) where agreed with the Customer or required by law, assist the Customer in responding.

8.3 Unless prohibited by law, KNEWTE will not respond to such a request on the Customer's behalf without the Customer's instruction, except to acknowledge receipt or redirect the request where appropriate.

9. Assistance with Compliance and Personal Data Breaches

9.1 Taking into account the nature of the processing and the information available to KNEWTE, KNEWTE will provide reasonable assistance to the Customer with the Customer's obligations under Applicable Data Protection Law relating to:

(a) security of processing;

(b) notification and investigation of Personal Data Breaches;

(c) data protection impact assessments; and

(d) prior consultation with the ICO or another competent supervisory authority where required.

9.2 If KNEWTE becomes aware of a confirmed Personal Data Breach affecting Customer Personal Data, KNEWTE will notify the Customer without undue delay.

9.3 KNEWTE's notification will, to the extent reasonably available at the time, include a description of the nature of the breach, the categories of affected data, the likely consequences, and the measures taken or proposed to address the breach.

9.4 KNEWTE may provide information in phases as it becomes available.

10. Return and Deletion of Customer Personal Data

10.1 The parties agree that, except where the Service itself provides export, download, copy, or similar functionality, the Customer's standing instruction at the end of the relevant Services relationship is for KNEWTE to delete and not return Customer Personal Data, except where retention is required or permitted by applicable law.

10.2 To the extent the relevant App or Service includes export, download, copy, or similar functionality, the Customer is responsible for using those features before the relevant Account, Subscription, or processing relationship ends.

10.3 Following expiry or termination of the relevant processing relationship, KNEWTE may retain Customer Personal Data for up to 90 days before deletion in accordance with its retention and operational practices, unless a longer retention period is required or permitted by law, regulation, tax, accounting, audit, fraud prevention, dispute resolution, billing integrity, security, or compliance obligations.

10.4 Certain financial, tax, contract, compliance, and audit records may be retained for up to 6 years or for such longer period as required or permitted by law.

10.5 KNEWTE will delete existing copies of Customer Personal Data unless storage is required by applicable law.

10.6 Where Customer Personal Data remains in backups or archives for a limited period after deletion from live systems, KNEWTE will ensure that such data is put beyond ordinary use and deleted in accordance with its backup and deletion cycles.

11. Information, Audits, and Demonstration of Compliance

11.1 KNEWTE will make available to the Customer such information as is reasonably necessary to demonstrate KNEWTE's compliance with Article 28 obligations, including through summaries of policies, certifications where available, security information, and responses to reasonable written questionnaires.

11.2 KNEWTE will allow for and contribute to audits or inspections by the Customer or an independent auditor mandated by the Customer, subject to this clause.

11.3 Any audit or inspection under this clause must:

(a) be on reasonable prior written notice of at least 30 days;

(b) occur no more than once in any 12-month period, unless required by law or following a reasonably evidenced Personal Data Breach or material security incident affecting Customer Personal Data;

(c) be limited in scope to matters relevant to Customer Personal Data processed under this DPA;

(d) be conducted during normal business hours and in a manner that minimises disruption;

(e) be subject to appropriate confidentiality obligations; and

(f) not require KNEWTE to disclose information that would compromise the security of other customers, breach confidentiality obligations owed to third parties, or reveal internal information not relevant to the audit purpose.

11.4 KNEWTE may satisfy an audit request by providing recent independent audit reports, certifications, penetration testing summaries, security summaries, or comparable documentation where reasonably sufficient.

11.5 The Customer will bear its own costs of any audit and reimburse KNEWTE's reasonable internal and external costs incurred in supporting any audit or inspection, except where the audit identifies a material breach of this DPA by KNEWTE.

12. International Transfers

12.1 The Customer authorises KNEWTE to make Restricted Transfers of Customer Personal Data only where such transfers are authorised by the Customer and are made in compliance with Applicable Data Protection Law.

12.2 KNEWTE may access or permit access to Customer Personal Data from outside the United Kingdom only where lawful safeguards are in place, including where appropriate:

(a) UK adequacy regulations;

(b) the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or another valid transfer mechanism recognised under Applicable Data Protection Law; and

(c) any required transfer risk assessment or equivalent assessment.

12.3 KNEWTE will not intentionally make a Restricted Transfer in connection with sub-processing unless it has taken the steps required under Applicable Data Protection Law for that transfer.

12.4 The Customer acknowledges that KNEWTE contractors or personnel may access Customer Personal Data outside the United Kingdom where lawful safeguards are in place and such access is necessary for support, maintenance, administration, or related service functions.

13. Special Category Data and Sensitive Processing

13.1 Unless the relevant App expressly supports it and the Customer has ensured an appropriate lawful basis and any required Article 9 condition, the Customer must not instruct KNEWTE to process special category personal data, criminal offence data, children's data, or other highly sensitive data through the Service.

13.2 The parties acknowledge that ordinary profile fields, including sex or title where used as standard profile information, are not treated by this DPA as special category personal data solely for that reason.

13.3 Where the Customer uses an App that is designed to process more sensitive categories of data, additional App-Specific Terms, security terms, or compliance requirements may apply.

14. Liability

14.1 Liability arising under this DPA is subject to the limitations and exclusions of liability set out in the Master Business SaaS Terms, unless Applicable Data Protection Law requires otherwise.

14.2 Nothing in this DPA removes or reduces any direct statutory responsibility of either party under Applicable Data Protection Law.

15. Term and Effect

15.1 This DPA takes effect on the earlier of:

(a) the date the Customer accepts the Master Business SaaS Terms or an Order incorporating this DPA; or

(b) the date KNEWTE first processes Customer Personal Data on behalf of the Customer.

15.2 This DPA remains in effect until KNEWTE no longer processes Customer Personal Data on behalf of the Customer.

15.3 Clauses that by their nature are intended to survive termination of this DPA will survive for so long as relevant Customer Personal Data remains in KNEWTE's possession or control.

16. Order of Precedence

16.1 If there is a conflict between this DPA and another agreement between the parties concerning the processing of Customer Personal Data, the following order of precedence applies:

(a) any signed written amendment expressly amending this DPA;

(b) this DPA;

(c) the Master Business SaaS Terms and any applicable App-Specific Terms.

17. Governing Law and Jurisdiction

17.1 This DPA is governed by the laws of England and Wales.

17.2 The courts of England and Wales have exclusive jurisdiction to settle any dispute arising out of or in connection with this DPA, unless mandatory applicable law requires otherwise.

---

Schedule 1 – Details of Processing

A. Subject Matter

The provision of the KNEWTE platform, Apps, related hosting, account administration, support, communications, security, maintenance, backup, and associated business productivity services.

B. Duration

For the duration of the applicable Services relationship and any permitted retention period under the Master Business SaaS Terms, this DPA, or Applicable Data Protection Law.

C. Nature of the Processing

Collection, recording, organisation, structuring, storage, hosting, encryption, retrieval, consultation, use, disclosure by transmission, alignment, combination, restriction, deletion, destruction, support access, backup, and other processing necessary to provide and administer the Service.

D. Purpose of the Processing

To provide the Service to the Customer and its Authorised Users, including account creation, business profile administration, app access, communications, service delivery, support, maintenance, security, fraud prevention, and related operational purposes carried out on the Customer's behalf.

E. Categories of Data Subjects

Depending on the relevant App and the Customer's use of the Service, data subjects may include:

• the Customer's account holders, administrators, owners, and Authorised Users;
• the Customer's employees, workers, contractors, and representatives, where the Customer chooses to use the Service in that way;
• the Customer's clients, customers, prospective customers, suppliers, service providers, and other business contacts;
• individuals whose data is entered by the Customer into a relevant App, including referees, candidates, signatories, task participants, and other business-related contacts, where supported by the relevant App; and
• any other individuals whose personal data the Customer chooses to submit to the Service in accordance with the Master Business SaaS Terms and applicable App-Specific Terms.

F. Categories of Personal Data

Depending on the relevant App and the Customer's use of the Service, personal data may include:

• names;
• business and contact details, including email addresses and telephone numbers;
• usernames, profile details, business titles, role information, and account identifiers;
• business relationship records, communications, notes, contacts, and customer or client records;
• transactional, audit, and usage records relating to the Customer's use of the Service;
• financial or business record data entered by the Customer into an App, excluding bank card data processed directly by payment providers except where such data is provided in the Service in masked, tokenised, or limited form; and
• ordinary profile data such as sex, where chosen by the Customer for profile or record purposes.

G. Special Categories and Sensitive Data

The Service is not intended for routine processing of special category personal data, criminal offence data, or children's data unless a relevant App expressly supports that processing and the Customer has ensured all required lawful bases, safeguards, notices, and conditions are in place.

---

Schedule 2 – Security Measures

KNEWTE maintains security measures appropriate to the nature of the Service and the risks presented by the processing. These may include:

1. Encryption in transit using TLS/SSL or equivalent measures.
2. Encryption or equivalent protections for certain stored personal data.
3. Access control and role-based access restrictions.
4. Authentication controls and credential management measures.
5. Environment and infrastructure protections through cloud hosting controls.
6. Logging, monitoring, and incident response processes.
7. Backup, business continuity, and recovery processes.
8. Confidentiality commitments for personnel with access to Customer Personal Data.
9. Procedures for managing Sub-processors and restricting access on a need-to-know basis.
10. Internal practices designed to support secure deletion or rendering data beyond use at end of retention periods.

KNEWTE may update these measures from time to time provided that any update does not materially reduce the overall level of protection for Customer Personal Data.

---

Schedule 3 – International Transfers

1. KNEWTE's primary hosting environment is in the United Kingdom (London) using Amazon Web Services or equivalent infrastructure.
2. KNEWTE may permit access to Customer Personal Data from outside the United Kingdom by authorised contractors, personnel, or Sub-processors where lawful safeguards are in place.
3. Where a Restricted Transfer occurs, KNEWTE will rely on a lawful transfer mechanism recognised under Applicable Data Protection Law, such as UK adequacy regulations, the IDTA, the UK Addendum to the EU Standard Contractual Clauses, or another valid mechanism.
4. KNEWTE will take reasonable steps to ensure any onward transfer by a Sub-processor is made only where lawful safeguards are in place.

---

Schedule 4 – Authorised Sub-processors

As at the Effective Date, KNEWTE uses the following Sub-processors for Customer Personal Data processing in connection with the Service:

1. Amazon Web Services (AWS) – hosting, cloud infrastructure, storage, backup, and related technical services.
2. Amazon Web Services (AWS) – email delivery and related communications infrastructure, where used for service-related communications.

KNEWTE may update this list in accordance with clause 7.

---

Schedule 5 – Contact Details

3. KNEWTE Reference Check App Terms

Effective date: 13 April 2026

These KNEWTE Reference Check App Terms (the Reference Check Terms) apply to the KNEWTE Reference Check application made available through the KNEWTE platform, including at referencecheck.knewte.com and any related interfaces, workflows, communications, support materials, and Documentation for that application (together, the Reference Check App).

These Reference Check Terms form part of and are incorporated into the KNEWTE Master Business SaaS Terms (the Master Terms) and the KNEWTE Data Processing Addendum (the DPA), each as updated from time to time. By purchasing, activating, accessing, or using the Reference Check App, the Customer agrees to these Reference Check Terms.

If there is a conflict between these Reference Check Terms and the Master Terms, these Reference Check Terms prevail to the extent of the conflict for the Reference Check App only. If there is a conflict between these Reference Check Terms and the DPA on matters of personal data processing, the DPA prevails to the extent of the conflict.

1. About the Reference Check App

1.1 The Reference Check App is a business recruitment support tool that enables the Customer and its Authorised Users to create jobs, add candidate records, invite candidates to provide referee details, invite referees to respond to reference requests, and review responses collected through the Reference Check App.

1.2 The Reference Check App is accessed through the KNEWTE platform. Access requires a valid KNEWTE platform account, a business profile added through the KNEWTE platform, and an active Subscription for the Reference Check App purchased through the KNEWTE platform for that business.

1.3 The Reference Check App does not itself process subscription payments. Subscription fees and related payment processing are handled through the KNEWTE platform and are governed by the Master Terms.

1.4 A Subscription for the Reference Check App is non-transferable. If a Subscription is purchased under one Account, business, client setup, or customer arrangement, it cannot later be moved, reassigned, or transferred to another Account, business, client, or customer unless KNEWTE expressly agrees otherwise in writing.

2. Definitions

• Candidate means an individual whose references are requested, managed, or reviewed through the Reference Check App.
• Referee means an individual identified by the Customer or by a Candidate to provide a reference or related response through the Reference Check App.
• Reference Data means any personal data, responses, comments, ratings, notes, communications, attachments, audit records, contact details, job-related details, and other information submitted to or generated through the Reference Check App about a Candidate or Referee.
• Reference Request means a communication, invitation, link, workflow step, or questionnaire sent through the Reference Check App for the purpose of collecting reference information.

Capitalised terms not defined here have the meanings given in the Master Terms or the DPA.

3. Eligibility and Permitted Use

3.1 The Reference Check App is made available for lawful business recruitment and related business verification purposes only.

3.2 The Customer must not use the Reference Check App for personal, domestic, or non-business purposes.

3.3 The Customer is responsible for ensuring that only properly authorised personnel use the Reference Check App and that access permissions are configured appropriately.

4. Customer Responsibilities for Reference Checking

4.1 The Customer is solely responsible for:

(a) deciding whether and how to use the Reference Check App in recruitment or verification workflows;

(b) determining which Candidates and Referees to contact;

(c) deciding what questions to ask and how to interpret any response;

(d) ensuring that it has all required lawful bases, notices, permissions, and internal approvals to collect, send, use, and review Reference Data;

(e) ensuring that its use of the Reference Check App complies with applicable employment, equality, discrimination, data protection, privacy, and other laws; and

(f) ensuring that any job, candidate, or referee information submitted into the Reference Check App is accurate, relevant, and limited to what is necessary for the Customer's purposes.

4.2 The Customer acknowledges that KNEWTE is not the employer, recruiter, referee, candidate, or decision-maker in relation to any hiring process and does not determine whether any Candidate should be hired, rejected, shortlisted, verified, or progressed.

4.3 The Customer must ensure that Reference Requests are sent only to intended recipients and that recipient contact details are correct before sending.

5. Candidate and Referee Data

5.1 The Customer may submit and process Candidate and Referee data through the Reference Check App, including names, email addresses, telephone numbers, job-related information, date of birth where the Customer chooses to request or use it, communications, and reference responses.

5.2 The Customer must only collect and use personal data through the Reference Check App that is adequate, relevant, and limited to what is necessary for its stated business purpose.

5.3 The Customer must not request, upload, or process through the Reference Check App any special category personal data, criminal offence data, children's data, or other highly sensitive information unless:

(a) the Reference Check App expressly supports that processing;

(b) the Customer has identified all required lawful bases and conditions under applicable law; and

(c) the Customer has implemented all required notices, safeguards, and procedures.

5.4 Without limiting clause 5.3, the Customer must not use the Reference Check App to ask for or record irrelevant, excessive, discriminatory, unlawful, abusive, defamatory, or intrusive information about any Candidate or Referee.

5.5 The Customer is responsible for determining whether date of birth or any other identifier is necessary for its particular reference-checking process and must not collect more personal data than is needed.

6. Reference Requests, Content, and Communications

6.1 The Reference Check App may allow the Customer to:

(a) create job records;

(b) create Candidate records;

(c) send a Candidate a link to provide referee details;

(d) add Referees directly;

(e) send Reference Requests to Referees; and

(f) collect and review responses.

6.2 The Customer is solely responsible for the wording, content, sequencing, and legal appropriateness of any Reference Request, questionnaire, custom question, note, or communication sent through the Reference Check App.

6.3 KNEWTE may provide templates, standard questions, prompts, examples, suggested workflows, or pre-configured forms for convenience only. The Customer remains solely responsible for reviewing, editing, approving, and lawfully using them.

6.4 The Customer must not use the Reference Check App to send spam, unsolicited marketing, threatening messages, or unlawful communications.

6.5 KNEWTE does not guarantee delivery, receipt, or response to any Reference Request and is not responsible for delays, non-delivery, filtering, blocking, or failures caused by email providers, telecoms providers, spam controls, recipient systems, or other third-party systems.

7. Accuracy, Reliability, and Decisions

7.1 KNEWTE does not verify the truth, completeness, legitimacy, identity, honesty, or reliability of any Candidate, Referee, response, statement, rating, or communication submitted through the Reference Check App.

7.2 The Customer acknowledges that any reference information collected through the Reference Check App may be incomplete, subjective, inaccurate, misleading, out of date, or otherwise unreliable.

7.3 The Reference Check App is a workflow and collection tool only. KNEWTE does not make recruitment decisions, suitability assessments, credibility decisions, risk scores, or recommendations on whether a Candidate should be hired or engaged.

7.4 The Customer remains solely responsible for all decisions taken in reliance on or in connection with the Reference Check App, including hiring, engagement, screening, compliance, and record-keeping decisions.

8. Third-Party Providers and Hosting

8.1 The Reference Check App is hosted using Amazon Web Services infrastructure in London, United Kingdom, or such other infrastructure as permitted under the Master Terms and DPA.

8.2 The Reference Check App may rely on third-party services for hosting, storage, email delivery, communications, security, analytics, and related infrastructure.

8.3 The Customer acknowledges that third-party service interruptions, delays, outages, filtering, or API changes may affect operation of the Reference Check App.

9. Data Protection and Roles

9.1 In respect of Reference Data processed through the Reference Check App, the Customer acts as controller and KNEWTE acts as processor, except where KNEWTE acts as an independent controller for its own limited business purposes as described in the Master Terms, DPA, and Privacy Policy.

9.2 The Customer instructs KNEWTE to process Reference Data only as necessary to provide the Reference Check App, deliver Reference Requests, host and display responses, maintain security, provide support, perform maintenance, create backups, and otherwise perform the services described in the Master Terms, these Reference Check Terms, and the DPA.

9.3 The Customer is responsible for providing all privacy information, notices, and transparency information required to Candidates, Referees, and other individuals whose personal data is processed through the Reference Check App.

9.4 The Customer is responsible for determining and documenting its lawful basis for processing Candidate and Referee personal data, and for any additional condition required where more sensitive data is involved.

10. Retention and Deletion

10.1 Reference Data is subject to the retention and deletion framework set out in the Master Terms, DPA, Data Retention Policy, and any configuration available within the Reference Check App.

10.2 The Customer is responsible for deleting, exporting, copying, or otherwise managing Reference Data within the Reference Check App where such functionality is made available.

10.3 Where the Customer ends the relevant Subscription or Account, access to the Reference Check App may end immediately in accordance with the Master Terms, and Reference Data may be deleted and not returned except where the Reference Check App itself provides export, download, copy, or similar functionality.

11. Suspension and Misuse

11.1 Without limiting the Master Terms, KNEWTE may suspend access to the Reference Check App immediately if we reasonably believe that the Customer or any Authorised User has:

(a) used the Reference Check App unlawfully or in breach of applicable recruitment, discrimination, employment, or privacy laws;

(b) used the Reference Check App to seek or record prohibited categories of information without appropriate legal basis or safeguards;

(c) sent unlawful, abusive, excessive, or clearly inappropriate Reference Requests; or

(d) otherwise used the Reference Check App in a way that creates legal, regulatory, reputational, operational, or security risk.

12. App-Specific Disclaimer

12.1 The Reference Check App is provided as a workflow, communication, and record-collection tool only.

12.2 KNEWTE does not guarantee any particular recruitment outcome, response rate, verification result, turnaround time, hiring suitability, legal compliance outcome, or evidential value of any reference.

12.3 The Customer remains solely responsible for using the Reference Check App lawfully and proportionately and for ensuring that any reference-checking process is fair, necessary, and appropriate for the relevant role or engagement.

13. Order of Precedence

13.1 In the event of conflict relating specifically to the Reference Check App, the following order applies unless an Order expressly states otherwise:

(a) any applicable Order;

(b) the DPA, but only to the extent of any conflict on personal data processing matters;

(c) these Reference Check Terms;

(d) the Master Terms; and

(e) the Documentation and platform policies.

14. Contact

Questions about these Reference Check Terms may be sent to:

support@knewte.co.uk

---

Suggested DPA Schedule Addendum for Reference Check

For the Reference Check App, Schedule 1 of the DPA should be read as including the following additional details.

A. Categories of Data Subjects

• Candidates;
• Referees;
• the Customer's recruiters, hiring managers, administrators, and other Authorised Users;
• other business contacts whose data the Customer chooses to use in the Reference Check App in accordance with the Master Terms.

B. Categories of Personal Data

• names;
• email addresses;
• telephone numbers;
• job-related details;
• candidate identifiers such as date of birth where used by the Customer;
• reference responses, ratings, notes, comments, and related communications;
• audit and usage records associated with reference-check workflows.

C. Purpose of Processing

To enable the Customer to manage recruitment-related reference-check workflows, contact Candidates and Referees, collect and review reference responses, administer recruitment records, and operate related business verification processes.